Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Stalling Internet and Downloads

Started by AndrewC46 , Sep 03 2011 12:42 PM

  • This topic is locked This topic is locked

#1
AndrewC46
Posted 03 September 2011 - 12:42 PM

AndrewC46

    Member

  • Member
  • PipPip
  • 14 posts
Hello there,

For the longest time the computer I am currently using was working perfectly fine. Until two weeks ago, my Internet started to stall downloads. Initially I thought the problem was coming from the ISP end since the Internet was down for my neighborhood only just a month ago. I had put a call into the company to ask them to check out my Internet, it took 3 days to get someone over here to check my connection. The result? It was fine according to the technician. After hearing that result, I tried to fix the problem myself using Avast!, Super AntiSpyware and MBAM. None of them were able to fix the problem. Having no options left, I am turning to the experts, you guys.

Sometimes when I would download, it would be fine for 10 seconds before it has a permanent pause and never continues. Other times, it would start at my normal download speed before plummeting to 0 kb/s. If I try to use Youtube or any streaming sites, my computer would randomly restart from time to time. I am not sure what the problem is. When I would run the programs listed above, it would find a virus and I would try delete it (in Safe Mode). It keeps saying that it was successful but the internet continued to lag horribly. Then today, my computer would randomly restart as I surf the internet. It restarted about an hour ago when I tried to get onto this website. That's all I know.

OTL logfile created on: 9/3/2011 2:23:19 PM - Run 1
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Documents and Settings\Andrew\My Documents
Windows XP Media Center Edition Service Pack 1 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2800.1106)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.36 Mb Total Physical Memory | 329.49 Mb Available Physical Memory | 64.43% Memory free
1.22 Gb Paging File | 1.09 Gb Available in Paging File | 89.55% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 15.01 Gb Total Space | 11.10 Gb Free Space | 73.98% Space Free | Partition Type: NTFS
Drive D: | 165.30 Gb Total Space | 165.25 Gb Free Space | 99.97% Space Free | Partition Type: NTFS
Drive J: | 6.01 Gb Total Space | 4.67 Gb Free Space | 77.73% Space Free | Partition Type: NTFS
Drive K: | 1.86 Gb Total Space | 0.05 Gb Free Space | 2.86% Space Free | Partition Type: FAT

Computer Name: VALUED-A4DE119D | User Name: Andrew | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Andrew\My Documents\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Opera\opera.exe (Opera Software)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\savedump.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV - (VAIOMediaPlatform-VideoServer-AppServer) -- C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-VideoServer-UPnP) VAIO Media Video Server (UPnP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-PhotoServer-UPnP) VAIO Media Photo Server (UPnP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-MusicServer-UPnP) VAIO Media Music Server (UPnP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-VideoServer-HTTP) VAIO Media Video Server (HTTP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-PhotoServer-HTTP) VAIO Media Photo Server (HTTP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-MusicServer-HTTP) VAIO Media Music Server (HTTP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-PhotoServer-AppServer) -- C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-MusicServer-AppServer) -- C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe (Sony Corporation)
SRV - (SonicStageMonitoring) -- C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe (Sony Corporation)
SRV - (Sony TVTA Manager) -- C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe (Sony Corporation)
SRV - (Sony TV Tuner Controller) -- C:\Program Files\Sony\Sony TV Tuner Library\halsv.exe (Sony Corporation)
SRV - (Sony TV Tuner Manager) -- C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe (Sony Corporation)
SRV - (SPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe (Sony Corporation)


========== Driver Services (SafeList) ==========

DRV - (smrt) -- C:\WINDOWS\system32\drivers\smrt.sys (Sony Corporation)
DRV - (P17) -- C:\WINDOWS\system32\drivers\P17.sys (Creative Technology Ltd.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (IrBus) -- C:\WINDOWS\system32\drivers\irbus.sys (Microsoft Corporation)
DRV - (SonyLSM) -- C:\WINDOWS\System32\Drivers\SonyLSM.sys (Sony Corporation)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation )
DRV - (DMICall) -- C:\WINDOWS\system32\drivers\DMICall.sys (Sony Corporation)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...=ie&ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...B_PVER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\System32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\SHDOCVW.DLL (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.10.835: C:\Program Files\Real\RealOne Player\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.1136: C:\Program Files\Real\RealOne Player\Netscape6\nprjplug.dll (RealNetworks)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.11.847: C:\Program Files\Real\RealOne Player\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/03 14:02:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Netscape 7.02\Extensions\\Components: C:\Program Files\Netscape\Netscape\Components [2003/12/04 15:01:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Netscape 7.02\Extensions\\Plugins: C:\Program Files\Netscape\Netscape\Plugins [2011/09/03 13:03:13 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Netscape 7.02\Extensions\\Components: C:\Program Files\Netscape\Netscape\Components [2003/12/04 15:01:01 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Netscape 7.02\Extensions\\Plugins: C:\Program Files\Netscape\Netscape\Plugins [2011/09/03 13:03:13 | 000,000,000 | ---D | M]

[2011/09/03 14:20:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Andrew\Application Data\Mozilla\Extensions
[2011/09/03 14:02:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/09/03 14:02:39 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011/08/30 18:59:04 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/08/30 15:41:02 | 000,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2011/08/30 15:41:02 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/08/30 15:41:02 | 000,001,131 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2011/08/30 15:41:02 | 000,002,364 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2011/08/30 15:41:02 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2011/08/30 15:41:02 | 000,001,096 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2003/07/30 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx ()
O4 - HKLM..\Run: [AGRSMMSG] C:\WINDOWS\AGRSMMSG.exe (Agere Systems)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [CreateCD_Reminder] C:\WINDOWS\SONYSYS\VAIO Recovery\Reminder.exe (Sony Electronics, Inc)
O4 - HKLM..\Run: [ehTray] C:\WINDOWS\eHome\ehtray.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe (Easy Systems Japan Ltd.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
O4 - HKLM..\Run: [sHotKey] C:\Program Files\SONY\sHotKey\sHotKey.exe (Chicony)
O4 - HKLM..\Run: [VAIO Recovery] C:\WINDOWS\SONYSYS\VAIO Recovery\PartSeal.exe (Sony Electronics Inc)
O4 - HKLM..\Run: [VAIOSurvey] c:\Program Files\Sony\VAIO Survey\SurveySA.exe (Sony Electronics)
O4 - HKLM..\Run: [ZTgServerSwitch] c:\program files\support.com\client\bin\tgcmd.exe (Support.com, Inc.)
O4 - HKLM..\Run: [ZZZ] C:\WINDOWS\SONYSYS\Eflyer\SubFlyer.EXE ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe (Intuit Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: @shdoclc.dll,-866 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\Web\related.htm ()
O9 - Extra 'Tools' menuitem : @shdoclc.dll,-864 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\Web\related.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_01)
O16 - DPF: {CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_01)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.242.0.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{60FEA675-2DCE-4EB2-BC76-F028CC7A1968}: DhcpNameServer = 192.168.1.1 71.242.0.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DF87B2C8-200D-4C61-8398-1737D6B0853F}: DhcpNameServer = 43.134.195.10
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\MSHTML.DLL (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\URLMON.DLL (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\URLMON.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\URLMON.DLL (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\URLMON.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\URLMON.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\URLMON.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\MSHTML.DLL (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\URLMON.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\MSHTML.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\URLMON.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\MSHTML.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\MSHTML.DLL (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\MSHTML.DLL (Microsoft Corporation)
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\system32\msdxm.ocx ()
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\URLMON.DLL (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\URLMON.DLL (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\URLMON.DLL (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\URLMON.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\VAIO BrightColor Wallpaper TrueColor 1024x768.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\VAIO BrightColor Wallpaper TrueColor 1024x768.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/12/03 14:32:27 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/09/03 13:22:40 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2011/09/03 13:22:40 | 000,000,000 | RHSD | M] - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2011/09/03 11:27:31 | 000,000,000 | ---- | M] () - J:\AutoRecov -- [ NTFS ]
O32 - AutoRun File - [2003/08/20 19:45:48 | 000,045,056 | ---- | M] (Sony Digital Netowrk Applications, Inc.) - J:\autorun.exe -- [ NTFS ]
O32 - AutoRun File - [2002/06/08 01:18:38 | 000,000,049 | ---- | M] () - J:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009/11/04 17:12:10 | 000,000,000 | RHSD | M] - K:\autorun.inf -- [ FAT ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/03 14:21:55 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Andrew\My Documents\OTL.exe
[2011/09/03 14:20:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrew\Local Settings\Application Data\Mozilla
[2011/09/03 14:19:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2011/09/03 14:19:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011/09/03 14:02:38 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/09/03 14:00:34 | 013,975,408 | ---- | C] (Mozilla) -- C:\Documents and Settings\Andrew\Desktop\Firefox Setup 6.0.1.exe
[2011/09/03 13:54:43 | 000,383,012 | ---- | C] (Mozilla) -- C:\Documents and Settings\Andrew\My Documents\Firefox Setup 6.0.1.exe
[2011/09/03 13:22:40 | 000,000,000 | RHSD | C] -- C:\autorun.inf
[2011/09/03 13:22:16 | 000,764,416 | ---- | C] (Nuno Brito) -- C:\Documents and Settings\Andrew\Desktop\ninja.exe
[2011/09/03 13:22:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrew\Desktop\CCleaner
[2011/09/03 13:22:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrew\Desktop\SDFix
[2011/09/03 13:21:00 | 004,194,078 | ---- | C] (Swearware) -- C:\Documents and Settings\Andrew\Desktop\ComboFix.exe
[2011/09/03 13:20:39 | 009,466,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Andrew\Desktop\mbam-setup-1.51.1.1800.exe
[2011/09/03 13:03:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrew\Application Data\Identities
[2011/09/03 13:03:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrew\Application Data\AdobeUM
[2011/09/03 13:03:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrew\Application Data\Adobe
[2011/09/03 13:03:02 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Andrew\Application Data\Microsoft
[2011/09/03 13:03:02 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Andrew\Cookies
[2011/09/03 13:03:02 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Andrew\SendTo
[2011/09/03 13:03:02 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Andrew\Recent
[2011/09/03 13:03:02 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Andrew\Application Data
[2011/09/03 13:03:02 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Andrew\Start Menu\Programs\Startup
[2011/09/03 13:03:02 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Andrew\Start Menu
[2011/09/03 13:03:02 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Andrew\My Documents\My Pictures
[2011/09/03 13:03:02 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Andrew\My Documents\My Music
[2011/09/03 13:03:02 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Andrew\My Documents
[2011/09/03 13:03:02 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Andrew\Favorites
[2011/09/03 13:03:02 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Andrew\Start Menu\Programs\Accessories
[2011/09/03 13:03:02 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Andrew\Templates
[2011/09/03 13:03:02 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Andrew\PrintHood
[2011/09/03 13:03:02 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Andrew\NetHood
[2011/09/03 13:03:02 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Andrew\Local Settings
[2011/09/03 13:03:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrew\Application Data\Sun
[2011/09/03 13:03:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrew\Application Data\Real
[2011/09/03 13:03:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrew\My Documents\My eBooks
[2011/09/03 13:03:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrew\Application Data\Mozilla
[2011/09/03 13:03:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrew\Start Menu\Programs\MoodLogic
[2011/09/03 13:03:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrew\Local Settings\Application Data\Microsoft
[2011/09/03 13:03:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrew\Desktop
[2011/09/03 13:03:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrew\Local Settings\Application Data\ApplicationHistory
[2011/09/03 13:03:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrew\Local Settings\Application Data\Adobe
[2011/09/03 13:03:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrew\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142010}
[2011/09/03 09:31:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrew\Local Settings\Application Data\Opera
[2011/09/03 09:31:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrew\Application Data\Opera
[2011/09/03 09:31:32 | 000,000,000 | ---D | C] -- C:\Program Files\Opera
[2011/09/03 09:30:44 | 010,307,952 | ---- | C] (Opera Software ASA) -- C:\Documents and Settings\Andrew\Desktop\Opera_1151_int_Setup.exe
[2003/12/03 13:23:31 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/09/03 14:22:13 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Andrew\My Documents\OTL.exe
[2011/09/03 14:19:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/09/03 14:02:41 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Andrew\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/09/03 14:02:41 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/09/03 13:59:42 | 013,975,408 | ---- | M] (Mozilla) -- C:\Documents and Settings\Andrew\Desktop\Firefox Setup 6.0.1.exe
[2011/09/03 13:56:58 | 000,383,012 | ---- | M] (Mozilla) -- C:\Documents and Settings\Andrew\My Documents\Firefox Setup 6.0.1.exe
[2011/09/03 13:24:03 | 000,764,416 | ---- | M] (Nuno Brito) -- C:\Documents and Settings\Andrew\Desktop\ninja.exe
[2011/09/03 13:07:08 | 000,363,734 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/09/03 13:07:08 | 000,045,408 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/09/03 13:03:21 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2011/09/03 13:03:19 | 000,000,779 | ---- | M] () -- C:\Documents and Settings\Andrew\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/09/03 13:03:18 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Andrew\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/09/03 13:03:14 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\Andrew\Desktop\Windows Media Player.lnk
[2011/09/03 13:03:01 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/09/03 13:02:11 | 000,001,257 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2011/09/03 13:02:10 | 000,000,000 | RH-- | M] () -- C:\WINDOWS\System32\drivers\Sony_PCV-RZ54G(UC)_.mrk
[2011/09/03 13:02:09 | 000,000,192 | RHS- | M] () -- C:\boot.ini
[2011/09/03 13:02:08 | 000,000,258 | ---- | M] () -- C:\WINDOWS\tasks\Registration reminder 3.job
[2011/09/03 13:02:08 | 000,000,258 | ---- | M] () -- C:\WINDOWS\tasks\Registration reminder 2.job
[2011/09/03 13:02:08 | 000,000,258 | ---- | M] () -- C:\WINDOWS\tasks\Registration reminder 1.job
[2011/09/03 09:31:35 | 000,001,510 | ---- | M] () -- C:\Documents and Settings\Andrew\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2011/09/03 09:31:35 | 000,001,492 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2011/09/03 09:29:14 | 010,307,952 | ---- | M] (Opera Software ASA) -- C:\Documents and Settings\Andrew\Desktop\Opera_1151_int_Setup.exe
[2011/09/02 19:11:56 | 057,716,768 | ---- | M] () -- C:\Documents and Settings\Andrew\Desktop\setup_av_free(1).exe
[2011/09/02 18:59:26 | 004,194,078 | ---- | M] (Swearware) -- C:\Documents and Settings\Andrew\Desktop\ComboFix.exe
[2011/09/02 18:58:12 | 000,132,597 | ---- | M] () -- C:\Documents and Settings\Andrew\Desktop\Flash_Disinfector.exe
[2011/08/29 14:11:10 | 009,466,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Andrew\Desktop\mbam-setup-1.51.1.1800.exe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/03 14:02:41 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Andrew\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/09/03 14:02:41 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/09/03 14:02:40 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/09/03 13:21:36 | 000,132,597 | ---- | C] () -- C:\Documents and Settings\Andrew\Desktop\Flash_Disinfector.exe
[2011/09/03 13:20:56 | 057,716,768 | ---- | C] () -- C:\Documents and Settings\Andrew\Desktop\setup_av_free(1).exe
[2011/09/03 13:03:14 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\Andrew\Desktop\Windows Media Player.lnk
[2011/09/03 13:03:03 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Andrew\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/03 13:03:03 | 000,001,741 | ---- | C] () -- C:\Documents and Settings\Andrew\Application Data\Microsoft\Internet Explorer\Quick Launch\Netscape Mail & Newsgroups.lnk
[2011/09/03 13:03:03 | 000,001,677 | ---- | C] () -- C:\Documents and Settings\Andrew\Application Data\Microsoft\Internet Explorer\Quick Launch\Netscape 7.0.lnk
[2011/09/03 13:03:03 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\Andrew\Start Menu\Programs\Remote Assistance.lnk
[2011/09/03 13:03:03 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\Andrew\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/09/03 13:03:03 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Andrew\Start Menu\Programs\Windows Media Player.lnk
[2011/09/03 13:03:03 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\Andrew\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/09/03 13:03:03 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Andrew\Start Menu\Programs\Internet Explorer.lnk
[2011/09/03 13:03:03 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Andrew\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk
[2011/09/03 13:03:03 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\Andrew\Start Menu\Programs\Outlook Express.lnk
[2011/09/03 13:03:03 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Andrew\Local Settings\Application Data\fusioncache.dat
[2011/09/03 13:03:03 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Andrew\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/09/03 13:02:10 | 000,000,000 | RH-- | C] () -- C:\WINDOWS\System32\drivers\Sony_PCV-RZ54G(UC)_.mrk
[2011/09/03 13:02:08 | 000,000,258 | ---- | C] () -- C:\WINDOWS\tasks\Registration reminder 3.job
[2011/09/03 13:02:08 | 000,000,258 | ---- | C] () -- C:\WINDOWS\tasks\Registration reminder 2.job
[2011/09/03 13:02:07 | 000,000,258 | ---- | C] () -- C:\WINDOWS\tasks\Registration reminder 1.job
[2011/09/03 09:31:35 | 000,001,510 | ---- | C] () -- C:\Documents and Settings\Andrew\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2011/09/03 09:31:35 | 000,001,498 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Opera.lnk
[2011/09/03 09:31:35 | 000,001,492 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2003/12/04 15:07:32 | 000,000,911 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2003/12/04 15:04:35 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2003/12/04 15:03:13 | 000,262,416 | ---- | C] () -- C:\WINDOWS\System32\ASFV2.DLL
[2003/12/04 15:02:21 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\TDI-SonyOMG.dll
[2003/12/04 15:02:07 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\pxhpinst.exe
[2003/12/04 15:01:02 | 000,090,832 | ---- | C] () -- C:\WINDOWS\NSUninst.exe
[2003/12/04 15:00:59 | 000,009,192 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2003/12/04 14:16:12 | 000,526,184 | ---- | C] () -- C:\WINDOWS\q329692.exe
[2003/12/04 14:12:38 | 000,236,392 | ---- | C] () -- C:\WINDOWS\q329112.exe
[2003/12/04 14:11:18 | 000,028,771 | ---- | C] () -- C:\WINDOWS\System32\javaw.exe
[2003/12/04 14:11:18 | 000,024,673 | ---- | C] () -- C:\WINDOWS\System32\java.exe
[2003/12/03 16:09:53 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/12/03 14:51:43 | 000,042,897 | ---- | C] () -- C:\WINDOWS\System32\LudaP17.ini
[2003/12/03 14:51:43 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2003/12/03 14:33:43 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2003/12/03 14:30:07 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2003/12/03 13:23:51 | 000,393,216 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.exe
[2003/12/03 13:23:51 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2003/12/03 13:23:40 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\e1000msg.dll
[2003/12/03 13:23:32 | 000,060,416 | ---- | C] () -- C:\WINDOWS\System32\P17.dll
[2003/12/03 13:23:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\P17CPI.dll
[2003/12/03 13:23:27 | 000,000,738 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/12/03 13:23:17 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2003/12/03 13:23:17 | 000,004,573 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2003/12/03 13:23:16 | 000,363,734 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/12/03 13:23:16 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/12/03 13:23:16 | 000,045,408 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/12/03 13:23:16 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/12/03 13:23:16 | 000,004,530 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/12/03 13:23:15 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/12/03 13:23:15 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/12/03 13:23:13 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/12/03 13:23:13 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/12/03 13:23:11 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/12/03 13:23:09 | 000,001,740 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2003/12/03 06:27:12 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/12/03 06:26:41 | 000,103,032 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/11/12 07:54:00 | 000,352,768 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/07/23 12:53:30 | 000,373,967 | ---- | C] () -- C:\WINDOWS\ml-uninstall-v10.exe
[2002/08/06 15:55:37 | 000,024,576 | ---- | C] () -- C:\WINDOWS\ml-WA3Shutdown.exe
[2002/06/12 16:21:12 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\winchip.dll
[2002/04/02 21:08:34 | 000,311,108 | ---- | C] () -- C:\WINDOWS\ml-cleanup.exe
[2002/04/02 21:08:32 | 000,036,868 | ---- | C] () -- C:\WINDOWS\ml-winamp-shutdown.exe

========== LOP Check ==========

[2011/09/03 09:31:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Opera
[2011/09/03 13:02:08 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Registration reminder 1.job
[2011/09/03 13:02:08 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Registration reminder 2.job
[2011/09/03 13:02:08 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Registration reminder 3.job

========== Purity Check ==========



< End of report >

If I messed up somewhere then I apologize for it.
  • 0

Advertisements

#2
Render
Posted 04 September 2011 - 02:38 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi and welcome to GeeksToGo! Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any queries or you are unsure about anything, just say and I'll help you out :)

Are you able to boot into normal mode? Please do the following in normal mode if possible:

  • Please download aswMBR.exe to your desktop.
  • Double click the aswMBR.exe to run it.

    Posted Image
  • When asked if you want to download Avast's virus definitions please select No.
  • Click the Scan button to start scan.

    Posted Image
  • On completion of the scan click Save log, save it to your desktop and post in your next reply.

  • 0

#3
AndrewC46
Posted 05 September 2011 - 04:42 PM

AndrewC46

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Sorry for the day delay since my computer couldn't download I had to use my roommates to download the program. And he had to use his to write a paper yesterday, so I couldn't do it till today.

Thank you for your willingness to help/

Attached Files


  • 0

#4
Render
Posted 05 September 2011 - 05:15 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi,

18:27:03.390 Disk 0 malicious Win32:MBRoot code @ sector 61 !
18:27:03.421 Disk 0 PE file @ sector 625137345 !

This states that at some time you had a mbroot infection. It was cleared but a backup copy of the infection is dormant on the hard drive. I'm not sure if aswMBR is able to remove it but we can try so please do the following:

  • Please re-run aswMBR.exe.
  • Click Scan.
  • On completion of the scan click the Fix button.

    Posted Image
  • Save the log as before and post in your next reply.

  • 0

#5
AndrewC46
Posted 06 September 2011 - 10:49 AM

AndrewC46

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
I don't even think it's a virus anymore, it maybe contributing but I don't think it's the sole reason. Yesterday night, when I tried to do a scan, the computer restarted. I was like "Oh this again, oh well". Instead of coming back on, the monitor kept saying "Out of Display Range" and I would have to wait some time to pass before I could get it working. The computer has mileage on it, it's about 8 years ago. But here's the scan to get rid of all the malware at least.

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-09-06 07:29:24
-----------------------------
07:29:24.203 OS Version: Windows 5.1.2600 Service Pack 1
07:29:24.203 Number of processors: 2 586 0x209
07:29:24.203 ComputerName: VALUED-A4DE119D UserName: Andrew
07:29:24.312 Initialize success
07:29:28.093 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
07:29:28.093 Disk 0 Vendor: WDC_WD2000BB-98DWA0 15.05R15 Size: 190782MB BusType: 3
07:29:30.109 Disk 0 MBR read successfully
07:29:30.109 Disk 0 MBR scan
07:29:30.109 Disk 0 Windows XP default MBR code
07:29:30.109 Disk 0 scanning sectors +390716865
07:29:30.187 Disk 0 scanning C:\WINDOWS\System32\drivers
07:29:34.078 Service scanning
07:29:35.015 Modules scanning
07:29:39.796 Disk 0 trace - called modules:
07:29:39.812 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
07:29:39.812 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82387b48]
07:29:39.812 3 CLASSPNP.SYS[f85a7022] -> nt!IofCallDriver -> \Device\0000005a[0x82326f18]
07:29:39.812 5 ACPI.sys[f84ef12d] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8238fd98]
07:29:40.171 Scan finished successfully
07:29:44.937 Verifying
07:29:54.953 Disk 0 Windows 501 MBR fixed successfully
07:30:07.078 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Andrew\Desktop\MBR.dat"
07:30:07.078 The log file has been saved successfully to "C:\Documents and Settings\Andrew\Desktop\aswMBR2.txt"
  • 0

#6
Render
Posted 06 September 2011 - 11:39 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi,

MBR looks good now.

How is your internet connection now?

You also have to update your system to SP3.

But before we do it let's check if your system is malware free.

Please proceed with these steps:

Step 1

Posted Image Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware.
  • Select the Update tab.
  • Click on Check for Updates button.
  • Click on OK.
  • Select the Scanner tab.
  • Select Perform quick scan, then click on Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

Step 2

Download AVPTool from Here to your desktop
(You have to enter your e-mail address and click on Submit Form button. Please download latest English version of this tool)

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
(Please be patient as this scan can take a few hours)
Posted Image

Allow AVP to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post


Now the Analysis

Rerun AVP and select the Manual Disinfection tab and press Start Gathering System Information

Posted Image

On completion click the link to locate the zip file to upload and attach to your next post

Posted Image
  • 0

#7
AndrewC46
Posted 07 September 2011 - 02:12 PM

AndrewC46

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
An error occured. Now I need to get a new set of RAM since I keep getting three beeps when it starts up and I removed it and reseated only for nothing to happen. As of right now, I'm ordering a new set of RAM, so I may not respond with a scan for a couple of days.
  • 0

#8
Render
Posted 07 September 2011 - 02:27 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
OK. That's could be hardware issue. I will keep this topic open.
  • 0

#9
AndrewC46
Posted 13 September 2011 - 10:03 AM

AndrewC46

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
I was able to get my RAM today, so now there's no more beeps and no more random restarts. Here's my MBAM log, I wasn't able to get Kaspersky to work since it kept giving me an "The procedure entry point _except_handler4_common" error everytime I try to install.

To answer your question, the internet is still stalling and dropping randomly. I think something in the registry was changed or a .dll was deleted. I could easily be very wrong. Not sure what to do if that's the problem.

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7653

Windows 5.1.2600 Service Pack 1
Internet Explorer 6.0.2800.1106

1/1/2002 1:10:02 AM
mbam-log-2002-01-01 (01-10-02).txt

Scan type: Quick scan
Objects scanned: 160703
Time elapsed: 3 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#10
Render
Posted 13 September 2011 - 10:16 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
OK. Try with this in normal mode now:

Posted Image Please download ComboFix from one of these locations:

Bleepingcomputer
ForoSpyware

Notes:
  • Do not mouse-click Combofix's window while it is running. That may cause it to stall.
  • ComboFix may reset a number of Internet Explorer's settings, including making Internet Explorer the default browser.
  • Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
  • CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
  • If you are using personal certificates I recommend you to export them before running ComboFix and save them to external media.
Please carefully follow all steps below:
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
    Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Posted Image

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes. ComboFix will now start scanning your computer for known infections. This procedure can take some time, so please be patient.
  • When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Give it at least 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.
  • 0

Advertisements

#11
AndrewC46
Posted 13 September 2011 - 10:44 AM

AndrewC46

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
ComboFix 11-09-13.02 - Andrew 01/01/2002 1:41.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.1.1252.1.1033.18.511.155 [GMT -5:00]
Running from: c:\documents and settings\Andrew\Desktop\ComboFix.exe
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\caspol.exe.ae73cd99.ini
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\MCInstaller.exe.68d9f572.ini
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\ngen.exe.89f695a3.ini
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\snchk.exe.bc20ddb9.ini
c:\documents and settings\Andrew\Local Settings\Application Data\ApplicationHistory
c:\documents and settings\Andrew\Local Settings\Application Data\ApplicationHistory\caspol.exe.ae73cd99.ini
c:\documents and settings\Andrew\Local Settings\Application Data\ApplicationHistory\MCInstaller.exe.68d9f572.ini
c:\documents and settings\Andrew\Local Settings\Application Data\ApplicationHistory\ngen.exe.89f695a3.ini
c:\documents and settings\Andrew\Local Settings\Application Data\ApplicationHistory\snchk.exe.bc20ddb9.ini
c:\program files\messenger\msmsgsin.exe
c:\windows\ehome\medctrro.exe
c:\windows\ehome\snchk.exe
c:\windows\help\wmplayer.bak
c:\windows\kb829983_wxp_mce2_enu.exe
c:\windows\kb829984_wxp_mce2_enu.exe
c:\windows\system\WINSPOOL.DRV
c:\windows\system32\config\systemprofile\Local Settings\Application Data\ApplicationHistory
c:\windows\system32\config\systemprofile\Local Settings\Application Data\ApplicationHistory\caspol.exe.ae73cd99.ini
c:\windows\system32\config\systemprofile\Local Settings\Application Data\ApplicationHistory\MCInstaller.exe.68d9f572.ini
c:\windows\system32\config\systemprofile\Local Settings\Application Data\ApplicationHistory\ngen.exe.89f695a3.ini
c:\windows\system32\config\systemprofile\Local Settings\Application Data\ApplicationHistory\snchk.exe.bc20ddb9.ini
c:\windows\system32\e1000msg.dll
c:\windows\system32\l_except.nls
c:\windows\tsoc.log
c:\windows\windowsmedia-kb828026-x86-enu.exe
c:\windows\windowsmedia9-kb819639-x86-enu.exe
c:\windows\windowsmedia9-kb823275-x86-enu.exe
c:\windows\windowsxp-kb817611-x86-enu.exe
c:\windows\windowsxp-kb822827-x86-enu.exe
c:\windows\windowsxp-kb823182-x86-enu.exe
c:\windows\windowsxp-kb824105-x86-enu.exe
c:\windows\windowsxp-kb824141-x86-enu.exe
c:\windows\windowsxp-kb824146-x86-enu.exe
c:\windows\windowsxp-kb825119-x86-enu.exe
c:\windows\windowsxp-kb825121-x86-enu.exe
c:\windows\windowsxp-kb826939-x86-enu.exe
c:\windows\windowsxp-kb828035-x86-enu.exe
.
c:\windows\system32\msgsvc.dll . . . is infected!!
.
c:\windows\system32\qmgr.dll . . . is infected!!
.
.
((((((((((((((((((((((((( Files Created from 2001-12-01 to 2002-01-01 )))))))))))))))))))))))))))))))
.
.
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2003-07-30 12:00 . 2003-12-03 18:31 106562 ----a-w- c:\windows\srchasst\srchctls.dll
2003-07-30 12:00 . 2003-12-03 18:31 3346432 ----a-w- c:\windows\srchasst\msgr3en.dll
2003-07-30 12:00 . 2003-12-03 18:31 138752 ----a-w- c:\windows\pchealth\UploadLB\Binaries\UploadM.exe
2003-07-30 12:00 . 2003-12-03 18:31 99840 ----a-w- c:\windows\pchealth\helpctr\Binaries\HelpHost.exe
2003-07-30 12:00 . 2003-12-03 18:31 6656 ----a-w- c:\windows\pchealth\helpctr\Binaries\HCAppRes.dll
2003-07-30 12:00 . 2003-12-03 18:31 35328 ----a-w- c:\windows\pchealth\helpctr\Binaries\notiflag.exe
2003-07-30 12:00 . 2003-12-03 18:31 348160 ----a-w- c:\windows\pchealth\helpctr\Binaries\msinfo.dll
2003-07-30 12:00 . 2003-12-03 18:31 21504 ----a-w- c:\windows\pchealth\helpctr\Binaries\brpinfo.dll
2003-07-30 12:00 . 2003-12-03 18:30 798782 ----a-w- c:\windows\srchasst\srchui.dll
2003-07-30 12:00 . 2003-12-03 18:30 29696 ----a-w- c:\windows\pchealth\helpctr\Binaries\pchsvc.dll
2003-07-30 12:00 . 2003-12-03 18:30 8704 ----a-w- c:\windows\pchealth\helpctr\Binaries\HscUpd.exe
2003-07-30 12:00 . 2003-12-03 18:30 742400 ----a-w- c:\windows\pchealth\helpctr\Binaries\HelpCtr.exe
2003-07-30 12:00 . 2003-12-03 18:30 703488 ----a-w- c:\windows\pchealth\helpctr\Binaries\HelpSvc.exe
2003-07-30 12:00 . 2003-12-03 18:30 145408 ----a-w- c:\windows\pchealth\helpctr\Binaries\msconfig.exe
2003-07-30 12:00 . 2003-12-03 17:23 3374640 ----a-w- c:\windows\help\Tours\mmTour\tour.exe
2003-07-30 12:00 . 2003-12-03 17:23 262656 ----a-w- c:\windows\help\tshoot.dll
2003-07-30 12:00 . 2003-12-03 17:23 30720 ----a-w- c:\windows\help\sstub.dll
2003-07-30 12:00 . 2003-12-03 17:23 32256 ----a-w- c:\windows\help\sniffpol.dll
2003-07-30 12:00 . 2003-12-03 17:23 406528 ----a-w- c:\windows\apppatch\AcLayers.dll
2003-07-30 12:00 . 2003-12-03 17:23 255488 ----a-w- c:\windows\apppatch\AcVerfyr.dll
2003-07-30 12:00 . 2003-12-03 17:23 219136 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2003-07-30 12:00 . 2003-12-03 17:23 152576 ----a-w- c:\windows\help\bnts.dll
2003-07-30 12:00 . 2003-12-03 17:23 125440 ----a-w- c:\windows\apppatch\AcLua.dll
2003-07-30 12:00 . 2003-12-03 17:23 107520 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2003-07-30 12:00 . 2001-08-17 22:37 77891 ----a-w- c:\windows\system32\usrmlnka.exe
2003-07-30 12:00 . 2001-08-17 22:37 69700 ----a-w- c:\windows\system32\usrshuta.exe
2003-07-30 12:00 . 2001-08-17 22:37 61508 ----a-w- c:\windows\system32\usrprbda.exe
2003-07-30 12:00 . 2001-08-17 22:36 55296 ----a-w- c:\windows\system32\dvdplay.exe
2003-07-30 12:00 . 2001-08-17 22:36 3200 ----a-w- c:\windows\system32\wowfax.dll
2003-07-30 12:00 . 2001-08-17 22:36 13824 ----a-w- c:\windows\system32\wowfaxui.dll
2003-07-30 12:00 . 2001-08-17 22:36 86073 ----a-w- c:\windows\system32\usrfaxa.dll
2003-07-30 12:00 . 2001-08-17 22:36 77890 ----a-w- c:\windows\system32\usrdpa.dll
2003-07-30 12:00 . 2001-08-17 22:36 77883 ----a-w- c:\windows\system32\usrrtosa.dll
2003-07-30 12:00 . 2001-08-17 22:36 69699 ----a-w- c:\windows\system32\usrcoina.dll
2003-07-30 12:00 . 2001-08-17 22:36 61500 ----a-w- c:\windows\system32\usrcntra.dll
2003-07-30 12:00 . 2001-08-17 22:36 53305 ----a-w- c:\windows\system32\usrlbva.dll
2003-07-30 12:00 . 2001-08-17 22:36 49211 ----a-w- c:\windows\system32\usrvpa.dll
2003-07-30 12:00 . 2001-08-17 22:36 49211 ----a-w- c:\windows\system32\usrsdpia.dll
2003-07-30 12:00 . 2001-08-17 22:36 49209 ----a-w- c:\windows\system32\usrv80a.dll
2003-07-30 12:00 . 2001-08-17 22:36 45116 ----a-w- c:\windows\system32\usrvoica.dll
2003-07-30 12:00 . 2001-08-17 22:36 41019 ----a-w- c:\windows\system32\usrsvpia.dll
2003-07-30 12:00 . 2001-08-17 22:36 323641 ----a-w- c:\windows\system32\usrdtea.dll
2003-07-30 12:00 . 2001-08-17 22:36 102457 ----a-w- c:\windows\system32\usrv42a.dll
2003-07-30 12:00 . 2001-08-17 22:36 8192 ----a-w- c:\windows\system32\streamci.dll
2003-07-30 12:00 . 2001-08-17 22:36 72192 ----a-w- c:\windows\system32\sprio800.dll
2003-07-30 12:00 . 2001-08-17 22:36 70656 ----a-w- c:\windows\system32\sprio600.dll
2003-07-30 12:00 . 2001-08-17 22:36 69632 ----a-w- c:\windows\system32\spnike.dll
2003-07-30 12:00 . 2001-08-17 22:36 157696 ----a-w- c:\windows\system32\paqsp.dll
2003-07-30 12:00 . 2001-08-17 22:36 12800 ----a-w- c:\windows\system32\pjlmon.dll
2003-07-30 12:00 . 2001-08-17 22:36 147968 ----a-w- c:\windows\system32\mdwmdmsp.dll
2003-07-30 12:00 . 2001-08-17 22:36 22528 ----a-w- c:\windows\system32\hid.dll
2003-07-30 12:00 . 2001-08-17 22:36 50688 ----a-w- c:\windows\system32\dmutil.dll
2003-07-30 12:00 . 2001-08-17 22:36 45568 ----a-w- c:\windows\system32\cnbjmon.dll
2003-07-30 12:00 . 2001-08-17 14:06 21376 ----a-w- c:\windows\system32\drivers\tsbvcap.sys
2003-07-30 12:00 . 2001-08-17 14:03 23936 ----a-w- c:\windows\system32\drivers\usbcamd2.sys
2003-07-30 12:00 . 2001-08-17 14:03 23808 ----a-w- c:\windows\system32\drivers\usbcamd.sys
2003-07-30 12:00 . 2001-08-17 14:03 4736 ----a-w- c:\windows\system32\drivers\usbd.sys
2003-07-30 12:00 . 2001-08-17 14:02 262528 ----a-w- c:\windows\system32\drivers\cinemst2.sys
2003-07-30 12:00 . 2001-08-17 14:02 58112 ----a-w- c:\windows\system32\drivers\vdmindvd.sys
2003-07-30 12:00 . 2001-08-17 14:02 23680 ----a-w- c:\windows\system32\drivers\hidparse.sys
2003-07-30 12:00 . 2001-08-17 14:01 51712 ----a-w- c:\windows\system32\drivers\tosdvd.sys
2003-07-30 12:00 . 2001-08-17 13:58 62208 ----a-w- c:\windows\system32\drivers\mf.sys
2003-07-30 12:00 . 2001-08-17 13:57 3456 ----a-w- c:\windows\system32\drivers\oprghdlr.sys
2003-07-30 12:00 . 2001-08-17 13:57 11648 ----a-w- c:\windows\system32\drivers\acpiec.sys
2003-07-30 12:00 . 2001-08-17 13:57 28800 ----a-w- c:\windows\system32\drivers\modem.sys
2003-07-30 12:00 . 2001-08-17 13:57 12160 ----a-w- c:\windows\system32\drivers\fsvga.sys
2003-07-30 12:00 . 2001-08-17 13:52 125056 ----a-w- c:\windows\system32\drivers\ftdisk.sys
2003-07-30 12:00 . 2001-08-17 13:52 18688 ----a-w- c:\windows\system32\drivers\cdaudio.sys
2003-07-30 12:00 . 2001-08-17 13:52 13952 ----a-w- c:\windows\system32\drivers\cbidf2k.sys
2003-07-30 12:00 . 2001-08-17 13:51 26240 ----a-w- c:\windows\system32\drivers\fdc.sys
2003-07-30 12:00 . 2001-08-17 13:50 14976 ----a-w- c:\windows\system32\drivers\serenum.sys
2003-07-30 12:00 . 2001-08-17 13:24 12032 ----a-w- c:\windows\system32\drivers\riodrv.sys
2003-07-30 12:00 . 2001-08-17 13:24 12032 ----a-w- c:\windows\system32\drivers\rio8drv.sys
2003-07-30 12:00 . 2001-08-17 13:24 12032 ----a-w- c:\windows\system32\drivers\nikedrv.sys
2003-07-30 12:00 . 2001-08-17 13:24 11776 ----a-w- c:\windows\system32\drivers\cpqdap01.sys
2003-03-26 04:40 . 2003-03-26 05:06 902726 ----a-w- c:\windows\system32\QTJava.zip
2003-02-19 22:15 . 2003-02-19 22:15 1821696 ----a-w- c:\windows\apppatch\acgenral.dll
2002-11-27 18:50 . 2003-12-04 18:22 94208 ----a-w- c:\windows\pchealth\helpctr\Binaries\pchshell.dll
2011-09-03 06:01 . 2002-01-01 06:01 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
.
.
[-] 2002-11-27 03:03 . 36678803A8030EE9A771935CFC1848BD . 52224 . . [9.0.1.56] . . c:\windows\system32\mspmsnsv.dll
.
[-] 2003-05-30 17:00 . 7BA80564F369A96AF84E3AA27E75E90B . 1634304 . . [5.3.0000001.902 built by: DIRECTX] . . c:\windows\system32\d3d9.dll
.
c:\windows\System32\wscntfy.exe ... is missing !!
c:\windows\System32\xmlprov.dll ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2003-11-12 48128]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-11-16 335872]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-08-19 4841472]
"CreateCD_Reminder"="c:\windows\Sonysys\VAIO Recovery\reminder.exe" [2003-08-25 53248]
"VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672]
"sHotKey"="c:\program files\SONY\sHotKey\sHotKey.exe" [2003-08-22 45056]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2003-12-04 77824]
"ezShieldProtector for Px"="c:\windows\System32\ezSP_Px.exe" [2002-08-20 40960]
"VAIOSurvey"="c:\program files\sony\vaio survey\surveysa.exe" [2003-11-03 1052672]
"ZZZ"="c:\windows\Sonysys\Eflyer\EFlyer_Popup.exe" [2003-05-16 24576]
"ZTgServerSwitch"="c:\program files\support.com\client\bin\tgcmd.exe" [2003-06-24 1409024]
"AGRSMMSG"="AGRSMMSG.exe" [2003-05-23 88363]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Quicken Scheduled Updates.lnk - c:\program files\Quicken\bagent.exe [2003-10-2 57344]
.
R0 SonyLSM;LED State Service;c:\windows\system32\drivers\SonyLSM.sys [12/3/2003 12:23 PM 4736]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [9/4/2011 7:40 AM 366640]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [9/4/2011 7:40 AM 21048]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ALG
*NewlyCreated* - IPNAT
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-04 c:\windows\Tasks\Registration reminder 1.job
- c:\windows\System32\OOBE\oobebaln.exe [2003-12-03 12:00]
.
2011-09-04 c:\windows\Tasks\Registration reminder 2.job
- c:\windows\System32\OOBE\oobebaln.exe [2003-12-03 12:00]
.
2011-09-04 c:\windows\Tasks\Registration reminder 3.job
- c:\windows\System32\OOBE\oobebaln.exe [2003-12-03 12:00]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.sony.com/vaiopeople
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
TCP: DhcpNameServer = 192.168.1.1 71.242.0.12
FF - ProfilePath - c:\documents and settings\Andrew\Application Data\Mozilla\Firefox\Profiles\l1i03qzv.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2002-01-01 01:47
Windows 5.1.2600 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(688)
c:\windows\System32\ODBC32.dll
.
- - - - - - - > 'lsass.exe'(744)
c:\windows\System32\dssenh.dll
.
- - - - - - - > 'explorer.exe'(112)
c:\windows\System32\msi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\ehome\ehSched.exe
c:\windows\AGRSMMSG.exe
c:\windows\System32\nvsvc32.exe
c:\windows\ehome\ehRec.exe
c:\program files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
c:\program files\Sony\Sony TV Tuner Library\SMceMan.exe
c:\program files\Sony\Sony TV Tuner Library\RM_SV.exe
.
**************************************************************************
.
Completion time: 2002-01-01 01:50:22 - machine was rebooted
ComboFix-quarantined-files.txt 2002-01-01 06:50
.
Pre-Run: 11,153,190,912 bytes free
Post-Run: 11,106,078,720 bytes free
.
- - End Of File - - 88ABDB44F2F4AAC4118BBC58B418493A




It feels the same as always, the internet still sluggish. But as long as the computer doesn't restart then that's an improvement.

Edited by AndrewC46, 13 September 2011 - 10:49 AM.

  • 0

#12
Render
Posted 13 September 2011 - 11:04 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi,

Unfortunately your computer is heavily infected. That happens mostly if you don't update your operating system on regular basis. You have installed ancient WinXP SP1 when SP3 is out a few years ago.

Please tell me if you have your original Windows CD/DVD available. The CD will be required because we need to replace some infected and missing files.
  • 0

#13
AndrewC46
Posted 13 September 2011 - 11:48 AM

AndrewC46

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Bad news: This was a manufacturer built computer, Sony Vaio, so a Windows CD was not part of the purchased. All that was given was the CD-Key.

Good news: My friend has a Windows XP disk, so I will be able to borrow his rather soon. However, I don't believe that it's a Media Center Disk. So I may need to get one of Ebay.

-And this computer couldn't update to a newer Service Pack. I tried it multiple times throughout the years, there would always be an error when I tried to get it to SP2. At the time, the error wasn't in the Microsoft KB and the only similarities I found on the Internet were questions left unanswered. Without SP2, I wasn't able to update directly to SP3. But that's no excuse to not try to fix it.

Edited by AndrewC46, 13 September 2011 - 11:48 AM.

  • 0

#14
Render
Posted 13 September 2011 - 12:13 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
OK. You don't need to buy setup CD. Just borrow it from your friend. Files we will need are the same for both versions.
  • 0

#15
AndrewC46
Posted 13 September 2011 - 12:36 PM

AndrewC46

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
One last question before I wait to grab it from him, I only need the CD and not the CD-key also, correct? I do believe that he already used the key for his work computer.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP