Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

adware not-a-virus:AdWare.Win32.Zwangi- also- Trojan program Packed.Wi


  • This topic is locked This topic is locked

#1
vatch

vatch

    Member

  • Member
  • PipPip
  • 55 posts
HI,

It has taken me three days and 2 hours just to get on line and type this. MY PC has numerous infections and malware. I have used Malwarebytes, Kaspersky and OLT. I scanned again today with Malwarebytes and was infected again. Please help.

My system is barely working. Keeps freezing and knocking meoffline.

OLT

OTL logfile created on: 10/12/2011 1:08:00 AM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\Jimmy that works\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

255.07 Mb Total Physical Memory | 64.59 Mb Available Physical Memory | 25.32% Memory free
617.05 Mb Paging File | 285.63 Mb Available in Paging File | 46.29% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.87 Gb Total Space | 44.37 Gb Free Space | 79.41% Space Free | Partition Type: NTFS

Computer Name: JIMMY | User Name: Jimmy that works | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/12 01:04:40 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jimmy that works\My Documents\Downloads\OTL.exe
PRC - [2011/09/30 11:12:41 | 001,030,200 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Jimmy that works\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2011/09/06 16:45:30 | 003,722,416 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/09/06 16:45:28 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011/08/25 10:35:18 | 001,584,472 | ---- | M] (IObit) -- C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe
PRC - [2011/08/09 16:40:34 | 000,763,224 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 4\PMonitor.exe
PRC - [2011/08/09 16:38:38 | 000,328,536 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2004/09/29 13:14:36 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2003/05/05 19:30:22 | 000,065,536 | ---- | M] (Brother Industries, Ltd.) -- C:\WINDOWS\system32\Brmfrmps.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/11 14:34:40 | 001,596,416 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\11101102\algo.dll
MOD - [2011/10/11 10:44:01 | 000,272,416 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\11101102\aswRep.dll
MOD - [2011/09/30 11:12:40 | 000,412,728 | ---- | M] () -- C:\Documents and Settings\Jimmy that works\Local Settings\Application Data\Google\Chrome\Application\14.0.835.202\ppgooglenaclpluginchrome.dll
MOD - [2011/09/30 11:12:39 | 003,696,184 | ---- | M] () -- C:\Documents and Settings\Jimmy that works\Local Settings\Application Data\Google\Chrome\Application\14.0.835.202\pdf.dll
MOD - [2011/09/30 11:11:39 | 000,309,304 | ---- | M] () -- C:\Documents and Settings\Jimmy that works\Local Settings\Application Data\Google\Chrome\Application\14.0.835.202\Locales\en-US.dll
MOD - [2011/09/30 11:11:13 | 000,142,568 | ---- | M] () -- C:\Documents and Settings\Jimmy that works\Local Settings\Application Data\Google\Chrome\Application\14.0.835.202\avutil-51.dll
MOD - [2011/09/30 11:11:12 | 000,253,320 | ---- | M] () -- C:\Documents and Settings\Jimmy that works\Local Settings\Application Data\Google\Chrome\Application\14.0.835.202\avformat-53.dll
MOD - [2011/09/30 11:11:10 | 002,403,240 | ---- | M] () -- C:\Documents and Settings\Jimmy that works\Local Settings\Application Data\Google\Chrome\Application\14.0.835.202\avcodec-53.dll
MOD - [2011/09/29 16:06:57 | 008,587,936 | ---- | M] () -- C:\Documents and Settings\Jimmy that works\Local Settings\Application Data\Google\Chrome\Application\14.0.835.202\gcswf32.dll
MOD - [2011/08/19 16:33:28 | 000,047,960 | ---- | M] () -- C:\Program Files\IObit\Smart Defrag 2\NtfsData.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (O?rtȲ$) Network Security Service (NSS)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/09/06 16:45:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/08/09 16:38:38 | 000,328,536 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe -- (AdvancedSystemCareService)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2004/09/29 13:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2003/05/05 19:30:22 | 000,065,536 | ---- | M] (Brother Industries, Ltd.) [Auto | Running] -- C:\WINDOWS\System32\Brmfrmps.exe -- (brmfrmps)


========== Driver Services (SafeList) ==========

DRV - [2011/09/06 16:38:05 | 000,442,200 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/09/06 16:37:53 | 000,320,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/09/06 16:36:38 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/09/06 16:36:36 | 000,052,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/09/06 16:36:23 | 000,110,552 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/09/06 16:36:12 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/09/06 16:33:11 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/11/26 18:02:52 | 000,014,776 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV - [2010/04/28 07:44:02 | 000,054,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2008/04/13 14:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2006/11/30 05:00:00 | 000,387,384 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2006/10/03 13:21:46 | 000,002,560 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2006/10/03 13:21:46 | 000,002,432 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2005/06/17 19:36:04 | 000,033,545 | ---- | M] (Service & Quality Technology.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Capt905c.sys -- (SQTECH905C)
DRV - [2005/04/13 17:31:30 | 000,239,488 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt2500usb.sys -- (WUSB54GPV4SRV)
DRV - [2004/08/04 01:31:32 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/04/27 20:51:17 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2002/02/19 14:34:18 | 000,072,576 | R--- | M] (The LinkSys Group, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\netusbxp.sys -- (USBNET_XP)
DRV - [2001/08/17 09:28:02 | 000,907,456 | ---- | M] (Conexant) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HCF_MSFT.sys -- (HCF_MSFT)
DRV - [2001/08/17 08:19:34 | 000,040,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\es1371mp.sys -- (es1371) Creative AudioPCI (ES1371,ES1373) (WDM)
DRV - [2001/08/17 08:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = http://search.msn.com/spbasic.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C0 DA BC A7 7E 88 CC 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL Search\AOLSearch.dll (America Online, Inc.)
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Jimmy that works\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Jimmy that works\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)



========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Jimmy that works\Local Settings\Application Data\Google\Chrome\Application\14.0.835.202\gcswf32.dll
CHR - plugin: QuickTime Plug-in 7.4.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.4.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.4.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.4.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.4.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.4.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.4.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Jimmy that works\Local Settings\Application Data\Google\Chrome\Application\14.0.835.202\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Jimmy that works\Local Settings\Application Data\Google\Chrome\Application\14.0.835.202\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Acrobat 5.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Jimmy that works\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

Hosts file not found
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
O2 - BHO: (AOLSearchHook Class) - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL Search\AOLSearch.dll (America Online, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - No CLSID value found.
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (Intertrust Technologies, Inc.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...tes/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1318350547602 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.254.1 167.206.254.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7EC54EA5-44A6-43D5-9569-ADF0AECF2000}: DhcpNameServer = 167.206.254.1 167.206.254.2
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/04/27 21:04:03 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/12 01:07:45 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jimmy that works\Desktop\OTL (1).exe
[2011/10/11 21:32:58 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Jimmy that works\IECompatCache
[2011/10/11 21:31:37 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Jimmy that works\PrivacIE
[2011/10/11 19:38:22 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Jimmy that works\IETldCache
[2011/10/11 19:03:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2011/10/11 18:27:27 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2011/10/11 18:21:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Live
[2011/10/11 18:20:03 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2011/10/11 18:19:43 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2011/10/11 18:19:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\microsoft
[2011/10/11 18:18:39 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2011/10/11 18:09:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2011/10/11 18:03:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\WindowsPowerShell
[2011/10/11 18:03:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\winrm
[2011/10/11 18:02:57 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$968930Uinstall_KB968930$
[2011/10/11 17:39:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2011/10/11 17:11:21 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2011/10/11 16:39:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jimmy that works\Local Settings\Application Data\Identities
[2011/10/11 16:37:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jimmy that works\Application Data\Windows Desktop Search
[2011/10/11 16:30:47 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Desktop Search
[2011/10/11 16:30:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
[2011/10/11 03:26:03 | 000,000,000 | ---D | C] -- C:\538e107a96af8f64c2f9070a
[2011/10/11 01:40:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011/10/11 01:31:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot_bak
[2011/10/10 21:46:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2011/10/10 21:45:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2011/10/10 21:45:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2011/10/10 14:12:49 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Jimmy that works\Recent
[2011/10/09 18:59:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jimmy that works\Start Menu\Programs\HiJackThis
[2011/10/09 18:59:26 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/10/09 18:54:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jimmy that works\My Documents\Downloads
[2011/10/09 02:53:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jimmy that works\Start Menu\Programs\Google Chrome
[2011/10/09 00:49:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Smart Defrag 2
[2011/10/09 00:47:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Advanced SystemCare 4
[2011/10/09 00:47:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jimmy that works\Application Data\IObit
[2011/10/09 00:47:28 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2011/10/09 00:45:43 | 030,071,680 | ---- | C] (IObit ) -- C:\Documents and Settings\Jimmy that works\Desktop\asc-setup.exe
[2011/10/09 00:39:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2011/10/09 00:26:29 | 000,442,200 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/10/09 00:18:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2011/10/08 23:43:06 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Jimmy that works\My Documents\My Videos
[2009/07/01 15:30:53 | 003,561,744 | ---- | C] (Malwarebytes Corporation ) -- C:\Program Files\mbam-setup.exe
[2009/07/01 15:27:33 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Program Files\ATF-Cleaner.exe
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[32 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Jimmy that works\My Documents\*.tmp files -> C:\Documents and Settings\Jimmy that works\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/12 01:07:27 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jimmy that works\Desktop\OTL (1).exe
[2011/10/12 01:06:18 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/12 00:55:02 | 000,001,022 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-790525478-1957994488-854245398-1007UA.job
[2011/10/11 23:06:20 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/11 22:18:51 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/10/11 22:06:41 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\ASC4_PerformanceMonitor.job
[2011/10/11 22:06:37 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag_Startup.job
[2011/10/11 22:05:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/10/11 21:47:51 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/10/11 19:41:43 | 000,493,306 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/10/11 19:41:42 | 000,091,396 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/10/11 19:40:26 | 000,000,848 | ---- | M] () -- C:\Documents and Settings\Jimmy that works\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/10/11 19:35:20 | 000,169,096 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/10/11 16:33:29 | 000,001,820 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2011/10/11 02:55:01 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-790525478-1957994488-854245398-1007Core.job
[2011/10/10 21:28:29 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/10/10 17:55:42 | 000,002,469 | ---- | M] () -- C:\Documents and Settings\Jimmy that works\Desktop\HiJackThis.lnk
[2011/10/09 21:32:48 | 000,007,610 | -HS- | M] () -- C:\WINDOWS\9383022drv.spi
[2011/10/09 03:02:14 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2011/10/09 03:01:18 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/10/09 02:56:13 | 000,002,398 | ---- | M] () -- C:\Documents and Settings\Jimmy that works\Desktop\Google Chrome.lnk
[2011/10/09 02:56:13 | 000,002,376 | ---- | M] () -- C:\Documents and Settings\Jimmy that works\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/10/09 00:49:48 | 000,000,874 | ---- | M] () -- C:\Documents and Settings\Jimmy that works\Application Data\Microsoft\Internet Explorer\Quick Launch\Smart Defrag 2.lnk
[2011/10/09 00:49:47 | 000,000,856 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Smart Defrag 2.lnk
[2011/10/09 00:48:23 | 000,000,925 | ---- | M] () -- C:\Documents and Settings\Jimmy that works\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced SystemCare 4.lnk
[2011/10/09 00:48:17 | 000,000,907 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare 4.lnk
[2011/10/09 00:46:29 | 030,071,680 | ---- | M] (IObit ) -- C:\Documents and Settings\Jimmy that works\Desktop\asc-setup.exe
[2011/10/09 00:39:51 | 000,000,715 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/10/09 00:32:51 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Jimmy that works\Desktop\Internet.lnk
[2011/10/09 00:11:02 | 059,854,808 | -H-- | M] () -- C:\Documents and Settings\Jimmy that works\Desktop\setup_av_free_cnet.exe
[2011/10/08 23:42:49 | 000,000,833 | ---- | M] () -- C:\Documents and Settings\Jimmy that works\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[32 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Jimmy that works\My Documents\*.tmp files -> C:\Documents and Settings\Jimmy that works\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/11 21:45:35 | 000,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/10/11 19:40:25 | 000,000,836 | ---- | C] () -- C:\Documents and Settings\Jimmy that works\Start Menu\Programs\Internet Explorer.lnk
[2011/10/11 16:33:29 | 000,001,820 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2011/10/11 16:33:24 | 000,001,836 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Search.lnk
[2011/10/11 16:22:19 | 000,225,262 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msimain.sdb
[2011/10/09 20:17:54 | 000,007,610 | -HS- | C] () -- C:\WINDOWS\9383022drv.spi
[2011/10/09 18:59:56 | 000,002,469 | ---- | C] () -- C:\Documents and Settings\Jimmy that works\Desktop\HiJackThis.lnk
[2011/10/09 02:56:13 | 000,002,398 | ---- | C] () -- C:\Documents and Settings\Jimmy that works\Desktop\Google Chrome.lnk
[2011/10/09 02:56:13 | 000,002,376 | ---- | C] () -- C:\Documents and Settings\Jimmy that works\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/10/09 02:50:17 | 000,001,022 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-790525478-1957994488-854245398-1007UA.job
[2011/10/09 02:50:16 | 000,000,970 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-790525478-1957994488-854245398-1007Core.job
[2011/10/09 02:27:59 | 000,000,302 | ---- | C] () -- C:\WINDOWS\tasks\SmartDefrag_Startup.job
[2011/10/09 00:50:07 | 000,025,944 | ---- | C] () -- C:\WINDOWS\System32\SmartDefragBootTime.exe
[2011/10/09 00:49:59 | 000,014,776 | ---- | C] () -- C:\WINDOWS\System32\drivers\SmartDefragDriver.sys
[2011/10/09 00:49:48 | 000,000,874 | ---- | C] () -- C:\Documents and Settings\Jimmy that works\Application Data\Microsoft\Internet Explorer\Quick Launch\Smart Defrag 2.lnk
[2011/10/09 00:49:47 | 000,000,856 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Smart Defrag 2.lnk
[2011/10/09 00:49:47 | 000,000,292 | ---- | C] () -- C:\WINDOWS\tasks\ASC4_PerformanceMonitor.job
[2011/10/09 00:48:23 | 000,000,925 | ---- | C] () -- C:\Documents and Settings\Jimmy that works\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced SystemCare 4.lnk
[2011/10/09 00:48:17 | 000,000,907 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare 4.lnk
[2011/10/09 00:39:50 | 000,000,715 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/10/09 00:32:49 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Jimmy that works\Desktop\Internet.lnk
[2011/10/09 00:09:26 | 059,854,808 | -H-- | C] () -- C:\Documents and Settings\Jimmy that works\Desktop\setup_av_free_cnet.exe
[2011/10/08 23:42:49 | 000,000,833 | ---- | C] () -- C:\Documents and Settings\Jimmy that works\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/03/26 19:12:49 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_2460.ini
[2009/07/01 16:00:47 | 000,000,039 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007/10/30 21:54:06 | 005,914,648 | ---- | C] () -- C:\Program Files\SUPERAntiSpyware.exe
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/09/13 11:54:44 | 000,000,060 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2007/09/13 11:54:42 | 000,000,313 | ---- | C] () -- C:\WINDOWS\KA.INI
[2007/09/08 23:24:31 | 000,000,051 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2007/07/29 14:14:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2007/07/29 13:51:28 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2007/07/29 13:44:56 | 000,000,940 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2007/07/29 13:44:56 | 000,000,462 | ---- | C] () -- C:\WINDOWS\brwmark.ini
[2007/07/29 13:44:56 | 000,000,152 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2007/07/29 13:44:56 | 000,000,079 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2007/07/29 13:44:56 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\BRIDF04A.dat
[2007/07/29 13:43:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
[2007/07/29 13:30:11 | 000,027,019 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2007/07/23 20:40:03 | 000,001,789 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2007/06/25 08:34:28 | 000,000,748 | ---- | C] () -- C:\WINDOWS\aolback.exe.lnk
[2007/01/28 23:49:17 | 000,000,008 | RHS- | C] () -- C:\WINDOWS\System32\923C088B12.sys
[2007/01/28 23:49:16 | 000,001,890 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/09/03 11:21:28 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/02/17 21:18:09 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2006/01/12 17:00:35 | 000,000,006 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/01/08 22:22:21 | 000,000,018 | ---- | C] () -- C:\WINDOWS\Atw.INI
[2006/01/01 20:41:37 | 000,068,939 | ---- | C] () -- C:\WINDOWS\hpoins05.dat.temp
[2006/01/01 20:41:37 | 000,019,696 | ---- | C] () -- C:\WINDOWS\hpomdl05.dat.temp
[2004/10/07 14:42:16 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/10/06 12:52:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nethz32.dll
[2004/09/07 20:14:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\crkd32.dll
[2004/08/20 22:13:47 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\System32\lhgsj.dll
[2004/08/16 04:03:46 | 000,000,242 | ---- | C] () -- C:\WINDOWS\LEXSTAT.INI
[2004/07/22 20:04:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\avfkh.dll
[2004/04/27 21:07:06 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/04/27 21:00:30 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/04/27 20:44:21 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/04/27 20:41:22 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2004/04/27 20:34:45 | 000,040,960 | ---- | C] () -- C:\WINDOWS\uneng.exe
[2004/04/27 15:52:01 | 000,004,346 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/04/27 15:47:23 | 000,169,096 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/03/31 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/03/31 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/03/31 08:00:00 | 000,493,306 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/03/31 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/03/31 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/03/31 08:00:00 | 000,091,396 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/03/31 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/03/31 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/03/31 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/03/31 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/03/31 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/03/04 10:16:34 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Jpeg32.dll
[1999/01/22 07:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2009/02/24 18:05:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2009/10/30 20:28:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
[2010/02/12 11:23:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2007/06/25 07:18:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CA
[2008/07/27 17:41:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IM
[2008/07/27 17:36:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IncrediMail
[2007/07/29 13:29:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2011/10/09 03:06:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/02/24 18:05:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2007/06/25 07:41:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo
[2009/02/24 20:27:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jimmy that works\Application Data\acccore
[2011/10/09 00:50:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jimmy that works\Application Data\IObit
[2008/04/16 20:15:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jimmy that works\Application Data\ScanSoft
[2009/10/23 17:03:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jimmy that works\Application Data\Viewpoint
[2011/10/11 16:37:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jimmy that works\Application Data\Windows Desktop Search
[2011/10/11 22:06:41 | 000,000,292 | ---- | M] () -- C:\WINDOWS\Tasks\ASC4_PerformanceMonitor.job
[2011/10/11 22:06:37 | 000,000,302 | ---- | M] () -- C:\WINDOWS\Tasks\SmartDefrag_Startup.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 3063 bytes -> C:\WINDOWS\ieuninst.exe:jjefn
@Alternate Data Stream - 3063 bytes -> C:\WINDOWS\explorer.scf:tbdtl
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CF5C4195
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3B3A35EC
@Alternate Data Stream - 11591 bytes -> C:\WINDOWS\Zapotec.bmp:jrgvs
@Alternate Data Stream - 11591 bytes -> C:\WINDOWS\msdfmap.ini:acovm
@Alternate Data Stream - 11591 bytes -> C:\WINDOWS\Coffee Bean.bmp:miapl
@Alternate Data Stream - 11388 bytes -> C:\WINDOWS\TASKMAN.EXE:khdtk
@Alternate Data Stream - 11388 bytes -> C:\WINDOWS\Soap Bubbles.bmp:sgkoi
@Alternate Data Stream - 11388 bytes -> C:\WINDOWS\Gone Fishing.bmp:edcmi
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >


More

OTL Extras logfile created on: 10/12/2011 1:08:00 AM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\Jimmy that works\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

255.07 Mb Total Physical Memory | 64.59 Mb Available Physical Memory | 25.32% Memory free
617.05 Mb Paging File | 285.63 Mb Available in Paging File | 46.29% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.87 Gb Total Space | 44.37 Gb Free Space | 79.41% Space Free | Partition Type: NTFS

Computer Name: JIMMY | User Name: Jimmy that works | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.inf [@ = inffile] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- Reg Error: Key error.
batfile [open] -- "%1" %*
batfile [print] -- Reg Error: Key error.
cmdfile [edit] -- Reg Error: Key error.
cmdfile [open] -- "%1" %*
cmdfile [print] -- Reg Error: Key error.
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
inffile [open] -- Reg Error: Key error.
inffile [print] -- Reg Error: Key error.
inifile [print] -- Reg Error: Key error.
jsfile [edit] -- Reg Error: Key error.
jsfile [print] -- Reg Error: Key error.
jsefile [edit] -- Reg Error: Key error.
jsefile [print] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [edit] -- Reg Error: Key error.
regfile [merge] -- Reg Error: Key error.
regfile [print] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [print] -- Reg Error: Key error.
txtfile [printto] -- Reg Error: Key error.
vbefile [edit] -- Reg Error: Key error.
vbefile [print] -- Reg Error: Key error.
vbsfile [edit] -- Reg Error: Key error.
vbsfile [print] -- Reg Error: Key error.
wsffile [edit] -- Reg Error: Key error.
wsffile [print] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"FirstRunDisabled" = 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
"80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- (AOL LLC)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{00170409-78E1-11D2-B60F-006097C998E7}" = Microsoft Word 2000 SR-1
"{003E4AFB-085E-4599-B53E-A15736948F2A}" = Hot Rod American Street Drag
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 26
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{40A6C96D-808E-41DD-8716-617AB6B0F1F1}" = Brother MFL-Pro Suite
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}" = Bonjour
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5421155F-B033-49DB-9B33-8F80F233D4D5}" = GdiplusUpgrade
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-116668760}" = Dream Day Wedding
"{83d96ed0-98aa-4515-8ddc-816f3efdd104}" = MyDSC2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A17EABB6-D0C6-44E5-820C-72DC7F495064}" = PaperPort
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{BBC0D330-C37B-4472-BFB9-AA217CF0C95F}" = Ulead Photo Express 4.0 SE
"{BD3DCAB0-3FE5-44FB-90DA-EFB0A2CD1387}" = Works Synchronization
"{BFD96B89-B769-4CD6-B11E-E79FFD46F067}" = QuickTime
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D92FF8EB-BD77-40AE-B68B-A6BFC6F8661D}" = Windows Live Family Safety
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F8D0829C-9C6F-11D3-8080-00C04FA329AA}" = Microsoft Works 6.0
"{FAF7F1D7-C0E7-47EA-8AAA-84E4F9EA3C94}" = Works Suite OS Pack
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Advanced SystemCare 4_is1" = Advanced SystemCare 4
"AIM Search" = AIM Search
"AIM_7" = AIM 7
"AOL Search" = AOL Search
"avast" = avast! Free Antivirus
"CCleaner" = CCleaner
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"JSLG_PH" = JumpStart Learning Games Phonics
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"RealPlayer 6.0" = RealPlayer Basic
"Smart Defrag 2_is1" = Smart Defrag 2
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SpywareBlaster_is1" = SpywareBlaster 4.4
"StreetPlugin" = Learn2 Player (Uninstall Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Works2001Setup" = Microsoft Works 2001 Setup Launcher
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/11/2011 6:25:06 PM | Computer Name = JIMMY | Source = Windows Search Service | ID = 3083
Description = The protocol handler IEPH.RSSHandler cannot be loaded. Error description:
MAPI: Logon failed. .

Error - 10/11/2011 6:50:23 PM | Computer Name = JIMMY | Source = Windows Search Service | ID = 3083
Description = The protocol handler IEPH.HistoryHandler cannot be loaded. Error description:
The system cannot find the file specified. .

Error - 10/11/2011 6:50:24 PM | Computer Name = JIMMY | Source = Windows Search Service | ID = 3083
Description = The protocol handler IEPH.RSSHandler cannot be loaded. Error description:
MAPI: Logon failed. .

Error - 10/11/2011 6:55:38 PM | Computer Name = JIMMY | Source = Windows Search Service | ID = 3083
Description = The protocol handler IEPH.HistoryHandler cannot be loaded. Error description:
The system cannot find the file specified. .

Error - 10/11/2011 6:55:40 PM | Computer Name = JIMMY | Source = Windows Search Service | ID = 3083
Description = The protocol handler IEPH.RSSHandler cannot be loaded. Error description:
MAPI: Logon failed. .

Error - 10/11/2011 6:58:34 PM | Computer Name = JIMMY | Source = Windows Search Service | ID = 3083
Description = The protocol handler IEPH.HistoryHandler cannot be loaded. Error description:
The system cannot find the file specified. .

Error - 10/11/2011 6:58:35 PM | Computer Name = JIMMY | Source = Windows Search Service | ID = 3083
Description = The protocol handler IEPH.RSSHandler cannot be loaded. Error description:
MAPI: Logon failed. .

Error - 10/11/2011 7:03:58 PM | Computer Name = JIMMY | Source = Windows Search Service | ID = 3083
Description = The protocol handler IEPH.HistoryHandler cannot be loaded. Error description:
The system cannot find the file specified. .

Error - 10/11/2011 7:03:59 PM | Computer Name = JIMMY | Source = Windows Search Service | ID = 3083
Description = The protocol handler IEPH.RSSHandler cannot be loaded. Error description:
MAPI: Logon failed. .

Error - 10/11/2011 7:43:45 PM | Computer Name = JIMMY | Source = Windows Search Service | ID = 3024
Description = The update cannot be started because the content sources cannot be
accessed. Fix the errors and try the update again. Context: Application, SystemIndex
Catalog

[ System Events ]
Error - 10/11/2011 10:34:32 AM | Computer Name = JIMMY | Source = ACPI | ID = 327685
Description = AMLI: ACPI BIOS is attempting to write to an illegal IO port address
(0x70), which lies in the 0x70 - 0x71 protected address range. This could lead to
system instability. Please contact your system vendor for technical assistance.

Error - 10/11/2011 10:34:32 AM | Computer Name = JIMMY | Source = ACPI | ID = 327684
Description = AMLI: ACPI BIOS is attempting to read from an illegal IO port address
(0x71), which lies in the 0x70 - 0x71 protected address range. This could lead to
system instability. Please contact your system vendor for technical assistance.

Error - 10/11/2011 1:01:27 PM | Computer Name = JIMMY | Source = ACPI | ID = 327685
Description = AMLI: ACPI BIOS is attempting to write to an illegal IO port address
(0x70), which lies in the 0x70 - 0x71 protected address range. This could lead to
system instability. Please contact your system vendor for technical assistance.

Error - 10/11/2011 1:01:27 PM | Computer Name = JIMMY | Source = ACPI | ID = 327684
Description = AMLI: ACPI BIOS is attempting to read from an illegal IO port address
(0x71), which lies in the 0x70 - 0x71 protected address range. This could lead to
system instability. Please contact your system vendor for technical assistance.

Error - 10/11/2011 3:38:43 PM | Computer Name = JIMMY | Source = ACPI | ID = 327685
Description = AMLI: ACPI BIOS is attempting to write to an illegal IO port address
(0x70), which lies in the 0x70 - 0x71 protected address range. This could lead to
system instability. Please contact your system vendor for technical assistance.

Error - 10/11/2011 3:38:43 PM | Computer Name = JIMMY | Source = ACPI | ID = 327684
Description = AMLI: ACPI BIOS is attempting to read from an illegal IO port address
(0x71), which lies in the 0x70 - 0x71 protected address range. This could lead to
system instability. Please contact your system vendor for technical assistance.

Error - 10/11/2011 7:35:54 PM | Computer Name = JIMMY | Source = ACPI | ID = 327685
Description = AMLI: ACPI BIOS is attempting to write to an illegal IO port address
(0x70), which lies in the 0x70 - 0x71 protected address range. This could lead to
system instability. Please contact your system vendor for technical assistance.

Error - 10/11/2011 7:35:54 PM | Computer Name = JIMMY | Source = ACPI | ID = 327684
Description = AMLI: ACPI BIOS is attempting to read from an illegal IO port address
(0x71), which lies in the 0x70 - 0x71 protected address range. This could lead to
system instability. Please contact your system vendor for technical assistance.

Error - 10/11/2011 10:06:28 PM | Computer Name = JIMMY | Source = ACPI | ID = 327685
Description = AMLI: ACPI BIOS is attempting to write to an illegal IO port address
(0x70), which lies in the 0x70 - 0x71 protected address range. This could lead to
system instability. Please contact your system vendor for technical assistance.

Error - 10/11/2011 10:06:28 PM | Computer Name = JIMMY | Source = ACPI | ID = 327684
Description = AMLI: ACPI BIOS is attempting to read from an illegal IO port address
(0x71), which lies in the 0x70 - 0x71 protected address range. This could lead to
system instability. Please contact your system vendor for technical assistance.


< End of report >

Thank you for the help.

Windows xp
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there, lets see if we can make some headway on your problem

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    SRV - File not found [Auto | Stopped] -- -- (O?rtȲ$) Network Security Service (NSS)
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - No CLSID value found.
    @Alternate Data Stream - 3063 bytes -> C:\WINDOWS\ieuninst.exe:jjefn
    @Alternate Data Stream - 3063 bytes -> C:\WINDOWS\explorer.scf:tbdtl
    @Alternate Data Stream - 11591 bytes -> C:\WINDOWS\Zapotec.bmp:jrgvs
    @Alternate Data Stream - 11591 bytes -> C:\WINDOWS\msdfmap.ini:acovm
    @Alternate Data Stream - 11591 bytes -> C:\WINDOWS\Coffee Bean.bmp:miapl
    @Alternate Data Stream - 11388 bytes -> C:\WINDOWS\TASKMAN.EXE:khdtk
    @Alternate Data Stream - 11388 bytes -> C:\WINDOWS\Soap Bubbles.bmp:sgkoi
    @Alternate Data Stream - 11388 bytes -> C:\WINDOWS\Gone Fishing.bmp:edcmi

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#3
vatch

vatch

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
Hi and thanks for help[ing me out here. I tried to send the kaspersky log and malware log but my system keeps crashing.

Okay, just followed your directions and here is the olt log. When my system rebooted it ran by itself? Is this normal? DL Combo fix now.

All processes killed
========== OTL ==========
Error: No service named O?rtȲ$) Network Security Service (NSS was found to stop!
Service\Driver key O?rtȲ$) Network Security Service (NSS not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{61539ECD-CC67-4437-A03C-9AACCBD14326} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{61539ECD-CC67-4437-A03C-9AACCBD14326}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{DE9C389F-3316-41A7-809B-AA305ED9D922} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DE9C389F-3316-41A7-809B-AA305ED9D922}\ not found.
ADS C:\WINDOWS\ieuninst.exe:jjefn deleted successfully.
ADS C:\WINDOWS\explorer.scf:tbdtl deleted successfully.
ADS C:\WINDOWS\Zapotec.bmp:jrgvs deleted successfully.
ADS C:\WINDOWS\msdfmap.ini:acovm deleted successfully.
ADS C:\WINDOWS\Coffee Bean.bmp:miapl deleted successfully.
ADS C:\WINDOWS\TASKMAN.EXE:khdtk deleted successfully.
ADS C:\WINDOWS\Soap Bubbles.bmp:sgkoi deleted successfully.
ADS C:\WINDOWS\Gone Fishing.bmp:edcmi deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Jimmy that works\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Jimmy that works\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temporary Internet Files folder emptied: 2790350 bytes
->Flash cache emptied: 434 bytes

User: Alexa F
->Temp folder emptied: 18503 bytes
->Temporary Internet Files folder emptied: 5641528 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 1915520 bytes

User: All Users

User: Application Data

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: jaclyn
->Temp folder emptied: 2399335 bytes
->Temporary Internet Files folder emptied: 140948205 bytes
->Java cache emptied: 37661303 bytes
->Flash cache emptied: 6367 bytes

User: james
->Temp folder emptied: 63234 bytes
->Temporary Internet Files folder emptied: 249848 bytes
->Java cache emptied: 9254417 bytes

User: Jimmy that works
->Temp folder emptied: 64056138 bytes
->Temporary Internet Files folder emptied: 2869990 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 7127909 bytes
->Flash cache emptied: 470 bytes

User: joey
->Temp folder emptied: 45737 bytes
->Temporary Internet Files folder emptied: 93798313 bytes
->Java cache emptied: 25500589 bytes
->Flash cache emptied: 4557 bytes

User: LocalService
->Temp folder emptied: 67420 bytes
->Temporary Internet Files folder emptied: 6499813 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1138887 bytes
%systemroot%\System32 .tmp files removed: 14399505 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 9382653 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 147886490 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 1189152 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 548.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: Alexa F
->Flash cache emptied: 0 bytes

User: All Users

User: Application Data

User: Default User

User: jaclyn
->Flash cache emptied: 0 bytes

User: james

User: Jimmy that works
->Flash cache emptied: 0 bytes

User: joey
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb

Unable to start service SrService!

OTL by OldTimer - Version 3.2.29.1 log created on 10122011_185534

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...
  • 0

#4
vatch

vatch

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
Yes, how did you know I would have a problem. LOL I am now writing this from my notebook.

Combo fix would not DL, the link would not open and when I opened the second link, it was in Spanish! LOL

Okay, so used Google chrome and I was able to save it to Desktop this time. But I received a message that my machine does not have MS recovery console? Without it combo fix will NOT attempt to fix problems?

Okay, just got another message, Successful install of MS console. It asked if I want to scan for infections and I just clicked yes.

I hope this is okay?

Thanks for your help again. I have 4 accounts on this system. When I have malware or a virus, does this mean they are all infected? And when I run a scan or malware does it work for all accounts, files and folders? My son also has a flash drive that he used to save the files on this system. He plugged it into the notebook... I am afraid to ask?

Thank you again.
  • 0

#5
vatch

vatch

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
Phew... That was long.

Okay here is the log. System still is very slow and the browsers take forever to open. IE actually didn't open. It froze,

And I now have 2 IE on my desktop? I also have restored turned off.

Thanks again for the help.

ComboFix 11-10-12.04 - Jimmy that works 10/12/2011 22:09:35.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.255.51 [GMT -4:00]
Running from: c:\documents and settings\Jimmy that works\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Jimmy that works\My Documents\~WRL1189.tmp
c:\documents and settings\Jimmy that works\My Documents\hijackthis.log
c:\documents and settings\joey\My Documents\~WRL1610.tmp
c:\documents and settings\joey\My Documents\~WRL2006.tmp
c:\documents and settings\joey\My Documents\~WRL3624.tmp
c:\program files\messenger\msmsgsin.exe
c:\program files\msn\msncorefiles\custdial.dll
c:\program files\msn\msncorefiles\logonmgr.dll
c:\windows\search_res.txt
c:\windows\system32\_000008_.tmp.dll
c:\windows\system32\_000009_.tmp.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-09-13 to 2011-10-13 )))))))))))))))))))))))))))))))
.
.
2011-10-12 22:55 . 2011-10-12 22:55 -------- d-----w- C:\_OTL
2011-10-12 01:32 . 2011-10-12 01:32 -------- d-sh--w- c:\documents and settings\Jimmy that works\IECompatCache
2011-10-12 01:31 . 2011-10-12 01:31 -------- d-sh--w- c:\documents and settings\Jimmy that works\PrivacIE
2011-10-11 23:42 . 2011-10-11 23:42 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-10-11 23:38 . 2011-10-11 23:38 -------- d-sh--w- c:\documents and settings\Jimmy that works\IETldCache
2011-10-11 23:12 . 2009-08-06 23:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2011-10-11 22:27 . 2011-10-12 02:05 -------- d-----w- c:\program files\Microsoft Silverlight
2011-10-11 22:23 . 2010-04-28 11:44 54760 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys
2011-10-11 22:20 . 2011-10-11 22:20 -------- d-----w- c:\program files\Microsoft
2011-10-11 22:19 . 2011-10-11 22:22 -------- d-----w- c:\program files\Windows Live
2011-10-11 22:18 . 2011-10-11 22:18 -------- d-----w- c:\program files\Windows Live SkyDrive
2011-10-11 22:09 . 2011-10-11 22:09 -------- d-----w- c:\program files\Common Files\Windows Live
2011-10-11 22:03 . 2011-10-11 22:03 -------- d-----w- c:\windows\system32\winrm
2011-10-11 22:02 . 2011-10-11 22:03 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2011-10-11 21:46 . 2010-10-18 11:10 7680 -c----w- c:\windows\system32\dllcache\iecompat.dll
2011-10-11 21:33 . 2011-08-22 23:48 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2011-10-11 21:33 . 2011-08-22 23:48 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2011-10-11 21:32 . 2011-08-22 23:48 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2011-10-11 21:11 . 2011-10-11 21:30 -------- dc-h--w- c:\windows\ie8
2011-10-11 20:39 . 2011-10-11 20:39 -------- d-----w- c:\documents and settings\Jimmy that works\Local Settings\Application Data\Identities
2011-10-11 20:37 . 2011-10-11 20:37 -------- d-----w- c:\documents and settings\Jimmy that works\Application Data\Windows Desktop Search
2011-10-11 20:30 . 2011-10-12 02:05 -------- d-----w- c:\program files\Windows Desktop Search
2011-10-11 20:30 . 2011-10-11 20:30 -------- d-----w- c:\windows\system32\GroupPolicy
2011-10-11 20:24 . 2008-03-07 17:02 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll
2011-10-11 20:24 . 2008-03-07 17:02 29696 -c----w- c:\windows\system32\dllcache\mimefilt.dll
2011-10-11 20:24 . 2008-03-07 17:02 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll
2011-10-11 07:26 . 2011-10-11 07:26 -------- d-----w- C:\538e107a96af8f64c2f9070a
2011-10-11 06:49 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2011-10-11 06:48 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2011-10-11 06:48 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2011-10-11 06:42 . 2011-06-24 14:10 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2011-10-11 06:42 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2011-10-11 06:35 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2011-10-11 06:35 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2011-10-11 05:31 . 2011-10-11 05:31 -------- d-----w- c:\windows\system32\CatRoot_bak
2011-10-11 01:46 . 2011-10-11 01:46 -------- d-----w- c:\windows\system32\scripting
2011-10-11 01:45 . 2011-10-11 01:45 -------- d-----w- c:\windows\l2schemas
2011-10-11 01:45 . 2011-10-11 01:45 -------- d-----w- c:\windows\system32\en
2011-10-09 22:59 . 2011-10-09 22:59 388096 ----a-r- c:\documents and settings\Jimmy that works\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-10-09 22:59 . 2011-10-09 22:59 -------- d-----w- c:\program files\Trend Micro
2011-10-09 07:35 . 2011-10-09 07:35 -------- d-----w- c:\documents and settings\Alexa F\Application Data\IObit
2011-10-09 04:50 . 2011-08-19 20:33 25944 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2011-10-09 04:49 . 2010-11-26 22:02 14776 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2011-10-09 04:47 . 2011-10-09 04:50 -------- d-----w- c:\documents and settings\Jimmy that works\Application Data\IObit
2011-10-09 04:47 . 2011-10-09 04:49 -------- d-----w- c:\program files\IObit
2011-10-09 04:26 . 2011-09-06 20:38 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-10-09 04:17 . 2011-05-04 08:52 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-09 04:03 . 2011-10-09 04:03 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-09 02:49 . 2008-04-13 18:39 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-26 15:41 . 2008-07-29 23:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41 . 2003-03-31 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41 . 2003-03-31 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-09 09:12 . 2002-09-23 19:10 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 20:45 . 2011-03-30 01:57 41184 ----a-w- c:\windows\avastSS.scr
2011-09-06 20:45 . 2010-02-12 15:24 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-09-06 20:37 . 2010-02-12 15:25 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-09-06 20:36 . 2010-02-12 15:25 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-09-06 20:36 . 2010-02-12 15:25 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-09-06 20:36 . 2010-02-12 15:25 110552 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-09-06 20:36 . 2010-02-12 15:25 104536 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-09-06 20:36 . 2010-02-12 15:25 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-09-06 20:33 . 2010-02-12 15:25 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-09-06 13:20 . 2003-03-31 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-31 21:00 . 2009-07-01 20:10 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-22 23:48 . 2004-02-06 22:05 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48 . 2003-03-31 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48 . 2003-03-31 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56 . 2004-08-04 05:59 385024 ------w- c:\windows\system32\html.iec
2011-08-17 13:49 . 2003-03-31 12:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-07-15 13:29 . 2003-03-31 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-07-01 19:31 . 2009-07-01 19:30 3561744 ----a-w- c:\program files\mbam-setup.exe
2009-07-01 19:27 . 2009-07-01 19:27 50688 ----a-w- c:\program files\ATF-Cleaner.exe
2007-10-31 01:55 . 2007-10-31 01:54 5914648 ----a-w- c:\program files\SUPERAntiSpyware.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[7] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ctfmon.exe
[7] 2004-08-04 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe
.
c:\windows\System32\ctfmon.exe ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-02-01 385024]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
backup=c:\windows\pss\Microsoft Works Calendar Reminders.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Status Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Status Monitor.lnk
backup=c:\windows\pss\Status Monitor.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 4]
2011-08-09 20:56 417112 ----a-w- c:\program files\IObit\Advanced SystemCare 4\ASCTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter2.0]
2004-07-20 13:34 851968 ----a-w- c:\program files\Brother\ControlCenter2\brctrcen.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-10-09 03:00 136176 ----atw- c:\documents and settings\Jimmy that works\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
2004-04-14 19:04 40960 ----a-w- c:\program files\ScanSoft\PaperPort\IndexSearch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Portfolio]
2000-08-08 20:00 311350 ----a-w- c:\program files\Microsoft Works\wkssb.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
2000-08-08 20:00 28739 ----a-w- c:\program files\Microsoft Works\WkDetect.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
2004-04-14 18:46 57393 ----a-w- c:\program files\ScanSoft\PaperPort\pptd40nt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefPrt]
2004-05-25 13:16 49152 ------w- c:\program files\Brother\Brmfl04a\BrStDvPt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2003-10-14 14:22 155648 ----a-r- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorksFUD]
2000-08-08 20:00 24576 ----a-w- c:\program files\Microsoft Works\wkfud.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [10/9/2011 12:49 AM 14776]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [10/9/2011 12:26 AM 442200]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2/12/2010 11:25 AM 320856]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2/12/2010 11:25 AM 20568]
S3 USBNET_XP;Instant Wireless XP USB Network Adapter ver.2.6 Driver;c:\windows\system32\drivers\netusbxp.sys [4/27/2004 9:29 PM 72576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2008-12-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 19:57]
.
2011-10-12 c:\windows\Tasks\ASC4_PerformanceMonitor.job
- c:\program files\IObit\Advanced SystemCare 4\PMonitor.exe [2011-10-09 20:40]
.
2011-10-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 17:04]
.
2011-10-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 17:04]
.
2011-10-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-790525478-1957994488-854245398-1007Core.job
- c:\documents and settings\Jimmy that works\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-10-09 03:00]
.
2011-10-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-790525478-1957994488-854245398-1007UA.job
- c:\documents and settings\Jimmy that works\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-10-09 03:00]
.
2011-10-12 c:\windows\Tasks\SmartDefrag_Startup.job
- c:\program files\IObit\Smart Defrag 2\SmartDefrag.exe [2011-10-09 14:35]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
TCP: DhcpNameServer = 167.206.254.1 167.206.254.2
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-12 22:33
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2011-10-12 22:45:18
ComboFix-quarantined-files.txt 2011-10-13 02:45
.
Pre-Run: 48,141,942,784 bytes free
Post-Run: 48,004,198,400 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 60F2A8A112AA08961979F8DCF1252349

Edited by vatch, 12 October 2011 - 09:05 PM.

  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you turn on system restore please as we will be using that as a safety net

For the USB drive it must be vaccinated as they are a route for infections
Could you download and run Panda Vaccinate
Ensuring all USB drives are cleared

I will now ask for a scan and analysis of your system to see if I can locate the miscreant. Once this is done I will then check all users with OTL (I will give the necessary instructions when we run it)

The additional IE icon was generated by combofix

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
Posted Image

Allow AVP to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threats report from the left and press Save button
Save it to your desktop and attach to your next post


Now the Analysis

Rerun AVP and select the Manual Disinfection tab and press Start Gathering System Information

Posted Image

On completion click the link to locate the zip file to upload and attach to your next post

Posted Image
Megaupload
  • 0

#7
vatch

vatch

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
Hi and thank you so much for all your help! My PC actually goes on now and boots up pretty good. The browsers are the problems. I just did another advanced deep scan and it is still finding things. Just wanted to let you know, Iam not sure how important that is.

So I went to turn on System Restore and... Somehow it is already on! I think my PC is possessed! LOL

Okay running that scan now.

Thanks again for all the info with the usb flash drives as well. Very important I see.
  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Seems as though Combofix turned it on for you :)
  • 0

#9
vatch

vatch

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
Hi,
System is running rally slow again but Kaspersky show no infction... I think.

Here's the zip file.

Sorry this took so long to get back to you.

Thanks for the help. :)


It won't let me attach the file.... I have been trying for an hour!

Help???
  • 0

#10
vatch

vatch

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
I hope this works!!!
  • 0

#11
vatch

vatch

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
I am sorry for all the separate posts but my system won't let me copy the log in or add it as a file. It's so slow it's driving me crazy.

I tried to get the first scan of Kaspersky in but it won't take. Anything you can think of, I am all for it.

I am once again typing this from my notebook. I hope that zipfile works!

Thanks again for all your help!
  • 0

#12
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hmm the zip file is not attaching could you upload it to mediafire and post the sharing link please

Also I would like to check out the MBR on your system

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image
  • 0

#13
vatch

vatch

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
Hi and thanks again. Sorry for the delay but my other system is now infected too! I checked the USB like you said and Panda fixed that, which was great! But now my other system is a mess! It won't open any applications and I came here and looked up Open cloud security and realized I was hit with yet another bugger!

Also I found Zero Access and rootkit and Gmer.... Phew... the last few days have been crazy and I can't seem to get either computer working correctly.

I will post the log, like you say to Mediafire. I hope it works and thanks again for your patience!
  • 0

#14
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK work both systems in tandem with this programme (download a fresh copy on the first system )



Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#15
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP