Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 7 takes 15-20 minutes to boot


  • This topic is locked This topic is locked
30 replies to this topic

#1 ekafrawy

ekafrawy

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:40 PM

Posted 10 June 2011 - 08:09 PM

I have been having this issue for a long time, and im finally spending some time trying to resolve it. So basically when I start up my computer the windows logins screen seems to come up ok, in about 1-2 minutes. After I enter in my password it then takes about 15 minutes for my computer to finish loading up before I can do anything. I have uninstalled almost everything. I removed almost all startup programs except my antivirus. I ran AVG antivirus, spybot search and destroy, Wise Registry cleaner, I defragged HD, and ran Ad-Aware. Nothing has helped to resolved this, so I ran Hijack this and I'm hoping that someone here can take a look at my log to see if there is anything that is in there that should not be. Any haelp would be greatly appriciated.

Thanks!
Eric

My system info.

Asus P5E3 motherboard,
Inten Core2 Quade core 2.66 GHz
4GB ram
1TB hd 20% used.
Windows 7 Professional 64bit

Do I need to post more detailed info on my topic?

Attached Files


Edited by hamluis, 12 June 2011 - 12:54 PM.
Merged posts, sent PM.


BC AdBot (Login to Remove)

 


#2 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:40 PM

Posted 18 June 2011 - 11:38 AM

Hello and welcome to Bleeping Computer

My name is etavares and I will be working with you to fix your computer.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Please take note:

  • If you have since resolved the original problem you were having, we would appreciate you letting us know.
  • If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.
  • Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting. If you will be unable to respond (e.g. vacation, travel, etc.), please let me know ahead of time.
  • Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.
  • If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • If you have already posted a log, please do so again as instructed below, as your situation may have changed.
  • Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:

We need to create an OTL report,
  • Please download OTL from this link.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in:

    netsvcs
    msconfig
    drivers32 /all
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\system32\*.sys /90
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\*. /mp /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    CREATERESTOREPOINT

  • Click the Quick Scan button.
  • The scan should take a few minutes.
  • Please copy and paste both logs in your reply.


Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


In your reply, please post both OTL logs and the GMER log. Thanks and again sorry for the delay.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#3 ekafrawy

ekafrawy
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:40 PM

Posted 20 June 2011 - 01:22 PM

Hello, and thank you for helping me with my computer issue.

Below is the log I have after running the OTL tool.

I am running a 64 bit version of windows 7 so I don't have a GMER log


OTL logfile created on: 6/20/2011 2:04:59 PM - Run 1
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Users\Eric\Desktop
64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 1.56 Gb Available Physical Memory | 39.07% Memory free
8.00 Gb Paging File | 5.24 Gb Available in Paging File | 65.57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.50 Gb Total Space | 841.77 Gb Free Space | 90.37% Space Free | Partition Type: NTFS
Drive F: | 111.78 Gb Total Space | 0.96 Gb Free Space | 0.86% Space Free | Partition Type: NTFS

Computer Name: ERIC-PC | User Name: Eric | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/20 14:03:49 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Eric\Desktop\OTL.exe
PRC - [2011/06/16 10:14:46 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 11\firefox.exe
PRC - [2011/06/16 10:14:45 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 11\plugin-container.exe
PRC - [2011/05/16 08:58:36 | 002,151,128 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011/05/13 05:11:03 | 001,191,216 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011/04/18 17:40:08 | 002,334,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgtray.exe
PRC - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
PRC - [2010/03/06 04:04:24 | 000,310,224 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe


========== Modules (SafeList) ==========

MOD - [2011/06/20 14:03:49 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Eric\Desktop\OTL.exe
MOD - [2010/08/21 01:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/01/26 18:55:36 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/06/05 17:42:04 | 000,111,616 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\AEADISRV.EXE -- (AEADIFilters)
SRV - [2011/05/16 08:58:36 | 002,151,128 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/04/14 21:28:24 | 000,118,864 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/04/05 00:59:54 | 000,377,936 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2011/03/16 16:03:18 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/03/11 02:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/01 14:25:18 | 000,041,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/02/22 08:12:46 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:64bit: - [2011/02/10 07:53:34 | 000,029,264 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/01/26 19:37:20 | 009,085,952 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/01/26 18:13:32 | 000,299,520 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/01/07 06:41:44 | 000,304,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2010/11/17 08:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010/09/23 03:46:09 | 000,069,152 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Lbd.sys -- (Lbd)
DRV:64bit: - [2009/10/07 08:49:28 | 006,379,288 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) Logitech QuickCam Fusion(UVC)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 16:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 17:42:04 | 000,475,136 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV:64bit: - [2009/05/25 04:38:20 | 000,966,144 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/04/16 09:39:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam.sys -- (WDC_SAM)
DRV:64bit: - [2007/05/14 16:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2005/03/29 01:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2011/02/04 10:27:14 | 000,017,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys -- (Lavasoft Kernexplorer)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-4208931972-4254959827-725024132-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://encrypted.google.com/ [binary data]
IE - HKU\S-1-5-21-4208931972-4254959827-725024132-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://encrypted.google.com/
IE - HKU\S-1-5-21-4208931972-4254959827-725024132-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-4208931972-4254959827-725024132-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-4208931972-4254959827-725024132-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4C 22 0E E8 CB 08 CC 01 [binary data]
IE - HKU\S-1-5-21-4208931972-4254959827-725024132-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4208931972-4254959827-725024132-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.74
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - HKLM\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG10\Firefox4\ [2011/06/03 09:31:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 11\components [2011/06/16 10:14:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 11\plugins

[2010/10/28 18:44:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eric\AppData\Roaming\Mozilla\Extensions
[2011/06/05 11:05:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\vryq09ss.default\extensions
[2011/06/04 13:08:50 | 000,000,000 | ---D | M] (Awesome screenshot: Capture and Annotate) -- C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\vryq09ss.default\extensions\jid0-GXjLLfbCoAx0LcltEdFrEkQdQPI@jetpack
[2011/01/31 23:08:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/12/03 14:08:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
File not found (No name found) --
[2011/02/22 18:15:30 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX 4.0 BETA 11\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\ERIC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VRYQ09SS.DEFAULT\EXTENSIONS\{AE93811A-5C9A-4D34-8462-F7B864FC4696}.XPI
() (No name found) -- C:\USERS\ERIC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VRYQ09SS.DEFAULT\EXTENSIONS\TESTPILOT@LABS.MOZILLA.COM.XPI
[2010/12/03 14:08:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/05/27 13:47:33 | 000,434,698 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 192.168.1.6 NPI2CA13D.home
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14958 more lines...
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - File not found
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/common/asusTek_sys_ctrl.cab (asusTek_sysctrl Class)
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} http://picasaweb.google.com/s/v/70.11/uploader2.cab (UploadListView Class)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab (DLM Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.243.0.12
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - Reg Error: Key error. File not found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{cf66059a-f4b9-11df-9ee1-001fc666e8a7}\Shell - "" = AutoRun
O33 - MountPoints2\{cf66059a-f4b9-11df-9ee1-001fc666e8a7}\Shell\AutoRun\command - "" = "G:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{cf6605be-f4b9-11df-9ee1-001fc666e8a7}\Shell - "" = AutoRun
O33 - MountPoints2\{cf6605be-f4b9-11df-9ee1-001fc666e8a7}\Shell\AutoRun\command - "" = "G:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{cf66060f-f4b9-11df-9ee1-001fc666e8a7}\Shell - "" = AutoRun
O33 - MountPoints2\{cf66060f-f4b9-11df-9ee1-001fc666e8a7}\Shell\AutoRun\command - "" = "G:\WD SmartWare.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgchsva.exe /sync) - C:\Program Files (x86)\AVG\AVG10\avgchsva.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart) - C:\Program Files (x86)\AVG\AVG10\avgrsa.exe (AVG Technologies CZ, s.r.o.)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: AdobeAAMUpdater-1.0 - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: AdobeCS5ServiceManager - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: HP Color LaserJet CM1312 MFP Series Fax - hkey= - key= - C:\Program Files (x86)\HP\HP Color LaserJet CM1312 MFP Series\hppfaxprintersrv.exe (Hewlett-Packard Company)
MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: SoundMAX - hkey= - key= - C:\Program Files (x86)\Analog Devices\SoundMAX\soundmax.exe (Analog Devices, Inc.)
MsConfig:64bit - StartUpReg: SoundMAXPnP - hkey= - key= - C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
MsConfig:64bit - StartUpReg: SwitchBoard - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
MsConfig:64bit - State: "startup" - Reg Error: Key error.

Drivers32:64bit: aux - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: aux1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: aux2 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi2 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midimapper - midimap.dll (Microsoft Corporation)
Drivers32:64bit: mixer - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer2 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: msacm.msadpcm - msadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msg711 - msg711.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation)
Drivers32:64bit: MSVideo - vfwwdm32.dll (Microsoft Corporation)
Drivers32:64bit: MSVideo8 - VfWWDM32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.i420 - lvcod64.dll (Logitech Inc.)
Drivers32:64bit: VIDC.IYUV - iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.mrle - msrle32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.msvc - msvidc32.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.UYVY - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YUY2 - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YVU9 - tsbyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YVYU - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: wave - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave2 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wavemapper - msacm32.drv (Microsoft Corporation)
Drivers32: aux - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: aux2 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi2 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\Windows\SysWow64\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - C:\Windows\SysWow64\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\Windows\SysWow64\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\Windows\SysWow64\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\Windows\SysWow64\msgsm32.acm (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - C:\Windows\SysWow64\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.iyuv - C:\Windows\SysWow64\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\Windows\SysWow64\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\Windows\SysWow64\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
Drivers32: vidc.yuy2 - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\Windows\SysWow64\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\Windows\SysWow64\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/06/20 14:03:46 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Users\Eric\Desktop\OTL.exe
[2011/06/20 02:27:44 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{198C56E8-D6A9-452D-BFA6-AA96462883F5}
[2011/06/19 14:27:11 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{7331E1E7-5CA4-4165-B102-DFF88C3FE0CA}
[2011/06/19 02:26:39 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{00B80A70-5C80-4AFD-99C3-59692F6150E6}
[2011/06/18 14:26:07 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{E4F51606-5B52-4C7A-BEBC-84184A333764}
[2011/06/18 02:25:35 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{B66F16FC-8A07-4150-99A8-8001303A2F74}
[2011/06/17 14:25:03 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{DC7E7B2D-6A8D-4017-8435-3C86A52EEDE6}
[2011/06/17 04:05:05 | 000,000,000 | ---D | C] -- C:\81be01bdab0586519b93
[2011/06/17 02:24:31 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{86A72796-83C0-427A-B5FD-2254A128FF7F}
[2011/06/16 14:23:59 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{09DC2019-B571-4F3E-A99F-6B57AB9BEE4C}
[2011/06/16 03:09:00 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2011/06/16 02:23:15 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{2B78A69B-A4C3-4E54-A955-804C298BB2C1}
[2011/06/15 14:22:54 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{F98A33D8-E536-48C3-AC73-0F141E3AF8A8}
[2011/06/15 02:22:33 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{7AC80516-B238-4711-9553-D657E0DE8412}
[2011/06/14 14:22:13 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{783FC9D0-417A-46AD-84F8-81312E12915C}
[2011/06/14 02:20:42 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{29EBA8CF-D3D3-45C9-A942-17AD820F0939}
[2011/06/13 14:20:11 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{E7C62E65-8F58-474D-A0DE-724316DC7CCC}
[2011/06/13 13:01:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid
[2011/06/13 13:01:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xvid
[2011/06/13 02:19:39 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{A7E750D0-4317-4565-B3C7-5DC7C09E1604}
[2011/06/12 14:19:07 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{1BD5D96C-EB7D-4E4F-958B-079DE66A7010}
[2011/06/12 02:18:34 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{0217AC41-C9E0-472B-A124-C3E26DE33482}
[2011/06/11 14:18:02 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{FDFA8335-47EA-482D-8AF4-05FFFECB3E98}
[2011/06/11 02:17:30 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{2847DC12-D373-49BF-A03C-0EC8615FBD54}
[2011/06/10 20:11:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011/06/10 20:11:41 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/06/10 20:07:02 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\ElevatedDiagnostics
[2011/06/10 14:59:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Registry Cleaner Free
[2011/06/10 14:59:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wise Registry Cleaner
[2011/06/10 14:16:57 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{210CF4C8-6AFF-478F-8423-B304A30B0076}
[2011/06/10 11:08:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/06/10 11:07:52 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/06/10 11:07:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011/06/10 11:07:52 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/06/10 11:06:39 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/06/10 11:06:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2011/06/10 11:05:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/06/10 11:05:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2011/06/10 00:22:24 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{01E8E421-171E-4D14-9A4B-23124BC51203}
[2011/06/09 12:21:52 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{F4D3037A-CEE7-413F-85E4-6309BD9575A3}
[2011/06/09 00:21:19 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{C9DBC6DD-F5E7-4F6F-B7D7-459CC3359C86}
[2011/06/08 16:13:43 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{38F4CD64-430A-4D81-B3FD-AD7C6E9F4B25}
[2011/06/08 04:13:10 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{891A10C5-6871-4EAB-B41B-3A7ECFDA42B8}
[2011/06/07 16:12:38 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{1EDB3F1F-17D4-4B44-9CF7-BBD3707D795E}
[2011/06/07 04:12:06 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{A7553428-1763-417B-97D4-271656BC95A7}
[2011/06/06 16:11:34 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{194590E8-E9D6-4170-9284-C6F8402D8D93}
[2011/06/06 04:11:02 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{B480E310-2F7C-4548-B69C-7C3B422E0574}
[2011/06/05 16:10:30 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{E0A0BA12-3947-43F4-B127-5D223F355C6C}
[2011/06/05 04:09:58 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{BA425D35-2F25-4CFB-B7BA-1E5E2C3C87D8}
[2011/06/04 16:09:26 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{2C4E268D-31AE-4077-B74E-848E0AE13CB3}
[2011/06/04 04:08:54 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{0AD7EBD8-487B-43C6-A4B9-AB1BE109B61F}
[2011/06/03 16:08:22 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{44B0F37C-D88B-44A3-B26A-479181283952}
[2011/06/03 04:07:49 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{75A9CE11-B560-40B2-8169-0268699C55D5}
[2011/06/02 16:07:27 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{05A2D970-3B42-4CB7-A44A-F0FA5265501B}
[2011/06/02 12:00:03 | 000,000,000 | ---D | C] -- C:\Users\Eric\Desktop\cssHOMEPAGE (1)
[2011/06/02 04:06:27 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{6D5E23C7-8230-42AC-8C8E-99EFADBEA7FB}
[2011/06/01 16:05:37 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{361EFE8B-7802-45D7-AFAE-9E159F998681}
[2011/06/01 04:05:05 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{2D6CBCD7-A2F8-49B8-8E89-0C8F0DD414A1}
[2011/05/31 16:04:32 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{D9E75285-5EC7-481F-83FC-E5D793D22E76}
[2011/05/31 04:04:10 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{525CB33D-8026-4E62-BF50-3D447730D6FB}
[2011/05/30 16:03:37 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{A416CA8A-D8A3-4132-9B78-99B63C7403EE}
[2011/05/30 04:03:05 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{1D13E65E-7C25-48E1-9B7D-391194345DC2}
[2011/05/29 16:02:44 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{0CC7B6CC-4AFF-4323-B089-64E46CD88F58}
[2011/05/29 04:02:11 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{525EA60C-266C-46CA-B840-113A11569DF4}
[2011/05/28 16:01:40 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{0DF16753-BDFD-461A-A38A-9FBEF2E99D11}
[2011/05/28 04:01:07 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{5FE64078-B7E5-4B72-B1C1-E84F767E4910}
[2011/05/27 16:00:39 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{AD7FFB64-C890-4415-8444-F35EC575E975}
[2011/05/27 13:41:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011/05/27 13:41:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/05/27 13:41:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2011/05/27 04:00:07 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{AB0668DB-5B4D-4034-8B7F-34348BF17AC1}
[2011/05/26 15:59:33 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{847179A6-16EA-4A6A-83B7-24F7738D8C32}
[2011/05/26 03:59:00 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{3E63AE63-92D0-4283-B78D-AA64946439B9}
[2011/05/25 15:58:28 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{4AEFBBB9-FD30-4EED-A658-08984DDBBB66}
[2011/05/25 03:57:54 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{CBC60573-C455-481B-A8A3-B860E47CA786}
[2011/05/24 15:57:33 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{16F38045-6C8C-44E5-8EC9-5290A314809A}
[2011/05/23 12:16:16 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{3B5A0B3D-FE87-491E-B6DA-3A7B2D446E2E}
[2011/05/23 00:15:31 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{BE555ED2-5896-4E3E-BC5F-47F98ECFCBFF}
[2011/05/22 12:14:59 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{673759B6-CBD8-40A0-86C8-857C829E7B04}
[2011/05/22 00:14:26 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{84AFAA7D-4B90-4445-9F06-5313B3E11744}

========== Files - Modified Within 30 Days ==========

[2011/06/20 14:03:49 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Eric\Desktop\OTL.exe
[2011/06/20 09:25:30 | 119,248,602 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2011/06/19 18:29:54 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/06/19 18:29:54 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/06/16 10:15:02 | 000,002,160 | ---- | M] () -- C:\Users\Eric\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox 4.0 Beta 11.lnk
[2011/06/16 09:40:23 | 000,013,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/16 09:40:16 | 000,013,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/16 09:18:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/16 09:17:52 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2011/06/16 09:17:49 | 3220,529,152 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/16 03:32:26 | 004,663,544 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/06/16 03:06:36 | 000,739,906 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/06/16 03:06:36 | 000,623,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/06/16 03:06:36 | 000,106,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/06/15 11:13:29 | 033,763,366 | ---- | M] () -- C:\Users\Eric\Desktop\Jets over Middleboro.wmv
[2011/06/15 10:28:26 | 188,700,672 | ---- | M] () -- C:\Users\Eric\Desktop\00044.MTS
[2011/06/10 20:11:41 | 000,002,971 | ---- | M] () -- C:\Users\Eric\Desktop\HiJackThis.lnk
[2011/06/10 14:59:33 | 000,001,153 | ---- | M] () -- C:\Users\Public\Desktop\Wise Registry Cleaner.lnk
[2011/06/10 11:08:01 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/06/09 23:53:53 | 000,132,359 | ---- | M] () -- C:\Users\Eric\Desktop\Capture.JPG
[2011/06/09 10:04:16 | 188,450,369 | ---- | M] () -- C:\Users\Eric\Desktop\Howie D 100_4.mov
[2011/06/09 08:34:45 | 012,137,470 | ---- | M] () -- C:\Users\Eric\Desktop\100 1 Minute Cut.wav
[2011/06/05 10:53:37 | 003,382,466 | ---- | M] () -- C:\Users\Eric\Desktop\686.JPG
[2011/06/05 10:53:35 | 003,160,226 | ---- | M] () -- C:\Users\Eric\Desktop\688.JPG
[2011/06/05 10:53:28 | 003,154,647 | ---- | M] () -- C:\Users\Eric\Desktop\687.JPG
[2011/06/05 10:52:54 | 003,420,326 | ---- | M] () -- C:\Users\Eric\Desktop\685.JPG
[2011/06/03 14:12:19 | 000,965,880 | ---- | M] () -- C:\Users\Eric\Desktop\FirefoxScreenSnapz002.pdf
[2011/06/03 09:31:22 | 000,000,953 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2011/06/03 00:08:32 | 000,000,132 | ---- | M] () -- C:\Users\Eric\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/06/02 23:08:43 | 372,649,648 | ---- | M] () -- C:\Users\Eric\Desktop\Howie D 100_1.mov
[2011/06/02 15:38:33 | 096,951,489 | ---- | M] () -- C:\Users\Eric\Desktop\Howie no intro.mov
[2011/06/02 13:07:01 | 000,000,132 | ---- | M] () -- C:\Users\Eric\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2011/06/01 20:11:24 | 099,800,555 | ---- | M] () -- C:\Users\Eric\Desktop\Howie ID3.mov
[2011/06/01 09:05:57 | 000,000,641 | ---- | M] () -- C:\Users\Eric\Documents\ChatLog MMX team meet 2011_06_01 09_05.rtf
[2011/06/01 09:01:51 | 000,072,080 | ---- | M] () -- C:\Users\Eric\g2mdlhlpx.exe
[2011/05/31 14:27:22 | 036,784,892 | ---- | M] () -- C:\Users\Eric\Desktop\100 Master 42011.wav
[2011/05/27 13:47:33 | 000,434,698 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/05/27 13:41:07 | 000,001,258 | ---- | M] () -- C:\Users\Eric\Desktop\Spybot - Search & Destroy.lnk
[2011/05/25 15:44:09 | 000,295,556 | ---- | M] () -- C:\Users\Eric\Desktop\dyno chart.jpg
[2011/05/25 11:07:41 | 000,097,062 | ---- | M] () -- C:\Users\Eric\Desktop\Signed Bill of Sale 5-22-11.pdf
[2011/05/24 13:00:15 | 000,092,628 | ---- | M] () -- C:\Users\Eric\Desktop\statements.pdf
[2011/05/24 12:11:01 | 000,052,252 | ---- | M] () -- C:\Users\Eric\Desktop\Promissory Note 5-22-11.pdf
[2011/05/24 12:10:55 | 000,025,982 | ---- | M] () -- C:\Users\Eric\Desktop\Bill of Sale 5-22-11.pdf

========== Files Created - No Company Name ==========

[2011/06/15 11:12:42 | 033,763,366 | ---- | C] () -- C:\Users\Eric\Desktop\Jets over Middleboro.wmv
[2011/06/15 10:40:11 | 188,700,672 | ---- | C] () -- C:\Users\Eric\Desktop\00044.MTS
[2011/06/13 13:01:24 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/06/13 13:01:24 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/06/13 13:01:24 | 000,077,824 | ---- | C] () -- C:\Windows\SysWow64\xvid.ax
[2011/06/10 20:11:41 | 000,002,971 | ---- | C] () -- C:\Users\Eric\Desktop\HiJackThis.lnk
[2011/06/10 14:59:33 | 000,001,153 | ---- | C] () -- C:\Users\Public\Desktop\Wise Registry Cleaner.lnk
[2011/06/10 11:08:01 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/06/09 23:53:53 | 000,132,359 | ---- | C] () -- C:\Users\Eric\Desktop\Capture.JPG
[2011/06/09 09:49:56 | 188,450,369 | ---- | C] () -- C:\Users\Eric\Desktop\Howie D 100_4.mov
[2011/06/09 08:34:43 | 012,137,470 | ---- | C] () -- C:\Users\Eric\Desktop\100 1 Minute Cut.wav
[2011/06/05 10:48:09 | 003,160,226 | ---- | C] () -- C:\Users\Eric\Desktop\688.JPG
[2011/06/05 10:48:01 | 003,154,647 | ---- | C] () -- C:\Users\Eric\Desktop\687.JPG
[2011/06/05 10:47:57 | 003,382,466 | ---- | C] () -- C:\Users\Eric\Desktop\686.JPG
[2011/06/05 10:47:53 | 003,420,326 | ---- | C] () -- C:\Users\Eric\Desktop\685.JPG
[2011/06/03 14:12:03 | 000,965,880 | ---- | C] () -- C:\Users\Eric\Desktop\FirefoxScreenSnapz002.pdf
[2011/06/02 22:37:40 | 372,649,648 | ---- | C] () -- C:\Users\Eric\Desktop\Howie D 100_1.mov
[2011/06/02 15:28:56 | 096,951,489 | ---- | C] () -- C:\Users\Eric\Desktop\Howie no intro.mov
[2011/06/02 13:07:01 | 000,000,132 | ---- | C] () -- C:\Users\Eric\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2011/06/01 20:03:40 | 099,800,555 | ---- | C] () -- C:\Users\Eric\Desktop\Howie ID3.mov
[2011/06/01 09:05:57 | 000,000,641 | ---- | C] () -- C:\Users\Eric\Documents\ChatLog MMX team meet 2011_06_01 09_05.rtf
[2011/05/31 14:27:22 | 036,784,892 | ---- | C] () -- C:\Users\Eric\Desktop\100 Master 42011.wav
[2011/05/27 13:41:07 | 000,001,258 | ---- | C] () -- C:\Users\Eric\Desktop\Spybot - Search & Destroy.lnk
[2011/05/25 15:44:08 | 000,295,556 | ---- | C] () -- C:\Users\Eric\Desktop\dyno chart.jpg
[2011/05/25 11:07:59 | 000,097,062 | ---- | C] () -- C:\Users\Eric\Desktop\Signed Bill of Sale 5-22-11.pdf
[2011/05/24 13:00:14 | 000,092,628 | ---- | C] () -- C:\Users\Eric\Desktop\statements.pdf
[2011/05/24 12:11:01 | 000,052,252 | ---- | C] () -- C:\Users\Eric\Desktop\Promissory Note 5-22-11.pdf
[2011/05/24 12:10:55 | 000,025,982 | ---- | C] () -- C:\Users\Eric\Desktop\Bill of Sale 5-22-11.pdf
[2011/05/05 20:42:02 | 000,005,120 | ---- | C] () -- C:\Users\Eric\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/24 18:29:23 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/04/24 18:29:23 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2010/12/20 22:27:20 | 000,003,113 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/11/30 23:28:18 | 000,001,456 | ---- | C] () -- C:\Users\Eric\AppData\Local\Adobe Save for Web 12.0 Prefs
[2010/11/03 11:11:06 | 000,000,739 | ---- | C] () -- C:\Windows\hpntwksetup.ini
[2010/11/03 11:08:18 | 000,177,007 | ---- | C] () -- C:\Windows\hppins11.dat
[2010/11/03 11:08:18 | 000,005,707 | ---- | C] () -- C:\Windows\hppmdl11.dat
[2010/11/01 09:40:07 | 000,000,132 | ---- | C] () -- C:\Users\Eric\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010/10/29 08:54:43 | 000,000,600 | ---- | C] () -- C:\Users\Eric\AppData\Local\PUTTY.RND
[2010/10/28 17:46:43 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010/10/28 17:35:50 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/03/24 11:41:40 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\AVG
[2010/10/28 18:24:07 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\AVG10
[2010/11/01 20:20:34 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/06/03 13:03:24 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\FileZilla
[2011/06/09 08:34:49 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Free Audio Editor
[2010/11/04 21:06:03 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Notepad++
[2011/02/13 17:48:23 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010/10/28 21:58:19 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Windows Live Writer
[2009/07/14 01:08:49 | 000,015,672 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\*.sys /90 >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %SYSTEMDRIVE%\*.* >
[2011/06/16 09:17:48 | 000,007,404 | ---- | M] () -- C:\aaw7boot.log
[2009/07/13 21:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2010/10/28 21:19:53 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2011/06/16 09:17:49 | 3220,529,152 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/16 09:17:49 | 4294,041,600 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >

< %systemroot%\*. /mp /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

========== Alternate Data Streams ==========

@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:0B4227B4

< End of report >

#4 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:40 PM

Posted 20 June 2011 - 06:00 PM

Hello, ekafrawy.



Registry Cleaner Warning


I also see that you have a registry cleaner installed (in your case Wise Registry Cleaner). Here at BC, we do not recommend using registry cleaners. If you do use it, make sure to use a tool like ERUNT to back up your registry first. Merely backing it up yourself via regedit wont' help you if you can't boot up as a result!

See here for more information:
http://www.bleepingcomputer.com/forums/index.php?showtopic=238799&st=0&p=1326578&#entry1326578













Step 1

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.



Step 2

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#5 ekafrawy

ekafrawy
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:40 PM

Posted 21 June 2011 - 06:55 AM

Hello,
Here is my Malwarebytes log. It found no issues.


Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6908

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

6/21/2011 7:51:23 AM
mbam-log-2011-06-21 (07-51-23).txt

Scan type: Quick scan
Objects scanned: 180973
Time elapsed: 12 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)





Here is my aswMBR log:

aswMBR version 0.9.7.675 Copyright© 2011 AVAST Software
Run date: 2011-06-21 07:54:06
-----------------------------
07:54:06.772 OS Version: Windows x64 6.1.7600
07:54:06.772 Number of processors: 4 586 0x1707
07:54:06.772 ComputerName: ERIC-PC UserName: Eric
07:54:08.597 Initialize success
07:54:24.610 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T1L0-6
07:54:24.610 Disk 0 Vendor: WDC_WD1001FALS-00J7B0 05.00K05 Size: 953869MB BusType: 3
07:54:24.610 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T1L0-7
07:54:24.610 Disk 1 Vendor: ST3120026AS 3.05 Size: 114473MB BusType: 3
07:54:26.638 Disk 0 MBR read successfully
07:54:26.638 Disk 0 MBR scan
07:54:26.638 Disk 0 Windows 7 default MBR code
07:54:26.638 Service scanning
07:54:27.481 Disk 0 trace - called modules:
07:54:27.481 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
07:54:27.481 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004a51060]
07:54:27.481 3 CLASSPNP.SYS[fffff880018ff43f] -> nt!IofCallDriver -> [0xfffffa800443f670]
07:54:27.481 5 ACPI.sys[fffff88000f0e781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T1L0-6[0xfffffa80047fc060]
07:54:27.496 Scan finished successfully
07:54:43.752 Disk 0 MBR has been saved successfully to "C:\Users\Eric\Desktop\MBR.dat"
07:54:43.752 The log file has been saved successfully to "C:\Users\Eric\Desktop\aswMBR.txt"


Thanks again,

Eric

#6 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:40 PM

Posted 21 June 2011 - 06:03 PM

Hello, ekafrawy.

Doesn't appear to be malware, but we'll do one final check to be sure. Also, at the end, a question as we switch from virus hunting to diagnosis of which program is causing it.



Step 1

Please pull anything out of the recycle bin that you want to save. Part of this fix will empty temp files, and that does include the recycle bin.

Please download TFC by OldTimer and save it to your desktop.
alternate download link


  • Save any unsaved work. TFC will close ALL open programs including your browser!
  • Double-click on TFC.exe to run it. If you are using Vista or Windows 7, right-click on the file and choose Run As Administrator.
  • Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
  • Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.




Step 2

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image



Step 3


If you boot into Safe Mode, does it take that long to log in?

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#7 ekafrawy

ekafrawy
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:40 PM

Posted 22 June 2011 - 07:19 AM

Hello,

I ran the TFC application, and it did require a restart once it completed. This restart took 23 minutes before I could use firefox.
4 minutes to get to windows login screen
19 minutes passed after I entered my windows login password before I could use anything. In this case firefox.

I then ran the ESET online scan, it found 0 threats, and did not give me the option to "List found threats" or "Export to text file"

One thing I did notice was that I got a windows popup message saying "You may be a victim of counterfeit software" with just an ok button to close the message box. I also notice on the lower right corner of the screen on my desktop there is text, that says that my version of windows 7 is not genuine. which is not true. I purchased the software straight from microsoft.

When I booted this time in safe mode it took 2 minutes and 17 seconds.


Thanks,
Eric

#8 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:40 PM

Posted 22 June 2011 - 03:56 PM

OK, it is something loading in normal mode. I did have a note to check on the status of Windows as the log showed it may not be recognized as genuine.

Try to Validate your Windows software with this link. Let me know the results. If it can't be validated, I can direct you how to contact Microsoft to get it validated.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#9 ekafrawy

ekafrawy
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:40 PM

Posted 22 June 2011 - 09:11 PM

ok i tried that link, and it came back as being valid. I also noticed that the text in the lower right corner of my desktop saying it is not a genuine version is now gone.

#10 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:40 PM

Posted 23 June 2011 - 05:02 PM

Great! That happened to one of my computers a while back. Freaked me out....I had purchased several licenses directly from Microsoft.

Now, I'll start by asking if anything with the speed of the boot changed? Next, we'll go into diagnosis mode, but I wanted to check if validation helped first.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#11 ekafrawy

ekafrawy
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:40 PM

Posted 23 June 2011 - 07:40 PM

No boot time change has been noticed.

Thanks,
Eric

#12 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:40 PM

Posted 25 June 2011 - 05:52 AM

OK, diagnosis time then. We'll use selective startup to remove all startup items, then add them in one by one until we find the culprit. This one will allow us to narrow down the root cause and plan our next step.

  • Clicking Start --> Control Panel, click System and Security, then Administrative Tools, and then double-click System Configuration.‌
  • Select Selective Startup
  • Under the General tab, check Load System Services. Make sure Load Startup Items is UNchecked.
  • Reboot. How long did it take to boot?


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#13 ekafrawy

ekafrawy
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:40 PM

Posted 26 June 2011 - 10:34 AM

ok after using the selective start up here are my boot times.


At 2 minutes 15 seconds I got to the windows login screen

9 minutes 18 seconds the desktop loads, but I cant open file or program.

16 minutes and 52 seconds, I am able to open firefox and use my computer as normal.


Thanks,
Eric

#14 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:40 PM

Posted 26 June 2011 - 11:16 AM

OK, so no help, correct? That must mean it is a system service. We'll invert the order. If you don't have internet access on the reboot after below, go back in and check both "load system services" and 'load startup items' and reboot again.

  • Click Start --> Control Panel, click System and Security, then Administrative Tools, and then double-click System Configuration.‌
  • Select Selective Startup
  • Under the General tab, UNcheck Load System Services. Make sure Load Startup Items is checked.
  • Reboot. How long did it take to boot? This should be shorter if Safe Mode worked and loading startup items didn't help. ONce we confirm a quicker bootup is due to a service, we'll work to determine which service.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#15 ekafrawy

ekafrawy
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:40 PM

Posted 26 June 2011 - 06:43 PM

ok this time the times were much better

1:12 to get to windows login screen
1:20 to load desktop
1:50 to run firefox.

Also after I rebooted a second time after checking services, and startup items from the General Tab I got a message saying my windows may not be genuine, and it gave me two buttons to choose from. "Get Genuine" and "Ask Later". I clicked on Ask Later and it brought me to the desktop.

Eric




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users