Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

CPU usage 100% system 32 host crashing


  • This topic is locked This topic is locked

#1
morrisw7

morrisw7

    Member

  • Member
  • PipPip
  • 19 posts
Hello,
my windows XP PC has recently been running slower, then in the past 2 days it bogged way down and avast was going crazy with malware blocks, ran a scan wioth avast found nothing then I used malware bytes and found nothing. Then a Boot time scan with Avast and it removed 4 different items one of wich was a "kid logger" a stupid program that I installed months ago and was unable to remove because it wasn't showing up in ADD/REMOVE and wasn't being picked up in scans. I am at my wits end the PC keeps spiking to 100% CPU usage and it is so hard to navigate due to it not moving so slowly. I can not find anything but I noticed my svchost.exe was 150,000 in the usage which seemed high to me.

I'm not sure this is a virus/malware but a friend of mine (who knows more about computers than me) tells me it is and i just have to remove it but wont help me do it....some friend :)

Please help me I will answer any question you need me to. It's important to me due to the fact that I often work from home over the telephone and must have a PC to do it.

Thanks
Wes

Attached File  OTL.Txt   76.41KB   33 downloads

OTL logfile created on: 04/09/2011 4:09:38 AM - Run 1
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Documents and Settings\Morris\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd/MM/yyyy

958.48 Mb Total Physical Memory | 520.73 Mb Available Physical Memory | 54.33% Memory free
2.26 Gb Paging File | 1.80 Gb Available in Paging File | 79.73% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 4.44 Gb Free Space | 5.95% Space Free | Partition Type: NTFS

Computer Name: MORRIS1 | User Name: Morris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2011/09/01 07:39:18 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/07/27 23:41:08 | 000,397,992 | ---- | M] ({StringFileInfo_CompanyName}) -- C:\Program Files\Ask.com\Updater\Updater.exe
PRC - [2011/07/21 13:12:16 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/05/09 06:42:24 | 000,428,200 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2011/04/21 08:54:05 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011/04/21 08:53:48 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/04/21 08:53:33 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/11/27 01:55:42 | 000,648,032 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
PRC - [2010/03/25 18:42:36 | 000,388,096 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
PRC - [2009/07/01 11:37:06 | 000,037,888 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
PRC - [2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/01 07:39:20 | 001,001,432 | ---- | M] () -- C:\Program Files\Mozilla Firefox\js3250.dll
MOD - [2011/07/21 16:12:31 | 000,355,688 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2011/07/20 07:40:04 | 006,271,136 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2010/03/15 12:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2010/02/05 13:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2009/11/03 15:51:42 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009/07/01 11:37:06 | 000,037,888 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
MOD - [2008/04/14 07:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/04/14 07:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2005/10/25 12:54:22 | 000,020,594 | ---- | M] () -- C:\WINDOWS\system32\Dels3LMK.DLL


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/07/21 13:12:16 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/05/09 06:42:24 | 000,428,200 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2011/04/21 08:53:48 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/11/27 01:55:42 | 000,398,176 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)


========== Driver Services (SafeList) ==========

DRV - [2011/07/21 13:15:21 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/07/21 13:15:19 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/06/17 16:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/06/17 16:27:12 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2010/03/10 11:28:40 | 000,602,912 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8192su.sys -- (RTL8192su)
DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/10/01 16:45:52 | 000,057,440 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\jswscimd.sys -- (JSWSCIMD)
DRV - [2008/04/13 17:05:40 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2007/12/14 04:31:00 | 000,057,408 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD)
DRV - [2006/03/08 14:27:12 | 004,246,016 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/01/18 18:41:58 | 000,080,512 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2005/08/13 21:35:54 | 001,313,792 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.netflix.com/MemberHome
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....-8&fr=ytff-&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://movies.netfli...eagueId=309777"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {1cff04ef-0c75-4621-ba2a-2efb77346996}:2.3
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}:6.0.27
FF - prefs.js..extensions.enabledItems: [email protected]:3.12.5.17700
FF - prefs.js..keyword.URL: "http://search.yahoo....type=937811&p="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.633: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.633: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.633: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.633: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@rim.com/npappworld: C:\Program Files\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Morris\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Morris\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/03/31 14:51:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.21\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2006/01/01 03:12:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.21\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/01 07:39:42 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Program Files\Object\facetheme

[2010/05/19 09:20:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Morris\Application Data\Mozilla\Extensions
[2011/09/04 01:00:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Morris\Application Data\Mozilla\Firefox\Profiles\vauejyz6.default\extensions
[2011/01/18 16:24:13 | 000,000,000 | ---D | M] ("ChromaTabs Plus") -- C:\Documents and Settings\Morris\Application Data\Mozilla\Firefox\Profiles\vauejyz6.default\extensions\{1cff04ef-0c75-4621-ba2a-2efb77346996}
[2011/08/20 13:34:03 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Morris\Application Data\Mozilla\Firefox\Profiles\vauejyz6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2006/01/01 03:12:05 | 000,000,000 | ---D | M] (Avira SearchFree Toolbar plus Web Protection) -- C:\Documents and Settings\Morris\Application Data\Mozilla\Firefox\Profiles\vauejyz6.default\extensions\[email protected]
[2011/09/04 01:00:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/09/07 18:12:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/09/22 18:00:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/07 23:16:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/09/02 07:41:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
[2011/03/31 14:51:04 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2010/09/07 18:11:59 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/07/19 05:05:25 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/09/02 07:04:38 | 000,001,719 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
O1 - Hosts: 127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
O1 - Hosts: 127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
O1 - Hosts: 127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe ({StringFileInfo_CompanyName})
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2....re/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.h...tDetection2.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1E0C60E1-35FD-4B7C-80E9-A59B35CFB133}: DhcpNameServer = 192.168.2.1 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5800F597-3DBD-4A54-AE77-825F225B9440}: DhcpNameServer = 10.0.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Morris\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Morris\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/10/03 22:44:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - Unable to obtain root file information for disk C:\
O33 - MountPoints2\{aea44140-bb8b-11de-adf7-0017311159ee}\Shell\AutoRun\command - "" = F:\slacker.synclauncher.exe
O33 - MountPoints2\{aea44140-bb8b-11de-adf7-0017311159ee}\Shell\slacker\command - "" = F:\slacker.synclauncher.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/04 04:08:13 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Morris\Desktop\OTL.exe
[2011/09/04 03:59:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Morris\Start Menu\Programs\HiJackThis
[2011/09/04 03:59:13 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/09/04 03:15:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Real
[2011/09/02 10:33:23 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Morris\Recent
[2011/09/02 10:32:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2011/09/02 07:41:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/09/02 07:41:27 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/09/02 07:41:27 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/09/02 07:41:26 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/09/02 06:05:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/09/01 17:07:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/09/01 17:07:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/09/01 16:14:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/09/01 16:14:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/09/01 16:14:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/09/01 07:41:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Morris\Desktop\brandon PS
[2011/08/31 17:47:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2011/08/25 15:30:27 | 000,000,000 | ---D | C] -- C:\Sierra
[2011/08/24 18:24:33 | 000,000,000 | ---D | C] -- C:\Program Files\Digital Loggers Inc
[2011/08/20 22:13:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Morris\Desktop\New Folder (4)
[2011/08/20 22:06:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Morris\Desktop\sweet 16
[2011/08/19 11:42:07 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Morris\My Documents\My Web Sites
[2011/08/19 09:49:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office
[2011/08/19 09:48:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2011/08/19 09:47:29 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2011/08/19 09:47:28 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2011/08/19 09:44:44 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2011/08/16 07:17:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Morris\Desktop\frio trip
[2011/08/07 09:40:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Morris\Desktop\johnny cash
[2011/08/05 21:33:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\YouTube Downloader
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/09/04 04:08:13 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Morris\Desktop\OTL.exe
[2011/09/04 04:05:00 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-527237240-1177238915-1004UA.job
[2011/09/04 04:01:00 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/09/04 03:59:28 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1409082233-527237240-1177238915-1004.job
[2011/09/04 03:59:28 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1409082233-527237240-1177238915-1004.job
[2011/09/04 03:59:14 | 000,001,986 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\HiJackThis.lnk
[2011/09/04 02:01:19 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-MORRIS1-Morris.job
[2011/09/02 21:54:55 | 000,547,870 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\anchorman-the-legend-of-ron-burgundy-original.jpg
[2011/09/02 20:53:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/09/02 20:32:17 | 000,013,702 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/09/02 15:17:08 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/09/02 11:05:09 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-527237240-1177238915-1004Core.job
[2011/09/02 10:32:54 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/09/02 07:04:38 | 000,001,719 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/09/02 05:50:36 | 000,432,686 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/09/02 05:50:36 | 000,067,516 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/09/01 23:58:20 | 001,008,092 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\rkill(2).exe
[2011/09/01 22:51:23 | 000,053,569 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\gay-[bleep]-2.jpg
[2011/09/01 22:43:44 | 000,151,293 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\aaaa.jpg
[2011/09/01 22:40:27 | 000,050,844 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\[bleep]youhaimgaycell8is.jpg
[2011/09/01 16:45:49 | 000,691,491 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\Funny-Comic-avatar-the-last-airbender-14238812-600-1572.jpg
[2011/09/01 16:12:12 | 000,047,168 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\fat-guy-in-a-sailor-moon-costume-What the....jpg
[2011/09/01 16:10:07 | 000,063,421 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\622_superman-plays-doctor.gif
[2011/09/01 07:35:48 | 003,434,088 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/08/31 18:42:39 | 000,096,051 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\article-0-0D7DB95800000578-965_634x830.jpg
[2011/08/31 17:24:02 | 000,000,089 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\Newegg.com - COMPAQ 100B (XZ846UT#ABA) Desktop PC AMD Dual-Core Processor E-350(1.6GHz) 2GB DDR3 500GB HDD Capacity AMD Rade.URL
[2011/08/31 12:14:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/08/31 11:11:16 | 000,074,195 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\transformers-3-ratchet-dual-mode.jpg
[2011/08/31 10:47:19 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/08/31 10:22:32 | 000,017,865 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\thumbnail.aspx
[2011/08/31 09:40:56 | 000,052,518 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\chad_ochocinco_sleeps_underneath_a_whole_bunch_of_fish2.jpg
[2011/08/31 09:40:19 | 000,063,025 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\chad_ochocinco_sleeps_underneath_a_whole_bunch_of_fish.jpg
[2011/08/30 23:09:39 | 000,002,271 | ---- | M] () -- C:\Documents and Settings\Morris\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/08/30 23:09:38 | 000,002,293 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\Google Chrome.lnk
[2011/08/27 18:37:39 | 000,008,258 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\3n73m93p25Y55R65S3b8m731e799e45991548.jpg
[2011/08/27 18:37:35 | 000,006,921 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\3n73o53lc5O15T35S4b8mc9afb2f920691ad8.jpg
[2011/08/27 18:37:10 | 000,007,166 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\3k83oc3p85Q35U65R0b8mf1836c4c069315d1.jpg
[2011/08/27 14:54:46 | 000,188,418 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\IMG-20110821-00739.jpg
[2011/08/27 14:54:46 | 000,178,740 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\IMG-20110821-00740.jpg
[2011/08/26 22:06:57 | 000,171,013 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\4seasonsrambler.jpg
[2011/08/26 16:33:38 | 000,278,647 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\mr1-honda-cb750-1976.jpg
[2011/08/26 16:31:16 | 001,258,177 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\Ryan-CB750-21.jpg
[2011/08/26 16:30:36 | 001,193,986 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\Ryan-CB750.jpg
[2011/08/25 17:54:29 | 000,151,040 | ---- | M] () -- C:\Documents and Settings\Morris\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/25 15:02:17 | 000,021,127 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\Rv Dist..odt
[2011/08/24 21:55:32 | 000,058,534 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\chopper frame (2).jpg
[2011/08/24 21:39:40 | 000,229,358 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\R1- 2A.jpg
[2011/08/24 18:31:14 | 000,000,103 | ---- | M] () -- C:\WINDOWS\logger.res
[2011/08/24 18:24:48 | 000,000,103 | ---- | M] () -- C:\WINDOWS\logger.ini
[2011/08/19 18:12:54 | 000,001,306 | ---- | M] () -- C:\Documents and Settings\Morris\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to Downloads.lnk
[2011/08/19 18:11:40 | 000,000,408 | ---- | M] () -- C:\Documents and Settings\Morris\My Documents\Shortcut to Downloads.lnk
[2011/08/19 15:55:43 | 000,000,471 | ---- | M] () -- C:\Documents and Settings\Morris\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to entertainment.lnk
[2011/08/19 09:50:20 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2011/08/18 07:16:59 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\expressburnShakeIcon.job
[2011/08/15 07:40:47 | 000,025,691 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\2011.gif
[2011/08/15 07:36:59 | 000,520,282 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\2010_Calendar_template_by_SauliusN.jpg
[2011/08/13 14:08:53 | 000,017,011 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\Untitled 1.odt
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/04 03:59:14 | 000,001,986 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\HiJackThis.lnk
[2011/09/02 21:54:54 | 000,547,870 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\anchorman-the-legend-of-ron-burgundy-original.jpg
[2011/09/02 10:32:54 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/09/01 23:57:57 | 001,008,092 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\rkill(2).exe
[2011/09/01 22:55:40 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-MORRIS1-Morris.job
[2011/09/01 22:51:22 | 000,053,569 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\gay-[bleep]-2.jpg
[2011/09/01 22:43:18 | 000,151,293 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\aaaa.jpg
[2011/09/01 22:40:23 | 000,050,844 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\[bleep]youhaimgaycell8is.jpg
[2011/09/01 17:05:22 | 000,000,280 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1409082233-527237240-1177238915-1004.job
[2011/09/01 16:45:02 | 000,691,491 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\Funny-Comic-avatar-the-last-airbender-14238812-600-1572.jpg
[2011/09/01 16:14:32 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/09/01 16:12:10 | 000,047,168 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\fat-guy-in-a-sailor-moon-costume-What the....jpg
[2011/09/01 16:10:04 | 000,063,421 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\622_superman-plays-doctor.gif
[2011/08/31 18:42:25 | 000,096,051 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\article-0-0D7DB95800000578-965_634x830.jpg
[2011/08/31 17:41:51 | 000,000,870 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Photoshop CS5.1.lnk
[2011/08/31 17:39:05 | 000,000,832 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Bridge CS5.1.lnk
[2011/08/31 17:38:17 | 000,000,925 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Device Central CS5.5.lnk
[2011/08/31 17:36:26 | 000,001,026 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Extension Manager CS5.5.lnk
[2011/08/31 17:36:10 | 000,001,176 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.5.lnk
[2011/08/31 17:35:07 | 000,000,728 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Help.lnk
[2011/08/31 17:24:02 | 000,000,089 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\Newegg.com - COMPAQ 100B (XZ846UT#ABA) Desktop PC AMD Dual-Core Processor E-350(1.6GHz) 2GB DDR3 500GB HDD Capacity AMD Rade.URL
[2011/08/31 11:11:08 | 000,074,195 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\transformers-3-ratchet-dual-mode.jpg
[2011/08/31 10:22:30 | 000,017,865 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\thumbnail.aspx
[2011/08/31 09:40:54 | 000,052,518 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\chad_ochocinco_sleeps_underneath_a_whole_bunch_of_fish2.jpg
[2011/08/31 09:40:18 | 000,063,025 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\chad_ochocinco_sleeps_underneath_a_whole_bunch_of_fish.jpg
[2011/08/27 18:37:39 | 000,008,258 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\3n73m93p25Y55R65S3b8m731e799e45991548.jpg
[2011/08/27 18:37:34 | 000,006,921 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\3n73o53lc5O15T35S4b8mc9afb2f920691ad8.jpg
[2011/08/27 18:37:08 | 000,007,166 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\3k83oc3p85Q35U65R0b8mf1836c4c069315d1.jpg
[2011/08/27 16:54:52 | 000,188,418 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\IMG-20110821-00739.jpg
[2011/08/27 16:54:52 | 000,178,740 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\IMG-20110821-00740.jpg
[2011/08/26 22:06:56 | 000,171,013 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\4seasonsrambler.jpg
[2011/08/26 16:33:37 | 000,278,647 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\mr1-honda-cb750-1976.jpg
[2011/08/26 16:30:54 | 001,258,177 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\Ryan-CB750-21.jpg
[2011/08/26 16:30:33 | 001,193,986 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\Ryan-CB750.jpg
[2011/08/25 15:02:14 | 000,021,127 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\Rv Dist..odt
[2011/08/24 21:55:29 | 000,058,534 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\chopper frame (2).jpg
[2011/08/24 21:39:40 | 000,229,358 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\R1- 2A.jpg
[2011/08/24 18:26:59 | 000,000,103 | ---- | C] () -- C:\WINDOWS\logger.res
[2011/08/24 18:24:46 | 000,000,103 | ---- | C] () -- C:\WINDOWS\logger.ini
[2011/08/19 18:11:43 | 000,001,306 | ---- | C] () -- C:\Documents and Settings\Morris\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to Downloads.lnk
[2011/08/19 18:11:40 | 000,000,408 | ---- | C] () -- C:\Documents and Settings\Morris\My Documents\Shortcut to Downloads.lnk
[2011/08/19 15:55:43 | 000,000,471 | ---- | C] () -- C:\Documents and Settings\Morris\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to entertainment.lnk
[2011/08/19 09:50:20 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011/08/15 07:40:46 | 000,025,691 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\2011.gif
[2011/08/15 07:36:57 | 000,520,282 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\2010_Calendar_template_by_SauliusN.jpg
[2011/08/13 14:08:50 | 000,017,011 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\Untitled 1.odt
[2011/02/17 04:50:55 | 000,438,384 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/10/14 17:50:55 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Morris\Application Data\$_hpcst$.hpc
[2010/09/11 09:44:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2010/08/30 21:57:13 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\SSCoInst.exe
[2010/08/30 21:57:13 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\SVSetup.Exe
[2010/08/30 21:57:13 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\SSCoInst.dll
[2010/08/30 21:57:13 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\SVSetup.dll
[2010/08/30 21:57:12 | 000,020,594 | ---- | C] () -- C:\WINDOWS\System32\Dels3LMK.DLL
[2010/05/19 09:20:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/12/06 10:58:30 | 000,000,067 | ---- | C] () -- C:\WINDOWS\Easy Video to DVD.INI
[2009/12/06 10:45:08 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/10/06 22:46:13 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2009/10/06 22:46:13 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2009/10/06 22:24:30 | 000,151,040 | ---- | C] () -- C:\Documents and Settings\Morris\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/06 22:14:25 | 000,516,096 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2009/10/03 22:47:04 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/10/03 22:41:45 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/10/03 17:29:53 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/10/03 17:28:10 | 003,434,088 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/04/14 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/14 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 07:00:00 | 000,432,686 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/14 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 07:00:00 | 000,067,516 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/14 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/14 07:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/14 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/07/19 08:25:16 | 000,104,361 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2004/04/18 16:43:46 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2004/04/18 16:43:44 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll

< End of report >
  • 0

Advertisements


#2
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi and welcome to GeeksToGo! Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any queries or you are unsure about anything, just say and I'll help you out :)

Do the following steps please:

Step 1

  • Please download aswMBR.exe to your desktop.
  • Double click the aswMBR.exe to run it.

    Posted Image
  • When asked if you want to download Avast's virus definitions please select Yes.
  • Click the Scan button to start scan.

    Posted Image
  • On completion of the scan click Save log, save it to your desktop and post in your next reply.

Step 2

Posted Image OTL Custom Scan

  • Double click on the Posted Image icon to run it.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top, make sure Stadard output is selected.
  • Select Scan all users
  • Check the boxes beside LOP Check and Purity Check.
  • Under the Custom Scans/Fixes box copy and paste this in:

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    %systemroot%\*. /mp /s
    hklm\software\clients\startmenuinternet|command /rs
    CREATERESTOREPOINT
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open OTL.Txt in Notepad window.
  • Please copy (Edit->Select All, Edit->Copy) the content of this file and post it with your next reply.

When completed the above, please post back the following in the order asked for:
  • aswMBR log
  • OTL scan log

  • 0

#3
morrisw7

morrisw7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-09-05 12:24:04
-----------------------------
12:24:04.109 OS Version: Windows 5.1.2600 Service Pack 3
12:24:04.109 Number of processors: 1 586 0x409
12:24:04.109 ComputerName: MORRIS1 UserName: Morris
12:24:04.562 Initialize success
12:26:00.531 AVAST engine defs: 11090500
12:26:20.140 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-16
12:26:20.156 Disk 0 Vendor: ST380215A 3.AAD Size: 76319MB BusType: 3
12:26:20.156 Device \Driver\atapi -> DriverStartIo 858422e0
12:26:22.171 Disk 0 MBR read successfully
12:26:22.171 Disk 0 MBR scan
12:26:22.343 Disk 0 MBR:Pihar [Rtk]
12:26:22.343 Disk 0 Windows XP default MBR code found via API
12:26:22.343 Disk 0 MBR hidden
12:26:22.343 Disk 0 MBR [possible unknown [email protected]] **ROOTKIT**
12:26:22.343 Disk 0 trace - called modules:
12:26:22.343 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x858424c0]<<
12:26:22.343 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8591eab8]
12:26:22.343 3 CLASSPNP.SYS[f75d0fd7] -> nt!IofCallDriver -> \Device\00000063[0x859619e8]
12:26:22.687 5 ACPI.sys[f7447620] -> nt!IofCallDriver -> [0x8595f940]
12:26:22.687 \Driver\atapi[0x859589c0] -> IRP_MJ_CREATE -> 0x858424c0
12:26:23.015 AVAST engine scan C:\
12:43:08.671 File: C:\Documents and Settings\Morris\Local Settings\Temp\D.tmp **INFECTED** Win32:Rorpian-F [Trj]
13:43:49.796 Scan finished successfully
21:58:34.937 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Morris\Desktop\MBR.dat"
21:58:34.984 The log file has been saved successfully to "C:\Documents and Settings\Morris\Desktop\aswMBR.txt"


----------------------------------------------------------------------------------------------------------------------------------

OTL logfile created on: 05/09/2011 10:02:53 PM - Run 2
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Documents and Settings\Morris\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd/MM/yyyy

958.48 Mb Total Physical Memory | 278.33 Mb Available Physical Memory | 29.04% Memory free
2.26 Gb Paging File | 1.55 Gb Available in Paging File | 68.50% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 3.85 Gb Free Space | 5.17% Space Free | Partition Type: NTFS

Computer Name: MORRIS1 | User Name: Morris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/04 04:08:13 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Morris\Desktop\OTL.exe
PRC - [2011/07/27 23:41:08 | 000,397,992 | ---- | M] ({StringFileInfo_CompanyName}) -- C:\Program Files\Ask.com\Updater\Updater.exe
PRC - [2011/07/21 13:12:16 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/05/09 06:42:24 | 000,428,200 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2011/04/21 08:54:05 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011/04/21 08:53:48 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/04/21 08:53:33 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/11/27 01:55:42 | 000,648,032 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
PRC - [2009/07/01 11:37:06 | 000,037,888 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
PRC - [2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2011/07/21 16:12:31 | 000,355,688 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2009/11/03 15:51:42 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009/07/01 11:37:06 | 000,037,888 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
MOD - [2008/04/14 07:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/04/14 07:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2005/10/25 12:54:22 | 000,020,594 | ---- | M] () -- C:\WINDOWS\system32\Dels3LMK.DLL


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/07/21 13:12:16 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/05/09 06:42:24 | 000,428,200 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2011/04/21 08:53:48 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/11/27 01:55:42 | 000,398,176 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)


========== Driver Services (SafeList) ==========

DRV - [2011/07/21 13:15:21 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/07/21 13:15:19 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/06/17 16:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/06/17 16:27:12 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2010/03/10 11:28:40 | 000,602,912 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8192su.sys -- (RTL8192su)
DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/10/01 16:45:52 | 000,057,440 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\jswscimd.sys -- (JSWSCIMD)
DRV - [2008/04/13 17:05:40 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2007/12/14 04:31:00 | 000,057,408 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD)
DRV - [2006/03/08 14:27:12 | 004,246,016 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/01/18 18:41:58 | 000,080,512 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2005/08/13 21:35:54 | 001,313,792 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1409082233-527237240-1177238915-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.netflix.com/MemberHome
IE - HKU\S-1-5-21-1409082233-527237240-1177238915-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1409082233-527237240-1177238915-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....-8&fr=ytff-&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.geekstogo...l.satx.rr.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {1cff04ef-0c75-4621-ba2a-2efb77346996}:2.3
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}:6.0.27
FF - prefs.js..extensions.enabledItems: [email protected]:3.12.5.17700
FF - prefs.js..keyword.URL: "http://search.yahoo....type=937811&p="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.633: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.633: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.633: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.633: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@rim.com/npappworld: C:\Program Files\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Morris\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Morris\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/03/31 14:51:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.21\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/03 20:17:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.21\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/01 07:39:42 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Program Files\Object\facetheme

[2010/05/19 09:20:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Morris\Application Data\Mozilla\Extensions
[2011/09/05 10:19:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Morris\Application Data\Mozilla\Firefox\Profiles\vauejyz6.default\extensions
[2011/01/18 16:24:13 | 000,000,000 | ---D | M] ("ChromaTabs Plus") -- C:\Documents and Settings\Morris\Application Data\Mozilla\Firefox\Profiles\vauejyz6.default\extensions\{1cff04ef-0c75-4621-ba2a-2efb77346996}
[2011/08/20 13:34:03 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Morris\Application Data\Mozilla\Firefox\Profiles\vauejyz6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2006/01/01 03:12:05 | 000,000,000 | ---D | M] (Avira SearchFree Toolbar plus Web Protection) -- C:\Documents and Settings\Morris\Application Data\Mozilla\Firefox\Profiles\vauejyz6.default\extensions\[email protected]
[2011/09/05 10:19:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/09/07 18:12:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/09/22 18:00:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/07 23:16:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/09/02 07:41:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
[2011/03/31 14:51:04 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2010/09/07 18:11:59 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/07/19 05:05:25 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/09/02 07:04:38 | 000,001,719 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
O1 - Hosts: 127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
O1 - Hosts: 127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
O1 - Hosts: 127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe ({StringFileInfo_CompanyName})
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1409082233-527237240-1177238915-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2....re/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.h...tDetection2.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1E0C60E1-35FD-4B7C-80E9-A59B35CFB133}: DhcpNameServer = 192.168.2.1 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5800F597-3DBD-4A54-AE77-825F225B9440}: DhcpNameServer = 10.0.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Morris\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Morris\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/10/03 22:44:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - Unable to obtain root file information for disk C:\
O33 - MountPoints2\{aea44140-bb8b-11de-adf7-0017311159ee}\Shell\AutoRun\command - "" = F:\slacker.synclauncher.exe
O33 - MountPoints2\{aea44140-bb8b-11de-adf7-0017311159ee}\Shell\slacker\command - "" = F:\slacker.synclauncher.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/09/04 04:23:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2011/09/04 04:08:13 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Morris\Desktop\OTL.exe
[2011/09/04 03:59:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Morris\Start Menu\Programs\HiJackThis
[2011/09/04 03:59:13 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/09/04 03:15:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Real
[2011/09/02 10:33:23 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Morris\Recent
[2011/09/02 10:32:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2011/09/02 07:41:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/09/02 07:41:27 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/09/02 07:41:27 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/09/02 07:41:26 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/09/02 06:05:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/09/01 17:07:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/09/01 17:07:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/09/01 16:14:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/09/01 16:14:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/09/01 16:14:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/09/01 07:41:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Morris\Desktop\brandon PS
[2011/08/31 17:47:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2011/08/25 15:30:27 | 000,000,000 | ---D | C] -- C:\Sierra
[2011/08/24 18:24:33 | 000,000,000 | ---D | C] -- C:\Program Files\Digital Loggers Inc
[2011/08/20 22:13:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Morris\Desktop\New Folder (4)
[2011/08/20 22:06:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Morris\Desktop\sweet 16
[2011/08/19 11:42:07 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Morris\My Documents\My Web Sites
[2011/08/19 09:49:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office
[2011/08/19 09:48:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2011/08/19 09:47:29 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2011/08/19 09:47:28 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2011/08/19 09:44:44 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2011/08/16 07:17:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Morris\Desktop\frio trip
[2011/08/07 09:40:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Morris\Desktop\johnny cash
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/09/05 22:01:38 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1409082233-527237240-1177238915-1004.job
[2011/09/05 22:01:38 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1409082233-527237240-1177238915-1004.job
[2011/09/05 21:58:34 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\MBR.dat
[2011/09/05 12:09:53 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/09/05 11:05:03 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-527237240-1177238915-1004Core.job
[2011/09/05 11:05:01 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-527237240-1177238915-1004UA.job
[2011/09/05 11:01:03 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/09/05 09:30:02 | 000,013,702 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/09/05 09:30:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/09/04 04:08:13 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Morris\Desktop\OTL.exe
[2011/09/04 03:59:14 | 000,001,986 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\HiJackThis.lnk
[2011/09/04 02:01:19 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-MORRIS1-Morris.job
[2011/09/03 17:09:26 | 000,002,271 | ---- | M] () -- C:\Documents and Settings\Morris\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/09/03 17:09:25 | 000,002,293 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\Google Chrome.lnk
[2011/09/03 16:48:36 | 000,041,425 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\wesavatar.jpg
[2011/09/02 21:54:55 | 000,547,870 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\anchorman-the-legend-of-ron-burgundy-original.jpg
[2011/09/02 10:32:54 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/09/02 07:04:38 | 000,001,719 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/09/02 05:50:36 | 000,432,686 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/09/02 05:50:36 | 000,067,516 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/09/01 23:58:20 | 001,008,092 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\rkill(2).exe
[2011/09/01 22:51:23 | 000,053,569 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\gay-[bleep]-2.jpg
[2011/09/01 22:43:44 | 000,151,293 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\aaaa.jpg
[2011/09/01 22:40:27 | 000,050,844 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\[bleep]youhaimgaycell8is.jpg
[2011/09/01 16:45:49 | 000,691,491 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\Funny-Comic-avatar-the-last-airbender-14238812-600-1572.jpg
[2011/09/01 16:12:12 | 000,047,168 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\fat-guy-in-a-sailor-moon-costume-What the....jpg
[2011/09/01 16:10:07 | 000,063,421 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\622_superman-plays-doctor.gif
[2011/09/01 07:35:48 | 003,434,088 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/08/31 18:42:39 | 000,096,051 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\article-0-0D7DB95800000578-965_634x830.jpg
[2011/08/31 17:24:02 | 000,000,089 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\Newegg.com - COMPAQ 100B (XZ846UT#ABA) Desktop PC AMD Dual-Core Processor E-350(1.6GHz) 2GB DDR3 500GB HDD Capacity AMD Rade.URL
[2011/08/31 12:14:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/08/31 11:11:16 | 000,074,195 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\transformers-3-ratchet-dual-mode.jpg
[2011/08/31 10:47:19 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/08/31 10:22:32 | 000,017,865 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\thumbnail.aspx
[2011/08/31 09:40:56 | 000,052,518 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\chad_ochocinco_sleeps_underneath_a_whole_bunch_of_fish2.jpg
[2011/08/31 09:40:19 | 000,063,025 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\chad_ochocinco_sleeps_underneath_a_whole_bunch_of_fish.jpg
[2011/08/27 18:37:39 | 000,008,258 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\3n73m93p25Y55R65S3b8m731e799e45991548.jpg
[2011/08/27 18:37:35 | 000,006,921 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\3n73o53lc5O15T35S4b8mc9afb2f920691ad8.jpg
[2011/08/27 18:37:10 | 000,007,166 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\3k83oc3p85Q35U65R0b8mf1836c4c069315d1.jpg
[2011/08/27 14:54:46 | 000,188,418 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\IMG-20110821-00739.jpg
[2011/08/27 14:54:46 | 000,178,740 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\IMG-20110821-00740.jpg
[2011/08/26 22:06:57 | 000,171,013 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\4seasonsrambler.jpg
[2011/08/26 16:33:38 | 000,278,647 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\mr1-honda-cb750-1976.jpg
[2011/08/26 16:31:16 | 001,258,177 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\Ryan-CB750-21.jpg
[2011/08/26 16:30:36 | 001,193,986 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\Ryan-CB750.jpg
[2011/08/25 17:54:29 | 000,151,040 | ---- | M] () -- C:\Documents and Settings\Morris\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/25 15:02:17 | 000,021,127 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\Rv Dist..odt
[2011/08/24 21:55:32 | 000,058,534 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\chopper frame (2).jpg
[2011/08/24 21:39:40 | 000,229,358 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\R1- 2A.jpg
[2011/08/24 18:31:14 | 000,000,103 | ---- | M] () -- C:\WINDOWS\logger.res
[2011/08/24 18:24:48 | 000,000,103 | ---- | M] () -- C:\WINDOWS\logger.ini
[2011/08/19 18:12:54 | 000,001,306 | ---- | M] () -- C:\Documents and Settings\Morris\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to Downloads.lnk
[2011/08/19 18:11:40 | 000,000,408 | ---- | M] () -- C:\Documents and Settings\Morris\My Documents\Shortcut to Downloads.lnk
[2011/08/19 15:55:43 | 000,000,471 | ---- | M] () -- C:\Documents and Settings\Morris\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to entertainment.lnk
[2011/08/19 09:50:20 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2011/08/18 07:16:59 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\expressburnShakeIcon.job
[2011/08/15 07:40:47 | 000,025,691 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\2011.gif
[2011/08/15 07:36:59 | 000,520,282 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\2010_Calendar_template_by_SauliusN.jpg
[2011/08/13 14:08:53 | 000,017,011 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\Untitled 1.odt
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/05 21:58:34 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\MBR.dat
[2011/09/04 03:59:14 | 000,001,986 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\HiJackThis.lnk
[2011/09/03 16:48:34 | 000,041,425 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\wesavatar.jpg
[2011/09/02 21:54:54 | 000,547,870 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\anchorman-the-legend-of-ron-burgundy-original.jpg
[2011/09/02 10:32:54 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/09/01 23:57:57 | 001,008,092 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\rkill(2).exe
[2011/09/01 22:55:40 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-MORRIS1-Morris.job
[2011/09/01 22:51:22 | 000,053,569 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\gay-[bleep]-2.jpg
[2011/09/01 22:43:18 | 000,151,293 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\aaaa.jpg
[2011/09/01 22:40:23 | 000,050,844 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\[bleep]youhaimgaycell8is.jpg
[2011/09/01 17:05:22 | 000,000,280 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1409082233-527237240-1177238915-1004.job
[2011/09/01 16:45:02 | 000,691,491 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\Funny-Comic-avatar-the-last-airbender-14238812-600-1572.jpg
[2011/09/01 16:14:32 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/09/01 16:12:10 | 000,047,168 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\fat-guy-in-a-sailor-moon-costume-What the....jpg
[2011/09/01 16:10:04 | 000,063,421 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\622_superman-plays-doctor.gif
[2011/08/31 18:42:25 | 000,096,051 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\article-0-0D7DB95800000578-965_634x830.jpg
[2011/08/31 17:41:51 | 000,000,870 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Photoshop CS5.1.lnk
[2011/08/31 17:39:05 | 000,000,832 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Bridge CS5.1.lnk
[2011/08/31 17:38:17 | 000,000,925 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Device Central CS5.5.lnk
[2011/08/31 17:36:26 | 000,001,026 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Extension Manager CS5.5.lnk
[2011/08/31 17:36:10 | 000,001,176 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.5.lnk
[2011/08/31 17:35:07 | 000,000,728 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Help.lnk
[2011/08/31 17:24:02 | 000,000,089 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\Newegg.com - COMPAQ 100B (XZ846UT#ABA) Desktop PC AMD Dual-Core Processor E-350(1.6GHz) 2GB DDR3 500GB HDD Capacity AMD Rade.URL
[2011/08/31 11:11:08 | 000,074,195 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\transformers-3-ratchet-dual-mode.jpg
[2011/08/31 10:22:30 | 000,017,865 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\thumbnail.aspx
[2011/08/31 09:40:54 | 000,052,518 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\chad_ochocinco_sleeps_underneath_a_whole_bunch_of_fish2.jpg
[2011/08/31 09:40:18 | 000,063,025 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\chad_ochocinco_sleeps_underneath_a_whole_bunch_of_fish.jpg
[2011/08/27 18:37:39 | 000,008,258 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\3n73m93p25Y55R65S3b8m731e799e45991548.jpg
[2011/08/27 18:37:34 | 000,006,921 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\3n73o53lc5O15T35S4b8mc9afb2f920691ad8.jpg
[2011/08/27 18:37:08 | 000,007,166 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\3k83oc3p85Q35U65R0b8mf1836c4c069315d1.jpg
[2011/08/27 16:54:52 | 000,188,418 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\IMG-20110821-00739.jpg
[2011/08/27 16:54:52 | 000,178,740 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\IMG-20110821-00740.jpg
[2011/08/26 22:06:56 | 000,171,013 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\4seasonsrambler.jpg
[2011/08/26 16:33:37 | 000,278,647 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\mr1-honda-cb750-1976.jpg
[2011/08/26 16:30:54 | 001,258,177 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\Ryan-CB750-21.jpg
[2011/08/26 16:30:33 | 001,193,986 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\Ryan-CB750.jpg
[2011/08/25 15:02:14 | 000,021,127 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\Rv Dist..odt
[2011/08/24 21:55:29 | 000,058,534 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\chopper frame (2).jpg
[2011/08/24 21:39:40 | 000,229,358 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\R1- 2A.jpg
[2011/08/24 18:26:59 | 000,000,103 | ---- | C] () -- C:\WINDOWS\logger.res
[2011/08/24 18:24:46 | 000,000,103 | ---- | C] () -- C:\WINDOWS\logger.ini
[2011/08/19 18:11:43 | 000,001,306 | ---- | C] () -- C:\Documents and Settings\Morris\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to Downloads.lnk
[2011/08/19 18:11:40 | 000,000,408 | ---- | C] () -- C:\Documents and Settings\Morris\My Documents\Shortcut to Downloads.lnk
[2011/08/19 15:55:43 | 000,000,471 | ---- | C] () -- C:\Documents and Settings\Morris\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to entertainment.lnk
[2011/08/19 09:50:20 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011/08/15 07:40:46 | 000,025,691 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\2011.gif
[2011/08/15 07:36:57 | 000,520,282 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\2010_Calendar_template_by_SauliusN.jpg
[2011/08/13 14:08:50 | 000,017,011 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\Untitled 1.odt
[2011/02/17 04:50:55 | 000,438,384 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/10/14 17:50:55 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Morris\Application Data\$_hpcst$.hpc
[2010/09/11 09:44:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2010/08/30 21:57:13 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\SSCoInst.exe
[2010/08/30 21:57:13 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\SVSetup.Exe
[2010/08/30 21:57:13 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\SSCoInst.dll
[2010/08/30 21:57:13 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\SVSetup.dll
[2010/08/30 21:57:12 | 000,020,594 | ---- | C] () -- C:\WINDOWS\System32\Dels3LMK.DLL
[2010/05/19 09:20:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/12/06 10:58:30 | 000,000,067 | ---- | C] () -- C:\WINDOWS\Easy Video to DVD.INI
[2009/12/06 10:45:08 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/10/06 22:46:13 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2009/10/06 22:46:13 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2009/10/06 22:24:30 | 000,151,040 | ---- | C] () -- C:\Documents and Settings\Morris\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/06 22:14:25 | 000,516,096 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2009/10/03 22:47:04 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/10/03 22:41:45 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/10/03 17:29:53 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/10/03 17:28:10 | 003,434,088 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/04/14 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/14 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 07:00:00 | 000,432,686 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/14 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 07:00:00 | 000,067,516 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/14 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/14 07:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/14 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/07/19 08:25:16 | 000,104,361 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2004/04/18 16:43:46 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2004/04/18 16:43:44 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll

========== LOP Check ==========

[2011/01/20 09:12:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/09/13 20:28:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2009/10/06 22:57:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NETGEAR
[2011/09/01 23:30:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2010/08/30 20:54:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2011/08/05 21:33:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YouTube Downloader
[2010/12/26 12:49:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/03/15 00:17:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2011/04/06 08:58:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Softland
[2011/09/01 17:16:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Morris\Application Data\.purple
[2011/09/02 10:33:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Morris\Application Data\BitTorrent
[2009/10/07 12:52:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Morris\Application Data\Blitware
[2011/08/16 10:20:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Morris\Application Data\gtk-2.0
[2010/09/13 20:25:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Morris\Application Data\NCH Swift Sound
[2010/09/07 18:17:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Morris\Application Data\OpenOffice.org
[2011/04/06 08:58:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Morris\Application Data\Softland
[2011/01/20 12:27:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Morris\Application Data\TeamViewer
[2009/10/06 22:09:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Morris\Application Data\WinBatch
[2010/11/03 22:18:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Morris\Application Data\Xilisoft Corporation
[2010/04/11 10:11:01 | 000,000,306 | ---- | M] () -- C:\WINDOWS\Tasks\expressburnSevenDaysInit.job
[2011/08/18 07:16:59 | 000,000,300 | ---- | M] () -- C:\WINDOWS\Tasks\expressburnShakeIcon.job
[2010/09/16 20:29:02 | 000,000,280 | ---- | M] () -- C:\WINDOWS\Tasks\goldenShakeIcon.job
[2011/09/05 11:01:03 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
[2010/04/28 07:36:41 | 000,000,280 | ---- | M] () -- C:\WINDOWS\Tasks\switchShakeIcon.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe
[2011/01/16 16:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Documents and Settings\Morris\Local Settings\Temp\RarSFX0\procs\explorer.exe
[2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\Morris\Local Settings\Temp\RarSFX0\h\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/14 07:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008/04/14 07:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/04/14 07:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/14 07:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Morris\Local Settings\Temp\RarSFX0\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Morris\Local Settings\Temp\RarSFX0\winlogon.exe
[2008/04/14 07:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/14 07:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/09/01 07:39:28 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/09/01 07:39:28 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/09/01 07:39:28 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/09/01 07:39:18 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/09/01 07:39:18 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/09/01 07:39:18 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\Morris\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2011/09/03 07:28:25 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\Morris\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2011/09/03 07:28:25 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\Morris\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/09/03 07:28:25 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\Morris\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/09/03 07:28:25 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: %systemroot%\system32\shmgrate.exe OCInstallReinstallIE [2008/04/14 07:00:00 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallHideIE [2008/04/14 07:00:00 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallShowIE [2008/04/14 07:00:00 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2008/04/14 07:00:00 | 000,093,184 | ---- | M] (Microsoft Corporation)

< End of report >


Thank You, I hope I did it right.
  • 0

#4
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi,

Please do the following now:

  • On your desktop should be a file MBR.dat.
  • Right-click that file, point to Send To, and then click Compressed (zipped) Folder.
  • A new compressed file is created.
  • Please attach that file in your next reply.

How to add an attachment to a new topic or reply

NEXT...

Rootkit Unhooker:
  • Please download Rootkit Unhooker and save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth. Uncheck the rest and then click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get the following warning, just click OK and continue.

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"

  • 0

#5
morrisw7

morrisw7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #1
==============================================
>Drivers
==============================================
0xF11A5000 C:\WINDOWS\system32\drivers\RtkHDAud.sys 4403200 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver)
0xBF0BF000 C:\WINDOWS\System32\ati3duag.dll 2412544 bytes (ATI Technologies Inc. , ati3duag.dll)
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2069376 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2069376 bytes
0x804D7000 RAW 2069376 bytes
0x804D7000 WMIxWDM 2069376 bytes
0xBF800000 Win32k 1859584 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1859584 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xF6298000 C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 1368064 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Miniport Driver)
0xBF30C000 C:\WINDOWS\System32\ativvaxx.dll 602112 bytes (ATI Technologies Inc. , Radeon Video Acceleration Universal Driver)
0xF7323000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xACA01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)
0xEEBFB000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xF6132000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xEECE0000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xAD73C000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xBF39F000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xACE53000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xBF012000 C:\WINDOWS\System32\ati2dvag.dll 258048 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Display Driver)
0xBF051000 C:\WINDOWS\System32\ati2cqag.dll 233472 bytes (ATI Technologies Inc., Central Memory Manager / Queue Server Module)
0xBF08A000 C:\WINDOWS\System32\atikvmag.dll 217088 bytes (ATI Technologies Inc., Virtual Command And Memory Manager)
0xF7441000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xADA8C000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF72F6000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xAC90E000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xEEC6B000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xF6215000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xEECB8000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xEE7DE000 C:\WINDOWS\system32\DRIVERS\avipbb.sys 159744 bytes (Avira GmbH, Avira Driver for Security Enhancement)
0xEEBD5000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xF1181000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF6260000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF623D000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xEEC96000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x806D1000 ACPI_HAL 131840 bytes
0x806D1000 C:\WINDOWS\system32\hal.dll 131840 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF73D9000 fltMgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF7411000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xF61A8000 C:\WINDOWS\system32\DRIVERS\mcdbus.sys 118784 bytes (MagicISO, Inc., MagicISO SCSI Host Controller)
0xF72DC000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF73F9000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xAFDED000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xF6190000 C:\WINDOWS\system32\DRIVERS\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
0xADCD6000 C:\WINDOWS\system32\DRIVERS\avgntflt.sys 94208 bytes (Avira GmbH, Avira Minifilter Driver)
0xF73B0000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF61D6000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xADC49000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF61ED000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xF6201000 C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys 81920 bytes (Realtek Semiconductor Corporation , Realtek 10/100/1000 NDIS 5.1 Driver )
0xF6284000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xEED39000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF73C7000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF7430000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF61C5000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xB1576000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF7730000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF7620000 C:\WINDOWS\system32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)
0xF7580000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xEFB11000 C:\WINDOWS\system32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)
0xF6DE9000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF7760000 C:\WINDOWS\system32\DRIVERS\jswscimd.sys 61440 bytes (Atheros Communications, Inc., Wireless Intermediate Miniport Driver)
0xF7740000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xF16D8000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF6E19000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF77C0000 C:\WINDOWS\system32\DRIVERS\wsimd.sys 61440 bytes (Atheros Communications, Inc., Wireless Intermediate Miniport Driver)
0xF7590000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xAD89C000 C:\WINDOWS\system32\DRIVERS\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)
0xF75D0000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF7750000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF7770000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF75B0000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF7790000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF1678000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF7720000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF75A0000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF7780000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF7570000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF64BE000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF75E0000 PxHelp20.sys 40960 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xF77B0000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xAD33A000 C:\WINDOWS\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0xF75C0000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xACF04000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xF7710000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xF77A0000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF1688000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xF1668000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF0F50000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF78E8000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF0F68000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xB6FE0000 C:\WINDOWS\system32\DRIVERS\NuidFltr.sys 28672 bytes (Microsoft Corporation, Filter Driver for Microsoft Hardware HID Non-User Input Data)
0xF77F0000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xEF95B000 C:\WINDOWS\system32\DRIVERS\usbprint.sys 28672 bytes (Microsoft Corporation, USB Printer driver)
0xF78F0000 C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xF78F8000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF7920000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF0F48000 C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 24576 bytes (Avira GmbH, AVIRA SnapShot Driver)
0xF0F60000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF0F58000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF77F8000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF7908000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF7918000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xF7900000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF78E0000 C:\WINDOWS\system32\DRIVERS\usbohci.sys 20480 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
0xB1406000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF7A0C000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xB53AF000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF7984000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xB2E2F000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xACBD7000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0x8582A000 C:\WINDOWS\system32\KDCOM.DLL 12288 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xACEAC000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xF79F8000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF7A10000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF7A24000 C:\WINDOWS\System32\drivers\ws2ifsl.sys 12288 bytes (Microsoft Corporation, Winsock2 IFS Layer)
0xF7B02000 C:\Program Files\Avira\AntiVir Desktop\avgio.sys 8192 bytes (Avira GmbH, Avira AntiVir Support for Minifilter)
0xF7AE6000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xB3168000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF7AE4000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF7AE8000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF7AA2000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xF7AEA000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF7AA6000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF7AB2000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7A70000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7BD5000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xB8A9D000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF7BF1000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7B38000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
!!!!!!!!!!!Hidden driver: 0x8582D2E0 ?_empty_? 3360 bytes
==============================================
>Stealth
==============================================
0xF73F9000 WARNING: suspicious driver modification [atapi.sys::0x8582D2E0]
  • 0

#6
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi,

Please do the following now:

  • On your desktop should be a file MBR.dat.
  • Right-click that file, point to Send To, and then click Compressed (zipped) Folder.
  • A new compressed file is created.
  • Please attach that file in your next reply.

How to add an attachment to a new topic or reply
  • 0

#7
morrisw7

morrisw7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Wow sorry I must have forgotten to hit "Attach This File"

Attached Files

  • Attached File  MBR.zip   494bytes   50 downloads

  • 0

#8
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi,

MBR is infected with Rootkit Boot Pihar. We will try to get rid of it with TDSSKiller so please proceed with following steps:

Step 1

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image
  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here

Step 2

Posted Image Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware from Here and double click on mbam-setup.exe to install the application

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Click on Check for Updates button.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

When completed the above, please post back the following in the order asked for:
  • TDSSKiller log
  • MBAM log

  • 0

#9
morrisw7

morrisw7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
here it is.

Attached Files


  • 0

#10
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
OK. Let's check MBR one more time and then some spring cleaning. On completion let me know if there is any improvement in performance.

Step 1

  • Double click the aswMBR.exe to re-run it.

    Posted Image
  • When asked if you want to download Avast's virus definitions please select No.
  • Click the Scan button to start scan.

    Posted Image
  • On completion of the scan click Save log, save it to your desktop and post in your next reply.

Step 2

We need to run an OTL Fix

Warning This fix is only relevant for this system and no other, using on another computer may cause problems.

  • Please right click on Posted Image on your desktop and click on Run as administrator.
  • Under the Custom Scans/Fixes box copy and paste this in:

    :OTL
      	
    :Files
    ipconfig /flushdns /c
    
    :Reg
    
    :Commands
    [purity]
    [emptytemp]
    [emptyflash]
    [createrestorepoint]
    [reboot]
  • Click on Posted Image button.
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click on Posted Image button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

When completed the above, please post back the following in the order asked for:
  • aswMBR log
  • OTL fix log

  • 0

Advertisements


#11
morrisw7

morrisw7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
I was not able to run as Admin on OTL I hit run as and it only works as current user
I have enclosed a jpg screen shot of it.

Next steps?

Attached Thumbnails

  • otljpg.jpg

Attached Files


  • 0

#12
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
OK. Follow these steps below and on completion let me know if there is any improvement in performance.

Step 1

  • Download TFC by OldTimer to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

Step 2

We should proceed with general antimalware scan which can take quite a long time so please be patient.

Download AVPTool from Here to your desktop
(You have to enter your e-mail address and click on Submit Form button. Please download latest English version of this tool)

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
(Please be patient as this scan can take a few hours)
Posted Image

Allow AVP to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post


Now the Analysis

Rerun AVP and select the Manual Disinfection tab and press Start Gathering System Information

Posted Image

On completion click the link to locate the zip file to upload and attach to your next post

Posted Image
  • 0

#13
morrisw7

morrisw7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
hope this was right

Attached Files


  • 0

#14
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi,

Yes it is good but you forgot to add report from first part of scan. Could you please repeat just first part of AVP Tool scan?

We should proceed with general antimalware scan which can take quite a long time so please be patient.

Download AVPTool from Here to your desktop
(You have to enter your e-mail address and click on Submit Form button. Please download latest English version of this tool)

Run the programme you have just downloaded to your desktop (it will be randomly named )

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
(Please be patient as this scan can take a few hours)
Posted Image

Allow AVP to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post
  • 0

#15
morrisw7

morrisw7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
this one?
Im sorry I have so many scan files on my desktop now its become confusing

Attached Files

  • Attached File  kasp.txt   296bytes   50 downloads

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP