[Dougrbi]

My Computer got infected with the XP Internet Security 2011. I have Malwarebytes loaded and tried to run that to clean and it won't load, I also tried to rename the EXE file and it won't run either. I'm afraid to follow the other form post instructions as it looks custom to the user. I have attached the OTL log and any help would be appreciated.

OTL Extras logfile created on: 4/23/2011 5:45:03 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Party Jumps\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.00 Mb Total Physical Memory | 208.00 Mb Available Physical Memory | 41.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 27.92 Gb Total Space | 5.91 Gb Free Space | 21.16% Space Free | Partition Type: NTFS
Drive E: | 1.87 Gb Total Space | 1.85 Gb Free Space | 99.04% Space Free | Partition Type: FAT

Computer Name: D161GQ21 | User Name: Party Jumps | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- C:\Documents and Settings\Party Jumps\Local Settings\Application Data\opd.exe ()
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"56685:TCP" = 56685:TCP:*:Enabled:Pando Media Booster
"56685:UDP" = 56685:UDP:*:Enabled:Pando Media Booster

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"135:TCP" = 135:TCP:*:Enabled:DCOM(135)
"1700:TCP" = 1700:TCP:*:Disabled:MioNet Remote Drive Access 0
"1701:TCP" = 1701:TCP:*:Disabled:MioNet Remote Drive Access 1
"1702:TCP" = 1702:TCP:*:Disabled:MioNet Remote Drive Access 2
"1703:TCP" = 1703:TCP:*:Disabled:MioNet Remote Drive Access 3
"1704:TCP" = 1704:TCP:*:Disabled:MioNet Remote Drive Access 4
"1705:TCP" = 1705:TCP:*:Disabled:MioNet Remote Drive Access 5
"1706:TCP" = 1706:TCP:*:Disabled:MioNet Remote Drive Access 6
"1707:TCP" = 1707:TCP:*:Disabled:MioNet Remote Drive Access 7
"1708:TCP" = 1708:TCP:*:Disabled:MioNet Remote Drive Access 8
"1709:TCP" = 1709:TCP:*:Disabled:MioNet Remote Drive Access 9
"1641:TCP" = 1641:TCP:*:Disabled:MioNet Remote Drive Verification
"1647:TCP" = 1647:TCP:*:Disabled:MioNet Storage Device Configuration
"5432:UDP" = 5432:UDP:*:Disabled:MioNet Storage Device Discovery
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"56685:TCP" = 56685:TCP:*:Enabled:Pando Media Booster
"56685:UDP" = 56685:UDP:*:Enabled:Pando Media Booster

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\MioNet\jvm\bin\MioNet.exe" = C:\Program Files\MioNet\jvm\bin\MioNet.exe:*:Disabled:MioNet
"C:\Program Files\MioNet\MioNetManager.exe" = C:\Program Files\MioNet\MioNetManager.exe:*:Disabled:MioNetManager
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000000-785F-478A-BAA2-87F1A136068C}" = MSN Encarta Plus Support Files
"{11B569C2-4BF6-4ED0-9D17-A4273943CB24}" = Adobe Photoshop Album 2.0 Starter Edition
"{11F1920A-56A2-4642-B6E0-3B31A12C9288}" = Dell Solution Center
"{14374621-0900-4056-BA06-C87C900AF9E6}" = QuickBooks Basic 2005
"{151C555A-A9E7-4A2E-B6D7-165D04A3C956}" = Dell Picture Studio - Dell Image Expert
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java™ 6 Update 22
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B0F52AC-EF5C-4831-B221-06C782E41280}" = Quicken 2008
"{468190DA-FB4C-45BA-8E40-4B165FF1A939}" = BACS
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement
"{4F1CECBC-670F-4daa-81D6-944B12450917}" = DIGReqEx
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = HP Photo and Imaging 2.0 - All-in-One Drivers
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver
"{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}" = Musicmatch® Jukebox
"{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}" = Help and Support Customization
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9867A917-5D17-40DE-83BA-BEA5293194B1}" = HP Photo and Imaging 2.0 - All-in-One
"{98DF85D9-96C0-4F57-A92E-C3539477EF5E}" = DVDSentry
"{9F7FC79B-3059-4264-9450-39EB368E3220}" = Microsoft Picture It! Library 9
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{ABEB838C-A1A7-4C5D-B7E1-8B4314600211}" = MSN Messenger 6.1
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
"{B1C0D829-FE30-059E-E93F-CDC7A48235C0}" = FlipShare
"{B43357AA-3A6D-4D94-B56E-43C44D09E548}" = Microsoft .NET Framework (English)
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C769B501-2BE8-46ed-9E69-118F008A0917}" = DIGOpt
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCD04643-5246-48AC-9D8C-F43A37BB8F36}" = WD Drive Manager (x86)
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BE}" = WinZip 15.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DBA8B9E1-C6FF-4624-9598-73D3B41A0900}" = Microsoft Picture It! Express 9
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"Adobe Acrobat Reader 3.01" = Adobe Acrobat Reader 3.01
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"AdobeESD" = Adobe Download Manager 1.2 (Remove Only)
"BCM V.92 56K Modem" = BCM V.92 56K Modem
"CCleaner" = CCleaner
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"DellSupport" = Dell Support 5.0.0 (766)
"Dsc Pro" = Dsc Pro
"ERUNT_is1" = ERUNT 1.1j
"hp psc 2100 series_Driver" = hp psc 2100 series
"ie8" = Windows Internet Explorer 8
"InstallShield_{468190DA-FB4C-45BA-8E40-4B165FF1A939}" = Broadcom Advanced Control Suite
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework Full v1.0.3705 (1033)" = Microsoft .NET Framework (English) v1.0.3705
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"MSNINST" = MSN
"PictureIt_POD_v9" = Microsoft Picture It! Library 9
"PictureIt_v9" = Microsoft Picture It! Express 9
"SearchSafe" = SearchSafe
"Shockwave" = Shockwave
"TurboTax Deluxe 2003" = TurboTax Deluxe 2003
"TurboTax Deluxe 2005" = TurboTax Deluxe 2005
"TurboTax Premier 2004" = TurboTax Premier 2004
"ViewpointMediaPlayer" = Viewpoint Media Player (Remove Only)
"WIC" = Windows Imaging Component
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows XP Service Pack" = Windows XP Service Pack 3
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Mail" = Yahoo! Internet Mail
"Yahoo! Messenger Explorer Bar" = Yahoo! Messenger Explorer Bar

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/20/2011 11:59:40 PM | Computer Name = D161GQ21 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 4/21/2011 3:15:32 AM | Computer Name = D161GQ21 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 4/21/2011 3:15:33 AM | Computer Name = D161GQ21 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 4/21/2011 6:29:21 AM | Computer Name = D161GQ21 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 4/21/2011 9:16:33 AM | Computer Name = D161GQ21 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.2.4095, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 4/21/2011 9:43:03 AM | Computer Name = D161GQ21 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 4/21/2011 12:56:50 PM | Computer Name = D161GQ21 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 4/21/2011 4:10:38 PM | Computer Name = D161GQ21 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 4/21/2011 5:26:17 PM | Computer Name = D161GQ21 | Source = Application Hang | ID = 1002
Description = Hanging application AcroRd32.exe, version 9.4.0.195, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 4/21/2011 7:05:19 PM | Computer Name = D161GQ21 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80072efe, P2 endsearch, P3 search, P4 3.0.8107.0,
P5 mpsigdwn.dll, P6 3.0.8107.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P8 NIL, P9 NIL, P10 NIL.

[ System Events ]
Error - 1/10/2011 2:16:24 AM | Computer Name = D161GQ21 | Source = System Error | ID = 1003
Description = Error code 0000004e, parameter1 00000099, parameter2 00008f74, parameter3
00000001, parameter4 00000000.

Error - 1/20/2011 10:23:03 AM | Computer Name = D161GQ21 | Source = System Error | ID = 1003
Description = Error code 0000004e, parameter1 00000099, parameter2 000829b6, parameter3
00000005, parameter4 00000000.

Error - 1/21/2011 10:50:18 AM | Computer Name = D161GQ21 | Source = System Error | ID = 1003
Description = Error code 000000f4, parameter1 00000003, parameter2 82d3d950, parameter3
82d3dac4, parameter4 805fb146.

Error - 1/21/2011 7:30:44 PM | Computer Name = D161GQ21 | Source = System Error | ID = 1003
Description = Error code 0000004e, parameter1 00000099, parameter2 00000000, parameter3
00000000, parameter4 00000000.

Error - 1/23/2011 5:18:10 PM | Computer Name = D161GQ21 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the FlipShare Service service.

Error - 2/11/2011 11:54:21 AM | Computer Name = D161GQ21 | Source = System Error | ID = 1003
Description = Error code 1000008e, parameter1 c0000005, parameter2 ef68baa4, parameter3
ef5d5a44, parameter4 00000000.

Error - 2/23/2011 9:52:09 AM | Computer Name = D161GQ21 | Source = System Error | ID = 1003
Description = Error code 10000050, parameter1 8e34dcc8, parameter2 00000000, parameter3
805752a8, parameter4 00000000.

Error - 4/16/2011 12:20:54 PM | Computer Name = D161GQ21 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.2.3 for the Network Card with network
address 000BDB2659CB has been denied by the DHCP server 192.168.2.1 (The DHCP Server
sent a DHCPNACK message).

Error - 4/21/2011 7:05:14 PM | Computer Name = D161GQ21 | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.103.160.0 Update Source: %%859 Update Stage:
%%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6802.0 Error
code: 0x80072efe Error description: The connection with the server was terminated
abnormally

Error - 4/23/2011 8:43:19 PM | Computer Name = D161GQ21 | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.103.160.0 Update Source: %%859 Update Stage:
%%852 Source Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current
Engine Version: Previous Engine Version: 1.1.6802.0 Error code: 0x80070424 Error
description: The specified service does not exist as an installed service.


< End of report >

[Advertisements]

Update on 4/24 I got Malwarebytes to load and it stopped the malware from running. I then noticed that I had some pop-ups so I followed the recommended security items. I made sure MS Security Essentials was updated and scanned the computer

Loaded Online Armor as my firewall and ran all the tools and scans, it fixed many items.
I loaded SUPERAntiSpyware and ran a scan with that, it took a long time to run but found a host of issues.
But as is my luck, I load the internet, go to a site and boom. I have a new window opening in Firefox with, dialog boxes that won't close,
Also the whole system runs so stinking slow it is un real.
Attached is the updated OTL log.

OTL logfile created on: 4/24/2011 5:55:42 PM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Party Jumps\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.00 Mb Total Physical Memory | 289.00 Mb Available Physical Memory | 57.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 53.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 27.92 Gb Total Space | 9.66 Gb Free Space | 34.59% Space Free | Partition Type: NTFS

Computer Name: D161GQ21 | User Name: Party Jumps | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/23 17:43:18 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Party Jumps\Desktop\OTL.exe
PRC - [2011/04/20 08:57:04 | 002,423,752 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2011/04/06 13:01:06 | 004,326,472 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Online Armor\oasrv.exe
PRC - [2011/04/06 13:01:06 | 002,477,032 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Online Armor\oaui.exe
PRC - [2011/04/06 13:01:04 | 001,165,336 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Online Armor\oahlp.exe
PRC - [2011/04/06 13:01:04 | 000,381,512 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Online Armor\oacat.exe
PRC - [2010/11/30 14:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/05/14 13:59:44 | 000,455,944 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
PRC - [2008/07/24 15:22:50 | 000,102,400 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
PRC - [2008/07/24 15:22:12 | 000,450,560 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003/04/06 01:06:58 | 000,028,672 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe


========== Modules (SafeList) ==========

MOD - [2011/04/23 17:43:18 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Party Jumps\Desktop\OTL.exe
MOD - [2011/04/06 13:01:12 | 001,114,896 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Online Armor\oawatch.dll
MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2008/04/13 17:12:10 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\wsock32.dll
MOD - [2008/04/13 17:12:10 | 000,018,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\wtsapi32.dll
MOD - [2008/04/13 17:12:09 | 000,053,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\winsta.dll
MOD - [2008/04/13 17:11:55 | 000,094,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\iphlpapi.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [Disabled | Stopped] -- -- (AppMgmt)
SRV - [2011/04/06 13:01:06 | 004,326,472 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files\Online Armor\oasrv.exe -- (SvcOnlineArmor)
SRV - [2011/04/06 13:01:04 | 000,381,512 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files\Online Armor\OAcat.exe -- (OAcat)
SRV - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/05/14 13:59:44 | 000,455,944 | ---- | M] () [Auto | Running] -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2008/07/24 15:22:50 | 000,102,400 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe -- (WDBtnMgrSvc.exe)
SRV - [2003/10/22 10:19:22 | 000,065,536 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\hpzipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2011/04/24 17:24:45 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4688F051-1D96-47B1-B55E-1B0569F46529}\MpKsl47a6d433.sys -- (MpKsl47a6d433)
DRV - [2011/04/24 16:13:37 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\MpEngineStore\MpKsl29e77a50.sys -- (MpKsl29e77a50)
DRV - [2011/04/06 13:02:26 | 000,039,048 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\oahlp32.sys -- (oahlpXX)
DRV - [2011/04/06 13:01:32 | 000,029,464 | ---- | M] (Emsisoft) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OAnet.sys -- (OAnet)
DRV - [2011/04/06 13:01:30 | 000,205,864 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OADriver.sys -- (OADevice)
DRV - [2011/04/06 13:01:30 | 000,025,192 | ---- | M] (Emsisoft) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OAmon.sys -- (OAmon)
DRV - [2010/05/10 11:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 11:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2004/09/07 19:24:37 | 000,028,352 | ---- | M] (MusicMatch, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\MxlW2k.sys -- (MxlW2k)
DRV - [2004/08/03 22:29:49 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys -- (iAimFP4)
DRV - [2004/08/03 22:29:47 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys -- (iAimFP3)
DRV - [2004/08/03 22:29:45 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys -- (iAimTV4)
DRV - [2004/08/03 22:29:43 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys -- (iAimTV3)
DRV - [2004/08/03 22:29:42 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys -- (iAimTV1)
DRV - [2004/08/03 22:29:41 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys -- (iAimTV0)
DRV - [2004/08/03 22:29:37 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys -- (iAimFP0)
DRV - [2004/08/03 22:29:37 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys -- (iAimFP1)
DRV - [2004/08/03 22:29:37 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys -- (iAimFP2)
DRV - [2004/08/03 22:29:36 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys -- (i81x)
DRV - [2003/08/29 05:59:24 | 001,101,696 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\BCMSM.sys -- (BCMModem)
DRV - [2003/01/15 12:45:06 | 000,042,368 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2002/07/19 08:22:08 | 000,017,153 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2001/08/17 10:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS -- (EL90XBC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapp...rch/search.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.seattleremodeling.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "yahoo.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [email protected]:1.0


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/29 07:55:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/25 08:44:06 | 000,000,000 | ---D | M]

[2008/07/07 16:13:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Party Jumps\Application Data\Mozilla\Extensions
[2011/04/24 07:36:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Party Jumps\Application Data\Mozilla\Firefox\Profiles\ffzcylpw.default\extensions
[2010/07/01 19:29:47 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Party Jumps\Application Data\Mozilla\Firefox\Profiles\ffzcylpw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/11/28 15:19:07 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Party Jumps\Application Data\Mozilla\Firefox\Profiles\ffzcylpw.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2007/03/17 09:06:37 | 000,002,386 | ---- | M] () -- C:\Documents and Settings\Party Jumps\Application Data\Mozilla\Firefox\Profiles\ffzcylpw.default\searchplugins\siteadvisor.xml
[2010/11/20 08:38:41 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/11/20 08:40:45 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/24 12:54:22 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPcol400.dll
[2011/01/24 12:54:22 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPcol500.dll
[2009/11/19 14:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2010/11/20 08:38:41 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/11/19 14:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll

Hosts file not found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [@OnlineArmor GUI] C:\Program Files\Online Armor\OAui.exe (Emsi Software GmbH)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] File not found
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe (WDC)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - Reg Error: Key error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - File not found
O15 - HKCU\..Trusted Domains: plaxo.com ([www] https in Trusted sites)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.micr...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcaf...81/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 68.87.85.102
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop Components:0 () - file:///C:/DOCUME~1/PARTYJ~1/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Party Jumps\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Party Jumps\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Program Files\Online Armor\oaevent.dll (Emsi Software GmbH)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/03 06:59:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{3029345c-ba6a-11de-a0d7-000bdb2659cb}\Shell\AutoRun\command - "" = E:\setup.exe
O33 - MountPoints2\{f4d3da26-1094-11e0-a1af-000bdb2659cb}\Shell\AutoRun\command - "" = E:\Setup_FlipShare.exe
O33 - MountPoints2\{f4d3da26-1094-11e0-a1af-000bdb2659cb}\Shell\Setup FlipShare\command - "" = E:\Setup_FlipShare.exe
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/24 16:13:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MpEngineStore
[2011/04/24 16:02:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/04/24 16:02:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Party Jumps\Application Data\SUPERAntiSpyware.com
[2011/04/24 15:55:54 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/04/24 07:53:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Party Jumps\Application Data\OnlineArmor
[2011/04/24 07:53:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\OnlineArmor
[2011/04/24 07:52:29 | 000,029,464 | ---- | C] (Emsisoft) -- C:\WINDOWS\System32\drivers\OAnet.sys
[2011/04/24 07:52:29 | 000,025,192 | ---- | C] (Emsisoft) -- C:\WINDOWS\System32\drivers\OAmon.sys
[2011/04/24 07:51:14 | 000,000,000 | ---D | C] -- C:\Program Files\Online Armor
[2011/04/23 20:01:15 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2011/04/23 17:44:50 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Party Jumps\Desktop\OTL.exe
[2011/04/23 17:38:55 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Party Jumps\Desktop\mbam-setup.com
[8 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[249 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/24 18:10:24 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/24 17:29:45 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/04/24 17:23:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2011/04/24 07:53:14 | 000,438,072 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2011/04/24 07:53:14 | 000,069,876 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2011/04/23 18:22:58 | 000,011,894 | -HS- | M] () -- C:\Documents and Settings\Party Jumps\Local Settings\Application Data\qi8851w3107x74l474w68yr5a83t63620w0j8r0j68
[2011/04/23 18:22:58 | 000,011,894 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\qi8851w3107x74l474w68yr5a83t63620w0j8r0j68
[2011/04/23 17:43:18 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Party Jumps\Desktop\OTL.exe
[2011/04/23 17:31:21 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2011/04/22 16:10:14 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Party Jumps\Desktop\mbam-setup.com
[2011/04/21 12:19:42 | 000,000,508 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2011/04/20 19:38:35 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/04/19 18:14:52 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Party Jumps\Desktop\Microsoft Office Word 2003.lnk
[2011/04/06 13:02:26 | 000,039,048 | ---- | M] () -- C:\WINDOWS\System32\drivers\oahlp32.sys
[2011/04/06 13:01:32 | 000,029,464 | ---- | M] (Emsisoft) -- C:\WINDOWS\System32\drivers\OAnet.sys
[2011/04/06 13:01:30 | 000,205,864 | ---- | M] () -- C:\WINDOWS\System32\drivers\OADriver.sys
[2011/04/06 13:01:30 | 000,025,192 | ---- | M] (Emsisoft) -- C:\WINDOWS\System32\drivers\OAmon.sys
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[249 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/24 07:52:29 | 000,039,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\oahlp32.sys
[2011/04/24 07:52:28 | 000,205,864 | ---- | C] () -- C:\WINDOWS\System32\drivers\OADriver.sys
[2011/04/21 17:56:18 | 000,011,894 | -HS- | C] () -- C:\Documents and Settings\Party Jumps\Local Settings\Application Data\qi8851w3107x74l474w68yr5a83t63620w0j8r0j68
[2011/04/21 17:56:18 | 000,011,894 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\qi8851w3107x74l474w68yr5a83t63620w0j8r0j68
[2011/04/20 21:13:28 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/03/09 20:41:21 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/05/09 19:27:27 | 000,020,436 | ---- | C] () -- C:\WINDOWS\hpoins01.dat.temp
[2006/05/09 19:27:27 | 000,016,618 | ---- | C] () -- C:\WINDOWS\hpomdl01.dat.temp
[2005/05/02 11:08:01 | 000,000,134 | ---- | C] () -- C:\Documents and Settings\Party Jumps\Local Settings\Application Data\fusioncache.dat
[2005/02/07 11:06:12 | 000,000,040 | ---- | C] () -- C:\WINDOWS\OFXDATE.INI
[2005/01/26 11:15:16 | 000,000,030 | ---- | C] () -- C:\WINDOWS\INTURS.DAT
[2005/01/15 15:48:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QFN.ini
[2005/01/15 15:48:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QDQICK.ini
[2004/12/28 23:40:59 | 000,000,333 | ---- | C] () -- C:\WINDOWS\System32\saie_gdf.dat
[2004/12/28 23:40:55 | 007,835,571 | ---- | C] () -- C:\WINDOWS\System32\saie_kyf.dat
[2004/12/28 23:40:52 | 000,329,602 | ---- | C] () -- C:\WINDOWS\System32\saieau.dat
[2004/12/22 13:12:50 | 000,000,292 | ---- | C] () -- C:\WINDOWS\EReg077.dat
[2004/12/22 12:37:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2004/11/18 22:39:45 | 000,100,475 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2004/11/18 22:38:51 | 000,004,981 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2004/11/07 12:33:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ka.ini
[2004/10/26 16:57:05 | 000,005,701 | ---- | C] () -- C:\WINDOWS\b2_t_JOHNLSCOTT.COM%2F27030&328.xml
[2004/10/16 11:30:54 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/09/07 19:22:03 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2004/06/16 18:39:04 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Party Jumps\Application Data\dm.ini
[2004/06/07 21:36:50 | 000,168,960 | ---- | C] () -- C:\Documents and Settings\Party Jumps\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/05/17 19:10:41 | 000,018,439 | ---- | C] () -- C:\WINDOWS\hpclj3500.ini
[2003/12/06 18:21:08 | 000,000,021 | ---- | C] () -- C:\WINDOWS\DVDSentry.ini
[2003/09/10 19:26:20 | 000,002,762 | ---- | C] () -- C:\WINDOWS\ACROREAD.INI
[2003/09/04 20:38:33 | 000,000,027 | ---- | C] () -- C:\WINDOWS\INTUIT.INI
[2003/09/02 14:15:56 | 000,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.Doug.ini
[2003/06/29 17:00:26 | 000,020,436 | ---- | C] () -- C:\WINDOWS\hpoins01.dat
[2003/06/29 17:00:26 | 000,016,618 | ---- | C] () -- C:\WINDOWS\hpomdl01.dat
[2003/06/01 18:51:15 | 000,008,074 | ---- | C] () -- C:\WINDOWS\extend.dat
[2003/05/26 14:41:42 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2003/05/15 19:20:38 | 000,000,508 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/05/03 12:33:43 | 000,000,709 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2003/05/03 12:33:35 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2003/05/02 19:10:30 | 000,004,712 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2003/04/23 13:37:14 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/04/23 13:31:59 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2003/04/23 13:24:14 | 000,007,406 | ---- | C] () -- C:\WINDOWS\ICOADB32.DAT
[2003/04/23 13:24:14 | 000,000,166 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2003/04/23 13:18:55 | 000,000,788 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/04/23 13:10:44 | 000,002,048 | --S- | C] () -- C:\WINDOWS\BOOTSTAT.DAT
[2003/04/23 13:10:06 | 000,438,072 | ---- | C] () -- C:\WINDOWS\System32\PERFH009.DAT
[2003/04/23 13:10:06 | 000,069,876 | ---- | C] () -- C:\WINDOWS\System32\PERFC009.DAT
[2003/04/23 12:56:34 | 000,000,549 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2003/03/09 13:31:04 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/09/03 07:05:08 | 000,292,480 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2002/09/03 06:59:14 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2002/09/03 06:56:30 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2002/09/03 06:31:46 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.BIN
[2002/09/03 06:31:44 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2002/08/29 03:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\MLANG.DAT
[2002/08/29 03:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\PERFI009.DAT
[2002/08/29 03:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\DSSEC.DAT
[2002/08/29 03:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\MIB.BIN
[2002/08/29 03:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\PERFD009.DAT
[2002/08/29 03:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\NOISE.DAT
[2001/07/31 03:17:12 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[2000/11/10 13:57:04 | 000,005,025 | ---- | C] () -- C:\WINDOWS\System32\patterns.dat
[1997/07/11 00:00:00 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\WRKGADM.EXE
[1997/07/11 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL
[1997/07/11 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1997/07/11 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

< End of report >
Really No help?????

Edited by Dougrbi, 30 April 2011 - 07:20 AM.

[Dougrbi]

Update on 4/24 I got Malwarebytes to load and it stopped the malware from running. I then noticed that I had some pop-ups so I followed the recommended security items. I made sure MS Security Essentials was updated and scanned the computer

Loaded Online Armor as my firewall and ran all the tools and scans, it fixed many items.
I loaded SUPERAntiSpyware and ran a scan with that, it took a long time to run but found a host of issues.
But as is my luck, I load the internet, go to a site and boom. I have a new window opening in Firefox with, dialog boxes that won't close,
Also the whole system runs so stinking slow it is un real.
Attached is the updated OTL log.

OTL logfile created on: 4/24/2011 5:55:42 PM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Party Jumps\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.00 Mb Total Physical Memory | 289.00 Mb Available Physical Memory | 57.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 53.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 27.92 Gb Total Space | 9.66 Gb Free Space | 34.59% Space Free | Partition Type: NTFS

Computer Name: D161GQ21 | User Name: Party Jumps | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/23 17:43:18 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Party Jumps\Desktop\OTL.exe
PRC - [2011/04/20 08:57:04 | 002,423,752 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2011/04/06 13:01:06 | 004,326,472 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Online Armor\oasrv.exe
PRC - [2011/04/06 13:01:06 | 002,477,032 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Online Armor\oaui.exe
PRC - [2011/04/06 13:01:04 | 001,165,336 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Online Armor\oahlp.exe
PRC - [2011/04/06 13:01:04 | 000,381,512 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Online Armor\oacat.exe
PRC - [2010/11/30 14:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/05/14 13:59:44 | 000,455,944 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
PRC - [2008/07/24 15:22:50 | 000,102,400 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
PRC - [2008/07/24 15:22:12 | 000,450,560 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003/04/06 01:06:58 | 000,028,672 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe


========== Modules (SafeList) ==========

MOD - [2011/04/23 17:43:18 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Party Jumps\Desktop\OTL.exe
MOD - [2011/04/06 13:01:12 | 001,114,896 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Online Armor\oawatch.dll
MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2008/04/13 17:12:10 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\wsock32.dll
MOD - [2008/04/13 17:12:10 | 000,018,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\wtsapi32.dll
MOD - [2008/04/13 17:12:09 | 000,053,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\winsta.dll
MOD - [2008/04/13 17:11:55 | 000,094,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\iphlpapi.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [Disabled | Stopped] -- -- (AppMgmt)
SRV - [2011/04/06 13:01:06 | 004,326,472 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files\Online Armor\oasrv.exe -- (SvcOnlineArmor)
SRV - [2011/04/06 13:01:04 | 000,381,512 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files\Online Armor\OAcat.exe -- (OAcat)
SRV - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/05/14 13:59:44 | 000,455,944 | ---- | M] () [Auto | Running] -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2008/07/24 15:22:50 | 000,102,400 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe -- (WDBtnMgrSvc.exe)
SRV - [2003/10/22 10:19:22 | 000,065,536 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\hpzipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2011/04/24 17:24:45 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4688F051-1D96-47B1-B55E-1B0569F46529}\MpKsl47a6d433.sys -- (MpKsl47a6d433)
DRV - [2011/04/24 16:13:37 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\MpEngineStore\MpKsl29e77a50.sys -- (MpKsl29e77a50)
DRV - [2011/04/06 13:02:26 | 000,039,048 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\oahlp32.sys -- (oahlpXX)
DRV - [2011/04/06 13:01:32 | 000,029,464 | ---- | M] (Emsisoft) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OAnet.sys -- (OAnet)
DRV - [2011/04/06 13:01:30 | 000,205,864 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OADriver.sys -- (OADevice)
DRV - [2011/04/06 13:01:30 | 000,025,192 | ---- | M] (Emsisoft) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OAmon.sys -- (OAmon)
DRV - [2010/05/10 11:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 11:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2004/09/07 19:24:37 | 000,028,352 | ---- | M] (MusicMatch, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\MxlW2k.sys -- (MxlW2k)
DRV - [2004/08/03 22:29:49 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys -- (iAimFP4)
DRV - [2004/08/03 22:29:47 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys -- (iAimFP3)
DRV - [2004/08/03 22:29:45 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys -- (iAimTV4)
DRV - [2004/08/03 22:29:43 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys -- (iAimTV3)
DRV - [2004/08/03 22:29:42 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys -- (iAimTV1)
DRV - [2004/08/03 22:29:41 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys -- (iAimTV0)
DRV - [2004/08/03 22:29:37 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys -- (iAimFP0)
DRV - [2004/08/03 22:29:37 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys -- (iAimFP1)
DRV - [2004/08/03 22:29:37 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys -- (iAimFP2)
DRV - [2004/08/03 22:29:36 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys -- (i81x)
DRV - [2003/08/29 05:59:24 | 001,101,696 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\BCMSM.sys -- (BCMModem)
DRV - [2003/01/15 12:45:06 | 000,042,368 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2002/07/19 08:22:08 | 000,017,153 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2001/08/17 10:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS -- (EL90XBC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapp...rch/search.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.seattleremodeling.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "yahoo.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [email protected]:1.0


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/29 07:55:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/25 08:44:06 | 000,000,000 | ---D | M]

[2008/07/07 16:13:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Party Jumps\Application Data\Mozilla\Extensions
[2011/04/24 07:36:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Party Jumps\Application Data\Mozilla\Firefox\Profiles\ffzcylpw.default\extensions
[2010/07/01 19:29:47 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Party Jumps\Application Data\Mozilla\Firefox\Profiles\ffzcylpw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/11/28 15:19:07 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Party Jumps\Application Data\Mozilla\Firefox\Profiles\ffzcylpw.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2007/03/17 09:06:37 | 000,002,386 | ---- | M] () -- C:\Documents and Settings\Party Jumps\Application Data\Mozilla\Firefox\Profiles\ffzcylpw.default\searchplugins\siteadvisor.xml
[2010/11/20 08:38:41 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/11/20 08:40:45 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/24 12:54:22 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPcol400.dll
[2011/01/24 12:54:22 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPcol500.dll
[2009/11/19 14:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2010/11/20 08:38:41 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/11/19 14:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll

Hosts file not found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [@OnlineArmor GUI] C:\Program Files\Online Armor\OAui.exe (Emsi Software GmbH)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] File not found
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe (WDC)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - Reg Error: Key error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - File not found
O15 - HKCU\..Trusted Domains: plaxo.com ([www] https in Trusted sites)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.micr...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcaf...81/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 68.87.85.102
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop Components:0 () - file:///C:/DOCUME~1/PARTYJ~1/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Party Jumps\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Party Jumps\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Program Files\Online Armor\oaevent.dll (Emsi Software GmbH)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/03 06:59:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{3029345c-ba6a-11de-a0d7-000bdb2659cb}\Shell\AutoRun\command - "" = E:\setup.exe
O33 - MountPoints2\{f4d3da26-1094-11e0-a1af-000bdb2659cb}\Shell\AutoRun\command - "" = E:\Setup_FlipShare.exe
O33 - MountPoints2\{f4d3da26-1094-11e0-a1af-000bdb2659cb}\Shell\Setup FlipShare\command - "" = E:\Setup_FlipShare.exe
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/24 16:13:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MpEngineStore
[2011/04/24 16:02:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/04/24 16:02:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Party Jumps\Application Data\SUPERAntiSpyware.com
[2011/04/24 15:55:54 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/04/24 07:53:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Party Jumps\Application Data\OnlineArmor
[2011/04/24 07:53:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\OnlineArmor
[2011/04/24 07:52:29 | 000,029,464 | ---- | C] (Emsisoft) -- C:\WINDOWS\System32\drivers\OAnet.sys
[2011/04/24 07:52:29 | 000,025,192 | ---- | C] (Emsisoft) -- C:\WINDOWS\System32\drivers\OAmon.sys
[2011/04/24 07:51:14 | 000,000,000 | ---D | C] -- C:\Program Files\Online Armor
[2011/04/23 20:01:15 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2011/04/23 17:44:50 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Party Jumps\Desktop\OTL.exe
[2011/04/23 17:38:55 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Party Jumps\Desktop\mbam-setup.com
[8 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[249 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/24 18:10:24 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/24 17:29:45 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/04/24 17:23:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2011/04/24 07:53:14 | 000,438,072 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2011/04/24 07:53:14 | 000,069,876 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2011/04/23 18:22:58 | 000,011,894 | -HS- | M] () -- C:\Documents and Settings\Party Jumps\Local Settings\Application Data\qi8851w3107x74l474w68yr5a83t63620w0j8r0j68
[2011/04/23 18:22:58 | 000,011,894 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\qi8851w3107x74l474w68yr5a83t63620w0j8r0j68
[2011/04/23 17:43:18 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Party Jumps\Desktop\OTL.exe
[2011/04/23 17:31:21 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2011/04/22 16:10:14 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Party Jumps\Desktop\mbam-setup.com
[2011/04/21 12:19:42 | 000,000,508 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2011/04/20 19:38:35 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/04/19 18:14:52 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Party Jumps\Desktop\Microsoft Office Word 2003.lnk
[2011/04/06 13:02:26 | 000,039,048 | ---- | M] () -- C:\WINDOWS\System32\drivers\oahlp32.sys
[2011/04/06 13:01:32 | 000,029,464 | ---- | M] (Emsisoft) -- C:\WINDOWS\System32\drivers\OAnet.sys
[2011/04/06 13:01:30 | 000,205,864 | ---- | M] () -- C:\WINDOWS\System32\drivers\OADriver.sys
[2011/04/06 13:01:30 | 000,025,192 | ---- | M] (Emsisoft) -- C:\WINDOWS\System32\drivers\OAmon.sys
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[249 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/24 07:52:29 | 000,039,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\oahlp32.sys
[2011/04/24 07:52:28 | 000,205,864 | ---- | C] () -- C:\WINDOWS\System32\drivers\OADriver.sys
[2011/04/21 17:56:18 | 000,011,894 | -HS- | C] () -- C:\Documents and Settings\Party Jumps\Local Settings\Application Data\qi8851w3107x74l474w68yr5a83t63620w0j8r0j68
[2011/04/21 17:56:18 | 000,011,894 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\qi8851w3107x74l474w68yr5a83t63620w0j8r0j68
[2011/04/20 21:13:28 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/03/09 20:41:21 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/05/09 19:27:27 | 000,020,436 | ---- | C] () -- C:\WINDOWS\hpoins01.dat.temp
[2006/05/09 19:27:27 | 000,016,618 | ---- | C] () -- C:\WINDOWS\hpomdl01.dat.temp
[2005/05/02 11:08:01 | 000,000,134 | ---- | C] () -- C:\Documents and Settings\Party Jumps\Local Settings\Application Data\fusioncache.dat
[2005/02/07 11:06:12 | 000,000,040 | ---- | C] () -- C:\WINDOWS\OFXDATE.INI
[2005/01/26 11:15:16 | 000,000,030 | ---- | C] () -- C:\WINDOWS\INTURS.DAT
[2005/01/15 15:48:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QFN.ini
[2005/01/15 15:48:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QDQICK.ini
[2004/12/28 23:40:59 | 000,000,333 | ---- | C] () -- C:\WINDOWS\System32\saie_gdf.dat
[2004/12/28 23:40:55 | 007,835,571 | ---- | C] () -- C:\WINDOWS\System32\saie_kyf.dat
[2004/12/28 23:40:52 | 000,329,602 | ---- | C] () -- C:\WINDOWS\System32\saieau.dat
[2004/12/22 13:12:50 | 000,000,292 | ---- | C] () -- C:\WINDOWS\EReg077.dat
[2004/12/22 12:37:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2004/11/18 22:39:45 | 000,100,475 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2004/11/18 22:38:51 | 000,004,981 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2004/11/07 12:33:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ka.ini
[2004/10/26 16:57:05 | 000,005,701 | ---- | C] () -- C:\WINDOWS\b2_t_JOHNLSCOTT.COM%2F27030&328.xml
[2004/10/16 11:30:54 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/09/07 19:22:03 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2004/06/16 18:39:04 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Party Jumps\Application Data\dm.ini
[2004/06/07 21:36:50 | 000,168,960 | ---- | C] () -- C:\Documents and Settings\Party Jumps\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/05/17 19:10:41 | 000,018,439 | ---- | C] () -- C:\WINDOWS\hpclj3500.ini
[2003/12/06 18:21:08 | 000,000,021 | ---- | C] () -- C:\WINDOWS\DVDSentry.ini
[2003/09/10 19:26:20 | 000,002,762 | ---- | C] () -- C:\WINDOWS\ACROREAD.INI
[2003/09/04 20:38:33 | 000,000,027 | ---- | C] () -- C:\WINDOWS\INTUIT.INI
[2003/09/02 14:15:56 | 000,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.Doug.ini
[2003/06/29 17:00:26 | 000,020,436 | ---- | C] () -- C:\WINDOWS\hpoins01.dat
[2003/06/29 17:00:26 | 000,016,618 | ---- | C] () -- C:\WINDOWS\hpomdl01.dat
[2003/06/01 18:51:15 | 000,008,074 | ---- | C] () -- C:\WINDOWS\extend.dat
[2003/05/26 14:41:42 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2003/05/15 19:20:38 | 000,000,508 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/05/03 12:33:43 | 000,000,709 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2003/05/03 12:33:35 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2003/05/02 19:10:30 | 000,004,712 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2003/04/23 13:37:14 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/04/23 13:31:59 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2003/04/23 13:24:14 | 000,007,406 | ---- | C] () -- C:\WINDOWS\ICOADB32.DAT
[2003/04/23 13:24:14 | 000,000,166 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2003/04/23 13:18:55 | 000,000,788 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/04/23 13:10:44 | 000,002,048 | --S- | C] () -- C:\WINDOWS\BOOTSTAT.DAT
[2003/04/23 13:10:06 | 000,438,072 | ---- | C] () -- C:\WINDOWS\System32\PERFH009.DAT
[2003/04/23 13:10:06 | 000,069,876 | ---- | C] () -- C:\WINDOWS\System32\PERFC009.DAT
[2003/04/23 12:56:34 | 000,000,549 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2003/03/09 13:31:04 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/09/03 07:05:08 | 000,292,480 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2002/09/03 06:59:14 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2002/09/03 06:56:30 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2002/09/03 06:31:46 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.BIN
[2002/09/03 06:31:44 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2002/08/29 03:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\MLANG.DAT
[2002/08/29 03:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\PERFI009.DAT
[2002/08/29 03:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\DSSEC.DAT
[2002/08/29 03:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\MIB.BIN
[2002/08/29 03:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\PERFD009.DAT
[2002/08/29 03:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\NOISE.DAT
[2001/07/31 03:17:12 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[2000/11/10 13:57:04 | 000,005,025 | ---- | C] () -- C:\WINDOWS\System32\patterns.dat
[1997/07/11 00:00:00 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\WRKGADM.EXE
[1997/07/11 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL
[1997/07/11 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1997/07/11 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

< End of report >
Really No help?????

Edited by Dougrbi, 30 April 2011 - 07:20 AM.

[Render]

Hi, Dougrbi! Welcome to GeeksToGo! My nick name is Render and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any queries or you are unsure about anything, just say and I'll help you out

It may well be worth you printing/saving the instructions throughout the fix, so you have them to hand just in case you are unable to access this site.

Please note:

• Remember to post your logs, not attach them. So, any logs from any programs we run, should be just 'copied & pasted' into your reply.
• Please only run the tools that I request. I know malware can be frustrating but running other tools in the meantime and between posts, only makes it harder for us to analyze and fix your PC in the long run.

Sorry for the delay.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Step 1

Download RogueKiller to your desktop

• Quit all running programs
• For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
• When prompted, type 1 and validate
• The RKreport.txt shall be generated next to the executable.
• If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe

Please post the contents of the RKreport.txt in your next Reply.

Step 2

We need to run an OTL Fix

• Please reopen on your desktop.
• Copy (select all lines inside quote box and press CTRL+C) and Paste (press CTRL+V) the following code into the textbox.
  
  

  :OTL
  O33 - MountPoints2\{3029345c-ba6a-11de-a0d7-000bdb2659cb}\Shell\AutoRun\command - "" = E:\setup.exe
  O33 - MountPoints2\{f4d3da26-1094-11e0-a1af-000bdb2659cb}\Shell\AutoRun\command - "" = E:\Setup_FlipShare.exe
  O33 - MountPoints2\{f4d3da26-1094-11e0-a1af-000bdb2659cb}\Shell\Setup FlipShare\command - "" = E:\Setup_FlipShare.exe
  O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\setup.exe
  [2011/04/23 18:22:58 | 000,011,894 | -HS- | M] () -- C:\Documents and Settings\Party Jumps\Local Settings\Application Data\qi8851w3107x74l474w68yr5a83t63620w0j8r0j68
  [2011/04/23 18:22:58 | 000,011,894 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\qi8851w3107x74l474w68yr5a83t63620w0j8r0j68
  
  :Files
  C:\Documents and Settings\Party Jumps\Local Settings\Application Data\qi8851w3107x74l474w68yr5a83t63620w0j8r0j68
  C:\Documents and Settings\All Users\Application Data\qi8851w3107x74l474w68yr5a83t63620w0j8r0j68
  ipconfig /flushdns /c
  
  :Reg
  
  :Commands
  [purity]
  [resethosts]
  [emptytemp]
  [EMPTYFLASH]
  [CREATERESTOREPOINT]
  [Reboot]

• Click on button.
• OTL may ask to reboot the machine. Please do so if asked.
• Click on button.
• A report will open. Copy and Paste that report in your next reply.
• If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

Step 3

OTL Custom Scan

• Double click on the icon to run it.
• Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top, make sure Stadard output is selected.
• Check the boxes beside LOP Check and Purity Check.
• Copy (select all lines inside quote box and press CTRL+C) and Paste (press CTRL+V) the following code into the textbox.
  
  

  netsvcs
  %SYSTEMDRIVE%\*.exe
  /md5start
  explorer.exe
  winlogon.exe
  Userinit.exe
  svchost.exe
  /md5stop
  %systemroot%\*. /mp /s
  hklm\software\clients\startmenuinternet|command /rs
  hklm\software\clients\startmenuinternet|command /64 /rs
  CREATERESTOREPOINT
  

• Click the button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open OTL.Txt in Notepad window.
• Please copy (Edit->Select All, Edit->Copy) the content of this file and post it with your next reply.

When completed the above, please post back the following in the order asked for:

• Contents of the RKreport.txt
  
• OTL fix log
  
• Fresh OTL scan log
  

[Dougrbi]

Thank you for the help so far, all the processes have been run in order. The logs are as follows:
RKreport.txt:

ogueKiller V5.1.0 [05/02/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-to...-Remontees.html

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Party Jumps [Admin rights]
Mode: Scan -- Date : 05/02/2011 12:55:08

Bad processes: 0

Registry Entries: 3
[HJ] HKLM\[...]\Security Center : AntiVirusDisableNotify (1) -> FOUND
[HJ] HKLM\[...]\Security Center : FirewallDisableNotify (1) -> FOUND
[HJ] HKLM\[...]\Security Center : UpdatesDisableNotify (1) -> FOUND

HOSTS File:


Finished : << RKreport[1].txt >>
RKreport[1].txt

OTL Fix Log:

All processes killed
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3029345c-ba6a-11de-a0d7-000bdb2659cb}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3029345c-ba6a-11de-a0d7-000bdb2659cb}\ not found.
File E:\setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f4d3da26-1094-11e0-a1af-000bdb2659cb}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f4d3da26-1094-11e0-a1af-000bdb2659cb}\ not found.
File E:\Setup_FlipShare.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f4d3da26-1094-11e0-a1af-000bdb2659cb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f4d3da26-1094-11e0-a1af-000bdb2659cb}\ not found.
File E:\Setup_FlipShare.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ deleted successfully.
File E:\setup.exe not found.
C:\Documents and Settings\Party Jumps\Local Settings\Application Data\qi8851w3107x74l474w68yr5a83t63620w0j8r0j68 moved successfully.
C:\Documents and Settings\All Users\Application Data\qi8851w3107x74l474w68yr5a83t63620w0j8r0j68 moved successfully.
========== FILES ==========
File\Folder C:\Documents and Settings\Party Jumps\Local Settings\Application Data\qi8851w3107x74l474w68yr5a83t63620w0j8r0j68 not found.
File\Folder C:\Documents and Settings\All Users\Application Data\qi8851w3107x74l474w68yr5a83t63620w0j8r0j68 not found.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Party Jumps\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Party Jumps\Desktop\cmd.txt deleted successfully.
========== REGISTRY ==========
========== COMMANDS ==========
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Carla
->Temp folder emptied: 17977630 bytes
->Temporary Internet Files folder emptied: 93014617 bytes
->FireFox cache emptied: 21382796 bytes
->Flash cache emptied: 537 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes
->Flash cache emptied: 56502 bytes

User: Doug
->Temp folder emptied: 449875035 bytes
->Temporary Internet Files folder emptied: 59439528 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 2906941 bytes
->Flash cache emptied: 7786 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 65938 bytes
->Flash cache emptied: 678 bytes

User: NetworkService
->Temp folder emptied: 577320 bytes
->Temporary Internet Files folder emptied: 1014400 bytes

User: Owner

User: Party Jumps
->Temp folder emptied: 133485527 bytes
->Temporary Internet Files folder emptied: 8328909 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 59271251 bytes
->Flash cache emptied: 1386087 bytes

%systemdrive% .tmp files removed: 6621025 bytes
%systemroot% .tmp files removed: 1090817 bytes
%systemroot%\System32 .tmp files removed: 61683037 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3234039 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 23974450 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 654187415 bytes
RecycleBin emptied: 5822194 bytes

Total Files Cleaned = 1,531.00 mb


[EMPTYFLASH]

User: All Users

User: Carla
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Doug
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService

User: Owner

User: Party Jumps
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.22.3 log created on 05022011_125945

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Fresh OTL Scan log:

OTL logfile created on: 5/2/2011 1:45:52 PM - Run 3
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Party Jumps\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.00 Mb Total Physical Memory | 107.00 Mb Available Physical Memory | 21.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 60.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 27.92 Gb Total Space | 10.66 Gb Free Space | 38.16% Space Free | Partition Type: NTFS

Computer Name: D161GQ21 | User Name: Party Jumps | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/23 17:43:18 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Party Jumps\Desktop\OTL.exe
PRC - [2011/04/06 13:01:06 | 004,326,472 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Online Armor\oasrv.exe
PRC - [2011/04/06 13:01:06 | 002,477,032 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Online Armor\oaui.exe
PRC - [2011/04/06 13:01:04 | 001,165,336 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Online Armor\oahlp.exe
PRC - [2011/04/06 13:01:04 | 000,381,512 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Online Armor\oacat.exe
PRC - [2011/03/25 08:43:52 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/11/30 14:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/05/14 13:59:44 | 000,455,944 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
PRC - [2008/07/24 15:22:50 | 000,102,400 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
PRC - [2008/07/24 15:22:12 | 000,450,560 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003/04/06 01:06:58 | 000,028,672 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe


========== Modules (SafeList) ==========

MOD - [2011/04/23 17:43:18 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Party Jumps\Desktop\OTL.exe
MOD - [2011/04/06 13:01:12 | 001,114,896 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Online Armor\oawatch.dll
MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2008/04/13 17:12:10 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\wsock32.dll
MOD - [2008/04/13 17:12:10 | 000,018,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\wtsapi32.dll
MOD - [2008/04/13 17:12:09 | 000,053,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\winsta.dll
MOD - [2008/04/13 17:11:55 | 000,094,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\iphlpapi.dll


========== Win32 Services (SafeList) ==========

Note things are still very slow with the computer, just changing screens takes like 10 seconds.
Thank you,

[Render]

Hi,

Please post entire OTL log. You should find it on your desktop in file OTL.txt. Thank you.

[Dougrbi]

Sorry I thought I did.
Here it is.

OTL logfile created on: 5/2/2011 1:45:52 PM - Run 3
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Party Jumps\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.00 Mb Total Physical Memory | 107.00 Mb Available Physical Memory | 21.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 60.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 27.92 Gb Total Space | 10.66 Gb Free Space | 38.16% Space Free | Partition Type: NTFS

Computer Name: D161GQ21 | User Name: Party Jumps | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/23 17:43:18 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Party Jumps\Desktop\OTL.exe
PRC - [2011/04/06 13:01:06 | 004,326,472 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Online Armor\oasrv.exe
PRC - [2011/04/06 13:01:06 | 002,477,032 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Online Armor\oaui.exe
PRC - [2011/04/06 13:01:04 | 001,165,336 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Online Armor\oahlp.exe
PRC - [2011/04/06 13:01:04 | 000,381,512 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Online Armor\oacat.exe
PRC - [2011/03/25 08:43:52 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/11/30 14:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/05/14 13:59:44 | 000,455,944 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
PRC - [2008/07/24 15:22:50 | 000,102,400 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
PRC - [2008/07/24 15:22:12 | 000,450,560 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003/04/06 01:06:58 | 000,028,672 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe


========== Modules (SafeList) ==========

MOD - [2011/04/23 17:43:18 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Party Jumps\Desktop\OTL.exe
MOD - [2011/04/06 13:01:12 | 001,114,896 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Online Armor\oawatch.dll
MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2008/04/13 17:12:10 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\wsock32.dll
MOD - [2008/04/13 17:12:10 | 000,018,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\wtsapi32.dll
MOD - [2008/04/13 17:12:09 | 000,053,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\winsta.dll
MOD - [2008/04/13 17:11:55 | 000,094,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\iphlpapi.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [Disabled | Stopped] -- -- (AppMgmt)
SRV - [2011/04/06 13:01:06 | 004,326,472 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files\Online Armor\oasrv.exe -- (SvcOnlineArmor)
SRV - [2011/04/06 13:01:04 | 000,381,512 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files\Online Armor\OAcat.exe -- (OAcat)
SRV - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/05/14 13:59:44 | 000,455,944 | ---- | M] () [Auto | Running] -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2008/07/24 15:22:50 | 000,102,400 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe -- (WDBtnMgrSvc.exe)
SRV - [2003/10/22 10:19:22 | 000,065,536 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\hpzipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2011/05/02 13:38:57 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\MpEngineStore\MpKsl63c1c488.sys -- (MpKsl63c1c488)
DRV - [2011/05/02 12:34:32 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{445C9892-F755-4EE4-9E1A-F3FBCB2F5EEF}\MpKsl1ad5c4a0.sys -- (MpKsl1ad5c4a0)
DRV - [2011/04/06 13:02:26 | 000,039,048 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\oahlp32.sys -- (oahlpXX)
DRV - [2011/04/06 13:01:32 | 000,029,464 | ---- | M] (Emsisoft) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OAnet.sys -- (OAnet)
DRV - [2011/04/06 13:01:30 | 000,205,864 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OADriver.sys -- (OADevice)
DRV - [2011/04/06 13:01:30 | 000,025,192 | ---- | M] (Emsisoft) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OAmon.sys -- (OAmon)
DRV - [2004/09/07 19:24:37 | 000,028,352 | ---- | M] (MusicMatch, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\MxlW2k.sys -- (MxlW2k)
DRV - [2004/08/03 22:29:49 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys -- (iAimFP4)
DRV - [2004/08/03 22:29:47 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys -- (iAimFP3)
DRV - [2004/08/03 22:29:45 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys -- (iAimTV4)
DRV - [2004/08/03 22:29:43 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys -- (iAimTV3)
DRV - [2004/08/03 22:29:42 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys -- (iAimTV1)
DRV - [2004/08/03 22:29:41 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys -- (iAimTV0)
DRV - [2004/08/03 22:29:37 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys -- (iAimFP0)
DRV - [2004/08/03 22:29:37 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys -- (iAimFP1)
DRV - [2004/08/03 22:29:37 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys -- (iAimFP2)
DRV - [2004/08/03 22:29:36 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys -- (i81x)
DRV - [2003/08/29 05:59:24 | 001,101,696 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\BCMSM.sys -- (BCMModem)
DRV - [2003/01/15 12:45:06 | 000,042,368 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2002/07/19 08:22:08 | 000,017,153 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2001/08/17 10:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS -- (EL90XBC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapp...rch/search.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.seattleremodeling.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "yahoo.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [email protected]:1.0


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/29 07:55:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/25 08:44:06 | 000,000,000 | ---D | M]

[2008/07/07 16:13:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Party Jumps\Application Data\Mozilla\Extensions
[2011/04/24 07:36:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Party Jumps\Application Data\Mozilla\Firefox\Profiles\ffzcylpw.default\extensions
[2010/07/01 19:29:47 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Party Jumps\Application Data\Mozilla\Firefox\Profiles\ffzcylpw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/11/28 15:19:07 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Party Jumps\Application Data\Mozilla\Firefox\Profiles\ffzcylpw.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2007/03/17 09:06:37 | 000,002,386 | ---- | M] () -- C:\Documents and Settings\Party Jumps\Application Data\Mozilla\Firefox\Profiles\ffzcylpw.default\searchplugins\siteadvisor.xml
[2011/04/24 07:36:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/11/20 08:40:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/11/20 08:38:41 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/01/24 12:54:22 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPcol400.dll
[2011/01/24 12:54:22 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPcol500.dll
[2009/11/19 14:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2010/11/20 08:38:41 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/11/19 14:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll

O1 HOSTS File: ([2011/05/02 13:01:42 | 000,000,098 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [@OnlineArmor GUI] C:\Program Files\Online Armor\OAui.exe (Emsi Software GmbH)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] File not found
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe (WDC)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - Reg Error: Key error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - File not found
O15 - HKCU\..Trusted Domains: plaxo.com ([www] https in Trusted sites)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.micr...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcaf...81/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 68.87.85.102
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop Components:0 () - file:///C:/DOCUME~1/PARTYJ~1/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Party Jumps\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Party Jumps\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Program Files\Online Armor\oaevent.dll (Emsi Software GmbH)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/03 06:59:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (76574804416659456)

========== Files/Folders - Created Within 30 Days ==========

[2011/05/02 12:59:45 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/04/24 16:13:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MpEngineStore
[2011/04/24 16:02:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/04/24 07:53:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Party Jumps\Application Data\OnlineArmor
[2011/04/24 07:53:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\OnlineArmor
[2011/04/24 07:52:29 | 000,029,464 | ---- | C] (Emsisoft) -- C:\WINDOWS\System32\drivers\OAnet.sys
[2011/04/24 07:52:29 | 000,025,192 | ---- | C] (Emsisoft) -- C:\WINDOWS\System32\drivers\OAmon.sys
[2011/04/24 07:52:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Online Armor
[2011/04/24 07:51:14 | 000,000,000 | ---D | C] -- C:\Program Files\Online Armor
[2011/04/24 06:10:32 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Party Jumps\Recent
[2011/04/23 20:01:15 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2011/04/23 17:44:50 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Party Jumps\Desktop\OTL.exe
[2011/04/23 17:38:55 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Party Jumps\Desktop\mbam-setup.com
[8 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]
[2 C:\Documents and Settings\Party Jumps\My Documents\*.tmp files -> C:\Documents and Settings\Party Jumps\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/02 13:54:46 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/02 13:42:17 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/05/02 13:36:18 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2011/05/02 13:36:12 | 535,351,296 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/02 13:01:42 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\Hosts
[2011/05/01 10:31:15 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Party Jumps\Desktop\Microsoft Office Word 2003.lnk
[2011/04/27 19:38:06 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/04/24 20:12:41 | 000,000,488 | ---- | M] () -- C:\hpfr5550.xml
[2011/04/24 07:53:14 | 000,438,072 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2011/04/24 07:53:14 | 000,069,876 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2011/04/23 17:43:18 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Party Jumps\Desktop\OTL.exe
[2011/04/23 17:31:21 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2011/04/22 16:10:14 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Party Jumps\Desktop\mbam-setup.com
[2011/04/21 12:19:42 | 000,000,508 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2011/04/06 13:02:26 | 000,039,048 | ---- | M] () -- C:\WINDOWS\System32\drivers\oahlp32.sys
[2011/04/06 13:01:32 | 000,029,464 | ---- | M] (Emsisoft) -- C:\WINDOWS\System32\drivers\OAnet.sys
[2011/04/06 13:01:30 | 000,205,864 | ---- | M] () -- C:\WINDOWS\System32\drivers\OADriver.sys
[2011/04/06 13:01:30 | 000,025,192 | ---- | M] (Emsisoft) -- C:\WINDOWS\System32\drivers\OAmon.sys
[2 C:\Documents and Settings\Party Jumps\My Documents\*.tmp files -> C:\Documents and Settings\Party Jumps\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/24 07:52:29 | 000,039,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\oahlp32.sys
[2011/04/24 07:52:28 | 000,205,864 | ---- | C] () -- C:\WINDOWS\System32\drivers\OADriver.sys
[2011/04/23 19:56:08 | 535,351,296 | -HS- | C] () -- C:\hiberfil.sys
[2011/04/20 21:13:28 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/03/09 20:41:21 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/05/09 19:27:27 | 000,020,436 | ---- | C] () -- C:\WINDOWS\hpoins01.dat.temp
[2006/05/09 19:27:27 | 000,016,618 | ---- | C] () -- C:\WINDOWS\hpomdl01.dat.temp
[2005/05/02 11:08:01 | 000,000,134 | ---- | C] () -- C:\Documents and Settings\Party Jumps\Local Settings\Application Data\fusioncache.dat
[2005/02/07 11:06:12 | 000,000,040 | ---- | C] () -- C:\WINDOWS\OFXDATE.INI
[2005/01/26 11:15:16 | 000,000,030 | ---- | C] () -- C:\WINDOWS\INTURS.DAT
[2005/01/15 15:48:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QFN.ini
[2005/01/15 15:48:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QDQICK.ini
[2004/12/28 23:40:59 | 000,000,333 | ---- | C] () -- C:\WINDOWS\System32\saie_gdf.dat
[2004/12/28 23:40:55 | 007,835,571 | ---- | C] () -- C:\WINDOWS\System32\saie_kyf.dat
[2004/12/28 23:40:52 | 000,329,602 | ---- | C] () -- C:\WINDOWS\System32\saieau.dat
[2004/12/22 13:12:50 | 000,000,292 | ---- | C] () -- C:\WINDOWS\EReg077.dat
[2004/12/22 12:37:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2004/11/18 22:39:45 | 000,100,475 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2004/11/18 22:38:51 | 000,004,981 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2004/11/07 12:33:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ka.ini
[2004/10/26 16:57:05 | 000,005,701 | ---- | C] () -- C:\WINDOWS\b2_t_JOHNLSCOTT.COM%2F27030&328.xml
[2004/10/16 11:30:54 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/09/07 19:22:03 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2004/06/16 18:39:04 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Party Jumps\Application Data\dm.ini
[2004/06/07 21:36:50 | 000,168,960 | ---- | C] () -- C:\Documents and Settings\Party Jumps\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/05/17 19:10:41 | 000,018,439 | ---- | C] () -- C:\WINDOWS\hpclj3500.ini
[2003/12/06 18:21:08 | 000,000,021 | ---- | C] () -- C:\WINDOWS\DVDSentry.ini
[2003/09/10 19:26:20 | 000,002,762 | ---- | C] () -- C:\WINDOWS\ACROREAD.INI
[2003/09/04 20:38:33 | 000,000,027 | ---- | C] () -- C:\WINDOWS\INTUIT.INI
[2003/09/02 14:15:56 | 000,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.Doug.ini
[2003/06/29 17:00:26 | 000,020,436 | ---- | C] () -- C:\WINDOWS\hpoins01.dat
[2003/06/29 17:00:26 | 000,016,618 | ---- | C] () -- C:\WINDOWS\hpomdl01.dat
[2003/06/01 18:51:15 | 000,008,074 | ---- | C] () -- C:\WINDOWS\extend.dat
[2003/05/26 14:41:42 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2003/05/15 19:20:38 | 000,000,508 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/05/03 12:33:43 | 000,000,709 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2003/05/03 12:33:35 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2003/05/02 19:10:30 | 000,004,712 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2003/04/23 13:37:14 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/04/23 13:31:59 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2003/04/23 13:24:14 | 000,007,406 | ---- | C] () -- C:\WINDOWS\ICOADB32.DAT
[2003/04/23 13:24:14 | 000,000,166 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2003/04/23 13:18:55 | 000,000,788 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/04/23 13:10:44 | 000,002,048 | --S- | C] () -- C:\WINDOWS\BOOTSTAT.DAT
[2003/04/23 13:10:06 | 000,438,072 | ---- | C] () -- C:\WINDOWS\System32\PERFH009.DAT
[2003/04/23 13:10:06 | 000,069,876 | ---- | C] () -- C:\WINDOWS\System32\PERFC009.DAT
[2003/04/23 12:56:34 | 000,000,549 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2003/03/09 13:31:04 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/09/03 07:05:08 | 000,292,480 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2002/09/03 06:59:14 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2002/09/03 06:56:30 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2002/09/03 06:31:46 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.BIN
[2002/09/03 06:31:44 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2002/08/29 03:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\MLANG.DAT
[2002/08/29 03:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\PERFI009.DAT
[2002/08/29 03:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\DSSEC.DAT
[2002/08/29 03:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\MIB.BIN
[2002/08/29 03:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\PERFD009.DAT
[2002/08/29 03:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\NOISE.DAT
[2001/07/31 03:17:12 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[2000/11/10 13:57:04 | 000,005,025 | ---- | C] () -- C:\WINDOWS\System32\patterns.dat
[1997/07/11 00:00:00 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\WRKGADM.EXE
[1997/07/11 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL
[1997/07/11 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1997/07/11 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

========== LOP Check ==========

[2010/03/21 17:58:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2010/12/25 19:10:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flip Video
[2004/01/11 18:59:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN Messenger 6.1.0155
[2004/04/12 20:28:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN Messenger 6.1.0211
[2011/04/24 09:00:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OnlineArmor
[2010/11/20 15:23:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2011/01/24 12:54:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Party Jumps\Application Data\Catalina Marketing Corp
[2010/03/23 08:45:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Party Jumps\Application Data\CE
[2010/04/19 09:14:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Party Jumps\Application Data\E-centives
[2005/01/29 16:25:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Party Jumps\Application Data\Leadertech
[2004/06/11 10:15:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Party Jumps\Application Data\Lycos
[2004/06/10 20:25:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Party Jumps\Application Data\MSNInstaller
[2009/03/05 14:42:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Party Jumps\Application Data\Musicmatch
[2011/04/24 07:54:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Party Jumps\Application Data\OnlineArmor
[2006/11/19 13:22:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Party Jumps\Application Data\Snapfish
[2011/05/02 13:42:17 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004/08/04 00:56:49 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: SVCHOST.EXE >
[2002/08/29 03:00:00 | 000,012,800 | ---- | M] (Microsoft Corporation) MD5=0F7D9C87B0CE1FA520473119752C6F79 -- C:\I386\SVCHOST.EXE
[2008/04/13 17:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 17:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\SYSTEM32\svchost.exe
[2004/08/04 00:56:57 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/04 00:56:57 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 17:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 17:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\SYSTEM32\userinit.exe
[2002/08/29 03:00:00 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=E931E0A2B8BF0019DB902E98D03662CB -- C:\I386\USERINIT.EXE

< MD5 for: WINLOGON.EXE >
[2004/08/04 00:56:57 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2002/08/29 03:00:00 | 000,516,608 | ---- | M] (Microsoft Corporation) MD5=2246D8D8F4714A2CEDB21AB9B1849ABB -- C:\I386\WINLOGON.EXE
[2004/05/26 18:38:46 | 000,483,328 | ---- | M] (Microsoft Corporation) MD5=E7F9D2E4E4A94A6F58014E5FFA16A65E -- C:\WINDOWS\SoftwareDistribution\Download\0bfb0fd6d1529228f4175fc177388244\sp1qfe\winlogon.exe
[2008/04/13 17:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 17:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\SYSTEM32\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/03/25 08:44:03 | 000,552,376 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/03/25 08:44:03 | 000,552,376 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/03/25 08:44:03 | 000,552,376 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: firefox.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/03/25 08:43:52 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: firefox.exe -safe-mode
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2010/08/26 05:22:20 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2010/08/26 05:22:20 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2010/08/26 05:22:20 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: iexplore.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\MSN Explorer\shell\open\command\\: "C:\Program Files\MSN\MSNCoreFiles\MSN.EXE" [2004/01/21 20:49:40 | 000,088,576 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/03/25 08:44:03 | 000,552,376 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/03/25 08:44:03 | 000,552,376 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/03/25 08:44:03 | 000,552,376 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: firefox.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/03/25 08:43:52 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: firefox.exe -safe-mode
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2010/08/26 05:22:20 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2010/08/26 05:22:20 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2010/08/26 05:22:20 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: iexplore.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\MSN Explorer\shell\open\command\\: "C:\Program Files\MSN\MSNCoreFiles\MSN.EXE" [2004/01/21 20:49:40 | 000,088,576 | ---- | M] (Microsoft Corporation)

< End of report >

[Render]

Please do the following:

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan


On completion of the scan click save log, save it to your desktop and post in your next reply

[Dougrbi]

aswMBR version 0.9.5.247 Copyright© 2011 AVAST Software
Run date: 2011-05-02 15:21:37
-----------------------------
15:21:37.359 OS Version: Windows 5.1.2600 Service Pack 3
15:21:37.359 Number of processors: 1 586 0x204
15:21:37.359 ComputerName: D161GQ21 UserName:
15:22:10.015 Initialize success
15:22:15.812 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
15:22:15.812 Disk 0 Vendor: WDC_WD300EB-75CPF0 06.04G06 Size: 28629MB BusType: 3
15:22:15.812 Device \Driver\atapi -> DriverStartIo 82f6833b
15:22:17.859 Disk 0 MBR read successfully
15:22:17.859 Disk 0 MBR scan
15:22:17.859 Disk 0 TDL4@MBR code has been found
15:22:17.859 Disk 0 Windows XP default MBR code found via API
15:22:17.859 Disk 0 MBR hidden
15:22:17.859 Disk 0 MBR [TDL4] **ROOTKIT**
15:22:17.859 Disk 0 trace - called modules:
15:22:17.859 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x82f684f0]<<
15:22:17.859 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82fccab8]
15:22:17.859 3 CLASSPNP.SYS[f8537fd7] -> nt!IofCallDriver -> \Device\0000005c[0x82fd1f18]
15:22:17.859 5 ACPI.sys[f84ae620] -> nt!IofCallDriver -> [0x82f54940]
15:22:17.890 \Driver\atapi[0x82f54df0] -> IRP_MJ_CREATE -> 0x82f684f0
15:22:17.890 Scan finished successfully
15:23:17.078 Disk 0 MBR has been saved successfully to "C:\Program Files\Mozilla Firefox\MBR.dat"
15:23:17.125 The log file has been saved successfully to "C:\Program Files\Mozilla Firefox\aswMBR.txt"


aswMBR version 0.9.5.247 Copyright© 2011 AVAST Software
Run date: 2011-05-02 15:21:37
-----------------------------
15:21:37.359 OS Version: Windows 5.1.2600 Service Pack 3
15:21:37.359 Number of processors: 1 586 0x204
15:21:37.359 ComputerName: D161GQ21 UserName:
15:22:10.015 Initialize success
15:22:15.812 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
15:22:15.812 Disk 0 Vendor: WDC_WD300EB-75CPF0 06.04G06 Size: 28629MB BusType: 3
15:22:15.812 Device \Driver\atapi -> DriverStartIo 82f6833b
15:22:17.859 Disk 0 MBR read successfully
15:22:17.859 Disk 0 MBR scan
15:22:17.859 Disk 0 TDL4@MBR code has been found
15:22:17.859 Disk 0 Windows XP default MBR code found via API
15:22:17.859 Disk 0 MBR hidden
15:22:17.859 Disk 0 MBR [TDL4] **ROOTKIT**
15:22:17.859 Disk 0 trace - called modules:
15:22:17.859 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x82f684f0]<<
15:22:17.859 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82fccab8]
15:22:17.859 3 CLASSPNP.SYS[f8537fd7] -> nt!IofCallDriver -> \Device\0000005c[0x82fd1f18]
15:22:17.859 5 ACPI.sys[f84ae620] -> nt!IofCallDriver -> [0x82f54940]
15:22:17.890 \Driver\atapi[0x82f54df0] -> IRP_MJ_CREATE -> 0x82f684f0
15:22:17.890 Scan finished successfully
15:23:17.078 Disk 0 MBR has been saved successfully to "C:\Program Files\Mozilla Firefox\MBR.dat"
15:23:17.125 The log file has been saved successfully to "C:\Program Files\Mozilla Firefox\aswMBR.txt"
15:24:49.171 Disk 0 MBR has been saved successfully to "C:\Program Files\Mozilla Firefox\MBR.dat"
15:24:49.171 The log file has been saved successfully to "C:\Program Files\Mozilla Firefox\aswMBR.txt"

[Render]

Please do the following:

Re-Run aswMBR

Click Scan

On completion of the scan

Click the Fix button



Save the log as before and post in your next reply

[Dougrbi]

I ran the scan and ran the fix, It said fix successful, reboot imediatly, I tried to save the log, but it locked up. Nothing nata, zip, I waited a 1/2 hour for something to run it wouldn't do anything, I had to hard reboot. Then when I tried to re-run it gave me a warning that wasn't there before, so I didn't do it, I can't find the log.

[Render]

OK. But your computer booted normally? Then do the following:

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan


On completion of the scan click save log, save it to your desktop and post in your next reply

[Dougrbi]

Couple of funny things, First when my computer reboots and I log in, I get a pop up window that Says Windows Installer, Sort of like I plugged something in and windows is installing a driver, but no name no nothing, but the box, it disappears 30sec. later, no option to close, or anything.
Also the attached log, won't save to my desktop, I change the file path, but it puts it in my Firefox browser folder?

aswMBR version 0.9.5.247 Copyright© 2011 AVAST Software
Run date: 2011-05-02 15:21:37
-----------------------------
15:21:37.359 OS Version: Windows 5.1.2600 Service Pack 3
15:21:37.359 Number of processors: 1 586 0x204
15:21:37.359 ComputerName: D161GQ21 UserName:
15:22:10.015 Initialize success
15:22:15.812 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
15:22:15.812 Disk 0 Vendor: WDC_WD300EB-75CPF0 06.04G06 Size: 28629MB BusType: 3
15:22:15.812 Device \Driver\atapi -> DriverStartIo 82f6833b
15:22:17.859 Disk 0 MBR read successfully
15:22:17.859 Disk 0 MBR scan
15:22:17.859 Disk 0 TDL4@MBR code has been found
15:22:17.859 Disk 0 Windows XP default MBR code found via API
15:22:17.859 Disk 0 MBR hidden
15:22:17.859 Disk 0 MBR [TDL4] **ROOTKIT**
15:22:17.859 Disk 0 trace - called modules:
15:22:17.859 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x82f684f0]<<
15:22:17.859 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82fccab8]
15:22:17.859 3 CLASSPNP.SYS[f8537fd7] -> nt!IofCallDriver -> \Device\0000005c[0x82fd1f18]
15:22:17.859 5 ACPI.sys[f84ae620] -> nt!IofCallDriver -> [0x82f54940]
15:22:17.890 \Driver\atapi[0x82f54df0] -> IRP_MJ_CREATE -> 0x82f684f0
15:22:17.890 Scan finished successfully
15:23:17.078 Disk 0 MBR has been saved successfully to "C:\Program Files\Mozilla Firefox\MBR.dat"
15:23:17.125 The log file has been saved successfully to "C:\Program Files\Mozilla Firefox\aswMBR.txt"


aswMBR version 0.9.5.247 Copyright© 2011 AVAST Software
Run date: 2011-05-02 15:21:37
-----------------------------
15:21:37.359 OS Version: Windows 5.1.2600 Service Pack 3
15:21:37.359 Number of processors: 1 586 0x204
15:21:37.359 ComputerName: D161GQ21 UserName:
15:22:10.015 Initialize success
15:22:15.812 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
15:22:15.812 Disk 0 Vendor: WDC_WD300EB-75CPF0 06.04G06 Size: 28629MB BusType: 3
15:22:15.812 Device \Driver\atapi -> DriverStartIo 82f6833b
15:22:17.859 Disk 0 MBR read successfully
15:22:17.859 Disk 0 MBR scan
15:22:17.859 Disk 0 TDL4@MBR code has been found
15:22:17.859 Disk 0 Windows XP default MBR code found via API
15:22:17.859 Disk 0 MBR hidden
15:22:17.859 Disk 0 MBR [TDL4] **ROOTKIT**
15:22:17.859 Disk 0 trace - called modules:
15:22:17.859 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x82f684f0]<<
15:22:17.859 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82fccab8]
15:22:17.859 3 CLASSPNP.SYS[f8537fd7] -> nt!IofCallDriver -> \Device\0000005c[0x82fd1f18]
15:22:17.859 5 ACPI.sys[f84ae620] -> nt!IofCallDriver -> [0x82f54940]
15:22:17.890 \Driver\atapi[0x82f54df0] -> IRP_MJ_CREATE -> 0x82f684f0
15:22:17.890 Scan finished successfully
15:23:17.078 Disk 0 MBR has been saved successfully to "C:\Program Files\Mozilla Firefox\MBR.dat"
15:23:17.125 The log file has been saved successfully to "C:\Program Files\Mozilla Firefox\aswMBR.txt"
15:24:49.171 Disk 0 MBR has been saved successfully to "C:\Program Files\Mozilla Firefox\MBR.dat"
15:24:49.171 The log file has been saved successfully to "C:\Program Files\Mozilla Firefox\aswMBR.txt"


aswMBR version 0.9.5.247 Copyright© 2011 AVAST Software
Run date: 2011-05-02 17:04:48
-----------------------------
17:04:48.859 OS Version: Windows 5.1.2600 Service Pack 3
17:04:48.859 Number of processors: 1 586 0x204
17:04:48.859 ComputerName: D161GQ21 UserName:
17:04:49.203 Initialize success
17:04:51.984 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
17:04:52.000 Disk 0 Vendor: WDC_WD300EB-75CPF0 06.04G06 Size: 28629MB BusType: 3
17:04:54.031 Disk 0 MBR read successfully
17:04:54.031 Disk 0 MBR scan
17:04:54.031 Disk 0 Windows XP default MBR code
17:04:56.031 Disk 0 scanning sectors +58621185
17:04:56.062 Disk 0 scanning C:\WINDOWS\system32\drivers
17:05:13.109 Service scanning
17:05:14.812 Disk 0 trace - called modules:
17:05:14.843 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
17:05:14.843 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82f86ab8]
17:05:14.843 3 CLASSPNP.SYS[f8537fd7] -> nt!IofCallDriver -> \Device\0000005d[0x82f55228]
17:05:14.843 5 ACPI.sys[f84ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x82f4bd98]
17:05:14.843 Scan finished successfully
17:06:16.656 Disk 0 MBR has been saved successfully to "C:\Program Files\Mozilla Firefox\MBR.dat"
17:06:16.703 The log file has been saved successfully to "C:\Program Files\Mozilla Firefox\aswMBR.txt"

[Render]

Yes I see that but I can't tell you why - for now. This looks like a new TDL4 rootkit and it seems that aswMBR successfully removed it.

Let's run another tool to see if everything is OK with MBR. I'm going to bed now as is late here and will be online tomorrow.

Please read carefully and follow these steps.

• Download TDSSKiller and save it to your Desktop.
• Extract its contents to your desktop.
• Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  
  
  
• If an infected file is detected, the default action will be Cure, click on Continue.
  
  
  
• If a suspicious file is detected, the default action will be Skip, click on Continue.
  
  
  
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  
  
  
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
• If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

[Dougrbi]

Well the bad deal is I already used my free trial of WinZip and it won't let me un-zip the file so I can't get it, I tried to download it from the Kaspersky website but I was not able to locate it and when I did a search on the site for it I got nothing. I will try to check back in the morning before work for me, That would be 5:00-5:30 my time. in 11.5 hours from now.
Thank you for working with me on this.

[Render]

You really don't need WinZip to extract zipped files. Just right-click on tdsskiller.zip file on your desktop and then from menu select and left-click on Extract All... Extraction Wizard window will open. Click on Next button two times and then on Finish button. Folder with extracted files will open automatically in Windows Explorer.

There are also very good free alternative for WinZip. I'm using 7-Zip and can only recommend it. You can download it from here.