WiredWX Hobby Weather ToolsLog in

 


Very slow computer, virus maybe??

2 posters

descriptionVery slow computer, virus maybe?? EmptyVery slow computer, virus maybe??

more_horiz
I use Avira as a scanner, it doesn't pick up anything, I tried emptying all my browser history, getting rid of desktop icons I don't use, I even thought that maybe it was bad network coverage but it's not flashing green (green meaning little if any coverage) I even defragged! Could I have something wrong I don't know about and could someone please help me? Thanks for taking the time to read this Smile...

descriptionVery slow computer, virus maybe?? EmptyRe: Very slow computer, virus maybe??

more_horiz
Hi TrishKa,

Welcome to GeekPolice.net Very slow computer, virus maybe?? Smiley-greet024

My name is TheAvatar and I will be tying to help you resolve your issues.

If you have already received help elsewhere please inform me so that this topic can be closed.

If you haven't, please keep reading.
Note Before we start the process you should:

  • POST your logs, don't attach them, as it makes it harder to read.
  • Each time I instruct you to download a file to use it, please do it even if I have told you before to download it again. This is because these tools are frequently updated to detect newer infections.
  • Please be patient, there is no quick fix for malware. Removal can take several attempts. Just because symptoms have gone away, does not mean the infection is gone.
  • Last, as most of the tools we use here need administrative rights in order to function properly, I expect that you will be running them from an administrator account.
  • If I have not replied to your thread within 2 days, please PM me.



===

Please download OTL from one of the following links
  • LINK 1
  • LINK 2

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Under the Custom Scan box paste this in;

      netsvcs
      drivers32
      %SYSTEMDRIVE%\*.*
      %systemroot%\*. /mp /s
      CREATERESTOREPOINT
      %systemroot%\System32\config\*.sav
      HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them if you need to start a new topic.

descriptionVery slow computer, virus maybe?? EmptyRe: Very slow computer, virus maybe??

more_horiz
OTL Extras logfile created on: 10/17/2010 7:21:33 PM - Run 1
OTL by OldTimer - Version 3.2.15.2 Folder = C:\Documents and Settings\Trish\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 81.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 415.30 Gb Free Space | 89.17% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive E: | 11.56 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: A-6B8495670A044 | User Name: Trish | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee 9.0.Browse] -- "C:\Program Files\ACD Systems\ACDSee\9.0\ACDSeeQV.exe" "%1" (ACD Systems Ltd.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\CDS\Nero\Installation\SetupX.exe" = D:\CDS\Nero\Installation\SetupX.exe:*:Enabled:Nero ProductSetup -- File not found
"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe -- File not found
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- File not found
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe -- File not found
"C:\Documents and Settings\Trish\Application Data\IMVUClient\IMVUClient.exe" = C:\Documents and Settings\Trish\Application Data\IMVUClient\IMVUClient.exe:*:Enabled:IMVUClient -- ()
"C:\WINDOWS\system32\muzapp.exe" = C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player -- (Musiccity Co.Ltd.)
"C:\Documents and Settings\Trish\Application Data\IMVUClient\1VivoxVoice.exe" = C:\Documents and Settings\Trish\Application Data\IMVUClient\1VivoxVoice.exe:*:Enabled:1VivoxVoice -- (Vivox, Inc.)
"C:\Program Files\Paltalk Messenger\paltalk.exe" = C:\Program Files\Paltalk Messenger\paltalk.exe:*:Enabled:PaltalkScene -- File not found
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP620_series" = Canon MP620 series MP Drivers
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 19
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{72FD5F2E-1F7A-4E9B-8838-29E842E178CD}" = Join Me
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Client 1.10.00
"{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{92022F8E-2E55-4A16-88EB-B4778B35E942}" = ACDSee for PENTAX 3.0
"{92B79901-C57D-409F-8D2F-4E5337383569}" = OpenOffice.org 3.0
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
"{A20A58C4-6784-4B4B-86CC-94E2E3671033}" = Nero 7 Premium
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.1
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{C20CE592-B0F8-4D20-BF31-0151CA6331A6}" = Samsung Media Studio
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{D42FD0CF-F36F-42D5-A12F-CE58397FD78A}" = Telstra Mobile Broadband Manager
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"5E8F128761A9B07EC2DEC909F167D92DB8B3A348" = Windows Driver Package - Cmotech Modem (12/13/2006 2.0.3.5)
"6A032F4180B5A0E8F4BC27384D0A423B2595A785" = Windows Driver Package - Cmotech Ports (12/13/2006 2.0.3.5)
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Any Video Converter Professional_is1" = Any Video Converter Professional 3.0.7
"Any Video Converter_is1" = Any Video Converter 3.0.7
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CANONIJPLM100" = Inkjet Printer/Scanner Extended Survey Program
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CloneDVD2" = CloneDVD2
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2008-01-24
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"Dodo Wireless Broadband" = Dodo Wireless Broadband
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"E7E257830CD4614E7CF1B3792DF19B85FE5E7BE7" = Windows Driver Package - Cmotech (cmusbnet) Net (06/11/2007 2.0.0.9)
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ie8" = Windows Internet Explorer 8
"IMVU_Inc Toolbar" = IMVU Inc Toolbar
"InstallShield_{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"Inzomia Viewer" = Inzomia Viewer 3.11
"Lame MP3 Codec (for the ACM)" = Lame ACM MP3 Codec
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"OnlineArmor_is1" = Online Armor 4.0
"Search Guard Plus" = Search Guard Plus (My Web Tattoo)
"Search Guard Plus Updater" = Search Guard Plus Updater (My Web Tattoo)
"TBSB07183.TBSB07183Toolbar" = Fast Browser Search (My Web Tattoo)
"Telstra Mobile Broadband Manager" = Telstra Mobile Broadband Manager
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XviD_is1" = XviD MPEG-4 Video Codec

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Advanced IM Password Recovery" = Advanced IM Password Recovery
"IMVU Avatar chat client software BETA" = IMVU Avatar Chat Software

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/2/2010 9:24:27 PM | Computer Name = A-6B8495670A044 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/2/2010 9:24:40 PM | Computer Name = A-6B8495670A044 | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

Error - 10/3/2010 10:24:41 PM | Computer Name = A-6B8495670A044 | Source = Application Error | ID = 1000
Description = Faulting application jaucheck.exe, version 2.0.2.1, faulting module
jaucheck.exe, version 2.0.2.1, fault address 0x0000c940.

Error - 10/12/2010 2:24:35 AM | Computer Name = A-6B8495670A044 | Source = Application Error | ID = 1000
Description = Faulting application jaucheck.exe, version 2.0.2.1, faulting module
jaucheck.exe, version 2.0.2.1, fault address 0x0000c940.

Error - 10/13/2010 1:31:05 AM | Computer Name = A-6B8495670A044 | Source = Google Update | ID = 20
Description =

Error - 10/13/2010 7:39:39 PM | Computer Name = A-6B8495670A044 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/13/2010 11:31:05 PM | Computer Name = A-6B8495670A044 | Source = Google Update | ID = 20
Description =

Error - 10/14/2010 12:31:05 AM | Computer Name = A-6B8495670A044 | Source = Google Update | ID = 20
Description =

Error - 10/14/2010 1:31:05 AM | Computer Name = A-6B8495670A044 | Source = Google Update | ID = 20
Description =

Error - 10/14/2010 2:31:05 AM | Computer Name = A-6B8495670A044 | Source = Google Update | ID = 20
Description =

[ System Events ]
Error - 9/13/2010 11:47:32 PM | Computer Name = A-6B8495670A044 | Source = Srv | ID = 2000
Description = The server's call to a system service failed unexpectedly.

Error - 9/14/2010 1:29:54 AM | Computer Name = A-6B8495670A044 | Source = Dhcp | ID = 1002
Description = The IP address lease 10.192.85.50 for the Network Card with network
address 00A0C6000000 has been denied by the DHCP server 10.168.104.229 (The DHCP
Server sent a DHCPNACK message).

Error - 9/27/2010 7:31:38 AM | Computer Name = A-6B8495670A044 | Source = DCOM | ID = 10010
Description = The server {7160A13D-73DA-4CEA-95B9-37356478588A} did not register
with DCOM within the required timeout.


< End of report >

descriptionVery slow computer, virus maybe?? EmptyRe: Very slow computer, virus maybe??

more_horiz
OTL logfile created on: 10/17/2010 7:21:33 PM - Run 1
OTL by OldTimer - Version 3.2.15.2 Folder = C:\Documents and Settings\Trish\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 81.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 415.30 Gb Free Space | 89.17% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive E: | 11.56 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: A-6B8495670A044 | User Name: Trish | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

========== Processes (SafeList) ==========

PRC - [2010/10/17 19:20:11 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Trish\My Documents\Downloads\OTL.exe
PRC - [2010/09/06 22:37:53 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/07/23 13:07:03 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/07/23 13:06:53 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/05/14 12:01:26 | 004,352,408 | ---- | M] (Telstra) -- C:\Program Files\Telstra\Mobile Broadband Manager\TelstraUCM.exe
PRC - [2010/04/16 09:33:40 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/03/08 14:28:54 | 001,029,456 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/03/02 10:28:31 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/02/24 09:28:09 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/01/14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/12/05 07:53:38 | 001,282,248 | ---- | M] (Tall Emu) -- C:\Program Files\Tall Emu\Online Armor\oacat.exe
PRC - [2009/09/01 19:47:13 | 000,139,264 | ---- | M] () -- C:\Program Files\Dodo Wireless Broadband\Dodo Wireless Broadband.exe
PRC - [2008/12/10 20:02:30 | 000,216,520 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\daemon.exe
PRC - [2008/10/01 11:45:00 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2008/10/01 11:43:38 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2008/04/15 00:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/18 03:06:00 | 001,848,648 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2008/01/22 19:35:52 | 000,103,808 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
PRC - [2007/05/16 10:27:38 | 001,209,904 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2007/05/16 10:27:16 | 000,153,136 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2007/02/23 16:32:56 | 000,126,976 | ---- | M] (SAMSUNG ELECTRONICS) -- C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
PRC - [2007/01/30 20:36:30 | 000,057,344 | ---- | M] ((주)마크애니) -- C:\Program Files\MarkAny\ContentSafer\MaAgent.exe
PRC - [2006/04/01 16:30:34 | 001,404,928 | R--- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe


========== Modules (SafeList) ==========

MOD - [2010/10/17 19:20:11 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Trish\My Documents\Downloads\OTL.exe
MOD - [2010/08/24 03:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2008/04/15 00:40:22 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2004/11/24 20:58:24 | 000,163,840 | ---- | M] (MarkAny Co., Ltd.) -- C:\Program Files\MarkAny\ContentSafer\MaCSProHook.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/09/06 22:37:53 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/04/16 09:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/08 14:28:54 | 001,029,456 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/02/24 09:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/12/05 07:53:38 | 003,291,336 | ---- | M] (Tall Emu) [On_Demand | Stopped] -- C:\Program Files\Tall Emu\Online Armor\oasrv.exe -- (SvcOnlineArmor)
SRV - [2009/12/05 07:53:38 | 001,282,248 | ---- | M] (Tall Emu) [Auto | Running] -- C:\Program Files\Tall Emu\Online Armor\OAcat.exe -- (OAcat)
SRV - [2008/01/22 19:35:52 | 000,103,808 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)


========== Driver Services (SafeList) ==========

DRV - [2010/08/01 22:27:02 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/05/03 13:18:12 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2010/03/01 09:05:24 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/02/16 13:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/01/27 11:45:48 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2010/01/27 11:45:48 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2010/01/27 11:45:48 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2010/01/25 19:56:16 | 000,105,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\zgwhsmdm.sys -- (zgwhsmdm)
DRV - [2010/01/22 11:57:16 | 000,106,752 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\zgwhsdiag.sys -- (zgwhsdiag)
DRV - [2009/12/28 16:03:40 | 000,114,688 | ---- | M] (ZTE Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnet.sys -- (ZTEusbnet)
DRV - [2009/12/05 07:28:06 | 000,024,656 | ---- | M] (Tall Emu) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\OAmon.sys -- (OAmon)
DRV - [2009/12/05 07:27:56 | 000,029,776 | ---- | M] (Tall Emu Pty Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\OAnet.sys -- (OAnet)
DRV - [2009/12/05 07:27:52 | 000,223,312 | ---- | M] (Tall Emu) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\OADriver.sys -- (OADevice)
DRV - [2009/07/04 01:49:08 | 000,064,160 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/05/11 11:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/05/11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008/12/13 12:26:38 | 000,102,400 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008/04/29 11:59:52 | 000,007,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\massfilter.sys -- (massfilter)
DRV - [2008/01/09 13:28:34 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\seehcri.sys -- (seehcri)
DRV - [2006/04/01 16:33:16 | 000,134,272 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2006/04/01 16:30:34 | 000,732,928 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2004/07/29 07:09:09 | 000,009,856 | ---- | M] (Elaborate Bytes AG) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2004/06/09 09:13:49 | 000,003,968 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyDelay.sys -- (ElbyDelay)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.tattoodle.com/
IE - HKCU\..\URLSearchHook: {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files\IMVU_Inc\tbIMV1.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.tattoodle.com/"
FF - prefs.js..extensions.enabledItems: plugin@yontoo.com:1.10.00
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/21 22:41:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/21 22:41:17 | 000,000,000 | ---D | M]

[2010/08/21 22:41:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trish\Application Data\Mozilla\Extensions
[2009/10/05 21:12:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trish\Application Data\Mozilla\Extensions\IMVUClientXUL@imvu.com
[2010/08/21 22:41:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trish\Application Data\Mozilla\Firefox\Profiles\jcwja3uc.default\extensions
[2010/10/17 11:20:00 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/09/24 00:36:41 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\plugin@yontoo.com

O1 HOSTS File: ([2004/08/13 00:19:39 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (IMVU Inc Toolbar) - {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files\IMVU_Inc\tbIMV1.dll (Conduit Ltd.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
O2 - BHO: (BigPond Mobile Broadband Auto Dial) - {DB92EC3F-697D-4C3B-9A3B-3ABBD23D4A85} - C:\Program Files\Telstra\Mobile Broadband Manager\bpwbb2ad.dll (Telstra)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Client\YontooIEClient.dll (Yontoo Technology, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (IMVU Inc Toolbar) - {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files\IMVU_Inc\tbIMV1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (IMVU Inc Toolbar) - {90B49673-5506-483E-B92B-CA0265BD9CA8} - C:\Program Files\IMVU_Inc\tbIMV1.dll (Conduit Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BigPondWirelessBroadbandCM] C:\Program Files\Telstra\Mobile Broadband Manager\TelstraUCM.exe (Telstra)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MaAgent.exe ((주)마크애니)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe (SAMSUNG ELECTRONICS)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKCU..\Run: [KillCopy] C:\WINDOWS\System32\killcopy.exe (Killer{R})
O4 - Startup: C:\Documents and Settings\Trish\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Trish\Start Menu\Programs\IMVU\Run IMVU.lnk ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab (DLM Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Trish\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Trish\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Program Files\Tall Emu\Online Armor\oaevent.dll (Tall Emu)
O28 - HKLM ShellExecuteHooks: {88485281-8b4b-4f8d-9ede-82e29a064277} - C:\Program Files\MarkAny\ContentSafer\MACSMANAGER.dll (MarkAny Cooperation.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/01/09 07:20:15 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/01/21 04:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.) - E:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2008/07/25 16:35:24 | 000,000,045 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{7eb5ab43-fbf1-11de-b8e2-001372230c26}\Shell\AutoRun\command - "" = E:\rx.exe -- File not found
O33 - MountPoints2\{7eb5ab43-fbf1-11de-b8e2-001372230c26}\Shell\open\Command - "" = E:\rx.exe -- File not found
O33 - MountPoints2\{a4e99f30-9860-11de-a0f8-001372230c26}\Shell - "" = AutoRun
O33 - MountPoints2\{a4e99f30-9860-11de-a0f8-001372230c26}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a4e99f30-9860-11de-a0f8-001372230c26}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2009/01/21 04:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{f7ab459a-96d3-11de-a0ef-001372230c26}\Shell - "" = AutoRun
O33 - MountPoints2\{f7ab459a-96d3-11de-a0ef-001372230c26}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f7ab459a-96d3-11de-a0ef-001372230c26}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2009/01/21 04:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: VIDC.ACDV - C:\WINDOWS\System32\ACDV.dll (ACD Systems)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.ffds - C:\Program Files\Combined Community Codec Pack\Filters\FFDShow\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17183584330711040)

========== Files/Folders - Created Within 90 Days ==========

[2010/09/27 23:11:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Nero
[2010/09/27 23:11:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Ahead
[2010/09/27 21:44:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/09/27 21:44:04 | 018,077,672 | ---- | C] (Any-Video-Converter.com ) -- C:\any-video-converter.exe
[2010/09/08 20:46:38 | 000,114,688 | ---- | C] (ZTE Corporation) -- C:\WINDOWS\System32\drivers\ZTEusbnet.sys
[2010/09/08 20:46:38 | 000,105,856 | ---- | C] (ZTE Incorporated) -- C:\WINDOWS\System32\drivers\ZTEusbser6k.sys
[2010/09/08 20:46:38 | 000,105,856 | ---- | C] (ZTE Incorporated) -- C:\WINDOWS\System32\drivers\ZTEusbnmea.sys
[2010/09/08 20:46:38 | 000,105,856 | ---- | C] (ZTE Incorporated) -- C:\WINDOWS\System32\drivers\ZTEusbmdm6k.sys
[2010/09/08 20:46:38 | 000,007,680 | ---- | C] (ZTE Incorporated) -- C:\WINDOWS\System32\drivers\massfilter.sys
[2010/09/08 20:46:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Trish\Application Data\Sierra Wireless
[2010/09/08 20:46:24 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2010/09/08 20:46:16 | 000,027,072 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\drivers\PCASp50.sys
[2010/09/08 20:45:56 | 000,000,000 | ---D | C] -- C:\Program Files\Telstra
[2010/08/22 18:41:22 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/08/21 22:47:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Trish\My Documents\Downloads
[2010/08/21 22:41:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Trish\Local Settings\Application Data\Mozilla
[2010/08/21 22:25:57 | 000,106,752 | ---- | C] (ZTE Incorporated) -- C:\WINDOWS\System32\drivers\zgwhsnmea.sys
[2010/08/21 22:25:57 | 000,106,752 | ---- | C] (ZTE Incorporated) -- C:\WINDOWS\System32\drivers\zgwhsdiag.sys
[2010/08/21 22:25:57 | 000,105,216 | ---- | C] (ZTE Incorporated) -- C:\WINDOWS\System32\drivers\zgwhsmdm.sys
[2010/08/21 22:25:19 | 000,000,000 | ---D | C] -- C:\Program Files\Join Me
[2010/08/21 22:24:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2010/08/18 11:35:02 | 000,000,000 | ---D | C] -- C:\AliceWonderland_AUS_DES
[2010/08/12 15:14:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Trish\My Documents\GeekPolice eBook - Computer Tips & Tricks
[2010/08/11 18:28:10 | 000,000,000 | ---D | C] -- C:\Program Files\Babylon
[2010/08/10 22:25:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\IMVU_Inc
[2010/08/09 16:27:30 | 000,000,000 | ---D | C] -- C:\Program Files\AnvSoft
[2010/08/06 12:32:52 | 000,027,632 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\WINDOWS\System32\drivers\seehcri.sys
[2010/08/02 00:39:20 | 000,000,000 | ---D | C] -- C:\BLACK_HAWK_DOWN
[2010/08/01 23:30:49 | 000,000,000 | ---D | C] -- C:\Program Files\Combined Community Codec Pack
[2010/08/01 23:30:06 | 000,000,000 | ---D | C] -- C:\Program Files\KillSoft
[2010/08/01 23:27:43 | 000,000,000 | ---D | C] -- C:\Program Files\Inzomia Viewer
[2010/08/01 22:46:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Trish\Application Data\CyberLink
[2010/08/01 22:46:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Trish\My Documents\CyberLink
[2010/08/01 22:30:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Trish\Application Data\DAEMON Tools Pro
[2010/08/01 22:30:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Trish\Application Data\DAEMON Tools
[2010/08/01 22:29:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010/08/01 22:29:00 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Toolbar
[2010/08/01 22:28:56 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2010/08/01 22:26:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Trish\Application Data\DAEMON Tools Lite
[2010/08/01 22:05:19 | 000,000,000 | ---D | C] -- C:\Program Files\Ahead
[2010/08/01 21:46:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Trish\Application Data\Ahead
[2010/08/01 21:45:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Trish\Local Settings\Application Data\Ahead
[2010/08/01 21:42:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DVD Shrink
[2010/08/01 21:42:50 | 000,000,000 | ---D | C] -- C:\Program Files\DVD Shrink
[2010/08/01 21:41:22 | 000,000,000 | ---D | C] -- C:\Program Files\DVD Decrypter
[2010/08/01 21:36:47 | 000,000,000 | ---D | C] -- C:\Program Files\Elaborate Bytes
[2010/08/01 21:34:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Trish\Application Data\DVD Shrink
[2010/08/01 21:26:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\From scooby
[2010/07/24 14:20:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Trish\Local Settings\Application Data\IMVU_Inc
[2010/07/24 14:20:49 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2010/07/24 14:20:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Trish\Local Settings\Application Data\Conduit
[2010/07/24 14:20:48 | 000,000,000 | ---D | C] -- C:\Program Files\IMVU_Inc
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/10/17 19:17:11 | 000,001,924 | ---- | M] () -- C:\Documents and Settings\Trish\Desktop\IMVU.lnk
[2010/10/17 19:09:59 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/17 18:38:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/17 11:09:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/16 23:33:17 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/14 22:15:19 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/10/14 08:58:35 | 000,168,304 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/10/12 21:25:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/10/11 17:03:58 | 000,012,730 | ---- | M] () -- C:\Documents and Settings\Trish\My Documents\tenancy reference.docx
[2010/10/04 20:37:14 | 000,010,714 | ---- | M] () -- C:\Documents and Settings\Trish\My Documents\Day 1.docx
[2010/10/04 14:24:28 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/10/03 10:26:55 | 000,305,318 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/10/03 10:26:55 | 000,037,760 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/09/28 00:19:31 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/09/27 23:12:18 | 000,002,361 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Nero StartSmart.lnk
[2010/09/27 23:12:18 | 000,002,261 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Nero Home.lnk
[2010/09/27 21:44:08 | 018,077,672 | ---- | M] (Any-Video-Converter.com ) -- C:\any-video-converter.exe
[2010/09/13 21:21:56 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Trish\Desktop\Internet.lnk
[2010/08/22 19:03:06 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Trish\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/08/21 22:41:26 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2010/08/21 22:41:20 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Trish\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/08/09 16:27:44 | 000,000,799 | ---- | M] () -- C:\Documents and Settings\Trish\Desktop\Any Video Converter.lnk
[2010/08/02 23:54:39 | 000,013,262 | ---- | M] () -- C:\Documents and Settings\Trish\My Documents\Best Slow Cooker Beef Stew.docx
[2010/08/01 23:27:43 | 000,000,717 | ---- | M] () -- C:\Documents and Settings\Trish\Desktop\Inzomia Viewer.lnk
[2010/08/01 22:27:02 | 000,717,296 | ---- | M] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010/08/01 22:22:57 | 000,002,379 | ---- | M] () -- C:\Documents and Settings\Trish\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart Essentials.lnk
[2010/08/01 21:42:51 | 000,000,670 | ---- | M] () -- C:\Documents and Settings\Trish\Desktop\DVD Shrink 3.2.lnk
[2010/08/01 21:41:22 | 000,001,653 | ---- | M] () -- C:\Documents and Settings\Trish\Application Data\Microsoft\Internet Explorer\Quick Launch\DVD Decrypter.lnk
[2010/08/01 21:41:22 | 000,001,635 | ---- | M] () -- C:\Documents and Settings\Trish\Desktop\DVD Decrypter.lnk
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/11 17:03:58 | 000,012,730 | ---- | C] () -- C:\Documents and Settings\Trish\My Documents\tenancy reference.docx
[2010/10/04 20:37:14 | 000,010,714 | ---- | C] () -- C:\Documents and Settings\Trish\My Documents\Day 1.docx
[2010/09/27 23:12:18 | 000,002,361 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nero StartSmart.lnk
[2010/09/27 23:12:18 | 000,002,261 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nero Home.lnk
[2010/09/13 21:21:56 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Trish\Desktop\Internet.lnk
[2010/08/21 22:41:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/08/21 22:41:20 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\Trish\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/08/09 16:27:44 | 000,000,799 | ---- | C] () -- C:\Documents and Settings\Trish\Desktop\Any Video Converter.lnk
[2010/08/02 23:54:39 | 000,013,262 | ---- | C] () -- C:\Documents and Settings\Trish\My Documents\Best Slow Cooker Beef Stew.docx
[2010/08/01 23:27:43 | 000,000,717 | ---- | C] () -- C:\Documents and Settings\Trish\Desktop\Inzomia Viewer.lnk
[2010/08/01 22:27:02 | 000,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010/08/01 22:22:57 | 000,002,379 | ---- | C] () -- C:\Documents and Settings\Trish\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart Essentials.lnk
[2010/08/01 21:42:51 | 000,000,670 | ---- | C] () -- C:\Documents and Settings\Trish\Desktop\DVD Shrink 3.2.lnk
[2010/08/01 21:41:22 | 000,001,653 | ---- | C] () -- C:\Documents and Settings\Trish\Application Data\Microsoft\Internet Explorer\Quick Launch\DVD Decrypter.lnk
[2010/08/01 21:41:22 | 000,001,635 | ---- | C] () -- C:\Documents and Settings\Trish\Desktop\DVD Decrypter.lnk
[2010/04/12 00:13:26 | 000,000,065 | ---- | C] () -- C:\WINDOWS\FISHUI.INI
[2010/04/02 12:33:24 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/01/13 20:27:06 | 000,000,183 | ---- | C] () -- C:\WINDOWS\aimpr.ini
[2009/11/21 16:47:46 | 000,299,008 | ---- | C] () -- C:\WINDOWS\System32\LAME_MP3.dll
[2009/11/21 16:43:25 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2009/11/21 16:43:25 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2009/11/21 16:43:23 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2009/11/21 16:43:23 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\Ogg.dll
[2009/08/28 19:48:12 | 000,006,656 | ---- | C] () -- C:\Documents and Settings\Trish\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/28 14:27:59 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/01/08 23:09:44 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/12/20 12:08:28 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2004/12/20 12:03:26 | 000,679,936 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2002/03/21 15:39:02 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL

========== LOP Check ==========

[2010/03/07 08:32:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2009/10/11 19:04:35 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2010/07/21 13:25:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJ
[2009/10/11 19:13:54 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJMyPrinter
[2010/10/11 16:59:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJPLM
[2009/10/11 19:32:46 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
[2009/10/11 19:14:39 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJSolutionMenu
[2010/08/01 22:29:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010/03/28 17:39:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OnlineArmor
[2009/09/24 00:36:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2010/09/27 23:49:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/05/21 17:14:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/25 15:18:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
[2010/03/15 17:56:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trish\Application Data\ACD Systems
[2009/09/25 18:25:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trish\Application Data\alot
[2010/07/01 22:14:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trish\Application Data\AnvSoft
[2009/10/11 19:32:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trish\Application Data\Canon
[2010/01/10 23:21:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trish\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/08/01 22:30:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trish\Application Data\DAEMON Tools
[2010/08/01 22:26:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trish\Application Data\DAEMON Tools Lite
[2010/08/01 22:30:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trish\Application Data\DAEMON Tools Pro
[2009/11/21 16:43:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trish\Application Data\DataCast
[2010/10/17 19:17:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trish\Application Data\IMVU
[2010/10/17 19:17:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trish\Application Data\IMVUClient
[2010/03/13 19:01:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trish\Application Data\OnlineArmor
[2010/07/01 22:14:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trish\Application Data\OpenCandy
[2009/08/28 19:29:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trish\Application Data\OpenOffice.org
[2010/08/21 22:30:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trish\Application Data\Paltalk
[2010/09/08 20:46:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trish\Application Data\Sierra Wireless
[2010/01/04 14:47:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trish\Application Data\Vivox
[2010/10/04 14:24:28 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/10/17 11:09:03 | 000,184,796 | ---- | M] () -- C:\aaw7boot.log
[2010/09/27 21:44:08 | 018,077,672 | ---- | M] (Any-Video-Converter.com ) -- C:\any-video-converter.exe
[2009/01/09 07:20:15 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/12/19 09:20:11 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2009/01/09 07:20:15 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009/01/09 07:20:15 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/01/09 07:20:15 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2009/09/12 13:00:49 | 000,008,192 | ---- | M] () -- C:\mtwb.dat
[2004/08/13 00:25:07 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/01/09 07:52:44 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/10/17 11:09:03 | 1598,029,824 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2009/01/08 23:07:34 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009/01/08 23:07:34 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009/01/08 23:07:34 | 000,905,216 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-10-14 11:15:27

========== Alternate Data Streams ==========

@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:661DFA1C

< End of report >

descriptionVery slow computer, virus maybe?? EmptyRe: Very slow computer, virus maybe??

more_horiz
Hi TrishKa,

Not often I come across another fellow Aussie on the forums Smile...

Please work your way though the following:

Step 1:

Run OTL.exe
  • Copy/paste the following text written inside of the quote box into the Custom Scans/Fixes box located at the bottom of OTL

    :OTL
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - No CLSID value found.
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
    O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O33 - MountPoints2\{7eb5ab43-fbf1-11de-b8e2-001372230c26}\Shell\AutoRun\command - "" = E:\rx.exe -- File not found
    O33 - MountPoints2\{7eb5ab43-fbf1-11de-b8e2-001372230c26}\Shell\open\Command - "" = E:\rx.exe -- File not found
    O33 - MountPoints2\{a4e99f30-9860-11de-a0f8-001372230c26}\Shell - "" = AutoRun
    O33 - MountPoints2\{a4e99f30-9860-11de-a0f8-001372230c26}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{a4e99f30-9860-11de-a0f8-001372230c26}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2009/01/21 04:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{f7ab459a-96d3-11de-a0ef-001372230c26}\Shell - "" = AutoRun
    O33 - MountPoints2\{f7ab459a-96d3-11de-a0ef-001372230c26}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{f7ab459a-96d3-11de-a0ef-001372230c26}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2009/01/21 04:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)

    :Commands
    [purity]
    [emptytemp]
    [emptyflash]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • After rebooting, please post the OTL you are presented with on startup.



Step 2:

Please launch Malwarebytes Anti-malware.
  • Once the program has loaded click the "Update taband then "Check for Updates" if any are found they will be downloaded. When prompted click Ok to install the updates.
  • After updating navigate to the main menu and check Perform Full Scan, then click Scan.
    The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to restart. Restart if it tells you to.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.



In your next reply please include:
  • The log from OTL.
  • The MBAM log.


Thanks, I look forward to your response.

descriptionVery slow computer, virus maybe?? EmptyRe: Very slow computer, virus maybe??

more_horiz
Sorry Avatar, could you please link me malware bytes so I can post MBAM log? Thanks for opting to help me too btw and what part of Aus are you in?


All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1BB22D38-A411-4B13-A746-C2A4F4EC7344} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1BB22D38-A411-4B13-A746-C2A4F4EC7344}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7eb5ab43-fbf1-11de-b8e2-001372230c26}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7eb5ab43-fbf1-11de-b8e2-001372230c26}\ not found.
File E:\rx.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7eb5ab43-fbf1-11de-b8e2-001372230c26}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7eb5ab43-fbf1-11de-b8e2-001372230c26}\ not found.
File E:\rx.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a4e99f30-9860-11de-a0f8-001372230c26}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a4e99f30-9860-11de-a0f8-001372230c26}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a4e99f30-9860-11de-a0f8-001372230c26}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a4e99f30-9860-11de-a0f8-001372230c26}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a4e99f30-9860-11de-a0f8-001372230c26}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a4e99f30-9860-11de-a0f8-001372230c26}\ not found.
File move failed. E:\AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f7ab459a-96d3-11de-a0ef-001372230c26}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f7ab459a-96d3-11de-a0ef-001372230c26}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f7ab459a-96d3-11de-a0ef-001372230c26}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f7ab459a-96d3-11de-a0ef-001372230c26}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f7ab459a-96d3-11de-a0ef-001372230c26}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f7ab459a-96d3-11de-a0ef-001372230c26}\ not found.
File move failed. E:\AutoRun.exe scheduled to be moved on reboot.
========== COMMANDS ==========

[EMPTYTEMP]

User: 123
->Temp folder emptied: 1477430975 bytes
->Temporary Internet Files folder emptied: 309602597 bytes
->Java cache emptied: 25803258 bytes
->FireFox cache emptied: 12534377 bytes
->Flash cache emptied: 84418 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41620 bytes

User: Guest
->Temp folder emptied: 865 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1291162 bytes

User: Trish
->Temp folder emptied: 2149354181 bytes
->Temporary Internet Files folder emptied: 29508448 bytes
->Java cache emptied: 37631129 bytes
->FireFox cache emptied: 103684865 bytes
->Flash cache emptied: 111106 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2162283 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 723128 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 336934 bytes
RecycleBin emptied: 2854778 bytes

Total Files Cleaned = 3,961.00 mb


[EMPTYFLASH]

User: 123
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: Guest

User: LocalService

User: NetworkService

User: Trish
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.15.2 log created on 10172010_202410

Files\Folders moved on Reboot...
File move failed. E:\AutoRun.exe scheduled to be moved on reboot.

Registry entries deleted on Reboot...


Last edited by TrishKa on 17th October 2010, 9:43 am; edited 1 time in total (Reason for editing : I forgot something)

descriptionVery slow computer, virus maybe?? EmptyRe: Very slow computer, virus maybe??

more_horiz
Hi TrishKa,

I am in NSW, Sorry I looked at your uninstall list and seen it was installed. Must be a remnant. Hopefully I get this to you before you go to sleep so you can run the scan over night.

Please download Malwarebytes' AntiMalware.

Double click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform Full Scan, then click Scan.
    The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to restart. Restart if it tells you to.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.


descriptionVery slow computer, virus maybe?? EmptyRe: Very slow computer, virus maybe??

more_horiz
OKay I'm in the process of doing that now so please don't dismiss this thread, like I said, very slow...

I downloaded it but it wont run, says the files are corrupt??
I found the version of malwarebytes I had already so it wasn't a remnant (someone with good intentions moved it to somewhere I couldn't find it before) and I couldn't get an update from that either, should I just run the scan on the version I already have?

Last edited by TrishKa on 18th October 2010, 11:17 am; edited 1 time in total (Reason for editing : Because it's my post and I can)

descriptionVery slow computer, virus maybe?? EmptyRe: Very slow computer, virus maybe??

more_horiz
Hi,

Please try downloading a fresh copy and install it. See how that goes.

descriptionVery slow computer, virus maybe?? EmptyRe: Very slow computer, virus maybe??

more_horiz
OKay I'll try again now

No luck, it's giving me the same message

descriptionVery slow computer, virus maybe?? EmptyRe: Very slow computer, virus maybe??

more_horiz
Lets try an alternate scan then shall we Smile...

It can be updated by the Java control panel
  • click on Start > Control Panel (Classic View) > Java (looks like a coffee cup) > Update Tab > Update Now.
  • An update should begin.
  • Just follow the prompts.



---


Using Internet Explorer or Firefox, visit Kaspersky Online Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.

2. To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs.

3. Click Run at the Security prompt.

The program will then begin downloading and installing and will also update the database.
Please be patient as this can take quite a long time to download.
  • Once the update is complete, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, adware, dialers, and other riskware
    • Archives
    • E-mail databases

  • Click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View report... at the bottom.
  • Click the Save report... button.

    Very slow computer, virus maybe?? KasReport


  • Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply

descriptionVery slow computer, virus maybe?? EmptyRe: Very slow computer, virus maybe??

more_horiz
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Wednesday, October 20, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Tuesday, October 19, 2010 04:54:47
Records in database: 4186655
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\

Scan statistics:
Objects scanned: 343916
Threats found: 1
Infected objects found: 1
Suspicious objects found: 0
Scan duration: 04:32:16


File name / Threat / Threats count
C:\Program Files\ElcomSoft\Advanced IM Password Recovery\aimpr.exe Infected: not-a-virus:PSWTool.Win32.AdvancedPR.x 1

Selected area has been scanned.

descriptionVery slow computer, virus maybe?? EmptyRe: Very slow computer, virus maybe??

more_horiz
Hi Trishka,

I would just like to see if we can give MBAM another shot. Please use this link: http://majorgeeks.com/download.php?det=5756

Follow all previous instructions about installing and updating and scanning. Thanks.

descriptionVery slow computer, virus maybe?? EmptyRe: Very slow computer, virus maybe??

more_horiz
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4910

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

10/22/2010 9:49:10 PM
mbam-log-2010-10-22 (21-49-10).txt

Scan type: Full scan (C:\|)
Objects scanned: 231925
Time elapsed: 41 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


This is a good thing I'm taking?

descriptionVery slow computer, virus maybe?? EmptyRe: Very slow computer, virus maybe??

more_horiz
Hi Trishka,

Things are looking better! How is it feeling?

descriptionVery slow computer, virus maybe?? EmptyRe: Very slow computer, virus maybe??

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum