Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

computer files changing on their own [Solved]

Started by scottie279 , Mar 08 2012 07:05 PM

  • This topic is locked This topic is locked

#16
scottie279
Posted 25 March 2012 - 01:22 PM

scottie279

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
thank you im back home now im going to try to upload it to a media sharing then post it on here
  • 0

Advertisements

#17
scottie279
Posted 25 March 2012 - 01:27 PM

scottie279

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
http://www.mediafire...oab4mg5ysgwb2gq


here is the screen shot

Edited by scottie279, 25 March 2012 - 01:27 PM.

  • 0

#18
Essexboy
Posted 25 March 2012 - 01:43 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Do you have autosave set on your word processor, as that is the type of format of the document when it is being saved on the fly

Saving documents on the fly as you type - something you really wonder why you don't do it more often....when you have typed ten pages and Eskom does their unexpected load shedding..

The key sequence:

"Ctrl" + "S"

The result:

This sequence saves the file by the current name, without bringing up a file save dialog to fill in - nice and simple - just saves it away. There is also an auto save option in Word for the unexpected load shedding - find it under "File", "Options" and then the "Save" menu item on the left.


Could you run a fresh OTL scan please ensuring that all users at the top is checked
  • 0

#19
scottie279
Posted 25 March 2012 - 09:33 PM

scottie279

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
full or quick scan the storys are books im reading saved to the cpu they used to be correct now they are not i cant change any of the content so i dont know how it changed so i dont know how the ctr s save commands can help kinda confused
  • 0

#20
scottie279
Posted 25 March 2012 - 11:18 PM

scottie279

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
OTL logfile created on: 3/25/2012 8:34:14 PM - Run 3
OTL by OldTimer - Version 3.2.39.1 Folder = C:\Documents and Settings\Administrator\Desktop\system help
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.99 Gb Available Physical Memory | 49.89% Memory free
2.21 Gb Paging File | 1.32 Gb Available in Paging File | 59.88% Paging File free
Paging file location(s): C:\pagefile.sys 372 744 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 76.69 Gb Total Space | 55.81 Gb Free Space | 72.77% Space Free | Partition Type: NTFS
Drive D: | 232.88 Gb Total Space | 128.27 Gb Free Space | 55.08% Space Free | Partition Type: NTFS
Drive F: | 14.83 Gb Total Space | 14.65 Gb Free Space | 98.82% Space Free | Partition Type: FAT32

Computer Name: SCOTT-9E5884CBC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/19 19:58:59 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\system help\OTL.exe
PRC - [2012/03/12 17:02:34 | 000,918,880 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
PRC - [2012/03/12 17:02:22 | 000,982,880 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2012/03/10 02:21:44 | 001,049,072 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2012/03/06 17:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/03/06 17:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/01/13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/04/27 09:56:10 | 000,232,896 | ---- | M] (Vuze Inc.) -- C:\Program Files\Vuze\Azureus.exe
PRC - [2009/12/03 02:28:08 | 000,026,112 | ---- | M] (LSI Corporation) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe
PRC - [2009/11/19 19:15:46 | 000,583,016 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012/03/25 11:46:55 | 001,749,504 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12032501\algo.dll
MOD - [2012/03/12 17:02:34 | 000,918,880 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
MOD - [2012/03/12 17:02:22 | 000,982,880 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2012/03/10 02:21:42 | 000,429,040 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\17.0.963.79\ppgooglenaclpluginchrome.dll
MOD - [2012/03/10 02:21:41 | 003,772,912 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\17.0.963.79\pdf.dll
MOD - [2012/03/10 02:20:17 | 000,122,880 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\17.0.963.79\avutil-51.dll
MOD - [2012/03/10 02:20:16 | 000,220,672 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\17.0.963.79\avformat-53.dll
MOD - [2012/03/10 02:20:15 | 001,747,456 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\17.0.963.79\avcodec-53.dll
MOD - [2012/03/09 22:56:11 | 008,593,056 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\17.0.963.79\gcswf32.dll
MOD - [2012/01/27 21:12:18 | 000,028,160 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Azureus\plugins\azutp\win32\utp.dll
MOD - [2011/04/27 09:56:18 | 000,102,400 | ---- | M] () -- C:\Program Files\Vuze\plugins\azitunes\jacob-1.14.3-x86.dll
MOD - [2011/04/27 09:56:10 | 000,087,480 | ---- | M] () -- C:\Program Files\Vuze\aereg.dll
MOD - [2008/04/13 17:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012/03/12 17:02:34 | 000,918,880 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe -- (vToolbarUpdater10.2.0)
SRV - [2012/03/06 17:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2009/12/03 02:28:08 | 000,026,112 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/03/06 17:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/03/06 17:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/03/06 17:02:00 | 000,035,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2012/03/06 17:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/03/06 17:01:39 | 000,095,704 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/03/06 17:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/03/06 16:58:29 | 000,024,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2012/01/27 14:44:34 | 000,050,688 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hcdriver.sys -- (hcdriver)
DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/07/26 01:02:28 | 000,056,960 | ---- | M] (OrangeWare Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ousb2hub.sys -- (ousb2hub)
DRV - [2011/07/26 01:02:28 | 000,045,696 | ---- | M] (OrangeWare Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\ousbehci.sys -- (ousbehci)
DRV - [2010/11/04 16:18:04 | 000,102,728 | ---- | M] (Matrox Graphics Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\MxEFUF32.sys -- (MxEFUF)
DRV - [2010/07/09 04:00:00 | 000,015,744 | ---- | M] (AnaPa) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Vbemp.sys -- (Vbemp)
DRV - [2010/07/04 12:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2010/01/25 23:38:06 | 001,163,328 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/07/23 23:02:56 | 000,043,008 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2007/04/11 14:44:04 | 000,030,720 | ---- | M] (Thesycon GmbH, Germany) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbio.sys -- (usbio)
DRV - [2005/06/14 11:10:14 | 000,084,319 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\AliEhci.sys -- (ALIEHCD)
DRV - [2005/04/14 22:00:00 | 000,273,296 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97) 3DP Edition v9.12 (SigmaTel C-Major Audio)
DRV - [2004/10/01 10:24:02 | 002,279,424 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/08/03 15:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2002/08/14 16:03:36 | 000,017,005 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (Aspi32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-725345543-602609370-839522115-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://isearch.avg.c...sa&d=2012-01-26 10:02:49&v=9.0.0.23&sap=hp
IE - HKU\S-1-5-21-725345543-602609370-839522115-500\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-725345543-602609370-839522115-500\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-725345543-602609370-839522115-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-725345543-602609370-839522115-500\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...sa&d=2012-01-26 10:02:49&v=9.0.0.23&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-725345543-602609370-839522115-500\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2504091
IE - HKU\S-1-5-21-725345543-602609370-839522115-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\avg@toolbar: C:\Documents and Settings\All Users\Application Data\AVG Secure Search\10.2.0.3\ [2012/03/12 17:03:05 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: AVG Secure Search (Enabled)
CHR - default_search_provider: search_url = http://isearch.avg.c...sa&d=2012-01-26 10:02:49&v=10.0.0.7&sap=dsp&q={searchTerms}
CHR - default_search_provider: suggest_url = http://clients5.goog...outputEncoding}
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.79\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.79\pdf.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.18_0\
CHR - Extension: avast! WebRep = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\
CHR - Extension: Gmail = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2004/08/04 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-725345543-602609370-839522115-500\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [ContentTransferWMDetector.exe] C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe (Sony Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKU\S-1-5-21-725345543-602609370-839522115-500..\Run: [DriverMax] C:\Program Files\Innovative Solutions\DriverMax\drivermax.exe (Innovative Solutions)
O4 - HKU\S-1-5-21-725345543-602609370-839522115-500..\Run: [DriverMax_RESTART] C:\Program Files\Innovative Solutions\DriverMax\drivermax.exe (Innovative Solutions)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-725345543-602609370-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6534718E-DF22-4AD0-9614-7B460C7AEA5F}: DhcpNameServer = 10.1.10.1
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/01/25 23:11:15 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/18 18:32:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\MOM PIC
[2012/03/17 23:48:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\MagicDisc
[2012/03/17 23:48:42 | 000,116,736 | ---- | C] (MagicISO, Inc.) -- C:\WINDOWS\System32\drivers\mcdbus.sys
[2012/03/17 23:48:40 | 000,000,000 | ---D | C] -- C:\Program Files\MagicDisc
[2012/03/16 18:18:18 | 000,000,000 | ---D | C] -- C:\Program Files\Sigmatel
[2012/03/14 11:12:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Vuze Downloads
[2012/03/13 15:27:50 | 000,000,000 | ---D | C] -- C:\Intel
[2012/03/12 17:05:22 | 000,015,744 | ---- | C] (AnaPa) -- C:\WINDOWS\System32\drivers\Vbemp.sys
[2012/03/10 14:02:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\PriceGong
[2012/03/05 14:13:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\.jagex_cache_32
[2012/03/05 14:08:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\jagexcache
[2012/03/05 14:07:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2012/03/04 12:53:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2012/03/04 12:53:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/03/04 12:53:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/03/04 12:53:34 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/03/04 12:53:33 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/02/28 06:40:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/02/28 06:36:55 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/25 21:29:55 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/25 01:28:03 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/22 20:29:05 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2012/03/19 19:36:11 | 000,013,736 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/03/19 19:35:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/03/17 23:48:55 | 000,000,652 | ---- | M] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\MagicDisc.lnk
[2012/03/17 23:48:55 | 000,000,640 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\MagicDisc.lnk
[2012/03/16 20:22:29 | 000,000,440 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to Vuze Downloads.lnk
[2012/03/16 19:52:30 | 000,032,768 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/03/14 12:33:28 | 000,095,072 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/03/14 11:10:59 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/03/13 16:16:03 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2012/03/11 23:03:17 | 000,000,024 | ---- | M] () -- C:\Documents and Settings\Administrator\random.dat
[2012/03/11 20:57:36 | 000,000,069 | ---- | M] () -- C:\Documents and Settings\Administrator\jagex_cl_runescape_LIVE.dat
[2012/03/11 07:48:25 | 000,494,350 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/03/11 07:48:24 | 000,083,072 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/03/08 15:33:34 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/03/06 17:15:19 | 000,041,184 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012/03/06 17:15:14 | 000,201,352 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2012/03/06 17:03:51 | 000,612,184 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012/03/06 17:03:38 | 000,337,880 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012/03/06 17:02:00 | 000,035,672 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012/03/06 17:01:53 | 000,053,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012/03/06 17:01:39 | 000,095,704 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012/03/06 17:01:35 | 000,089,048 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012/03/06 17:01:30 | 000,020,696 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012/03/06 16:58:29 | 000,024,920 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/17 23:48:55 | 000,000,652 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\MagicDisc.lnk
[2012/03/17 23:48:55 | 000,000,640 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\MagicDisc.lnk
[2012/03/16 20:22:29 | 000,000,440 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to Vuze Downloads.lnk
[2012/03/05 14:08:01 | 000,000,069 | ---- | C] () -- C:\Documents and Settings\Administrator\jagex_cl_runescape_LIVE.dat
[2012/03/05 14:08:01 | 000,000,024 | ---- | C] () -- C:\Documents and Settings\Administrator\random.dat
[2012/02/15 23:54:39 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/11 23:07:56 | 000,084,319 | ---- | C] () -- C:\WINDOWS\System32\drivers\AliEhci.sys
[2012/02/11 23:07:56 | 000,032,164 | ---- | C] () -- C:\WINDOWS\System32\drivers\AliHub.sys
[2012/02/11 23:07:56 | 000,009,673 | ---- | C] () -- C:\WINDOWS\System32\drivers\AliGP.sys
[2012/02/11 23:07:56 | 000,005,318 | ---- | C] () -- C:\WINDOWS\System32\drivers\AliRtHub.sys
[2012/01/31 19:48:42 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/01/26 22:55:05 | 000,032,768 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/26 09:23:26 | 000,154,144 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2012/01/26 09:23:25 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2012/01/25 23:14:55 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012/01/25 23:07:10 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012/01/25 14:52:36 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012/01/25 14:51:16 | 000,095,072 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== LOP Check ==========

[2012/01/26 23:40:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Auslogics
[2012/01/26 11:02:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\AVG Secure Search
[2012/03/25 22:04:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Azureus
[2012/02/04 07:35:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Foxit Software
[2012/03/10 14:02:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PriceGong
[2012/01/30 16:25:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Windows Desktop Search
[2012/02/14 21:18:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Windows Search
[2012/01/26 00:04:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/03/12 17:03:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
[2012/01/26 11:02:27 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/01/26 10:56:49 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 16 bytes -> C:\Documents and Settings\Administrator\Desktop\george-resume (1).doc:BDU

< End of report >
  • 0

#21
Essexboy
Posted 26 March 2012 - 03:10 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
There is something I am obviously not seeing

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.



Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#22
scottie279
Posted 26 March 2012 - 11:22 PM

scottie279

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
ComboFix 12-03-26.04 - Administrator 03/26/2012 21:46:31.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1412 [GMT -7:00]
Running from: c:\documents and settings\Administrator\My Documents\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\Application Data\PriceGong
c:\documents and settings\Administrator\Application Data\PriceGong\Data\1.txt
c:\documents and settings\Administrator\Application Data\PriceGong\Data\a.txt
c:\documents and settings\Administrator\Application Data\PriceGong\Data\b.txt
c:\documents and settings\Administrator\Application Data\PriceGong\Data\c.txt
c:\documents and settings\Administrator\Application Data\PriceGong\Data\d.txt
c:\documents and settings\Administrator\Application Data\PriceGong\Data\e.txt
c:\documents and settings\Administrator\Application Data\PriceGong\Data\f.txt
c:\documents and settings\Administrator\Application Data\PriceGong\Data\g.txt
c:\documents and settings\Administrator\Application Data\PriceGong\Data\h.txt
c:\documents and settings\Administrator\Application Data\PriceGong\Data\i.txt
c:\documents and settings\Administrator\Application Data\PriceGong\Data\j.txt
c:\documents and settings\Administrator\Application Data\PriceGong\Data\k.txt
c:\documents and settings\Administrator\Application Data\PriceGong\Data\l.txt
c:\documents and settings\Administrator\Application Data\PriceGong\Data\m.txt
c:\documents and settings\Administrator\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\n.txt
c:\documents and settings\Administrator\Application Data\PriceGong\Data\o.txt
c:\documents and settings\Administrator\Application Data\PriceGong\Data\p.txt
c:\documents and settings\Administrator\Application Data\PriceGong\Data\q.txt
c:\documents and settings\Administrator\Application Data\PriceGong\Data\r.txt
c:\documents and settings\Administrator\Application Data\PriceGong\Data\s.txt
c:\documents and settings\Administrator\Application Data\PriceGong\Data\t.txt
c:\documents and settings\Administrator\Application Data\PriceGong\Data\u.txt
c:\documents and settings\Administrator\Application Data\PriceGong\Data\v.txt
c:\documents and settings\Administrator\Application Data\PriceGong\Data\w.txt
c:\documents and settings\Administrator\Application Data\PriceGong\Data\wlu.txt
c:\documents and settings\Administrator\Application Data\PriceGong\Data\x.txt
c:\documents and settings\Administrator\Application Data\PriceGong\Data\y.txt
c:\documents and settings\Administrator\Application Data\PriceGong\Data\z.txt
c:\documents and settings\Administrator\WINDOWS
c:\windows\isRS-000.tmp
c:\windows\system32\Cache
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\979a1e68c084c3ee.fb
c:\windows\system32\Cache\a6fe9b3ee0d1452e.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\e0de16f883bea794.fb
D:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-02-27 to 2012-03-27 )))))))))))))))))))))))))))))))
.
.
2012-03-18 06:49 . 2002-08-02 09:20 32768 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2012-03-18 06:49 . 2002-08-05 17:46 57344 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0700\Intel32\ctor.dll
2012-03-18 06:49 . 2002-08-02 10:10 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0700\Intel32\DotNetInstaller.exe
2012-03-18 06:49 . 2002-08-02 09:20 237568 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0700\Intel32\iscript.dll
2012-03-18 06:49 . 2002-08-02 09:20 151552 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0700\Intel32\iuser.dll
2012-03-18 06:49 . 2002-08-02 09:20 634880 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0700\Intel32\iKernel.dll
2012-03-18 06:49 . 2012-03-18 06:49 270468 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0700\Intel32\Setup.dll
2012-03-18 06:49 . 2012-03-18 06:49 159876 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0700\Intel32\IGdi.dll
2012-03-18 06:48 . 2009-02-25 01:42 116736 ----a-w- c:\windows\system32\drivers\mcdbus.sys
2012-03-18 06:48 . 2012-03-18 06:49 -------- d-----w- c:\program files\MagicDisc
2012-03-18 05:44 . 2012-01-27 21:44 50688 ----a-w- c:\windows\system32\drivers\hcdriver.sys
2012-03-17 01:18 . 2012-03-17 01:18 -------- d-----w- c:\program files\Sigmatel
2012-03-17 01:17 . 2005-04-15 05:00 273296 ----a-w- c:\windows\system32\drivers\STAC97.sys
2012-03-17 01:17 . 2005-04-15 05:00 102912 ----a-w- c:\windows\system32\staco.dll
2012-03-13 22:27 . 2012-03-13 22:27 -------- d-----w- C:\Intel
2012-03-13 22:27 . 2004-08-20 22:50 159744 ----a-w- c:\windows\system32\igfxres.dll
2012-03-13 00:05 . 2010-07-09 11:00 15744 ----a-w- c:\windows\system32\drivers\Vbemp.sys
2012-03-05 21:13 . 2012-03-05 21:13 -------- d-----w- c:\windows\.jagex_cache_32
2012-03-05 21:08 . 2012-03-05 21:08 -------- d-----w- c:\documents and settings\Administrator\jagexcache
2012-03-05 21:07 . 2012-03-05 21:07 -------- d-----w- c:\windows\Sun
2012-03-04 19:53 . 2012-03-04 19:53 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2012-03-04 19:53 . 2012-03-04 19:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-03-04 19:53 . 2011-12-10 22:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-04 19:53 . 2012-03-20 02:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-28 13:40 . 2012-02-28 13:40 -------- d-----w- c:\program files\Common Files\Java
2012-02-28 13:37 . 2012-02-28 13:37 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-02-28 13:36 . 2012-02-28 13:36 -------- d-----w- c:\program files\Java
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-07 00:15 . 2012-01-26 07:04 41184 ----a-w- c:\windows\avastSS.scr
2012-03-07 00:15 . 2012-01-26 07:04 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-07 00:03 . 2012-01-26 07:05 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-07 00:03 . 2012-01-26 07:05 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-07 00:02 . 2012-01-26 07:05 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-03-07 00:01 . 2012-01-26 07:05 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-07 00:01 . 2012-01-26 07:05 95704 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-03-07 00:01 . 2012-01-26 07:05 89048 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-03-07 00:01 . 2012-01-26 07:05 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-03-06 23:58 . 2012-01-26 07:05 24920 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-02-28 13:37 . 2012-01-27 08:48 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-03 09:22 . 2004-08-04 12:00 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-30 04:58 . 2012-01-30 04:58 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-11 19:06 . 2012-02-16 06:54 3072 ------w- c:\windows\system32\iacenc.dll
2012-01-09 16:20 . 2012-01-26 06:05 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\prxtbVuze.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-03-13 00:02 1869152 ----a-w- c:\program files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2011-05-09 08:49 176936 ----a-w- c:\program files\Vuze_Remote\prxtbVuze.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll" [2012-03-13 1869152]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\prxtbVuze.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BA14329E-9550-4989-B3F2-9732E92D17CC}"= "c:\program files\Vuze_Remote\prxtbVuze.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-07 00:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DriverMax"="c:\program files\Innovative Solutions\DriverMax\drivermax.exe" [2012-03-02 8557464]
"DriverMax_RESTART"="c:\program files\Innovative Solutions\DriverMax\drivermax.exe" [2012-03-02 8557464]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-07 4241512]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-08-20 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-08-20 118784]
"ContentTransferWMDetector.exe"="c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe" [2009-11-20 583016]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-03-13 982880]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 57344]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2012-3-17 576000]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverMax]
2012-03-02 21:06 8557464 ----a-w- c:\program files\Innovative Solutions\DriverMax\drivermax.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverMax_RESTART]
2012-03-02 21:06 8557464 ----a-w- c:\program files\Innovative Solutions\DriverMax\drivermax.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ROC_roc_dec12]
2012-01-30 16:48 928096 ----a-w- c:\program files\AVG Secure Search\ROC_roc_dec12.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vProt]
2012-03-13 00:02 982880 ----a-w- c:\program files\AVG Secure Search\vprot.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Documents and Settings\\Administrator\\Desktop\\scott music games\\Yu-Gi-Oh! Power of Chaos JOEY THE PASSION\\joey_pc.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 MxEFUF;Matrox Extio Upper Function Filter;c:\windows\system32\drivers\MxEFUF32.sys [2/1/2012 6:40 PM 102728]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [1/26/2012 12:05 AM 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [1/26/2012 12:05 AM 337880]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1/26/2012 12:05 AM 20696]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [3/4/2012 12:53 PM 652360]
R2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe [3/12/2012 5:02 PM 918880]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [3/4/2012 12:53 PM 20464]
S2 ALIEHCD;ULi PCI to USB Enhanced Host Controller;c:\windows\system32\drivers\AliEhci.sys [2/11/2012 11:07 PM 84319]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 2:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/26/2012 12:05 AM 136176]
S2 ousbehci;OrangeWare USB Enhanced Host Controller Service;c:\windows\system32\drivers\ousbehci.sys [2/9/2012 1:34 PM 45696]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/26/2012 12:05 AM 136176]
S3 hcdriver;EHCI Compliance Test Tool Device Driver;c:\windows\system32\drivers\hcdriver.sys [3/17/2012 10:44 PM 50688]
S3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\windows\system32\drivers\ousb2hub.sys [2/9/2012 1:34 PM 56960]
S3 Vbemp;VBE Miniport;c:\windows\system32\drivers\Vbemp.sys [3/12/2012 5:05 PM 15744]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/4/2004 5:00 AM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 2:16 PM 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-26 07:05]
.
2012-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-26 07:05]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://isearch.avg.com/?cid={B1DCEC2B-AF12-4E3E-9CCD-5D0A7CCA79C8}&mid=3cbe88667e5a47d19342d1584ff0c912-e763e35a696e82da815de76c05a0ebce34e39b15&lang=en&ds=is015&pr=sa&d=2012-01-26 10:02&v=9.0.0.23&sap=hp
TCP: DhcpNameServer = 10.1.10.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
MSConfigStartUp-SUPERAntiSpyware - c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
AddRemove-LSI Soft Modem - c:\windows\agrsmdel
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-26 21:57
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
? [37884]
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
C:\avast! sandbox
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-725345543-602609370-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,16,a4,62,5e,f7,dc,b2,4a,af,fc,5c,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,16,a4,62,5e,f7,dc,b2,4a,af,fc,5c,\
.
[HKEY_LOCAL_MACHINE\software\Microsoft\DbgagD\1*]
"value"="?\01\05\1b\065+n"
.
Completion time: 2012-03-26 22:01:06
ComboFix-quarantined-files.txt 2012-03-27 05:01
.
Pre-Run: 60,722,597,888 bytes free
Post-Run: 60,741,902,336 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - F5CF773F4851B0C7B3A74ACF16184162
  • 0

#23
Essexboy
Posted 27 March 2012 - 01:49 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
How is the computer behaving now ?
  • 0

#24
scottie279
Posted 27 March 2012 - 06:12 PM

scottie279

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
slow tfc still freezes
  • 0

#25
Essexboy
Posted 28 March 2012 - 01:49 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
TFC freezing is due to Malwarebytes I am afraid

Go start > Run and type in the following command

cleanmgr

Press OK

When Disc cleanup opens select your main drive
Select all options
[attachment=56889:Capture.JPG]
Then select the more options tab
The select Delete system restore points
[attachment=56890:Capture1.JPG]

Then return to the first tab and select OK

Once domne then run the disc defragmenter and reboot on completion

Is it running any better
  • 0

Advertisements

#26
scottie279
Posted 29 March 2012 - 06:03 PM

scottie279

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
its a little better ill let you know tommmrow if its alot better
  • 0

#27
scottie279
Posted 29 March 2012 - 06:51 PM

scottie279

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
my computer seems to be running better and faster thank you alot
  • 0

#28
Essexboy
Posted 30 March 2012 - 12:43 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Any further anomolies that need resolving before I remove my tools ?
  • 0

#29
scottie279
Posted 30 March 2012 - 08:31 PM

scottie279

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
malwarebytes keeps blocking outgoing stuff and slows down my cpu
  • 0

#30
Essexboy
Posted 31 March 2012 - 05:23 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you post the log to show what Malwarebytes is blocking
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP