Very slow computer, virus maybe??

View previous topic View next topic Go down

Very slow computer, virus maybe??

Post by TrishKa on Sun 17 Oct 2010, 5:14 pm

I use Avira as a scanner, it doesn't pick up anything, I tried emptying all my browser history, getting rid of desktop icons I don't use, I even thought that maybe it was bad network coverage but it's not flashing green (green meaning little if any coverage) I even defragged! Could I have something wrong I don't know about and could someone please help me? Thanks for taking the time to read this

TrishKa

Rookie Surfer
Rookie Surfer

Posts : 55
Joined : 2009-12-19
Operating System : Windows XP

View user profile

Back to top Go down

Re: Very slow computer, virus maybe??

Post by TheAvatar on Sun 17 Oct 2010, 6:17 pm

Hi TrishKa,

Welcome to GeekPolice.net

My name is TheAvatar and I will be tying to help you resolve your issues.

If you have already received help elsewhere please inform me so that this topic can be closed.

If you haven't, please keep reading.
Note Before we start the process you should:

  • POST your logs, don't attach them, as it makes it harder to read.
  • Each time I instruct you to download a file to use it, please do it even if I have told you before to download it again. This is because these tools are frequently updated to detect newer infections.
  • Please be patient, there is no quick fix for malware. Removal can take several attempts. Just because symptoms have gone away, does not mean the infection is gone.
  • Last, as most of the tools we use here need administrative rights in order to function properly, I expect that you will be running them from an administrator account.
  • If I have not replied to your thread within 2 days, please PM me.



===

Please download OTL from one of the following links
  • LINK 1
  • LINK 2

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Under the Custom Scan box paste this in;

      netsvcs
      drivers32
      %SYSTEMDRIVE%\*.*
      %systemroot%\*. /mp /s
      CREATERESTOREPOINT
      %systemroot%\System32\config\*.sav
      HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them if you need to start a new topic.


TheAvatar

Malware Advisor
Malware Advisor

Posts : 137
Joined : 2010-10-02
Operating System : Windows XP SP3

View user profile

Back to top Go down

Re: Very slow computer, virus maybe??

Post by TrishKa on Sun 17 Oct 2010, 7:27 pm

OTL Extras logfile created on: 10/17/2010 7:21:33 PM - Run 1
OTL by OldTimer - Version 3.2.15.2 Folder = C:\Documents and Settings\Trish\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 81.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 415.30 Gb Free Space | 89.17% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive E: | 11.56 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: A-6B8495670A044 | User Name: Trish | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee 9.0.Browse] -- "C:\Program Files\ACD Systems\ACDSee\9.0\ACDSeeQV.exe" "%1" (ACD Systems Ltd.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\CDS\Nero\Installation\SetupX.exe" = D:\CDS\Nero\Installation\SetupX.exe:*:Enabled:Nero ProductSetup -- File not found
"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe -- File not found
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- File not found
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe -- File not found
"C:\Documents and Settings\Trish\Application Data\IMVUClient\IMVUClient.exe" = C:\Documents and Settings\Trish\Application Data\IMVUClient\IMVUClient.exe:*:Enabled:IMVUClient -- ()
"C:\WINDOWS\system32\muzapp.exe" = C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player -- (Musiccity Co.Ltd.)
"C:\Documents and Settings\Trish\Application Data\IMVUClient\1VivoxVoice.exe" = C:\Documents and Settings\Trish\Application Data\IMVUClient\1VivoxVoice.exe:*:Enabled:1VivoxVoice -- (Vivox, Inc.)
"C:\Program Files\Paltalk Messenger\paltalk.exe" = C:\Program Files\Paltalk Messenger\paltalk.exe:*:Enabled:PaltalkScene -- File not found
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP620_series" = Canon MP620 series MP Drivers
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 19
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{72FD5F2E-1F7A-4E9B-8838-29E842E178CD}" = Join Me
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Client 1.10.00
"{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{92022F8E-2E55-4A16-88EB-B4778B35E942}" = ACDSee for PENTAX 3.0
"{92B79901-C57D-409F-8D2F-4E5337383569}" = OpenOffice.org 3.0
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
"{A20A58C4-6784-4B4B-86CC-94E2E3671033}" = Nero 7 Premium
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.1
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{C20CE592-B0F8-4D20-BF31-0151CA6331A6}" = Samsung Media Studio
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{D42FD0CF-F36F-42D5-A12F-CE58397FD78A}" = Telstra Mobile Broadband Manager
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"5E8F128761A9B07EC2DEC909F167D92DB8B3A348" = Windows Driver Package - Cmotech Modem (12/13/2006 2.0.3.5)
"6A032F4180B5A0E8F4BC27384D0A423B2595A785" = Windows Driver Package - Cmotech Ports (12/13/2006 2.0.3.5)
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Any Video Converter Professional_is1" = Any Video Converter Professional 3.0.7
"Any Video Converter_is1" = Any Video Converter 3.0.7
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CANONIJPLM100" = Inkjet Printer/Scanner Extended Survey Program
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CloneDVD2" = CloneDVD2
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2008-01-24
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"Dodo Wireless Broadband" = Dodo Wireless Broadband
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"E7E257830CD4614E7CF1B3792DF19B85FE5E7BE7" = Windows Driver Package - Cmotech (cmusbnet) Net (06/11/2007 2.0.0.9)
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ie8" = Windows Internet Explorer 8
"IMVU_Inc Toolbar" = IMVU Inc Toolbar
"InstallShield_{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"Inzomia Viewer" = Inzomia Viewer 3.11
"Lame MP3 Codec (for the ACM)" = Lame ACM MP3 Codec
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"OnlineArmor_is1" = Online Armor 4.0
"Search Guard Plus" = Search Guard Plus (My Web Tattoo)
"Search Guard Plus Updater" = Search Guard Plus Updater (My Web Tattoo)
"TBSB07183.TBSB07183Toolbar" = Fast Browser Search (My Web Tattoo)
"Telstra Mobile Broadband Manager" = Telstra Mobile Broadband Manager
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XviD_is1" = XviD MPEG-4 Video Codec

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Advanced IM Password Recovery" = Advanced IM Password Recovery
"IMVU Avatar chat client software BETA" = IMVU Avatar Chat Software

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/2/2010 9:24:27 PM | Computer Name = A-6B8495670A044 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/2/2010 9:24:40 PM | Computer Name = A-6B8495670A044 | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

Error - 10/3/2010 10:24:41 PM | Computer Name = A-6B8495670A044 | Source = Application Error | ID = 1000
Description = Faulting application jaucheck.exe, version 2.0.2.1, faulting module
jaucheck.exe, version 2.0.2.1, fault address 0x0000c940.

Error - 10/12/2010 2:24:35 AM | Computer Name = A-6B8495670A044 | Source = Application Error | ID = 1000
Description = Faulting application jaucheck.exe, version 2.0.2.1, faulting module
jaucheck.exe, version 2.0.2.1, fault address 0x0000c940.

Error - 10/13/2010 1:31:05 AM | Computer Name = A-6B8495670A044 | Source = Google Update | ID = 20
Description =

Error - 10/13/2010 7:39:39 PM | Computer Name = A-6B8495670A044 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/13/2010 11:31:05 PM | Computer Name = A-6B8495670A044 | Source = Google Update | ID = 20
Description =

Error - 10/14/2010 12:31:05 AM | Computer Name = A-6B8495670A044 | Source = Google Update | ID = 20
Description =

Error - 10/14/2010 1:31:05 AM | Computer Name = A-6B8495670A044 | Source = Google Update | ID = 20
Description =

Error - 10/14/2010 2:31:05 AM | Computer Name = A-6B8495670A044 | Source = Google Update | ID = 20
Description =

[ System Events ]
Error - 9/13/2010 11:47:32 PM | Computer Name = A-6B8495670A044 | Source = Srv | ID = 2000
Description = The server's call to a system service failed unexpectedly.

Error - 9/14/2010 1:29:54 AM | Computer Name = A-6B8495670A044 | Source = Dhcp | ID = 1002
Description = The IP address lease 10.192.85.50 for the Network Card with network
address 00A0C6000000 has been denied by the DHCP server 10.168.104.229 (The DHCP
Server sent a DHCPNACK message).

Error - 9/27/2010 7:31:38 AM | Computer Name = A-6B8495670A044 | Source = DCOM | ID = 10010
Description = The server {7160A13D-73DA-4CEA-95B9-37356478588A} did not register
with DCOM within the required timeout.


< End of report >

TrishKa

Rookie Surfer
Rookie Surfer

Posts : 55
Joined : 2009-12-19
Operating System : Windows XP

View user profile

Back to top Go down

Re: Very slow computer, virus maybe??

Post by TrishKa on Sun 17 Oct 2010, 7:31 pm

OTL logfile created on: 10/17/2010 7:21:33 PM - Run 1
OTL by OldTimer - Version 3.2.15.2 Folder = C:\Documents and Settings\Trish\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 81.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 415.30 Gb Free Space | 89.17% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive E: | 11.56 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: A-6B8495670A044 | User Name: Trish | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

========== Processes (SafeList) ==========

PRC - [2010/10/17 19:20:11 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Trish\My Documents\Downloads\OTL.exe
PRC - [2010/09/06 22:37:53 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/07/23 13:07:03 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/07/23 13:06:53 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/05/14 12:01:26 | 004,352,408 | ---- | M] (Telstra) -- C:\Program Files\Telstra\Mobile Broadband Manager\TelstraUCM.exe
PRC - [2010/04/16 09:33:40 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/03/08 14:28:54 | 001,029,456 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/03/02 10:28:31 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/02/24 09:28:09 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/01/14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/12/05 07:53:38 | 001,282,248 | ---- | M] (Tall Emu) -- C:\Program Files\Tall Emu\Online Armor\oacat.exe
PRC - [2009/09/01 19:47:13 | 000,139,264 | ---- | M] () -- C:\Program Files\Dodo Wireless Broadband\Dodo Wireless Broadband.exe
PRC - [2008/12/10 20:02:30 | 000,216,520 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\daemon.exe
PRC - [2008/10/01 11:45:00 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2008/10/01 11:43:38 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2008/04/15 00:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/18 03:06:00 | 001,848,648 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2008/01/22 19:35:52 | 000,103,808 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
PRC - [2007/05/16 10:27:38 | 001,209,904 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2007/05/16 10:27:16 | 000,153,136 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2007/02/23 16:32:56 | 000,126,976 | ---- | M] (SAMSUNG ELECTRONICS) -- C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
PRC - [2007/01/30 20:36:30 | 000,057,344 | ---- | M] ((주)마크애니) -- C:\Program Files\MarkAny\ContentSafer\MaAgent.exe
PRC - [2006/04/01 16:30:34 | 001,404,928 | R--- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe


========== Modules (SafeList) ==========

MOD - [2010/10/17 19:20:11 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Trish\My Documents\Downloads\OTL.exe
MOD - [2010/08/24 03:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2008/04/15 00:40:22 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2004/11/24 20:58:24 | 000,163,840 | ---- | M] (MarkAny Co., Ltd.) -- C:\Program Files\MarkAny\ContentSafer\MaCSProHook.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/09/06 22:37:53 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/04/16 09:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/08 14:28:54 | 001,029,456 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/02/24 09:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/12/05 07:53:38 | 003,291,336 | ---- | M] (Tall Emu) [On_Demand | Stopped] -- C:\Program Files\Tall Emu\Online Armor\oasrv.exe -- (SvcOnlineArmor)
SRV - [2009/12/05 07:53:38 | 001,282,248 | ---- | M] (Tall Emu) [Auto | Running] -- C:\Program Files\Tall Emu\Online Armor\OAcat.exe -- (OAcat)
SRV - [2008/01/22 19:35:52 | 000,103,808 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)


========== Driver Services (SafeList) ==========

DRV - [2010/08/01 22:27:02 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/05/03 13:18:12 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2010/03/01 09:05:24 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/02/16 13:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/01/27 11:45:48 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2010/01/27 11:45:48 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2010/01/27 11:45:48 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2010/01/25 19:56:16 | 000,105,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\zgwhsmdm.sys -- (zgwhsmdm)
DRV - [2010/01/22 11:57:16 | 000,106,752 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\zgwhsdiag.sys -- (zgwhsdiag)
DRV - [2009/12/28 16:03:40 | 000,114,688 | ---- | M] (ZTE Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnet.sys -- (ZTEusbnet)
DRV - [2009/12/05 07:28:06 | 000,024,656 | ---- | M] (Tall Emu) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\OAmon.sys -- (OAmon)
DRV - [2009/12/05 07:27:56 | 000,029,776 | ---- | M] (Tall Emu Pty Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\OAnet.sys -- (OAnet)
DRV - [2009/12/05 07:27:52 | 000,223,312 | ---- | M] (Tall Emu) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\OADriver.sys -- (OADevice)
DRV - [2009/07/04 01:49:08 | 000,064,160 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/05/11 11:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/05/11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008/12/13 12:26:38 | 000,102,400 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008/04/29 11:59:52 | 000,007,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\massfilter.sys -- (massfilter)
DRV - [2008/01/09 13:28:34 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\seehcri.sys -- (seehcri)
DRV - [2006/04/01 16:33:16 | 000,134,272 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2006/04/01 16:30:34 | 000,732,928 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2004/07/29 07:09:09 | 000,009,856 | ---- | M] (Elaborate Bytes AG) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2004/06/09 09:13:49 | 000,003,968 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyDelay.sys -- (ElbyDelay)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\..\URLSearchHook: {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files\IMVU_Inc\tbIMV1.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.tattoodle.com/"
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.10.00
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/21 22:41:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/21 22:41:17 | 000,000,000 | ---D | M]

[2010/08/21 22:41:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trish\Application Data\Mozilla\Extensions
[2009/10/05 21:12:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trish\Application Data\Mozilla\Extensions\IMVUClientXUL@imvu.com
[2010/08/21 22:41:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trish\Application Data\Mozilla\Firefox\Profiles\jcwja3uc.default\extensions
[2010/10/17 11:20:00 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/09/24 00:36:41 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\plugin@yontoo.com

O1 HOSTS File: ([2004/08/13 00:19:39 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (IMVU Inc Toolbar) - {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files\IMVU_Inc\tbIMV1.dll (Conduit Ltd.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
O2 - BHO: (BigPond Mobile Broadband Auto Dial) - {DB92EC3F-697D-4C3B-9A3B-3ABBD23D4A85} - C:\Program Files\Telstra\Mobile Broadband Manager\bpwbb2ad.dll (Telstra)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Client\YontooIEClient.dll (Yontoo Technology, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (IMVU Inc Toolbar) - {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files\IMVU_Inc\tbIMV1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (IMVU Inc Toolbar) - {90B49673-5506-483E-B92B-CA0265BD9CA8} - C:\Program Files\IMVU_Inc\tbIMV1.dll (Conduit Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BigPondWirelessBroadbandCM] C:\Program Files\Telstra\Mobile Broadband Manager\TelstraUCM.exe (Telstra)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MaAgent.exe ((주)마크애니)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe (SAMSUNG ELECTRONICS)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKCU..\Run: [KillCopy] C:\WINDOWS\System32\killcopy.exe (Killer{R})
O4 - Startup: C:\Documents and Settings\Trish\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Trish\Start Menu\Programs\IMVU\Run IMVU.lnk ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} [You must be registered and logged in to see this link.] (DLM Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_19)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} [You must be registered and logged in to see this link.] (Windows Live Hotmail Photo Upload Tool)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Trish\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Trish\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Program Files\Tall Emu\Online Armor\oaevent.dll (Tall Emu)
O28 - HKLM ShellExecuteHooks: {88485281-8b4b-4f8d-9ede-82e29a064277} - C:\Program Files\MarkAny\ContentSafer\MACSMANAGER.dll (MarkAny Cooperation.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/01/09 07:20:15 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/01/21 04:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.) - E:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2008/07/25 16:35:24 | 000,000,045 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{7eb5ab43-fbf1-11de-b8e2-001372230c26}\Shell\AutoRun\command - "" = E:\rx.exe -- File not found
O33 - MountPoints2\{7eb5ab43-fbf1-11de-b8e2-001372230c26}\Shell\open\Command - "" = E:\rx.exe -- File not found
O33 - MountPoints2\{a4e99f30-9860-11de-a0f8-001372230c26}\Shell - "" = AutoRun
O33 - MountPoints2\{a4e99f30-9860-11de-a0f8-001372230c26}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a4e99f30-9860-11de-a0f8-001372230c26}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2009/01/21 04:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{f7ab459a-96d3-11de-a0ef-001372230c26}\Shell - "" = AutoRun
O33 - MountPoints2\{f7ab459a-96d3-11de-a0ef-001372230c26}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f7ab459a-96d3-11de-a0ef-001372230c26}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2009/01/21 04:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: VIDC.ACDV - C:\WINDOWS\System32\ACDV.dll (ACD Systems)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.ffds - C:\Program Files\Combined Community Codec Pack\Filters\FFDShow\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17183584330711040)

========== Files/Folders - Created Within 90 Days ==========

[2010/09/27 23:11:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Nero
[2010/09/27 23:11:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Ahead
[2010/09/27 21:44:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/09/27 21:44:04 | 018,077,672 | ---- | C] (Any-Video-Converter.com ) -- C:\any-video-converter.exe
[2010/09/08 20:46:38 | 000,114,688 | ---- | C] (ZTE Corporation) -- C:\WINDOWS\System32\drivers\ZTEusbnet.sys
[2010/09/08 20:46:38 | 000,105,856 | ---- | C] (ZTE Incorporated) -- C:\WINDOWS\System32\drivers\ZTEusbser6k.sys
[2010/09/08 20:46:38 | 000,105,856 | ---- | C] (ZTE Incorporated) -- C:\WINDOWS\System32\drivers\ZTEusbnmea.sys
[2010/09/08 20:46:38 | 000,105,856 | ---- | C] (ZTE Incorporated) -- C:\WINDOWS\System32\drivers\ZTEusbmdm6k.sys
[2010/09/08 20:46:38 | 000,007,680 | ---- | C] (ZTE Incorporated) -- C:\WINDOWS\System32\drivers\massfilter.sys
[2010/09/08 20:46:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Trish\Application Data\Sierra Wireless
[2010/09/08 20:46:24 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2010/09/08 20:46:16 | 000,027,072 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\drivers\PCASp50.sys
[2010/09/08 20:45:56 | 000,000,000 | ---D | C] -- C:\Program Files\Telstra
[2010/08/22 18:41:22 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/08/21 22:47:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Trish\My Documents\Downloads
[2010/08/21 22:41:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Trish\Local Settings\Application Data\Mozilla
[2010/08/21 22:25:57 | 000,106,752 | ---- | C] (ZTE Incorporated) -- C:\WINDOWS\System32\drivers\zgwhsnmea.sys
[2010/08/21 22:25:57 | 000,106,752 | ---- | C] (ZTE Incorporated) -- C:\WINDOWS\System32\drivers\zgwhsdiag.sys
[2010/08/21 22:25:57 | 000,105,216 | ---- | C] (ZTE Incorporated) -- C:\WINDOWS\System32\drivers\zgwhsmdm.sys
[2010/08/21 22:25:19 | 000,000,000 | ---D | C] -- C:\Program Files\Join Me
[2010/08/21 22:24:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2010/08/18 11:35:02 | 000,000,000 | ---D | C] -- C:\AliceWonderland_AUS_DES
[2010/08/12 15:14:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Trish\My Documents\GeekPolice eBook - Computer Tips & Tricks
[2010/08/11 18:28:10 | 000,000,000 | ---D | C] -- C:\Program Files\Babylon
[2010/08/10 22:25:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\IMVU_Inc
[2010/08/09 16:27:30 | 000,000,000 | ---D | C] -- C:\Program Files\AnvSoft
[2010/08/06 12:32:52 | 000,027,632 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\WINDOWS\System32\drivers\seehcri.sys
[2010/08/02 00:39:20 | 000,000,000 | ---D | C] -- C:\BLACK_HAWK_DOWN
[2010/08/01 23:30:49 | 000,000,000 | ---D | C] -- C:\Program Files\Combined Community Codec Pack
[2010/08/01 23:30:06 | 000,000,000 | ---D | C] -- C:\Program Files\KillSoft
[2010/08/01 23:27:43 | 000,000,000 | ---D | C] -- C:\Program Files\Inzomia Viewer
[2010/08/01 22:46:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Trish\Application Data\CyberLink
[2010/08/01 22:46:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Trish\My Documents\CyberLink
[2010/08/01 22:30:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Trish\Application Data\DAEMON Tools Pro
[2010/08/01 22:30:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Trish\Application Data\DAEMON Tools
[2010/08/01 22:29:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010/08/01 22:29:00 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Toolbar
[2010/08/01 22:28:56 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2010/08/01 22:26:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Trish\Application Data\DAEMON Tools Lite
[2010/08/01 22:05:19 | 000,000,000 | ---D | C] -- C:\Program Files\Ahead
[2010/08/01 21:46:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Trish\Application Data\Ahead
[2010/08/01 21:45:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Trish\Local Settings\Application Data\Ahead
[2010/08/01 21:42:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DVD Shrink
[2010/08/01 21:42:50 | 000,000,000 | ---D | C] -- C:\Program Files\DVD Shrink
[2010/08/01 21:41:22 | 000,000,000 | ---D | C] -- C:\Program Files\DVD Decrypter
[2010/08/01 21:36:47 | 000,000,000 | ---D | C] -- C:\Program Files\Elaborate Bytes
[2010/08/01 21:34:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Trish\Application Data\DVD Shrink
[2010/08/01 21:26:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\From scooby
[2010/07/24 14:20:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Trish\Local Settings\Application Data\IMVU_Inc
[2010/07/24 14:20:49 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2010/07/24 14:20:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Trish\Local Settings\Application Data\Conduit
[2010/07/24 14:20:48 | 000,000,000 | ---D | C] -- C:\Program Files\IMVU_Inc
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/10/17 19:17:11 | 000,001,924 | ---- | M] () -- C:\Documents and Settings\Trish\Desktop\IMVU.lnk
[2010/10/17 19:09:59 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/17 18:38:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/17 11:09:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/16 23:33:17 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/14 22:15:19 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/10/14 08:58:35 | 000,168,304 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/10/12 21:25:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/10/11 17:03:58 | 000,012,730 | ---- | M] () -- C:\Documents and Settings\Trish\My Documents\tenancy reference.docx
[2010/10/04 20:37:14 | 000,010,714 | ---- | M] () -- C:\Documents and Settings\Trish\My Documents\Day 1.docx
[2010/10/04 14:24:28 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/10/03 10:26:55 | 000,305,318 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/10/03 10:26:55 | 000,037,760 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/09/28 00:19:31 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/09/27 23:12:18 | 000,002,361 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Nero StartSmart.lnk
[2010/09/27 23:12:18 | 000,002,261 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Nero Home.lnk
[2010/09/27 21:44:08 | 018,077,672 | ---- | M] (Any-Video-Converter.com ) -- C:\any-video-converter.exe
[2010/09/13 21:21:56 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Trish\Desktop\Internet.lnk
[2010/08/22 19:03:06 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Trish\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/08/21 22:41:26 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2010/08/21 22:41:20 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Trish\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/08/09 16:27:44 | 000,000,799 | ---- | M] () -- C:\Documents and Settings\Trish\Desktop\Any Video Converter.lnk
[2010/08/02 23:54:39 | 000,013,262 | ---- | M] () -- C:\Documents and Settings\Trish\My Documents\Best Slow Cooker Beef Stew.docx
[2010/08/01 23:27:43 | 000,000,717 | ---- | M] () -- C:\Documents and Settings\Trish\Desktop\Inzomia Viewer.lnk
[2010/08/01 22:27:02 | 000,717,296 | ---- | M] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010/08/01 22:22:57 | 000,002,379 | ---- | M] () -- C:\Documents and Settings\Trish\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart Essentials.lnk
[2010/08/01 21:42:51 | 000,000,670 | ---- | M] () -- C:\Documents and Settings\Trish\Desktop\DVD Shrink 3.2.lnk
[2010/08/01 21:41:22 | 000,001,653 | ---- | M] () -- C:\Documents and Settings\Trish\Application Data\Microsoft\Internet Explorer\Quick Launch\DVD Decrypter.lnk
[2010/08/01 21:41:22 | 000,001,635 | ---- | M] () -- C:\Documents and Settings\Trish\Desktop\DVD Decrypter.lnk
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/11 17:03:58 | 000,012,730 | ---- | C] () -- C:\Documents and Settings\Trish\My Documents\tenancy reference.docx
[2010/10/04 20:37:14 | 000,010,714 | ---- | C] () -- C:\Documents and Settings\Trish\My Documents\Day 1.docx
[2010/09/27 23:12:18 | 000,002,361 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nero StartSmart.lnk
[2010/09/27 23:12:18 | 000,002,261 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nero Home.lnk
[2010/09/13 21:21:56 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Trish\Desktop\Internet.lnk
[2010/08/21 22:41:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/08/21 22:41:20 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\Trish\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/08/09 16:27:44 | 000,000,799 | ---- | C] () -- C:\Documents and Settings\Trish\Desktop\Any Video Converter.lnk
[2010/08/02 23:54:39 | 000,013,262 | ---- | C] () -- C:\Documents and Settings\Trish\My Documents\Best Slow Cooker Beef Stew.docx
[2010/08/01 23:27:43 | 000,000,717 | ---- | C] () -- C:\Documents and Settings\Trish\Desktop\Inzomia Viewer.lnk
[2010/08/01 22:27:02 | 000,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010/08/01 22:22:57 | 000,002,379 | ---- | C] () -- C:\Documents and Settings\Trish\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart Essentials.lnk
[2010/08/01 21:42:51 | 000,000,670 | ---- | C] () -- C:\Documents and Settings\Trish\Desktop\DVD Shrink 3.2.lnk
[2010/08/01 21:41:22 | 000,001,653 | ---- | C] () -- C:\Documents and Settings\Trish\Application Data\Microsoft\Internet Explorer\Quick Launch\DVD Decrypter.lnk
[2010/08/01 21:41:22 | 000,001,635 | ---- | C] () -- C:\Documents and Settings\Trish\Desktop\DVD Decrypter.lnk
[2010/04/12 00:13:26 | 000,000,065 | ---- | C] () -- C:\WINDOWS\FISHUI.INI
[2010/04/02 12:33:24 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/01/13 20:27:06 | 000,000,183 | ---- | C] () -- C:\WINDOWS\aimpr.ini
[2009/11/21 16:47:46 | 000,299,008 | ---- | C] () -- C:\WINDOWS\System32\LAME_MP3.dll
[2009/11/21 16:43:25 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2009/11/21 16:43:25 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2009/11/21 16:43:23 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2009/11/21 16:43:23 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\Ogg.dll
[2009/08/28 19:48:12 | 000,006,656 | ---- | C] () -- C:\Documents and Settings\Trish\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/28 14:27:59 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/01/08 23:09:44 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/12/20 12:08:28 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2004/12/20 12:03:26 | 000,679,936 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2002/03/21 15:39:02 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL

========== LOP Check ==========

[2010/03/07 08:32:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2009/10/11 19:04:35 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2010/07/21 13:25:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJ
[2009/10/11 19:13:54 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJMyPrinter
[2010/10/11 16:59:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJPLM
[2009/10/11 19:32:46 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
[2009/10/11 19:14:39 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJSolutionMenu
[2010/08/01 22:29:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010/03/28 17:39:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OnlineArmor
[2009/09/24 00:36:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2010/09/27 23:49:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/05/21 17:14:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/25 15:18:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
[2010/03/15 17:56:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trish\Application Data\ACD Systems
[2009/09/25 18:25:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trish\Application Data\alot
[2010/07/01 22:14:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trish\Application Data\AnvSoft
[2009/10/11 19:32:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trish\Application Data\Canon
[2010/01/10 23:21:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trish\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/08/01 22:30:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trish\Application Data\DAEMON Tools
[2010/08/01 22:26:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trish\Application Data\DAEMON Tools Lite
[2010/08/01 22:30:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trish\Application Data\DAEMON Tools Pro
[2009/11/21 16:43:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trish\Application Data\DataCast
[2010/10/17 19:17:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trish\Application Data\IMVU
[2010/10/17 19:17:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trish\Application Data\IMVUClient
[2010/03/13 19:01:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trish\Application Data\OnlineArmor
[2010/07/01 22:14:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trish\Application Data\OpenCandy
[2009/08/28 19:29:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trish\Application Data\OpenOffice.org
[2010/08/21 22:30:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trish\Application Data\Paltalk
[2010/09/08 20:46:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trish\Application Data\Sierra Wireless
[2010/01/04 14:47:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trish\Application Data\Vivox
[2010/10/04 14:24:28 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/10/17 11:09:03 | 000,184,796 | ---- | M] () -- C:\aaw7boot.log
[2010/09/27 21:44:08 | 018,077,672 | ---- | M] (Any-Video-Converter.com ) -- C:\any-video-converter.exe
[2009/01/09 07:20:15 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/12/19 09:20:11 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2009/01/09 07:20:15 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009/01/09 07:20:15 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/01/09 07:20:15 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2009/09/12 13:00:49 | 000,008,192 | ---- | M] () -- C:\mtwb.dat
[2004/08/13 00:25:07 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/01/09 07:52:44 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/10/17 11:09:03 | 1598,029,824 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2009/01/08 23:07:34 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009/01/08 23:07:34 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009/01/08 23:07:34 | 000,905,216 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-10-14 11:15:27

========== Alternate Data Streams ==========

@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:661DFA1C

< End of report >

TrishKa

Rookie Surfer
Rookie Surfer

Posts : 55
Joined : 2009-12-19
Operating System : Windows XP

View user profile

Back to top Go down

Re: Very slow computer, virus maybe??

Post by TheAvatar on Sun 17 Oct 2010, 7:50 pm

Hi TrishKa,

Not often I come across another fellow Aussie on the forums

Please work your way though the following:

Step 1:

Run OTL.exe
  • Copy/paste the following text written inside of the quote box into the Custom Scans/Fixes box located at the bottom of OTL

    :OTL
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - No CLSID value found.
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_19)
    O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_19)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_19)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
    O33 - MountPoints2\{7eb5ab43-fbf1-11de-b8e2-001372230c26}\Shell\AutoRun\command - "" = E:\rx.exe -- File not found
    O33 - MountPoints2\{7eb5ab43-fbf1-11de-b8e2-001372230c26}\Shell\open\Command - "" = E:\rx.exe -- File not found
    O33 - MountPoints2\{a4e99f30-9860-11de-a0f8-001372230c26}\Shell - "" = AutoRun
    O33 - MountPoints2\{a4e99f30-9860-11de-a0f8-001372230c26}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{a4e99f30-9860-11de-a0f8-001372230c26}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2009/01/21 04:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{f7ab459a-96d3-11de-a0ef-001372230c26}\Shell - "" = AutoRun
    O33 - MountPoints2\{f7ab459a-96d3-11de-a0ef-001372230c26}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{f7ab459a-96d3-11de-a0ef-001372230c26}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2009/01/21 04:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)

    :Commands
    [purity]
    [emptytemp]
    [emptyflash]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • After rebooting, please post the OTL you are presented with on startup.



Step 2:

Please launch Malwarebytes Anti-malware.
  • Once the program has loaded click the "Update taband then "Check for Updates" if any are found they will be downloaded. When prompted click Ok to install the updates.
  • After updating navigate to the main menu and check Perform Full Scan, then click Scan.
    The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to restart. Restart if it tells you to.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.



In your next reply please include:
  • The log from OTL.
  • The MBAM log.


Thanks, I look forward to your response.

TheAvatar

Malware Advisor
Malware Advisor

Posts : 137
Joined : 2010-10-02
Operating System : Windows XP SP3

View user profile

Back to top Go down

Re: Very slow computer, virus maybe??

Post by TrishKa on Sun 17 Oct 2010, 8:36 pm

Sorry Avatar, could you please link me malware bytes so I can post MBAM log? Thanks for opting to help me too btw and what part of Aus are you in?


All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1BB22D38-A411-4B13-A746-C2A4F4EC7344} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1BB22D38-A411-4B13-A746-C2A4F4EC7344}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7eb5ab43-fbf1-11de-b8e2-001372230c26}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7eb5ab43-fbf1-11de-b8e2-001372230c26}\ not found.
File E:\rx.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7eb5ab43-fbf1-11de-b8e2-001372230c26}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7eb5ab43-fbf1-11de-b8e2-001372230c26}\ not found.
File E:\rx.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a4e99f30-9860-11de-a0f8-001372230c26}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a4e99f30-9860-11de-a0f8-001372230c26}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a4e99f30-9860-11de-a0f8-001372230c26}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a4e99f30-9860-11de-a0f8-001372230c26}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a4e99f30-9860-11de-a0f8-001372230c26}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a4e99f30-9860-11de-a0f8-001372230c26}\ not found.
File move failed. E:\AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f7ab459a-96d3-11de-a0ef-001372230c26}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f7ab459a-96d3-11de-a0ef-001372230c26}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f7ab459a-96d3-11de-a0ef-001372230c26}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f7ab459a-96d3-11de-a0ef-001372230c26}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f7ab459a-96d3-11de-a0ef-001372230c26}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f7ab459a-96d3-11de-a0ef-001372230c26}\ not found.
File move failed. E:\AutoRun.exe scheduled to be moved on reboot.
========== COMMANDS ==========

[EMPTYTEMP]

User: 123
->Temp folder emptied: 1477430975 bytes
->Temporary Internet Files folder emptied: 309602597 bytes
->Java cache emptied: 25803258 bytes
->FireFox cache emptied: 12534377 bytes
->Flash cache emptied: 84418 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41620 bytes

User: Guest
->Temp folder emptied: 865 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1291162 bytes

User: Trish
->Temp folder emptied: 2149354181 bytes
->Temporary Internet Files folder emptied: 29508448 bytes
->Java cache emptied: 37631129 bytes
->FireFox cache emptied: 103684865 bytes
->Flash cache emptied: 111106 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2162283 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 723128 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 336934 bytes
RecycleBin emptied: 2854778 bytes

Total Files Cleaned = 3,961.00 mb


[EMPTYFLASH]

User: 123
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: Guest

User: LocalService

User: NetworkService

User: Trish
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.15.2 log created on 10172010_202410

Files\Folders moved on Reboot...
File move failed. E:\AutoRun.exe scheduled to be moved on reboot.

Registry entries deleted on Reboot...


Last edited by TrishKa on Sun 17 Oct 2010, 8:43 pm; edited 1 time in total (Reason for editing : I forgot something)

TrishKa

Rookie Surfer
Rookie Surfer

Posts : 55
Joined : 2009-12-19
Operating System : Windows XP

View user profile

Back to top Go down

Re: Very slow computer, virus maybe??

Post by TheAvatar on Sun 17 Oct 2010, 9:27 pm

Hi TrishKa,

I am in NSW, Sorry I looked at your uninstall list and seen it was installed. Must be a remnant. Hopefully I get this to you before you go to sleep so you can run the scan over night.

Please download Malwarebytes' AntiMalware.

Double click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform Full Scan, then click Scan.
    The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to restart. Restart if it tells you to.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.



TheAvatar

Malware Advisor
Malware Advisor

Posts : 137
Joined : 2010-10-02
Operating System : Windows XP SP3

View user profile

Back to top Go down

Re: Very slow computer, virus maybe??

Post by TrishKa on Mon 18 Oct 2010, 10:10 pm

OKay I'm in the process of doing that now so please don't dismiss this thread, like I said, very slow...

I downloaded it but it wont run, says the files are corrupt??
I found the version of malwarebytes I had already so it wasn't a remnant (someone with good intentions moved it to somewhere I couldn't find it before) and I couldn't get an update from that either, should I just run the scan on the version I already have?


Last edited by TrishKa on Mon 18 Oct 2010, 10:17 pm; edited 1 time in total (Reason for editing : Because it's my post and I can)

TrishKa

Rookie Surfer
Rookie Surfer

Posts : 55
Joined : 2009-12-19
Operating System : Windows XP

View user profile

Back to top Go down

Re: Very slow computer, virus maybe??

Post by TheAvatar on Mon 18 Oct 2010, 10:26 pm

Hi,

Please try downloading a fresh copy and install it. See how that goes.

TheAvatar

Malware Advisor
Malware Advisor

Posts : 137
Joined : 2010-10-02
Operating System : Windows XP SP3

View user profile

Back to top Go down

Re: Very slow computer, virus maybe??

Post by TrishKa on Mon 18 Oct 2010, 10:35 pm

OKay I'll try again now

No luck, it's giving me the same message

TrishKa

Rookie Surfer
Rookie Surfer

Posts : 55
Joined : 2009-12-19
Operating System : Windows XP

View user profile

Back to top Go down

Re: Very slow computer, virus maybe??

Post by TheAvatar on Mon 18 Oct 2010, 11:10 pm

Lets try an alternate scan then shall we

It can be updated by the Java control panel
  • click on Start > Control Panel (Classic View) > Java (looks like a coffee cup) > Update Tab > Update Now.
  • An update should begin.
  • Just follow the prompts.



---


Using Internet Explorer or Firefox, visit Kaspersky Online Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.

2. To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs.

3. Click Run at the Security prompt.

The program will then begin downloading and installing and will also update the database.
Please be patient as this can take quite a long time to download.
  • Once the update is complete, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, adware, dialers, and other riskware
    • Archives
    • E-mail databases

  • Click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View report... at the bottom.
  • Click the Save report... button.




  • Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply

TheAvatar

Malware Advisor
Malware Advisor

Posts : 137
Joined : 2010-10-02
Operating System : Windows XP SP3

View user profile

Back to top Go down

Re: Very slow computer, virus maybe??

Post by TrishKa on Wed 20 Oct 2010, 2:15 pm

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Wednesday, October 20, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Tuesday, October 19, 2010 04:54:47
Records in database: 4186655
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\

Scan statistics:
Objects scanned: 343916
Threats found: 1
Infected objects found: 1
Suspicious objects found: 0
Scan duration: 04:32:16


File name / Threat / Threats count
C:\Program Files\ElcomSoft\Advanced IM Password Recovery\aimpr.exe Infected: not-a-virus:PSWTool.Win32.AdvancedPR.x 1

Selected area has been scanned.

TrishKa

Rookie Surfer
Rookie Surfer

Posts : 55
Joined : 2009-12-19
Operating System : Windows XP

View user profile

Back to top Go down

Re: Very slow computer, virus maybe??

Post by TheAvatar on Wed 20 Oct 2010, 9:14 pm

Hi Trishka,

I would just like to see if we can give MBAM another shot. Please use this link: [You must be registered and logged in to see this link.]

Follow all previous instructions about installing and updating and scanning. Thanks.

TheAvatar

Malware Advisor
Malware Advisor

Posts : 137
Joined : 2010-10-02
Operating System : Windows XP SP3

View user profile

Back to top Go down

Re: Very slow computer, virus maybe??

Post by TrishKa on Fri 22 Oct 2010, 9:58 pm

Malwarebytes' Anti-Malware 1.46
[You must be registered and logged in to see this link.]

Database version: 4910

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

10/22/2010 9:49:10 PM
mbam-log-2010-10-22 (21-49-10).txt

Scan type: Full scan (C:\|)
Objects scanned: 231925
Time elapsed: 41 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


This is a good thing I'm taking?

TrishKa

Rookie Surfer
Rookie Surfer

Posts : 55
Joined : 2009-12-19
Operating System : Windows XP

View user profile

Back to top Go down

Re: Very slow computer, virus maybe??

Post by TheAvatar on Fri 22 Oct 2010, 10:48 pm

Hi Trishka,

Things are looking better! How is it feeling?

TheAvatar

Malware Advisor
Malware Advisor

Posts : 137
Joined : 2010-10-02
Operating System : Windows XP SP3

View user profile

Back to top Go down

Re: Very slow computer, virus maybe??

Post by TrishKa on Sat 23 Oct 2010, 1:53 pm

Yeah it's running faster, but I don't know how it just changed like that, weird...

TrishKa

Rookie Surfer
Rookie Surfer

Posts : 55
Joined : 2009-12-19
Operating System : Windows XP

View user profile

Back to top Go down

Re: Very slow computer, virus maybe??

Post by TheAvatar on Sun 24 Oct 2010, 9:39 am

Hi Trishka,

Sorry about the delay, got a little distracted yesterday.

Run OTL.exe
  • Copy/paste the following text written inside of the quote box into the Custom Scans/Fixes box located at the bottom of OTL

    :Commands
    [purity]
    [emptytemp]
    [emptyflash]
    [clearallrestorepoints]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • After rebooting, please post the OTL you are presented with on startup.



THEN


Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.




Let me know how it goes.


TheAvatar

Malware Advisor
Malware Advisor

Posts : 137
Joined : 2010-10-02
Operating System : Windows XP SP3

View user profile

Back to top Go down

Re: Very slow computer, virus maybe??

Post by TrishKa on Mon 25 Oct 2010, 11:45 am

That's okay, no worries,lol!

All processes killed
========== COMMANDS ==========

[EMPTYTEMP]

User: 123
->Temp folder emptied: 146788 bytes
->Temporary Internet Files folder emptied: 80624986 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 1958 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 554299 bytes

User: Trish
->Temp folder emptied: 126629404 bytes
->Temporary Internet Files folder emptied: 3789177 bytes
->Java cache emptied: 128094 bytes
->FireFox cache emptied: 97201233 bytes
->Flash cache emptied: 2457 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 295.00 mb


[EMPTYFLASH]

User: 123
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: Guest

User: LocalService

User: NetworkService

User: Trish
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.15.2 log created on 10252010_110652

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

TrishKa

Rookie Surfer
Rookie Surfer

Posts : 55
Joined : 2009-12-19
Operating System : Windows XP

View user profile

Back to top Go down

Re: Very slow computer, virus maybe??

Post by TheAvatar on Mon 25 Oct 2010, 8:30 pm

How did running he cleanup with OTL go? Did OTL get deleted itself (it is a good thing)?

TheAvatar

Malware Advisor
Malware Advisor

Posts : 137
Joined : 2010-10-02
Operating System : Windows XP SP3

View user profile

Back to top Go down

Re: Very slow computer, virus maybe??

Post by TrishKa on Tue 26 Oct 2010, 9:42 am

Yeah it went fine, I don't know if it deleted itself, is it supposed to?

TrishKa

Rookie Surfer
Rookie Surfer

Posts : 55
Joined : 2009-12-19
Operating System : Windows XP

View user profile

Back to top Go down

Re: Very slow computer, virus maybe??

Post by TheAvatar on Tue 26 Oct 2010, 3:59 pm

It is supposed to,


The following procedure will implement some cleanup procedures. It will also reset your System Restore by flushing out previous restore points (which contain the infections) and create a new restore point.


Clear system restore points:

This is a good time to clear your existing system restore points and establish a new clean restore point:

  • Go to Start > All Programs > Accessories > System Tools > System Restore
  • Select Create a restore point, and Ok it.
  • Next, go to Start > Run and type in cleanmgr
  • choose your root drive (normally C:)
  • after it calculates how much space you will save it will open up a new window
  • Select the More options tab at the top of the window
  • Choose the option to clean up system restore and OK it.
  • go back to the disk clean up tab
  • put a checkmark in all - except compress old files (leave this unchecked)
  • click Ok then click yes

This will remove all restore points except the new one you just created and clean unneeded files

Make your Internet Explorer more secure:

  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialise and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • Change the Navigate sub-frames across different domains to Prompt
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    Next press the Apply button and then the OK to exit the Internet Properties page.


Turn On Automatic Updates:

    Turn On Automatic Updates
    1. Click Start, click Run, type sysdm.cpl, and then press ENTER.
    2. Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them

    If you click this setting, click to select the day and time for scheduled updates to occur. You can schedule Automatic Updates for any time of day. Remember, your computer must be on at the scheduled time for updates to be installed. After you set this option, Windows recognizes when you are online and uses your Internet connection to find updates on the Windows Update Web site or on the Microsoft Update Web site that apply to your computer. Updates are downloaded automatically in the background, and you are not notified or interrupted during this process. An icon appears in the notification area of your taskbar when the updates are being downloaded. You can point to the icon to view the download status. To pause or to resume the download, right-click the icon, and then click Pause or Resume. When the download is completed, another message appears in the notification area so that you can review the updates that are scheduled for installation. If you choose not to install at that time, Windows starts the installation on your set schedule.

    or visit [You must be registered and logged in to see this link.] regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.


Antispyware programs:

I would recommend the download and installation of some or all of the following programs (all free), and the updating of them regularly:

  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.

  • Spyware Blaster - By altering your registry, this program stops harmful sites from installing things like ActiveX Controls on your machines.

  • Malwarebytes' Anti-Malware - Malwarebytes' Anti-Malware is a powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recommend keeping it and using often.



Please read this great article by miekiemoes How to prevent Malware
and this great article by Tony Klein So How Did I Get Infected In First Place



Best wishes!

-TheAvatar

TheAvatar

Malware Advisor
Malware Advisor

Posts : 137
Joined : 2010-10-02
Operating System : Windows XP SP3

View user profile

Back to top Go down

Re: Very slow computer, virus maybe??

Post by Sponsored content Today at 11:25 am


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum