Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Combofix log


  • This topic is locked This topic is locked
21 replies to this topic

#1 Quality

Quality

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:26 AM

Posted 07 July 2010 - 04:47 PM

it seems something is using resources that is slowing down my system. I ran Combofix and my log is attached. Please reply to Removed to protect from spambots. ~ OB

Attached Files

  • Attached File  log.txt   15.27KB   10 downloads

Edited by Orange Blossom, 07 July 2010 - 07:18 PM.


BC AdBot (Login to Remove)

 


#2 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:08:26 AM

Posted 11 July 2010 - 06:04 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.

Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.

We need to create an OTL report,
  • Please download OTL from this link.
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in:

    netsvcs
    msconfig
    drivers32 /all
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\system32\*.sys /90
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\*. /mp /s
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32
    ahcix86s.sys
    nvrd32.sys
    user32.dll
    ws2_32.dll
    /md5stop
    %systemroot%\*. /mp /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    CREATERESTOREPOINT

  • Click the Quick Scan button.
  • The scan should take a few minutes.
  • Please copy and paste both logs in your reply.

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new OTL log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


In your reply, please post both OTL logs and the GMER log.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#3 Quality

Quality
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:26 AM

Posted 16 July 2010 - 04:21 PM

Thank you for replying, i have however done some cleaning up since i last posted. My computer does seem to be doing better but if you would still like me to do as you recommended i can start working with you next Monday. The reason i first used the forum was because this computer caught a virus and i used the recovery CD. Since then the computer was acting erratic and very slow opening programs.

#4 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:08:26 AM

Posted 16 July 2010 - 05:24 PM

Hi Quality-

It's completely up to you. If you want me to take a look that's fine. If you did completely reimage the drive, you'll be fine too. Just please let me know either way.

Thanks!


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#5 Quality

Quality
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:26 AM

Posted 20 July 2010 - 11:01 AM

yesterday i followed the instructions you gave me and ran otl but the computer is just a blank screen with the top program i had running but nothing else. I manually restarted and ran the program again and same thing, just the last program window is showing. I believe it is the otl program doing it. What do i do now

#6 Quality

Quality
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:26 AM

Posted 20 July 2010 - 11:04 AM

Sorry it was the GMER program not the OTL program.

#7 Quality

Quality
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:26 AM

Posted 20 July 2010 - 04:07 PM

Here is the logs that i have so far, but the GMER program doesn't finish it freezes my system.


OTL logfile created on: 7/19/2010 3:56:27 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Compaq_Owner.CLAY\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

222.00 Mb Total Physical Memory | 30.00 Mb Available Physical Memory | 13.00% Memory free
539.00 Mb Paging File | 293.00 Mb Available in Paging File | 54.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 51.23 Gb Total Space | 36.27 Gb Free Space | 70.80% Space Free | Partition Type: NTFS
Drive D: | 6.50 Gb Total Space | 1.45 Gb Free Space | 22.28% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CLAY
Current User Name: Compaq_Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/07/19 15:55:25 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner.CLAY\My Documents\Downloads\OTL.exe
PRC - [2010/07/02 14:33:18 | 002,480,048 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2010/06/28 13:57:18 | 002,837,864 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/06/28 13:57:15 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/06/26 01:41:08 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/03/27 16:07:26 | 000,362,232 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2010/03/27 16:07:20 | 000,751,464 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2010/03/27 16:06:16 | 005,107,232 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2009/03/27 22:10:56 | 000,014,336 | ---- | M] (LSI Corporation) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/07/19 15:55:25 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner.CLAY\My Documents\Downloads\OTL.exe
MOD - [2008/04/13 17:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/07/02 14:33:18 | 002,480,048 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2010/06/28 13:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/06/28 13:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/06/28 13:57:15 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/03/27 16:07:20 | 000,751,464 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/03/27 22:10:56 | 000,014,336 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\DRIVERS\ftsata2.sys -- (ftsata2)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\COMPAQ~1.CLA\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/07/02 14:33:22 | 000,160,704 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afcdp.sys -- (afcdp)
DRV - [2010/07/02 14:33:10 | 000,911,680 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tdrpm258.sys -- (tdrpman258) Acronis Try&Decide and Restore Points filter (build 258)
DRV - [2010/07/02 14:32:49 | 000,581,984 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2010/07/02 14:32:10 | 000,166,272 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2010/06/28 13:37:52 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/06/28 13:37:30 | 000,165,456 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/06/28 13:33:13 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/06/28 13:32:45 | 000,100,176 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/06/28 13:32:33 | 000,017,744 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/06/28 13:32:16 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/08/13 15:07:12 | 001,163,328 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/03/09 05:03:24 | 000,121,984 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2005/12/12 17:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2005/08/13 21:35:54 | 001,313,792 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/04/20 11:00:56 | 002,317,696 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/03/09 18:09:18 | 000,870,912 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2005/03/09 14:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/08/03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/04/29 00:01:00 | 000,369,024 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3435137876-2054043485-3331839053-1009\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-3435137876-2054043485-3331839053-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/08 12:29:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/14 10:37:21 | 000,000,000 | ---D | M]

[2010/07/08 12:13:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner.CLAY\Application Data\Mozilla\Extensions
[2010/07/16 12:50:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner.CLAY\Application Data\Mozilla\Firefox\Profiles\09nrojxi.default\extensions
[2010/07/08 12:12:19 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/14 10:35:41 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

O1 HOSTS File: ([2010/07/07 13:52:55 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3435137876-2054043485-3331839053-1009\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-3435137876-2054043485-3331839053-1009\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-3435137876-2054043485-3331839053-1009\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3435137876-2054043485-3331839053-1009\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3435137876-2054043485-3331839053-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-3435137876-2054043485-3331839053-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-3435137876-2054043485-3331839053-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1255556735562 (WUWebControl Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/06/24 22:32:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 07:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 23:01:14 | 000,000,053 | -HS- | M] () - D:\AUTORUN.FCB -- [ FAT32 ]
O33 - MountPoints2\{5f5f7798-2167-11df-9928-0012179dd58c}\Shell - "" = AutoRun
O33 - MountPoints2\{5f5f7798-2167-11df-9928-0012179dd58c}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

MsConfig - Services: "SymWSC"
MsConfig - Services: "SPBBCSvc"
MsConfig - Services: "SAVScan"
MsConfig - Services: "navapsvc"
MsConfig - Services: "LiveUpdate"
MsConfig - Services: "ccSetMgr"
MsConfig - Services: "ccPwdSvc"
MsConfig - Services: "ccProxy"
MsConfig - Services: "ccEvtMgr"
MsConfig - Services: "Automatic LiveUpdate Scheduler"
MsConfig - Services: "avg9wd"
MsConfig - Services: "AVG Security Toolbar Service"
MsConfig - StartUpReg: ctfmon.exe - hkey= - key= - File not found
MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.iyuv - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 90 Days ==========

[2010/07/14 10:38:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner.CLAY\Application Data\Foxit Software
[2010/07/14 10:37:19 | 000,000,000 | ---D | C] -- C:\Program Files\Foxit Software
[2010/07/13 14:58:41 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010/07/13 14:39:19 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Desktop Search
[2010/07/13 14:39:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
[2010/07/12 15:13:17 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Compaq_Owner.CLAY\Recent
[2010/07/09 14:23:34 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/07/08 14:03:24 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/07/08 13:50:25 | 000,165,456 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/07/08 13:50:25 | 000,017,744 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/07/08 13:50:23 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/07/08 13:50:21 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/07/08 13:50:18 | 000,100,176 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/07/08 13:50:18 | 000,094,544 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/07/08 13:50:17 | 000,028,880 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/07/08 13:49:14 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
[2010/07/08 13:49:13 | 000,165,032 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/07/08 13:48:52 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/07/08 13:48:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/07/08 12:25:04 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/07/08 12:24:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2010/07/08 12:23:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010/07/08 12:23:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner.CLAY\Local Settings\Application Data\Apple
[2010/07/08 12:23:01 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/07/08 12:23:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2010/07/08 12:15:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner.CLAY\My Documents\Downloads
[2010/07/08 12:13:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner.CLAY\Local Settings\Application Data\Mozilla
[2010/07/08 12:13:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner.CLAY\Application Data\Mozilla
[2010/07/08 12:12:13 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/07/07 16:27:33 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/07/07 15:05:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2010/07/07 15:02:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner.CLAY\My Documents\Dial-a-fix-v0.60.0.24
[2010/07/07 13:40:25 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/07/07 13:40:25 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/07/07 13:40:25 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/07/07 13:40:25 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/07/07 13:38:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/07/06 16:26:15 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/07/02 14:45:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner.CLAY\Application Data\Acronis
[2010/07/02 14:42:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2010/07/02 14:30:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Acronis
[2010/07/02 14:28:40 | 000,000,000 | ---D | C] -- C:\Program Files\Acronis
[2010/06/30 15:18:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SoftSwift
[2010/06/29 16:54:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010/06/25 10:36:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2010/06/24 14:25:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Sonic Shared
[2010/06/22 09:48:46 | 000,000,000 | ---D | C] -- C:\Program Files\LSI SoftModem
[2010/06/22 09:38:48 | 000,000,000 | ---D | C] -- C:\softpaq
[2010/06/14 16:07:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner.CLAY\Local Settings\Application Data\Identities
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/07/19 16:02:00 | 000,000,436 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{7D7CA7C9-38FE-4C64-80B9-44610276A2CF}.job
[2010/07/19 16:01:01 | 000,000,436 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{615D5544-20A9-45ED-90CB-ED95D068AF0B}.job
[2010/07/19 15:51:06 | 000,000,246 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2010/07/19 15:46:41 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/19 15:46:21 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/19 15:46:17 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/19 15:46:14 | 233,361,408 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/16 14:25:09 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner.CLAY\defogger_reenable
[2010/07/16 12:41:11 | 002,359,296 | -H-- | M] () -- C:\Documents and Settings\Compaq_Owner.CLAY\NTUSER.DAT
[2010/07/16 12:41:11 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Compaq_Owner.CLAY\ntuser.ini
[2010/07/16 12:39:40 | 000,423,740 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/07/16 12:39:40 | 000,062,646 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/07/14 10:38:14 | 000,000,909 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner.CLAY\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
[2010/07/14 10:38:14 | 000,000,891 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Foxit Reader.lnk
[2010/07/13 15:07:22 | 000,518,962 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/07/13 14:52:23 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/07/12 15:23:07 | 000,000,521 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/07/12 15:23:07 | 000,000,281 | -HS- | M] () -- C:\boot.ini
[2010/07/12 15:23:07 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/07/09 14:23:38 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner.CLAY\Desktop\CCleaner.lnk
[2010/07/08 13:50:28 | 000,001,708 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/07/08 13:50:18 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/07/08 12:23:20 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/07/08 12:13:21 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2010/07/08 12:12:29 | 000,001,628 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner.CLAY\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/07/08 12:12:29 | 000,001,610 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/07/07 15:15:40 | 000,140,288 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner.CLAY\My Documents\Dial-A-Fix error.doc
[2010/07/07 15:07:12 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/07/07 15:07:12 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/07/07 13:52:55 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/07/07 13:17:27 | 000,000,882 | ---- | M] () -- C:\WINDOWS\orun32.ini
[2010/07/02 16:26:24 | 008,698,660 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner.CLAY\My Documents\TrueImage2010_UserGuide.en.pdf
[2010/07/02 15:32:56 | 000,001,024 | ---- | M] () -- C:\WINDOWS\System32\AutoPartNt.let
[2010/07/02 14:31:47 | 000,001,946 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Acronis One-Click Backup.lnk
[2010/07/02 14:31:47 | 000,000,872 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Acronis True Image Home 2010.lnk
[2010/06/30 15:18:48 | 000,045,224 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner.CLAY\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/06/29 15:37:32 | 003,178,490 | -H-- | M] () -- C:\Documents and Settings\Compaq_Owner.CLAY\Local Settings\Application Data\IconCache.db
[2010/06/28 13:57:33 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
[2010/06/28 13:57:12 | 000,165,032 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/06/28 13:37:52 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/06/28 13:37:30 | 000,165,456 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/06/28 13:33:13 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/06/28 13:32:45 | 000,100,176 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/06/28 13:32:42 | 000,094,544 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/06/28 13:32:33 | 000,017,744 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/06/28 13:32:16 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/06/25 15:17:01 | 000,000,372 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner.CLAY\My Documents\spider.sav
[2010/06/24 14:27:48 | 000,000,109 | ---- | M] () -- C:\WINDOWS\WININIT.INI
[2010/06/14 09:09:13 | 000,195,368 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/05/27 12:16:19 | 000,001,932 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\MasterKing.lnk
[2010/04/26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/16 14:25:09 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner.CLAY\defogger_reenable
[2010/07/14 10:38:14 | 000,000,909 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner.CLAY\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
[2010/07/14 10:38:14 | 000,000,891 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Foxit Reader.lnk
[2010/07/13 14:18:37 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/07/12 10:33:16 | 000,001,733 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
[2010/07/09 14:23:37 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner.CLAY\Desktop\CCleaner.lnk
[2010/07/08 13:50:28 | 000,001,708 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/07/08 12:23:19 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/07/08 12:13:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/07/08 12:12:29 | 000,001,628 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner.CLAY\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/07/08 12:12:29 | 000,001,610 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/07/07 15:09:55 | 000,140,288 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner.CLAY\My Documents\Dial-A-Fix error.doc
[2010/07/07 13:40:25 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/07/07 13:40:25 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/07/07 13:40:25 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/07/07 13:40:25 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/07/07 13:40:25 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/07/02 16:26:18 | 008,698,660 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner.CLAY\My Documents\TrueImage2010_UserGuide.en.pdf
[2010/07/02 15:31:21 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\AutoPartNt.let
[2010/07/02 14:31:47 | 000,001,946 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Acronis One-Click Backup.lnk
[2010/07/02 14:31:47 | 000,000,872 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Acronis True Image Home 2010.lnk
[2010/06/22 09:15:13 | 000,516,096 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2010/05/27 12:16:19 | 000,001,932 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\MasterKing.lnk
[2009/12/31 11:47:53 | 000,018,790 | ---- | C] () -- C:\WINDOWS\System32\ddmon.dll
[2009/10/12 13:51:11 | 000,000,778 | ---- | C] () -- C:\WINDOWS\gcode.ini
[2009/03/03 12:18:04 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2008/02/20 13:12:40 | 000,000,787 | ---- | C] () -- C:\WINDOWS\Link.ini
[2007/10/18 18:36:54 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\deskMenu2.dll
[2006/04/11 13:32:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini
[2006/03/02 15:31:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/11/04 09:08:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2005/09/03 02:45:17 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/09/03 02:13:28 | 000,012,993 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2005/09/03 02:13:21 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2005/09/03 02:06:23 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/09/03 01:59:57 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/09/03 01:59:57 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/09/03 01:59:57 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/09/03 01:59:57 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/09/03 01:59:57 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/09/03 01:59:57 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/09/03 01:54:22 | 000,000,109 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2005/09/03 01:49:21 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/09/03 01:34:18 | 000,000,882 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/09/03 01:29:38 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2005/05/09 23:52:32 | 000,022,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2004/06/15 22:38:02 | 000,000,592 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2000/10/25 18:15:00 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\IMPLODE.DLL
[2000/01/07 07:15:42 | 000,258,048 | ---- | C] () -- C:\WINDOWS\System32\p2solap.dll
[1999/12/15 10:27:30 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\keycode.dll
[1999/12/10 06:17:28 | 000,404,992 | ---- | C] () -- C:\WINDOWS\System32\amzi4.dll
[1999/12/10 06:17:26 | 000,716,849 | ---- | C] () -- C:\WINDOWS\System32\Olapdbmg.dll
[1999/12/10 06:17:22 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\p2smcube.dll
[1999/10/13 11:28:24 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\NSQLC32.dll
[1999/09/22 01:00:00 | 000,100,352 | ---- | C] () -- C:\WINDOWS\System32\pg32conv.dll
[1999/06/02 13:44:18 | 003,203,072 | ---- | C] () -- C:\WINDOWS\System32\lcppn201.dll
[1999/03/12 01:00:00 | 000,299,008 | ---- | C] () -- C:\WINDOWS\System32\Crutl14.dll
[1998/03/31 16:00:00 | 000,070,656 | ---- | C] () -- C:\WINDOWS\System32\u2lesbse.dll
[1998/03/31 16:00:00 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\u25store.dll
[1998/03/31 16:00:00 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\u25total.dll
[1998/03/31 16:00:00 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\u2lbar.dll

========== LOP Check ==========

[2010/07/02 14:42:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2010/07/08 13:48:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/07/08 12:26:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/06/30 15:24:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SoftSwift
[2010/07/02 14:45:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner.CLAY\Application Data\Acronis
[2009/09/28 10:29:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner.CLAY\Application Data\Application Data
[2009/12/31 12:01:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner.CLAY\Application Data\deskPDF
[2010/07/14 10:38:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner.CLAY\Application Data\Foxit Software
[2009/10/14 13:33:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner.CLAY\Application Data\Leadertech
[2010/03/02 17:15:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner.CLAY\Application Data\OpenOffice.org
[2005/09/03 02:12:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner.CLAY\Application Data\SampleView
[2009/10/16 09:29:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner.CLAY\Application Data\WinBatch
[2010/07/19 16:01:01 | 000,000,436 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{615D5544-20A9-45ED-90CB-ED95D068AF0B}.job
[2010/07/19 16:02:00 | 000,000,436 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{7D7CA7C9-38FE-4C64-80B9-44610276A2CF}.job

========== Purity Check ==========



========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[6 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.sys /90 >
[2010/05/01 22:22:50 | 001,851,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\win32k.sys
[6 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2005/06/24 15:25:14 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2005/06/24 15:25:14 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2005/06/24 15:25:14 | 000,884,736 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %SYSTEMDRIVE%\*.* >
[2006/09/13 07:23:32 | 000,000,692 | ---- | M] () -- C:\asdf.txt
[2005/06/24 22:32:00 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/10/14 09:55:06 | 000,000,213 | RHS- | M] () -- C:\BOOT.BAK
[2010/07/12 15:23:07 | 000,000,281 | -HS- | M] () -- C:\boot.ini
[2004/08/04 05:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2010/07/07 13:58:37 | 000,015,632 | ---- | M] () -- C:\ComboFix.txt
[2005/06/24 22:32:00 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/07/19 15:46:14 | 233,361,408 | -HS- | M] () -- C:\hiberfil.sys
[2005/06/24 22:32:00 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2005/06/24 22:32:00 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 05:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/10/19 14:38:33 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/07/19 15:46:13 | 349,933,568 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2003/06/19 00:31:48 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll

< %systemroot%\*. /mp /s >


< MD5 for: AGP440.SYS >
[2008/08/20 08:29:21 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\$NtServicePackUninstall$\sp3.cab:AGP440.sys
[2004/08/04 12:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/10/19 14:29:38 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys
[2009/10/19 14:29:38 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2009/10/19 14:29:38 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\sp3.cab:AGP440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\agp440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\dllcache\agp440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2008/08/20 08:29:21 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\$NtServicePackUninstall$\sp3.cab:atapi.sys
[2004/08/04 12:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/10/19 14:29:38 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2009/10/19 14:29:38 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2009/10/19 14:29:38 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\sp3.cab:atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 05:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\eventlog.dll
[2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 05:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: IASTOR.SYS >
[2005/03/09 18:09:18 | 000,870,912 | ---- | M] (Intel Corporation) MD5=79AE2A97C120F282845D854D0F070EA9 -- C:\hp\drivers\Intel_Emery_RAID_v5.0.0.1032\iaStor.sys
[2005/03/09 18:09:18 | 000,870,912 | ---- | M] (Intel Corporation) MD5=79AE2A97C120F282845D854D0F070EA9 -- C:\WINDOWS\system32\drivers\iaStor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\netlogon.dll
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2009/02/06 11:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 11:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2009/02/06 11:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\SoftwareDistribution\Download\78cf8552430e25a8f24bc1e4dfb1970e\sp2qfe\netlogon.dll
[2009/02/06 11:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\SoftwareDistribution\Download\de81b460c3abcfc5b8494c785a5f3944\sp2qfe\netlogon.dll
[2004/08/04 05:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 05:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\scecli.dll
[2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: USER32.DLL >
[2005/03/02 11:19:56 | 000,577,024 | ---- | M] (Microsoft Corporation) MD5=1800F293BCCC8EDE8A70E12B88D80036 -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
[2007/03/08 08:48:36 | 000,578,048 | ---- | M] (Microsoft Corporation) MD5=7AA4F6C00405DFC4B70ED4214E7D687B -- C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
[2008/04/13 17:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\ERDNT\cache\user32.dll
[2008/04/13 17:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008/04/13 17:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\user32.dll
[2008/04/13 17:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll
[2007/03/08 08:36:28 | 000,577,536 | ---- | M] (Microsoft Corporation) MD5=B409909F6E2E8A7067076ED748ABF1E7 -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2007/03/08 08:36:28 | 000,577,536 | ---- | M] (Microsoft Corporation) MD5=B409909F6E2E8A7067076ED748ABF1E7 -- C:\WINDOWS\SoftwareDistribution\Download\4d9d678c0d8af22c04a4a7fc7f1ff86c\sp2gdr\user32.dll
[2004/08/04 05:00:00 | 000,577,024 | ---- | M] (Microsoft Corporation) MD5=C72661F8552ACE7C5C85E16A3CF505C4 -- C:\WINDOWS\$NtUninstallKB890859$\user32.dll
[2005/03/02 11:09:30 | 000,577,024 | ---- | M] (Microsoft Corporation) MD5=DE2DB164BBB35DB061AF0997E4499054 -- C:\WINDOWS\$NtUninstallKB925902$\user32.dll
[2005/03/02 11:09:30 | 000,577,024 | ---- | M] (Microsoft Corporation) MD5=DE2DB164BBB35DB061AF0997E4499054 -- C:\WINDOWS\SoftwareDistribution\Download\dc3b8fb011c281dea1cb7a45f880da78\sp2gdr\user32.dll

< MD5 for: WS2_32.DLL >
[2008/04/13 17:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\ERDNT\cache\ws2_32.dll
[2008/04/13 17:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
[2008/04/13 17:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ws2_32.dll
[2008/04/13 17:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll
[2004/08/04 05:00:00 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=2ED0B7F12A60F90092081C50FA0EC2B2 -- C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll

< %systemroot%\*. /mp /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

========== Alternate Data Streams ==========

@Alternate Data Stream - 753 bytes -> C:\Documents and Settings\Compaq_Owner.CLAY\My Documents\Florida.eml:OECustomProperty
< End of report >


OTL Extras logfile created on: 7/19/2010 3:56:27 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Compaq_Owner.CLAY\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

222.00 Mb Total Physical Memory | 30.00 Mb Available Physical Memory | 13.00% Memory free
539.00 Mb Paging File | 293.00 Mb Available in Paging File | 54.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 51.23 Gb Total Space | 36.27 Gb Free Space | 70.80% Space Free | Partition Type: NTFS
Drive D: | 6.50 Gb Total Space | 1.45 Gb Free Space | 22.28% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CLAY
Current User Name: Compaq_Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-3435137876-2054043485-3331839053-1009\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%ProgramFiles%\iTunes\iTunes.exe" = %ProgramFiles%\iTunes\iTunes.exe:*:enabled:iTunes -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00170409-78E1-11D2-B60F-006097C998E7}" = Microsoft Word 2000
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150000}" = J2SE Runtime Environment 5.0
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3912A629-0020-0005-3757-2FBA74D4DF0A}" = InterVideo WinDVD Player
"{3BA95526-6AE0-4B87-A62D-17187EF565FC}" = HP Boot Optimizer
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{67ED38A3-4882-448B-B44D-3428AB00D7D5}" = Acronis True Image Home
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD Player
"{AB61A692-5543-4C48-979B-8CEA1C52FE9C}" = PC-Doctor 5 for Windows
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B6863AFD-2090-4188-BD37-9DB7A0898708}" = MasterKing
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D0122362-6333-4DE4-93F6-A5A2F3CC101A}" = Compaq Organize
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"Agere Systems Soft Modem" = Agere Systems PCI Soft Modem
"ATI Display Driver" = ATI Display Driver
"avast5" = avast! Free Antivirus
"CCleaner" = CCleaner
"deskPDF 2.5 Standard_is1" = deskPDF 2.5 Standard Edition
"Foxit Reader" = Foxit Reader
"GPL Ghostscript_is1" = Docudesk GPL Ghostscript 8.15
"ie8" = Windows Internet Explorer 8
"InstallShield_{AB61A692-5543-4C48-979B-8CEA1C52FE9C}" = PC-Doctor 5 for Windows
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"RealPlayer 6.0" = RealPlayer
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/13/2010 5:48:06 PM | Computer Name = CLAY | Source = MsiInstaller | ID = 10005
Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 -- There is a
problem with this Windows Installer package. Please refer to the setup log for
more information.

Error - 7/13/2010 5:49:20 PM | Computer Name = CLAY | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 - Update '.NET
Framework CLR' could not be installed. Error code 1603. Additional information
is available in the log file C:\DOCUME~1\COMPAQ~1.CLA\LOCALS~1\Temp\dd_NET_Framework20_Setup60D3.txt.

Error - 7/13/2010 5:49:20 PM | Computer Name = CLAY | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 - Update '.NET
Framework CA' could not be installed. Error code 1603. Additional information is
available in the log file C:\DOCUME~1\COMPAQ~1.CLA\LOCALS~1\Temp\dd_NET_Framework20_Setup60D3.txt.

Error - 7/13/2010 5:49:20 PM | Computer Name = CLAY | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 - Update '.NET
Framework CRT' could not be installed. Error code 1603. Additional information
is available in the log file C:\DOCUME~1\COMPAQ~1.CLA\LOCALS~1\Temp\dd_NET_Framework20_Setup60D3.txt.

Error - 7/13/2010 5:49:20 PM | Computer Name = CLAY | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 - Update '.NET
Framework PreXP' could not be installed. Error code 1603. Additional information
is available in the log file C:\DOCUME~1\COMPAQ~1.CLA\LOCALS~1\Temp\dd_NET_Framework20_Setup60D3.txt.

Error - 7/13/2010 5:49:20 PM | Computer Name = CLAY | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 - Update 'Dr.
Watson' could not be installed. Error code 1603. Additional information is available
in the log file C:\DOCUME~1\COMPAQ~1.CLA\LOCALS~1\Temp\dd_NET_Framework20_Setup60D3.txt.

Error - 7/13/2010 5:49:20 PM | Computer Name = CLAY | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 - Update '.NET
Framework 1' could not be installed. Error code 1603. Additional information is
available in the log file C:\DOCUME~1\COMPAQ~1.CLA\LOCALS~1\Temp\dd_NET_Framework20_Setup60D3.txt.

Error - 7/13/2010 5:49:20 PM | Computer Name = CLAY | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 - Update '.NET
Framework 2' could not be installed. Error code 1603. Additional information is
available in the log file C:\DOCUME~1\COMPAQ~1.CLA\LOCALS~1\Temp\dd_NET_Framework20_Setup60D3.txt.

Error - 7/13/2010 5:49:20 PM | Computer Name = CLAY | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 - Update '.NET
Framework ASP .NET' could not be installed. Error code 1603. Additional information
is available in the log file C:\DOCUME~1\COMPAQ~1.CLA\LOCALS~1\Temp\dd_NET_Framework20_Setup60D3.txt.

Error - 7/13/2010 5:49:20 PM | Computer Name = CLAY | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 - Update '.NET
Framework WinForms' could not be installed. Error code 1603. Additional information
is available in the log file C:\DOCUME~1\COMPAQ~1.CLA\LOCALS~1\Temp\dd_NET_Framework20_Setup60D3.txt.

[ System Events ]
Error - 7/16/2010 3:50:45 PM | Computer Name = CLAY | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 7/16/2010 3:50:45 PM | Computer Name = CLAY | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 7/16/2010 3:50:45 PM | Computer Name = CLAY | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 7/16/2010 3:50:45 PM | Computer Name = CLAY | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 7/16/2010 3:50:45 PM | Computer Name = CLAY | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 7/16/2010 3:50:45 PM | Computer Name = CLAY | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 7/16/2010 3:50:47 PM | Computer Name = CLAY | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 7/16/2010 3:50:47 PM | Computer Name = CLAY | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 7/16/2010 5:51:46 PM | Computer Name = CLAY | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
ftsata2

Error - 7/19/2010 6:47:29 PM | Computer Name = CLAY | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
ftsata2


< End of report >


#8 Quality

Quality
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:26 AM

Posted 20 July 2010 - 05:15 PM

I decided to run avast antivirus with the boot option where it runs before the os takes control and have found many files either to be malware and 1 file to be in the hp folder that had to be deleted. I wanted to keep the current system files and programs but i believe the os is beyond fixing and hope you can help keep it alive but at this point im ready to fragment the hard drive and reinstall windows since this is a computer that has been moved to the back of the shop after buying a brand new computer. I would love to keep the programs but im just spending to much effort into this. I like working on pc's so if its not to much of a burden of your time i can keep on trying to get it to run virus and malware free. Much Thanks,

#9 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:08:26 AM

Posted 20 July 2010 - 08:17 PM

We can continue if you like...again it's your call. I'm not sure based on your last post if you want to continue or not. If you do want to continue, please don't run scans on your own..it does set us back as I try to understand what happened.

If you do want to continue...how is the computer running after you ran Combofix. You said it was bogging down. Is that still the case? Are you getting redirected if you use google? Any other current symptoms? What malware did Avast detect? Can you please post hte Avast log from that scan?


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#10 Quality

Quality
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:26 AM

Posted 21 July 2010 - 03:02 PM

Yes i would like to continue. I don't know how to get to the scan log from avast. As far as the computer goes, it still seems to be bogging down, but not as much. The internet is working fine now with no redirects. I do notice the start up seems to be fine now but when you minimize programs the window will slowing go down the screen and then close but it will take the computer a second or two before letting me do anything else.

#11 Quality

Quality
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:26 AM

Posted 21 July 2010 - 04:41 PM

This is the most current combofix log attached.

Attached Files



#12 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:08:26 AM

Posted 21 July 2010 - 06:19 PM

Hello, quality.

OK, it's looking fairly clean, so let's do a few things and see if that helps.



Step 1

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

QUOTE
RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]


Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.



Step 2

Next, we need to update Java.
Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 21 and save it to your desktop.
  • Scroll down to where it says "JDK 6 Update 21 (JDK or JRE)...allows end-users to run Java applications".
  • Click the "Download JRE" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) or Java™ in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u21-windows-i586-p.exe to install the newest version.



Step 3

Please pull anything out of the recycle bin that you want to save. Part of this fix will empty temp files, and that does include the recycle bin.

Please download TFC by OldTimer and save it to your desktop.
alternate download link

  • Save any unsaved work. TFC will close ALL open programs including your browser!
  • Double-click on TFC.exe to run it. If you are using Vista or Windows 7, right-click on the file and choose Run As Administrator.
  • Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
  • Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.




Step 4

I'd like us to scan your machine with ESET OnlineScan
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#13 Quality

Quality
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:26 AM

Posted 23 July 2010 - 06:40 PM

I ran the combofix and eset. I also added memory because the boss had his computer friend install it while i was gone.

Attached Files



#14 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:08:26 AM

Posted 23 July 2010 - 06:56 PM

Hello, Quality.

OK, looking better. How is it running? Please do this.

We need run an OTL Script
  1. Please download OTL from one of the following mirrors if you do not still have it.
    • This is first Mirror
    • [urhttp://www.itxassociates.com/OT-Tools/OTL.exe]This is the second mirror[/url]
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Paste the following code under the Custom Scans/Fixes box at the bottom. Do not include the word "Code".
    CODE
    :OTL
    SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
    SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
    DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\DRIVERS\ftsata2.sys -- (ftsata2)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\COMPAQ~1.CLA\LOCALS~1\Temp\catchme.sys -- (catchme)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKU\S-1-5-21-3435137876-2054043485-3331839053-1009\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKU\S-1-5-21-3435137876-2054043485-3331839053-1009\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKU\S-1-5-21-3435137876-2054043485-3331839053-1009\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
  5. Click the Run Fix button at the top.
  6. let the program run unhindered and reboot when it is done.
  7. You will get a log when it is done, please post that in your reply.
  8. Please then create a new OTL report....
  9. Click the "Scan All Users" checkbox.
  10. Push the button.
  11. A report will open, copy and paste it in a reply here.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#15 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:08:26 AM

Posted 26 July 2010 - 06:09 PM

still with me?


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users