WiredWX Hobby Weather ToolsLog in

 


Freezing up - Will not run OTL ..

2 posters

descriptionFreezing up - Will not run OTL ..  EmptyFreezing up - Will not run OTL ..

more_horiz
Hello,
Operating on Windows XP , Using Firefox for browser,
Keeps freezing up .. have to do a hard shut down..
Will not complete MBAM Malwarebytes- freezes up and does not finish ..
Will not run OTL scan ... ,Operating in safemode now ..
aswMBR log attached..

aswMBR version 0.9.9.1618 Copyright(c) 2011 AVAST Software
Run date: 2012-02-20 21:39:45
-----------------------------
21:39:45.203 OS Version: Windows 5.1.2600 Service Pack 3
21:39:45.203 Number of processors: 2 586 0x1C02
21:39:45.203 ComputerName: MELZCOMPUTER UserName: Melanie
21:39:46.171 Initialize success
21:40:01.890 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
21:40:01.906 Disk 0 Vendor: ST9160314AS P003HPM1 Size: 152627MB BusType: 3
21:40:01.953 Disk 0 MBR read successfully
21:40:01.968 Disk 0 MBR scan
21:40:01.968 Disk 0 Windows VISTA default MBR code
21:40:02.000 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 152616 MB offset 2048
21:40:02.015 Disk 0 scanning sectors +312560640
21:40:02.140 Disk 0 scanning C:\WINDOWS\system32\drivers
21:40:11.203 Service scanning
21:40:42.515 Modules scanning
21:41:08.359 Disk 0 trace - called modules:
21:41:08.406 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
21:41:08.421 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8633fab8]
21:41:08.437 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8635db00]
21:41:09.250 Scan finished successfully
21:41:23.375 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Melanie\My Documents\Desktop\MBR.dat"
21:41:23.406 The log file has been saved successfully to "C:\Documents and Settings\Melanie\My Documents\Desktop\aswMBR.txt"

Thank you for your time..
Mel

descriptionFreezing up - Will not run OTL ..  EmptyRe: Freezing up - Will not run OTL ..

more_horiz
Hi there Miss Mel and welcome to GeekPolice!

I am Gabethebabe and I will be helping you with this issue. Before we start some general remarks/rules:
  • Whilst I´m helping you, please follow my instructions carefully and do not experiment on your own or accept help from other persons.
  • Feel free to ask questions! Especially if my instructions are not clear. I´m here to help, not confuse you.
  • I will try and respond quickly, but please understand I do have a real life (job, wife, 3 kids, kinky hobbies).
  • Stick with me till the end. If your computer starts running better, doesn´t mean it is clean yet!

====================

The aswMBR log is clean - so that is good.
Have you tried running OTL in safe mode?

If that does not work - do you have access to a clean computer to download and burn a boot disk? If the operating system of your problem computer is not working well, a boot disk seems like the best solution to approach it:

====================

  • You will need a blank CD to burn the boot CD
  • Download OTLPEStd.exe by OldTimer from here (a big download)
  • Double-click on OTLPEStd.exe to burn the boot CD
  • Reboot your system using the boot CD you just created. If you don´t know how to boot from CD, check out this page
  • Booting will take quite some time, so please be patient
  • Finally you should see the REATOGO-X-PE desktop. Find the OTLPE icon and double click it to run OTLPE
  • Answer Yes and OK to all prompts
  • Ensure the option Automatically Load All Remaining Users is checked
  • OTL should now start. Set the option Drivers to Non-Microsoft
  • Click Run Scan to start the scan
  • When finished, a log file C:\OTL.txt will be created
  • Please post the contents of the file in your next reply

descriptionFreezing up - Will not run OTL ..  EmptyRe: Freezing up - Will not run OTL ..

more_horiz
Thanks Gabe !
Yes, I did try to Run OTL in safe mode and it will not go .. I hit the run Scan button .. then it just sits there and will not run , then it freezes .. Bring it on
I will try the bootable CD and report back !
Thanks !
M.

descriptionFreezing up - Will not run OTL ..  EmptyRe: Freezing up - Will not run OTL ..

more_horiz
ok here we gop ..
** It did not give me a DRIVERS option to select Non Microsoft .. It only said None, Use Safe list , or ALL .. it was on use safe list when it opened ..so I just left it on that ..
Here is the OTLPE log ..
Thank you for your time !
OTL logfile created on: 2/22/2012 5:39:26 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,015.00 Mb Total Physical Memory | 826.00 Mb Available Physical Memory | 81.00% Memory free
903.00 Mb Paging File | 848.00 Mb Available in Paging File | 94.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 99.56 Gb Free Space | 66.80% Space Free | Partition Type: NTFS
Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto] -- -- (Norton Internet Security)
SRV - File not found [Disabled] -- -- (HidServ)
SRV - File not found [On_Demand] -- -- (AppMgmt)
SRV - [2012/02/01 19:47:07 | 000,909,152 | ---- | M] () [Auto] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe -- (vToolbarUpdater)
SRV - [2011/11/10 08:17:31 | 000,167,264 | ---- | M] () [On_Demand] -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2010/08/26 21:03:50 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/08/26 21:03:42 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2009/08/27 13:28:00 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand] -- C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/03/30 15:47:00 | 000,254,042 | ---- | M] (IDT, Inc.) [Auto] -- C:\Program Files\IDT\WDM\stacsv.exe -- (STacSV)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2006/01/05 02:06:02 | 000,163,840 | ---- | M] (Alex Feinman) [On_Demand] -- C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe -- (Imapi Helper)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (USBCCID)
DRV - File not found [Kernel | System] -- -- (SRTSPX)
DRV - File not found [File_System | System] -- -- (SRTSP)
DRV - File not found [Kernel | On_Demand] -- -- (Rts516xIR)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand] -- -- (NAVEX15)
DRV - File not found [Kernel | On_Demand] -- -- (NAVENG)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | On_Demand] -- -- (catchme)
DRV - [2011/09/13 15:52:32 | 000,029,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2011/05/18 13:57:10 | 000,243,152 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/08/26 21:03:41 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/06/24 21:13:43 | 001,735,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2009/03/30 15:47:00 | 001,550,891 | ---- | M] (IDT, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2009/03/19 13:55:06 | 000,113,664 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AESTAud.sys -- (AESTAud)
DRV - [2009/03/02 16:03:48 | 000,038,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\l1c51x86.sys -- (L1c)
DRV - [2008/11/21 20:36:46 | 000,160,256 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RTS5121.sys -- (RSUSBSTOR)
DRV - [2008/09/25 00:09:40 | 000,103,792 | ---- | M] (Sonic Solutions) [File_System | Boot] -- C:\WINDOWS\system32\drivers\syscow32x.sys -- (SysCow)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=91&bd=Pavilion&pf=cnnb
IE - HKLM\Software\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=91&bd=Pavilion&pf=cnnb
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=91&bd=Pavilion&pf=cnnb
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Guest_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
IE - HKU\Guest_ON_C\Software\Microsoft\Internet Explorer\Main,First Home Page = http://downloads.yahoo.com/internetexplorer/welcome
IE - HKU\Guest_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\Guest_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8
IE - HKU\Guest_ON_C\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKU\Guest_ON_C\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\Guest_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\Melanie_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\Melanie_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\Melanie_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Program Files\Sony Online Entertainment\npsoe.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2011/09/13 15:53:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2011/09/04 16:55:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\avg@toolbar: C:\Documents and Settings\All Users\Application Data\AVG Secure Search\10.0.0.7\ [2012/02/01 19:47:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/05 16:56:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/08 15:07:28 | 000,000,000 | ---D | M]

[2012/02/05 16:56:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/02/05 16:56:28 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/11/03 01:59:20 | 000,917,816 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll
[2011/11/10 08:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/02/01 19:46:19 | 000,003,766 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/02/05 16:56:19 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/05 16:56:18 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/02/21 02:31:59 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll ()
O3 - HKU\Guest_ON_C\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\Melanie_ON_C\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\Melanie_ON_C\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [ROC_roc_dec12] C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe ()
O4 - HKLM..\Run: [Syncables] C:\Program Files\syncables\syncables desktop\Syncables.exe (syncables, LLC)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKU\Melanie_ON_C..\Run: [Facebook Update] C:\Documents and Settings\Melanie\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\Melanie_ON_C..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Guest_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Melanie_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\Melanie_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Melanie_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O16 - DPF: {38AB6A6C-CC4C-4F9E-A3DD-3C5681EF18A1} http://www-cdn.freerealms.com/gamedata/plugins/1.0.3.83/FreeRealmsInstaller.cab?v=1032 (SonyOnlineInstallerX)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 75.153.176.9
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\WINDOWS\Tempest.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Tempest.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/21 15:37:01 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/02/21 10:53:38 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\LocalService\Cookies
[2012/02/21 01:28:58 | 000,000,000 | ---D | C] -- C:\81d2f6840ca2297412b9
[2012/02/21 01:12:51 | 000,583,168 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.com
[2012/02/21 01:07:39 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Application Data\Microsoft
[2012/02/21 01:07:39 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Application Data
[2012/02/21 01:07:39 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Favorites
[2012/02/21 01:07:39 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\Cookies
[2012/02/21 01:07:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Sun
[2012/02/21 01:07:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Seven Zip
[2012/02/21 01:07:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft Help
[2012/02/21 01:07:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft
[2012/02/21 01:07:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Macromedia
[2012/02/21 01:07:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\InstallShield
[2012/02/21 01:07:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Identities
[2012/02/21 01:07:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop
[2012/02/21 01:07:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\ApplicationHistory
[2012/02/21 01:07:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Adobe
[2012/02/21 01:07:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\.migoDesktop
[2012/02/21 01:07:38 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\SendTo
[2012/02/21 01:07:38 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2012/02/21 01:07:38 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup
[2012/02/21 01:07:38 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu
[2012/02/21 01:07:38 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Pictures
[2012/02/21 01:07:38 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Music
[2012/02/21 01:07:38 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents
[2012/02/21 01:07:38 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories
[2012/02/21 01:07:38 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Templates
[2012/02/21 01:07:38 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\PrintHood
[2012/02/21 01:07:38 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\NetHood
[2012/02/21 01:07:38 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Local Settings
[2012/02/21 01:07:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\syncables Videos
[2012/02/21 00:36:45 | 004,729,344 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Melanie\My Documents\Desktop\aswMBR.exe
[2012/02/21 00:22:06 | 000,583,168 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Melanie\My Documents\Desktop\OTL.com
[2012/02/19 13:31:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2012/02/03 00:41:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Melanie\My Documents\Kat Harder
[2012/02/01 20:31:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Melanie\My Documents\Books
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/22 20:15:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/02/22 20:14:17 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/02/22 20:14:11 | 1064,620,032 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/21 15:36:42 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/21 02:40:08 | 000,001,006 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-104539716-381148277-119623539-1006UA.job
[2012/02/21 02:38:28 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/21 02:31:59 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/02/21 01:49:02 | 000,235,960 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/02/21 01:35:54 | 093,261,620 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2012/02/21 01:28:17 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/02/21 01:13:03 | 000,583,168 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.com
[2012/02/21 00:41:23 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Melanie\My Documents\Desktop\MBR.dat
[2012/02/21 00:38:56 | 004,729,344 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Melanie\My Documents\Desktop\aswMBR.exe
[2012/02/21 00:22:14 | 000,583,168 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Melanie\My Documents\Desktop\OTL.com
[2012/02/21 00:09:31 | 000,442,140 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/02/21 00:09:31 | 000,071,910 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/02/20 00:31:01 | 093,205,024 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm.old
[2012/02/19 20:40:01 | 000,000,984 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-104539716-381148277-119623539-1006Core.job
[2012/02/19 13:54:40 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/19 13:54:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/02/10 14:51:41 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/21 01:17:38 | 1064,620,032 | -HS- | C] () -- C:\hiberfil.sys
[2012/02/21 01:07:41 | 000,001,692 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM 6.lnk
[2012/02/21 01:07:41 | 000,000,837 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\LG Power Tools.lnk
[2012/02/21 01:07:41 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/02/21 01:07:41 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2012/02/21 01:07:39 | 000,001,503 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk
[2012/02/21 01:07:39 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Internet Explorer.lnk
[2012/02/21 01:07:39 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Outlook Express.lnk
[2012/02/21 00:41:23 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Melanie\My Documents\Desktop\MBR.dat
[2012/02/15 23:21:48 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/15 23:21:48 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2012/02/10 14:51:42 | 1360,338,648 | ---- | C] () -- C:\Documents and Settings\Melanie\My Documents\Desktop\The.Adjustment.Bureau.2011.TS.Xvid-THC.avi
[2011/08/01 23:18:02 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/08/01 23:18:02 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/08/01 23:18:02 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/08/01 23:18:02 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/08/01 23:18:02 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/08/01 19:56:06 | 000,015,542 | -HS- | C] () -- C:\Documents and Settings\Melanie\Local Settings\Application Data\y46sfanjfs78b7643d
[2011/08/01 19:56:06 | 000,015,542 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\y46sfanjfs78b7643d
[2011/08/01 19:56:05 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\wqsk.exe
[2011/08/01 19:56:05 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ptok.exe
[2011/08/01 19:56:05 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\imsm.exe
[2010/01/10 01:29:28 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/01/04 01:00:25 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/12/26 15:18:42 | 000,000,269 | ---- | C] () -- C:\WINDOWS\lgfwup.ini
[2009/09/12 21:45:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/09/10 21:57:44 | 000,129,024 | ---- | C] () -- C:\Documents and Settings\Melanie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/09 15:45:27 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/06/24 21:30:21 | 000,028,510 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2009/06/24 21:10:34 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2008/06/24 20:48:32 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/06/24 20:48:20 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/06/24 20:26:44 | 000,442,140 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/06/24 20:26:44 | 000,071,910 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/06/24 20:16:28 | 000,235,960 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/06/24 20:12:12 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/06/24 20:10:36 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/04/15 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/15 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/15 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/15 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/15 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/15 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/15 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/15 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/01/07 17:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/05/29 00:55:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/05/29 00:54:40 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

========== LOP Check ==========

[2012/01/08 14:49:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Melanie\Application Data\BitComet
[2009/09/26 17:01:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Melanie\Application Data\Canon Easy-WebPrint EX
[2010/11/29 01:41:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Melanie\Application Data\OverDrive
[2009/09/23 01:01:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Melanie\Application Data\WildTangent
[2012/02/01 19:47:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
[2010/11/09 15:12:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2010/01/30 19:29:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/09/26 16:53:21 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2011/04/19 11:58:49 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2009/09/09 07:36:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
[2009/09/09 07:36:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/09/23 01:23:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2009/09/23 01:23:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2012/02/19 20:40:01 | 000,000,984 | ---- | M] () -- C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-104539716-381148277-119623539-1006Core.job
[2012/02/21 02:40:08 | 000,001,006 | ---- | M] () -- C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-104539716-381148277-119623539-1006UA.job

========== Purity Check ==========

End of Report

Thank You!

descriptionFreezing up - Will not run OTL ..  EmptyRe: Freezing up - Will not run OTL ..

more_horiz
We´re going to run a fix with OTLPE to get rid of some malware (which hopefully is what is causing your problems).

  • Double click OTLPE to run
  • Under the Custom Scans/Fixes box at the bottom, type or copy/paste the following:
    :files
    C:\Documents and Settings\Melanie\Local Settings\Application Data\y46sfanjfs78b7643d
    C:\Documents and Settings\All Users\Application Data\y46sfanjfs78b7643d
    C:\Documents and Settings\All Users\Application Data\wqsk.exe
    C:\Documents and Settings\All Users\Application Data\ptok.exe
    C:\Documents and Settings\All Users\Application Data\imsm.exe

    :otl
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O3 - HKU\Guest_ON_C\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKU\Melanie_ON_C\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

  • Then click the Run Fix button at the top.
  • Allow it to run. If you get any error message or your computer freezes, let me know.
  • Finally, post the contents of the log (located at C:\_OTL\Moved Files)

====================

After this, restart your computer (take out the boot CD and boot as normal)

Now use ComboFix by sUBs, a powerful tool that you are advised not to run without supervision of a trained malware helper. Please visit this webpage and read the tutorial on using ComboFix very carefully. After that download the tool and save it to your desktop.

Doubleclick ComboFix.exe to run the tool. Please post its log back here.

descriptionFreezing up - Will not run OTL ..  EmptyRe: Freezing up - Will not run OTL ..

more_horiz
Thank you for your time Gabe...
I ran both and then the Combo Fix log got lost Sad tearing .. should I run it again?

Log attached ..
OTL ...

========== FILES ==========
C:\Documents and Settings\Melanie\Local Settings\Application Data\y46sfanjfs78b7643d moved successfully.
C:\Documents and Settings\All Users\Application Data\y46sfanjfs78b7643d moved successfully.
C:\Documents and Settings\All Users\Application Data\wqsk.exe moved successfully.
C:\Documents and Settings\All Users\Application Data\ptok.exe moved successfully.
C:\Documents and Settings\All Users\Application Data\imsm.exe moved successfully.
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry value HKEY_USERS\Guest_ON_C\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_USERS\Melanie_ON_C\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.

OTLPE by OldTimer - Version 3.1.48.0 log created on 02232012_09291


I was copying the CF log and it froze and shut down Sad tearing
Wahhhhhh ...


descriptionFreezing up - Will not run OTL ..  EmptyRe: Freezing up - Will not run OTL ..

more_horiz
the combofix log should be here:
c:\combofix.txt

See if it is there

descriptionFreezing up - Will not run OTL ..  EmptyRe: Freezing up - Will not run OTL ..

more_horiz
Hi Gabe ... Thanks ,
No I don't see it .. Sad tearing There are a couple older ones but nothing from today ..
Sad tearing

descriptionFreezing up - Will not run OTL ..  EmptyRe: Freezing up - Will not run OTL ..

more_horiz
Can you run combo fix again pls?

also

Please download Malwarebytes' Anti-Malware from here.

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Note:
  • If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
  • Click OK to either and let MBAM proceed with the disinfection process.
  • If asked to restart the computer, please do so immediately.

Post the contents of the MBAM log in your next reply, please.

descriptionFreezing up - Will not run OTL ..  EmptyRe: Freezing up - Will not run OTL ..

more_horiz
Hi Gabe ,
Thanks for your time ..
Grrrrrrr ... I have tried to run Combo Fix twice and it is freezing up still ..
I am running Malware bytes now , and hoping it will not freeze .. I will try Combo fix again after MBAM .. and post again ..
Thanks ..
Mel Sad tearing

descriptionFreezing up - Will not run OTL ..  EmptyRe: Freezing up - Will not run OTL ..

more_horiz
P.S. Just noticed MRTSTUB.exe in a folder full of random letters and numbers that is now on the C: drive .. looked it up and some say it's bad others say it's ok ..
Opinion??
should I try to get rid of it ??

descriptionFreezing up - Will not run OTL ..  EmptyRe: Freezing up - Will not run OTL ..

more_horiz
GRRRRRRRRRRRR
OK .. Combo fix freezes .. will not finish ...
MBAM froze after 27 mins ... Will not finish ...

Please advise ...

Back to the boot disc with OTL ? WAhhhhhhh Sad tearing

descriptionFreezing up - Will not run OTL ..  EmptyRe: Freezing up - Will not run OTL ..

more_horiz
I have been trying and trying and FINALLY got combo fix to run just now .. will post the log and try to Run MBAM again now !!
YAY !!

Thanks so much Gabe !

ComboFix 12-02-25.02 - Melanie 02/25/2012 20:31:54.4.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.394 [GMT -8:00]
Running from: c:\documents and settings\Melanie\My Documents\Desktop\Commy.exe
AV: AVG Anti-Virus Free *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((( Files Created from 2012-01-26 to 2012-02-26 )))))))))))))))))))))))))))))))
.
.
2012-02-23 14:29 . 2012-02-23 14:29 -------- d-----w- C:\_OTL
2012-02-21 06:28 . 2012-02-21 06:30 -------- d-----w- C:\81d2f6840ca2297412b9
2012-02-21 06:07 . 2012-02-21 06:07 -------- d-----w- c:\documents and settings\Administrator
2012-02-19 18:31 . 2012-02-19 18:31 -------- d-----w- c:\windows\LastGood
2012-02-16 04:21 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2012-02-16 04:21 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\dllcache\iacenc.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-12 16:53 . 2011-11-23 13:25 1859968 ----a-w- c:\windows\system32\win32k.sys
2012-01-08 20:31 . 2011-06-11 03:45 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-19 08:13 . 2011-10-31 23:43 832512 ----a-w- c:\windows\system32\wininet.dll
2011-12-19 08:13 . 2011-10-31 23:43 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-19 08:13 . 2011-10-31 23:43 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-12-19 08:13 . 2011-10-31 23:43 17408 ----a-w- c:\windows\system32\corpol.dll
2011-12-10 23:24 . 2012-01-08 20:23 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-05 21:56 . 2012-02-05 21:56 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2012-02-21_07.32.44 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-02-26 03:21 . 2012-02-26 03:21 16384 c:\windows\temp\Perflib_Perfdata_188.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-02-02 00:46 1811296 ----a-w- c:\program files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll" [2012-02-02 1811296]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]
"Facebook Update"="c:\documents and settings\Melanie\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" [2011-10-19 137536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-03-30 483428]
"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2009-02-18 737280]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-01-16 1418536]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-12-03 35184]
"Syncables"="c:\program files\syncables\syncables desktop\Syncables.exe" [2009-04-02 173360]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-03-23 1983816]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-15 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-09 52256]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2009-03-10 570664]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2009-05-08 210216]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2012-02-02 2077536]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2012-01-13 981680]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-02-02 939872]
"ROC_roc_dec12"="c:\program files\AVG Secure Search\ROC_roc_dec12.exe" [2012-02-02 928096]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-08-27 02:04 12536 ----a-w- c:\windows\system32\avgrsstx.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\syncables\\syncables desktop\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\Melanie\\Local Settings\\Application Data\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"25745:TCP"= 25745:TCP:BitComet 25745 TCP
"25745:UDP"= 25745:UDP:BitComet 25745 UDP
.
R0 SysCow;SysCow;c:\windows\system32\drivers\syscow32x.sys [9/24/2008 9:09 PM 103792]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [8/26/2010 6:03 PM 216400]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/18/2011 10:57 AM 243152]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [8/26/2010 6:03 PM 921952]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [8/26/2010 6:03 PM 308136]
R2 BOTService;BOTService;c:\program files\Roxio\BackOnTrack\Instant Restore\BOTService.exe [3/19/2009 11:04 AM 203248]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/8/2012 11:45 AM 136176]
R2 vToolbarUpdater;vToolbarUpdater;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe [2/1/2012 4:47 PM 909152]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [6/24/2009 6:11 PM 113664]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [3/2/2009 1:03 PM 38912]
S2 Norton Internet Security;Norton Internet Security;"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1 --> c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [?]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [5/18/2011 10:59 AM 167264]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/8/2012 11:45 AM 136176]
S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [6/24/2009 6:12 PM 160256]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2011-12-19 08:13 124928 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-20 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-104539716-381148277-119623539-1006Core.job
- c:\documents and settings\Melanie\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2011-10-19 00:35]
.
2012-02-25 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-104539716-381148277-119623539-1006UA.job
- c:\documents and settings\Melanie\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2011-10-19 00:35]
.
2012-02-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-08 19:44]
.
2012-02-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-08 19:44]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=91&bd=Pavilion&pf=cnnb
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254 75.153.176.9
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll
FF - ProfilePath - c:\documents and settings\Melanie\Application Data\Mozilla\Firefox\Profiles\yww0dje1.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4b64cf25&v=7.007.026.001&i=23&tp=ab&iy=&ychte=us&lng=en-US&q=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-25 20:48
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2920)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-02-25 20:53:43
ComboFix-quarantined-files.txt 2012-02-26 04:53
ComboFix2.txt 2012-02-23 18:10
ComboFix3.txt 2012-02-21 07:38
ComboFix4.txt 2011-08-02 04:44
.
Pre-Run: 106,241,982,464 bytes free
Post-Run: 106,379,395,072 bytes free
.
- - End Of File - - 10F4334003A196B122F6295DE1532870

descriptionFreezing up - Will not run OTL ..  EmptyRe: Freezing up - Will not run OTL ..

more_horiz
Miss Mel wrote:
P.S. Just noticed MRTSTUB.exe in a folder full of random letters and numbers that is now on the C: drive .. looked it up and some say it's bad others say it's ok ..
Opinion??
should I try to get rid of it ??

if you have a single file that you suspect, submit it to www.virustotal.com and look what the report says.

Folders like C:\fhfue5845hdfie8t8rthdu are usually temporary folders of programs that you have installed and that failed to clean up.

The good news is I don see any malware - the bad news is that I have o idea where your problem is coming from.

Have you recently changed from Norton Internet Security to AVG?
I see some remnants of Norton, maybe need to get rid of them, because two AVs on one computer can lead to exactly what you are seeing right now.

descriptionFreezing up - Will not run OTL ..  EmptyRe: Freezing up - Will not run OTL ..

more_horiz
I just ran MBAM .. and it froze after 2 hrs and 41 mins .. Sad tearing
Soo frustrating ..
I am glad to hear that you don't see any malware ... Smile...
I THINK the net book came with Norton when i got it a couple years ago, but i thought it was uninstalled and long gone as I use AVG ..
Humm .. I will see if i can find anything ..

Any ideas on what I could try now Gabe ??
Thanks so much for your time ..

descriptionFreezing up - Will not run OTL ..  EmptyRe: Freezing up - Will not run OTL ..

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum