Solved re: Auntie's Extremely Slooooow Machine

Blue Star · 2010/07/17

[Resolved] re: Auntie's Extremely Slooooow Machine

lwarebytes Log.... sorry for the delay in getting back to you! Doing GMER now, thanks Broni.

Mod note - Original thread here .....

http://www.windowsbbs.com/malware-v...ctive-aunties-extremely-slooooow-machine.html

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4322

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/17/2010 3:41:31 PM
mbam-log-2010-07-17 (15-41-31).txt

Scan type: Quick scan
Objects scanned: 147183
Time elapsed: 49 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Blue Star · 2010/07/17

DDS (Ver_10-03-17.01) - NTFSx86
Run by Owner at 19:29:01.16 on Sat 07/17/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_19
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.247.115 [GMT -4:00]

AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uDefault_Search_URL = hxxp://srch-qus8.hpwis.com/
mSearch Bar = hxxp://srch-qus8.hpwis.com/
uInternet Settings,ProxyOverride = localhost
uSearchAssistant =
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\smart web printing\hpswp_printenhancer.dll
BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - c:\program files\hp\smart web printing\hpswp_framework.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx
BHO: {243b17de-77c7-46bf-b94b-0b5f309a0e64} - c:\program files\microsoft money\system\mnyside.dll
BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - c:\program files\wot\WOT.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - c:\program files\wot\WOT.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
TB: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Acme.PCHButton] c:\progra~1\instan~1\presario\xphnars3en\plugin\bin\PCHButton.exe
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [AlcxMonitor] ALCXMNTR.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - {DD6687B5-CB43-4211-BFC9-2942CCBDCB3E} - c:\program files\microsoft money\system\mnyside.dll
Trusted Zone: securesite.com
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA499} - hxxps://setup.bellsouth.net/wizlet/PWReset/static/controls/WebflowActiveXInstaller_6-1-2.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1272037067906
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1272037382218
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll
Notify: igfxcui - igfxsrvc.dll
Notify: OPXPGina - c:\program files\softex\omnipass\opxpgina.dll
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-4-13 165456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-5-7 17744]
S2 mrtRate;mrtRate; [x]
S3 PCDRDRV;Pcdr Helper Driver; [x]

=============== Created Last 30 ================

2010-07-10 18:06:23 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-08 16:43:28 0 d-s---w- C:\Microsoft
2010-07-04 05:01:49 3255 ----a-w- c:\windows\system32\wbem\Outlook_01cb1b3601fdbd02.mof
2010-07-02 00:08:15 38848 ----a-w- c:\windows\avastSS.scr
2010-06-30 22:03:51 28040 ----a-w- c:\windows\system32\mdimon.dll
2010-06-30 22:00:49 0 d-----w- c:\program files\Microsoft ActiveSync
2010-06-18 09:12:59 54156 ---ha-w- c:\windows\QTFont.qfn
2010-06-18 09:12:59 1409 ----a-w- c:\windows\QTFont.for

==================== Find3M ====================

2010-05-06 10:41:53 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-26 19:58:12 256512 ----a-w- c:\windows\PEV.exe
2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll
2002-06-27 15:58:48 41389 -c--a-w- c:\program files\lxaxsdrv.cat
2002-05-16 02:28:32 5740 -c--a-w- c:\program files\lxaxsdrv.ini
2002-05-15 06:57:56 9068 -c--a-w- c:\program files\lxaxspsz.gpd
2002-04-02 02:30:42 8494 -c--a-w- c:\program files\lxaxsdrv.inf
2002-03-15 10:36:56 4179 -c--a-w- c:\program files\lxaxsdrv.gpd
2008-08-05 19:23:17 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\application data\microsoft\feeds cache\index.dat
2008-08-05 01:29:08 49152 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008080420080805\index.dat
2008-08-05 19:22:53 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008080520080806\index.dat

============= FINISH: 19:30:51.36 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 8/8/2008 6:20:54 PM
System Uptime: 7/17/2010 7:11:26 PM (0 hours ago)

Motherboard: TriGem Computer Inc. | | Glendale motherboard
Processor: Intel(R) Celeron(R) CPU 2.50GHz | WMT478/NWD | 2491/mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 70 GiB total, 54.05 GiB free.
D: is FIXED (FAT32) - 5 GiB total, 1.302 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP196: 12/10/2010 10:54:59 AM - System Checkpoint
RP197: 12/10/2010 4:33:31 PM - Software Distribution Service 3.0
RP198: 6/11/2010 5:08:41 PM - System Checkpoint
RP199: 6/12/2010 5:23:37 PM - System Checkpoint
RP200: 6/12/2010 11:06:49 PM - Software Distribution Service 3.0
RP201: 6/13/2010 11:16:29 PM - System Checkpoint
RP202: 6/14/2010 12:35:12 AM - Software Distribution Service 3.0
RP203: 6/15/2010 1:02:19 PM - System Checkpoint
RP204: 6/16/2010 3:00:38 AM - Software Distribution Service 3.0
RP205: 6/16/2010 3:10:57 AM - Software Distribution Service 3.0
RP206: 6/16/2010 11:34:20 PM - Software Distribution Service 3.0
RP207: 6/17/2010 6:23:28 PM - Software Distribution Service 3.0
RP208: 6/18/2010 3:02:02 AM - Software Distribution Service 3.0
RP209: 6/18/2010 3:25:46 AM - Software Distribution Service 3.0
RP210: 6/19/2010 3:00:50 AM - Software Distribution Service 3.0
RP211: 6/20/2010 9:49:53 AM - Software Distribution Service 3.0
RP212: 6/21/2010 3:00:47 AM - Software Distribution Service 3.0
RP213: 6/16/2010 4:33:20 PM - System Checkpoint
RP214: 6/20/2010 11:18:28 AM - System Checkpoint
RP215: 6/21/2010 12:16:32 PM - System Checkpoint
RP216: 6/22/2010 3:00:23 AM - Software Distribution Service 3.0
RP217: 6/23/2010 2:48:53 PM - Software Distribution Service 3.0
RP218: 6/23/2010 3:10:34 PM - Software Distribution Service 3.0
RP219: 6/25/2010 8:52:28 PM - System Checkpoint
RP220: 6/25/2010 9:46:50 PM - Software Distribution Service 3.0
RP221: 6/26/2010 3:00:36 AM - Software Distribution Service 3.0
RP222: 6/26/2010 11:33:19 PM - Software Distribution Service 3.0
RP223: 6/28/2010 3:00:42 AM - Software Distribution Service 3.0
RP224: 6/29/2010 3:00:33 AM - Software Distribution Service 3.0
RP225: 6/30/2010 1:04:48 AM - Software Distribution Service 3.0
RP226: 6/30/2010 5:58:25 PM - Installed Microsoft Office Standard Edition 2003
RP227: 7/1/2010 3:00:58 AM - Software Distribution Service 3.0
RP228: 7/2/2010 3:01:29 AM - Software Distribution Service 3.0
RP229: 7/2/2010 5:48:10 AM - Software Distribution Service 3.0
RP230: 7/3/2010 3:01:04 AM - Software Distribution Service 3.0
RP231: 7/4/2010 3:00:53 AM - Software Distribution Service 3.0
RP232: 7/4/2010 6:08:31 PM - Software Distribution Service 3.0
RP233: 7/5/2010 6:25:38 PM - System Checkpoint
RP234: 7/6/2010 3:00:51 AM - Software Distribution Service 3.0
RP235: 7/7/2010 3:00:43 AM - Software Distribution Service 3.0
RP236: 5/9/2010 12:48:12 AM - System Checkpoint
RP237: 5/10/2010 1:16:25 AM - System Checkpoint
RP238: 7/6/2010 10:55:11 PM - System Checkpoint
RP239: 7/7/2010 3:50:38 AM - Software Distribution Service 3.0
RP240: 7/8/2010 3:00:41 AM - Software Distribution Service 3.0
RP241: 7/9/2010 3:00:49 AM - Software Distribution Service 3.0
RP242: 7/10/2010 3:00:39 AM - Software Distribution Service 3.0
RP243: 12/11/2010 1:30:39 AM - Software Distribution Service 3.0
RP244: 7/11/2010 8:15:41 AM - System Checkpoint
RP245: 7/14/2010 12:27:50 PM - System Checkpoint
RP246: 7/15/2010 3:01:08 AM - Software Distribution Service 3.0
RP247: 7/16/2010 3:00:51 AM - Software Distribution Service 3.0
RP248: 7/17/2010 3:00:54 AM - Software Distribution Service 3.0

==== Installed Programs ======================

Adobe Acrobat 5.0
Adobe Flash Player 10 ActiveX
ATT-PRT22
ATT-RemoteControl
avast! Free Antivirus
BufferChm
Compaq Connections
CustomerResearchQFolder
D1400
D1400_Help
DeviceDiscovery
DeviceManagementQFolder
dj_sf_ProductContext
dj_sf_software
dj_sf_software_req
ErrorFix
ESET Online Scanner v3
eSupportQFolder
HijackThis 2.0.2
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Customer Participation Program 9.0
HP Deskjet Printer Driver Software 9.0
HP Deskjet printer preloaded drivers
HP Imaging Device Functions 9.0
HP Photosmart Essential 2.01
HP Photosmart Essential2.01
HP Product Assistant
HP Smart Web Printing
HP Solution Center 9.0
HP Update
HPProductAssistant
HpSdpAppCoreApp
HPSSupply
Instant Support
Intel(R) Extreme Graphics Driver
IntelliMover Data Transfer Demo
InterVideo WinDVD Player
Java Auto Updater
Java(TM) 6 Update 19
LiveReg (Symantec Corporation)
LiveUpdate 1.80 (Symantec Corporation)
Malwarebytes' Anti-Malware
MarketResearch
Microsoft .NET Framework (English) v1.0.3705
Microsoft Money 2003
Microsoft Money 2003 System Pack
Microsoft Office Standard Edition 2003
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works 7.0
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NVIDIA Windows 2000/XP Display Drivers
OmniPass
PanoStandAlone
PC-Doctor for Windows
PSSWCORE
Python 2.2 combined Win32 extensions
Quicken 2003 New User Edition
RealOne Player
RecordNow
S3Display
S3Gamma2
S3Info2
S3Overlay
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Simple Installer - Multilanguage Version
Singlesnet
SolutionCenter
Status
Toolbox
TrayApp
UnloadSupport
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Internet Explorer 8 (KB980302)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VideoToolkit01
Viewpoint Media Player
WebFldrs XP
WebReg
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows XP Service Pack 3
WOT for Internet Explorer
Yahoo! Software Update
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

7/17/2010 6:55:27 PM, error: System Error [1003] - Error code 10000050, parameter1 fef3700b, parameter2 00000000, parameter3 efa95f60, parameter4 00000000.
7/11/2010 7:39:21 AM, error: Service Control Manager [7000] - The mrtRate service failed to start due to the following error: The system cannot find the file specified.
12/11/2010 2:30:12 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft .NET Framework 1.0 Service Pack 3, English Version.
12/11/2010 2:16:02 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0xf00b0004: Security Update for Windows XP (KB2229593).

==== End Of File ===========================

Tried to run GMER and cannot. Freezes computer and crashes windows..

broni · 2010/07/17

Yeah, you're really late.
50 dollars late penalty!
...just kidding, but please, this time, let's start and finish cleaning process.

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

[color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.

[color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

Blue Star · 2010/07/18

will do... working until 10pm today... will be at Auntie's at 11pm, if not too worn out and will run it then or at the latest tomorrow am...

broni · 2010/07/18

Ok...

Blue Star · 2010/07/19

combo fix log...........

ComboFix 10-07-19.01 - Owner 07/19/2010 18:57:52.4.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.247.115 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Microsoft
c:\microsoft\Protect\CREDHIST
c:\windows\xpsp1hfm.log

.
((((((((((((((((((((((((( Files Created from 2010-06-19 to 2010-07-19 )))))))))))))))))))))))))))))))
.

2010-07-10 18:06 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-02 00:08 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr
2010-06-30 22:03 . 2007-04-09 17:23 28552 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\mdippr.dll
2010-06-30 22:03 . 2007-04-09 17:23 28040 ----a-w- c:\windows\system32\mdimon.dll
2010-06-30 22:00 . 2010-06-30 22:00 -------- d-----w- c:\program files\Microsoft ActiveSync
2010-06-30 21:53 . 2010-06-30 21:53 -------- d-----r- C:\MSOCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-17 18:43 . 2009-07-05 17:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-28 20:57 . 2010-04-14 00:49 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-28 20:37 . 2010-04-14 00:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-28 20:37 . 2010-04-14 00:52 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-28 20:33 . 2010-04-14 00:52 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-28 20:32 . 2010-04-14 00:52 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-06-28 20:32 . 2010-04-14 00:52 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-06-28 20:32 . 2010-05-08 00:55 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-28 20:32 . 2010-04-14 00:52 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-05-06 10:41 . 2006-06-23 16:33 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-05 01:57 . 2003-07-19 18:55 32392 -c--a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-02 05:22 . 2001-01-06 06:29 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 19:39 . 2009-07-05 17:51 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39 . 2009-07-05 17:51 20952 -c--a-w- c:\windows\system32\drivers\mbam.sys
2002-06-27 15:58 . 2002-06-27 15:58 41389 -c--a-w- c:\program files\lxaxsdrv.cat
2002-05-16 02:28 . 2002-05-16 02:28 5740 -c--a-w- c:\program files\lxaxsdrv.ini
2002-05-15 06:57 . 2002-05-15 06:57 9068 -c--a-w- c:\program files\lxaxspsz.gpd
2002-04-02 02:30 . 2002-04-02 02:30 8494 -c--a-w- c:\program files\lxaxsdrv.inf
2002-03-15 10:36 . 2002-03-15 10:36 4179 -c--a-w- c:\program files\lxaxsdrv.gpd
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIEW "= "nview.dll" [2003-03-03 831557]
"Acme.PCHButton "= "c:\progra~1\INSTAN~1\Presario\XPHNARS3EN\plugin\bin\PCHButton.exe" [2003-04-10 159744]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv "= "c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"HotKeysCmds "= "c:\windows\System32\hkcmd.exe" [2004-08-20 118784]
"Recguard "= "c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"avast5 "= "c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]
"AlcxMonitor "= "ALCXMNTR.EXE" [2004-09-07 57344]
"IgfxTray "= "c:\windows\System32\igfxtray.exe" [2004-08-20 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
2003-02-21 10:50 40960 ----a-w- c:\program files\Softex\OmniPass\OPXPGina.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [4/13/2010 8:52 PM 165456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/7/2010 8:55 PM 17744]
S2 mrtRate;mrtRate; [x]
S3 PCDRDRV;Pcdr Helper Driver; [x]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 08:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder

2008-10-12 c:\windows\Tasks\easy Internet sign-up.job
- c:\program files\Easy Internet signup\HPSdpApp.exe [2003-02-22 07:34]

2010-07-19 c:\windows\Tasks\PCHealth Scheduler for Upload Library.job
- c:\windows\PCHealth\UploadLB\Binaries\UploadM.exe [2001-01-06 00:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uDefault_Search_URL = hxxp://srch-qus8.hpwis.com/
mSearch Bar = hxxp://srch-qus8.hpwis.com/
uInternet Settings,ProxyOverride = localhost
uSearchAssistant =
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: securesite.com
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-19 19:18
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(512)
c:\program files\Softex\OmniPass\opxpgina.dll
.
Completion time: 2010-07-19 19:30:28
ComboFix-quarantined-files.txt 2010-07-19 23:30
ComboFix2.txt 2010-05-05 02:48
ComboFix3.txt 2010-04-06 01:15

Pre-Run: 57,702,195,200 bytes free
Post-Run: 58,085,310,464 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=,1,2,3,4
- - End Of File - - 4F843DFFB0E7CA478AE673F5163A512D

broni · 2010/07/19

Uninstall Combofix:
Go Start > Run [Vista users, go Start> "Start search"]
Type in:
Combofix /Uninstall
Note the space between the "Combofix" and the "/Uninstall "
Click OK (Vista users - press Enter).
Restart computer.

============================================================

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:

netsvcs
drivers32 /all
%SYSTEMDRIVE%\*.*
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
%systemroot%\system32\*.wt
%systemroot%\system32\*.ruy
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\system32\spool\prtprocs\w32x86\*.tmp
%systemroot%\*. /mp /s
/md5start
/md5stop
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
%systemroot%\system32\ws2help.dll /md5
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

Blue Star · 2010/07/22

working on OTL as we speak...been difficult to boot this machine back up...sorry

broni · 2010/07/22

ok.....

Blue Star · 2010/07/22

OTL..

OTL logfile created on: 7/22/2010 8:26:43 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

247.00 Mb Total Physical Memory | 59.00 Mb Available Physical Memory | 24.00% Memory free
606.00 Mb Paging File | 323.00 Mb Available in Paging File | 53.00% Paging File free
Paging file location(s): C:\pagefile.sys 372 744 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.66 Gb Total Space | 54.17 Gb Free Space | 77.76% Space Free | Partition Type: NTFS
Drive D: | 4.88 Gb Total Space | 1.30 Gb Free Space | 26.69% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-SZ6X6SEFXO
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/07/22 20:23:55 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2010/07/22 20:21:21 | 000,389,120 | R--- | M] () -- C:\ComboFix\CF3549.cfxxe
PRC - [2010/06/28 16:57:18 | 002,837,864 | ---- | M] (AVAST Software) -- C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
PRC - [2010/06/28 16:57:15 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2009/04/20 12:56:28 | 000,031,232 | ---- | M] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/05/07 05:07:23 | 000,135,168 | R--- | M] () -- C:\ComboFix\CSCRIPT.cfxxe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2003/02/21 07:07:06 | 000,068,704 | ---- | M] () -- C:\Program Files\Softex\OmniPass\Omniserv.exe
PRC - [2003/02/21 06:50:10 | 000,053,248 | ---- | M] () -- C:\Program Files\Softex\OmniPass\OPXPApp.exe

========== Modules (SafeList) ==========

MOD - [2010/07/22 20:23:55 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (MSDTC)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/06/28 16:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/06/28 16:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/06/28 16:57:15 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2003/02/21 07:07:06 | 000,068,704 | ---- | M] () [Auto | Running] -- C:\Program Files\Softex\OmniPass\Omniserv.exe -- (omniserv)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/06/28 16:37:52 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/06/28 16:37:30 | 000,165,456 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/06/28 16:33:13 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/06/28 16:32:45 | 000,100,176 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/06/28 16:32:33 | 000,017,744 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/06/28 16:32:16 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/01/26 18:13:41 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS -- (MREMP50)
DRV - [2009/01/26 18:13:39 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS -- (MRESP50)
DRV - [2004/10/01 11:24:02 | 002,279,424 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/08/04 01:31:32 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DRIVERS\RTL8139.SYS -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/08/04 01:29:54 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv)
DRV - [2004/08/04 01:29:51 | 000,166,912 | ---- | M] (S3 Graphics, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\s3gnbm.sys -- (S3Psddr)
DRV - [2003/03/08 01:13:22 | 000,624,369 | ---- | M] (LT) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys -- (ltmodem5)
DRV - [2003/02/26 22:19:50 | 000,260,736 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\sisgrp.sys -- (SiS315)
DRV - [2003/02/22 22:55:26 | 000,141,824 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\fasttx2k.sys -- (fasttx2k)
DRV - [2003/02/22 01:17:06 | 000,020,012 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\PCDRSRVC.sys -- (PCDRSRVC)
DRV - [2003/01/10 17:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2002/12/27 14:41:00 | 000,026,880 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\viaagp1.sys -- (viaagp1)
DRV - [2002/12/25 01:09:48 | 000,030,848 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\SISAGPX.sys -- (SISAGP)
DRV - [2002/09/06 21:24:00 | 000,013,568 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\nv_agp.sys -- (nv_agp)
DRV - [2002/07/30 00:43:50 | 000,023,808 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DRIVERS\PS2.sys -- (Ps2)
DRV - [1999/12/02 16:55:32 | 000,066,048 | ---- | M] (Marimba, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\mrtrate.dll -- (mrtRate)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus8.hpwis.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost

[2010/04/27 17:58:26 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/09/21 12:24:16 | 000,001,329 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\crawlersrch.xml

O1 HOSTS File: ([2010/07/19 19:17:58 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll (Microsoft Corporation)
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI File not found
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE ()
O4 - HKCU..\Run: [Acme.PCHButton] C:\PROGRA~1\INSTAN~1\Presario\XPHNARS3EN\plugin\bin\PCHButton.exe (Motive Communications, Inc.)
O4 - HKCU..\Run: [NVIEW] C:\WINDOWS\System32\nview.dll (NVIDIA Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll (Microsoft Corporation)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: securesite.com ([]https in Trusted sites)
O16 - DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA499} https://setup.bellsouth.net/wizlet/PWReset/static/controls/WebflowActiveXInstaller_6-1-2.cab (Reg Error: Value error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1272037067906 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1272037382218 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\OPXPGina: DllName - C:\Program Files\Softex\OmniPass\opxpgina.dll - C:\Program Files\Softex\OmniPass\OPXPGina.dll ()
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/04/10 05:49:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 07:07:38 | 000,000,000 | RHS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\System32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.iyuv - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Error starting restore point: 3
Error closing restore point: System Restore is disabled.

========== Files/Folders - Created Within 90 Days ==========

[2010/07/22 20:23:45 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/07/22 20:22:50 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010/07/17 14:41:15 | 006,153,376 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup-1.46.exe
[2010/07/01 20:08:15 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
[2010/06/30 18:00:49 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft ActiveSync
[2010/06/30 17:53:24 | 000,000,000 | R--D | C] -- C:\MSOCache
[2010/06/30 09:01:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\New Folder
[2010/06/01 22:04:15 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Owner\IECompatCache
[2010/05/20 08:04:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/05/19 22:22:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2010/05/19 22:21:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2010/05/19 22:21:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2010/05/07 20:55:33 | 000,017,744 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/05/04 22:16:18 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/05/04 22:16:18 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/05/04 22:16:18 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/05/04 22:16:18 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/05/04 21:13:08 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Owner\PrivacIE
[2010/05/04 21:10:28 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Owner\IETldCache
[2010/05/04 20:57:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Yahoo
[2010/05/04 17:37:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010/05/04 17:34:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[2010/05/04 17:34:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Yahoo!
[2010/05/04 17:29:24 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/05/04 17:28:23 | 000,000,000 | -H-D | C] -- C:\WINDOWS\msdownld.tmp
[2010/05/04 10:26:01 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2010/04/26 11:10:06 | 000,000,000 | ---D | C] -- C:\Program Files\SiteRanker
[2010/04/26 11:09:33 | 000,000,000 | ---D | C] -- C:\Program Files\Crawler
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/07/22 20:53:03 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\PCHealth Scheduler for Upload Library.job
[2010/07/22 20:23:55 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/07/22 20:03:20 | 000,000,248 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2010/07/22 20:00:51 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/22 20:00:50 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/22 20:00:34 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/22 20:00:30 | 259,047,424 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/19 19:37:28 | 003,407,872 | -H-- | M] () -- C:\Documents and Settings\Owner\NTUSER.DAT
[2010/07/19 19:37:28 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2010/07/19 19:18:21 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/07/19 19:17:58 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/07/19 18:50:49 | 003,738,829 | R--- | M] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2010/07/17 14:43:05 | 000,000,704 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/17 14:41:16 | 006,153,376 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup-1.46.exe
[2010/07/05 14:54:09 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2010/07/04 01:01:48 | 000,368,310 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/07/04 01:01:48 | 000,047,128 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/07/04 01:01:46 | 000,417,900 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/07/02 21:04:51 | 000,050,688 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\HORIZON POOLS.doc
[2010/07/02 21:04:51 | 000,050,688 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\HORIZON POOLS.doc
[2010/07/02 03:12:11 | 000,000,718 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/07/01 20:08:34 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/07/01 19:44:58 | 000,148,400 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/30 18:04:09 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2010/06/28 16:57:33 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
[2010/06/28 16:57:12 | 000,165,032 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/06/28 16:37:52 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/06/28 16:37:30 | 000,165,456 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/06/28 16:33:13 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/06/28 16:32:45 | 000,100,176 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/06/28 16:32:42 | 000,094,544 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/06/28 16:32:33 | 000,017,744 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/06/28 16:32:16 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/06/20 15:10:41 | 000,050,962 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Chase%20Deposit%20slip[1].pdf
[2010/06/18 05:12:59 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/06/18 05:12:59 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2010/06/17 15:34:19 | 000,002,027 | ---- | M] () -- C:\WINDOWS\System32\QuickTime.qtp
[2010/06/09 03:12:58 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/06/06 23:10:35 | 000,001,498 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\SPIDER SOLITAIRE.lnk
[2010/06/02 00:41:35 | 006,427,280 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2010/05/30 19:16:07 | 000,003,382 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Justine.doc
[2010/05/20 08:10:22 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/05/19 22:10:06 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/05/04 21:57:07 | 000,032,392 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/05/04 21:11:03 | 000,000,823 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/05/04 10:59:28 | 000,000,283 | RHS- | M] () -- C:\boot.ini
[2010/05/04 10:45:39 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010/04/30 10:36:21 | 000,005,640 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Olney Letter.doc
[2010/04/30 09:00:35 | 000,005,037 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\The%20National%20Lottery[1].rtf
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/19 18:50:49 | 003,738,829 | R--- | C] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2010/07/17 14:43:05 | 000,000,704 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/05 14:54:03 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2010/07/03 13:21:21 | 000,050,688 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\HORIZON POOLS.doc
[2010/07/02 13:13:04 | 000,050,688 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\HORIZON POOLS.doc
[2010/06/20 15:10:40 | 000,050,962 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Chase%20Deposit%20slip[1].pdf
[2010/06/18 05:12:59 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2010/06/18 05:12:59 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2010/05/05 12:55:53 | 000,010,457 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.hta
[2010/05/05 12:55:53 | 000,001,771 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.css
[2010/05/05 12:55:53 | 000,000,855 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpocm.inf
[2010/05/05 12:55:53 | 000,000,420 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmploc.js
[2010/05/05 12:55:52 | 000,613,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.chm
[2010/05/05 12:55:52 | 000,067,374 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.adm
[2010/05/05 12:55:52 | 000,023,195 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplay.chm
[2010/05/05 12:55:51 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud9.wav
[2010/05/05 12:55:50 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud7.wav
[2010/05/05 12:55:50 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud6.wav
[2010/05/05 12:55:50 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud8.wav
[2010/05/05 12:55:50 | 000,086,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud5.wav
[2010/05/05 12:55:49 | 000,354,468 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud1.wav
[2010/05/05 12:55:49 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud3.wav
[2010/05/05 12:55:49 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud4.wav
[2010/05/05 12:55:49 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud2.wav
[2010/05/05 12:55:49 | 000,029,070 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmp.inf
[2010/05/05 12:55:43 | 000,006,769 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmfsdk.inf
[2010/05/05 12:55:42 | 000,017,272 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmdm.inf
[2010/05/05 12:55:42 | 000,008,677 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm7.gif
[2010/05/05 12:55:42 | 000,007,892 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm9.gif
[2010/05/05 12:55:42 | 000,007,636 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm2.gif
[2010/05/05 12:55:42 | 000,007,369 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm4.gif
[2010/05/05 12:55:42 | 000,006,241 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm3.gif
[2010/05/05 12:55:42 | 000,006,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm6.gif
[2010/05/05 12:55:42 | 000,005,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm1.gif
[2010/05/05 12:55:42 | 000,004,193 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm8.gif
[2010/05/05 12:55:42 | 000,002,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm5.gif
[2010/05/05 12:55:32 | 000,300,969 | ---- | C] () -- C:\WINDOWS\System32\dllcache\viz.wmv
[2010/05/05 12:55:32 | 000,017,489 | ---- | C] () -- C:\WINDOWS\System32\dllcache\videobg.gif
[2010/05/05 12:55:32 | 000,005,290 | ---- | C] () -- C:\WINDOWS\System32\dllcache\vidsamp.gif
[2010/05/05 12:55:22 | 000,023,829 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tourbg.gif
[2010/05/05 12:55:22 | 000,003,187 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tour.js
[2010/05/05 12:55:22 | 000,002,469 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplay.gif
[2010/05/05 12:55:22 | 000,002,450 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpause.gif
[2010/05/05 12:55:22 | 000,002,375 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplayh.gif
[2010/05/05 12:55:22 | 000,002,371 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpauseh.gif
[2010/05/05 12:55:20 | 000,001,398 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taon.gif
[2010/05/05 12:55:20 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taonh.gif
[2010/05/05 12:55:20 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoff.gif
[2010/05/05 12:55:20 | 000,001,367 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoffh.gif
[2010/05/05 12:55:07 | 000,001,148 | ---- | C] () -- C:\WINDOWS\System32\dllcache\snd.htm
[2010/05/05 12:55:05 | 000,000,908 | ---- | C] () -- C:\WINDOWS\System32\dllcache\skins.inf
[2010/05/05 12:54:53 | 000,572,557 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rtuner.wmv
[2010/05/05 12:54:51 | 000,066,725 | ---- | C] () -- C:\WINDOWS\System32\dllcache\revert.wmz
[2010/05/05 12:54:38 | 000,077,307 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plyr_err.chm
[2010/05/05 12:54:38 | 000,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst6.wpl
[2010/05/05 12:54:38 | 000,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst5.wpl
[2010/05/05 12:54:38 | 000,001,474 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst3.wpl
[2010/05/05 12:54:38 | 000,001,451 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst12.wpl
[2010/05/05 12:54:38 | 000,001,448 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst4.wpl
[2010/05/05 12:54:38 | 000,001,250 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst1.wpl
[2010/05/05 12:54:38 | 000,001,049 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst2.wpl
[2010/05/05 12:54:38 | 000,001,046 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst7.wpl
[2010/05/05 12:54:38 | 000,001,036 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst8.wpl
[2010/05/05 12:54:38 | 000,000,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst11.wpl
[2010/05/05 12:54:38 | 000,000,787 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst10.wpl
[2010/05/05 12:54:38 | 000,000,784 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst9.wpl
[2010/05/05 12:54:38 | 000,000,783 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst13.wpl
[2010/05/05 12:54:38 | 000,000,775 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst14.wpl
[2010/05/05 12:54:38 | 000,000,733 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst15.wpl
[2010/05/05 12:54:11 | 000,375,519 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nuskin.wmv
[2010/05/05 12:54:00 | 000,022,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npds.zip
[2010/05/05 12:54:00 | 000,000,403 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npdrmv2.zip
[2010/05/05 12:53:22 | 000,844,314 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdxm.ocx
[2010/05/05 12:53:22 | 000,004,126 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdxmlc.dll
[2010/05/05 12:53:08 | 000,097,117 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.hlp
[2010/05/05 12:53:08 | 000,018,286 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.inf
[2010/05/05 12:53:08 | 000,002,778 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogoh.gif
[2010/05/05 12:53:08 | 000,002,545 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogo.gif
[2010/05/05 12:53:08 | 000,001,885 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.cnt
[2010/05/05 12:52:46 | 000,457,607 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mdlib.wmv
[2010/05/05 12:52:11 | 000,001,261 | ---- | C] () -- C:\WINDOWS\System32\pid.inf
[2010/05/05 12:51:52 | 000,005,971 | ---- | C] () -- C:\WINDOWS\System32\dllcache\events.js
[2010/05/05 12:51:49 | 000,498,742 | ---- | C] () -- C:\WINDOWS\System32\dllcache\dxmasf.dll
[2010/05/05 12:51:30 | 000,381,425 | ---- | C] () -- C:\WINDOWS\System32\dllcache\copycd.wmv
[2010/05/05 12:51:30 | 000,009,585 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.css
[2010/05/05 12:51:30 | 000,008,298 | ---- | C] () -- C:\WINDOWS\System32\dllcache\contents.htm
[2010/05/05 12:51:30 | 000,006,878 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.js
[2010/05/05 12:51:29 | 000,184,959 | ---- | C] () -- C:\WINDOWS\System32\dllcache\compact.wmz
[2010/05/05 12:51:28 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnth.gif
[2010/05/05 12:51:28 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnt.gif
[2010/05/05 12:51:28 | 000,000,772 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cntd.gif
[2010/05/05 12:51:28 | 000,000,760 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapph.gif
[2010/05/05 12:51:28 | 000,000,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapp.gif
[2010/05/05 12:51:19 | 000,000,999 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bktrh.gif
[2010/05/04 22:16:18 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/05/04 22:16:18 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/05/04 22:16:18 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/05/04 22:16:18 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/05/04 22:16:18 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/05/04 16:50:39 | 000,000,823 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/04/30 09:00:34 | 000,005,037 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\The%20National%20Lottery[1].rtf
[2008/10/14 14:15:28 | 000,006,048 | ---- | C] () -- C:\WINDOWS\System32\MCC16.dll
[2007/10/07 15:22:46 | 000,000,031 | -H-- | C] () -- C:\WINDOWS\uccspecc.sys
[2007/09/08 20:58:21 | 000,000,064 | ---- | C] () -- C:\WINDOWS\QBWCD.INI
[2006/09/10 15:06:00 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\BJAXSecurityManager.dll
[2006/09/10 15:05:47 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\BJInstaller.dll
[2006/07/25 17:30:09 | 000,000,031 | ---- | C] () -- C:\WINDOWS\tyvplay.INI
[2006/07/08 13:33:48 | 000,000,042 | ---- | C] () -- C:\WINDOWS\viaplay3.ini
[2006/07/08 13:33:29 | 000,000,530 | ---- | C] () -- C:\WINDOWS\Viaplay.ini
[2006/07/08 13:33:29 | 000,000,425 | ---- | C] () -- C:\WINDOWS\8272TYGS.INI
[2006/07/08 13:33:28 | 000,000,262 | ---- | C] () -- C:\WINDOWS\VMARK.INI
[2006/05/17 11:04:03 | 000,002,468 | ---- | C] () -- C:\WINDOWS\MBROWSER.INI
[2005/05/20 05:04:09 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2004/11/18 11:55:22 | 000,000,179 | ---- | C] () -- C:\WINDOWS\upst.ini
[2004/09/21 23:40:26 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2004/09/21 23:40:26 | 000,000,027 | ---- | C] () -- C:\WINDOWS\upth.ini
[2003/12/20 02:02:16 | 000,000,026 | ---- | C] () -- C:\WINDOWS\UP9ASP.INI
[2003/12/01 10:57:16 | 000,004,094 | ---- | C] () -- C:\WINDOWS\System32\rtcsses.dll
[2003/12/01 10:57:16 | 000,004,094 | ---- | C] () -- C:\WINDOWS\System32\dimces.dll
[2003/11/08 03:54:41 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2003/10/24 10:03:43 | 000,000,046 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2003/10/16 22:03:58 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/10/05 13:11:01 | 000,000,034 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2003/10/05 13:10:40 | 000,000,018 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2003/08/17 12:53:24 | 000,000,050 | ---- | C] () -- C:\WINDOWS\qwimp.ini
[2003/04/10 07:33:14 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2003/04/10 07:33:14 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2003/04/10 07:10:20 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\PCDrJNI_1_1.dll
[2003/04/10 07:08:02 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\syscontr.dll
[2003/04/10 07:08:01 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2003/04/10 07:07:51 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/04/10 07:00:09 | 000,000,052 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2003/04/10 06:59:52 | 000,000,626 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2003/04/10 06:53:45 | 000,000,051 | ---- | C] () -- C:\WINDOWS\System32\mshrml.ini
[2003/04/10 06:36:30 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/04/10 06:16:02 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/04/10 06:06:11 | 000,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll
[2003/04/10 06:06:11 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll
[2003/04/10 06:05:46 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2003/04/10 05:53:32 | 000,000,802 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/04/10 05:37:43 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/04/10 03:08:18 | 000,000,438 | ---- | C] () -- C:\WINDOWS\System32\1_ssetup.ini
[2003/04/10 03:08:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\sunistlog.ini
[2003/03/19 19:50:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/05/24 11:00:00 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lockout.dll
[2002/05/24 11:00:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\lockres.dll
[2000/06/30 00:57:28 | 000,125,472 | ---- | C] () -- C:\WINDOWS\System32\hpf9xdr0.drv

========== LOP Check ==========

[2010/04/13 20:48:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2009/06/16 11:20:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Defender Pro
[2006/05/25 22:16:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2007/07/03 19:21:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Aim
[2006/09/10 17:23:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\BellSouth
[2003/08/17 15:47:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Games
[2007/12/29 09:52:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Hoyle Blackjack
[2008/03/26 23:12:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Hoyle Card Games
[2008/02/03 02:15:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Hoyle FaceCreator
[2009/11/10 14:54:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\interMute
[2003/04/10 06:58:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InterTrust
[2005/01/06 15:52:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InterVideo
[2008/02/21 15:56:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2003/04/10 07:08:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SampleView
[2003/07/05 16:43:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Template
[2007/01/22 19:10:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Viewpoint
[2007/07/02 23:02:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\WeatherBug
[2008/10/12 18:31:19 | 000,000,272 | ---- | M] () -- C:\WINDOWS\Tasks\easy Internet sign-up.job
[2010/07/22 20:53:03 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\PCHealth Scheduler for Upload Library.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2004/10/04 19:12:51 | 000,026,624 | ---- | M] () -- C:\3504 Fontaneda Ave.doc
[2008/01/24 10:51:41 | 000,029,184 | ---- | M] () -- C:\ab resume updated.doc5sept.doc
[2005/05/25 14:22:59 | 000,007,365 | ---- | M] () -- C:\ab resume updated.doc5sept.txt
[2005/08/02 20:24:29 | 000,031,744 | ---- | M] () -- C:\ab resume updated.docAugust.doc
[2003/10/08 15:57:03 | 000,007,325 | ---- | M] () -- C:\ab resume updated.docSept.doc
[2005/05/25 14:02:39 | 000,007,281 | ---- | M] () -- C:\ab resume updated.docSept.txt
[2003/10/08 15:59:45 | 000,001,852 | ---- | M] () -- C:\Acura.doc
[2004/10/13 10:08:28 | 000,026,624 | ---- | M] () -- C:\adele.doc
[2005/12/05 21:29:00 | 000,010,920 | ---- | M] () -- C:\aolconnfix.exe
[2005/12/05 21:29:00 | 000,001,039 | ---- | M] () -- C:\aolconnfix.txt
[2003/04/10 05:49:37 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2006/09/10 15:06:24 | 019,313,330 | ---- | M] () -- C:\BellSouthIW.re~
[2008/08/08 18:05:19 | 000,000,196 | RHS- | M] () -- C:\BOOT.BAK
[2010/05/04 10:59:28 | 000,000,283 | RHS- | M] () -- C:\boot.ini
[2004/09/23 12:06:18 | 000,019,456 | ---- | M] () -- C:\BUYOWNER.doc
[2002/08/29 08:00:00 | 000,245,920 | RHS- | M] () -- C:\cmldr
[2010/07/19 19:30:29 | 000,006,577 | ---- | M] () -- C:\ComboFix
[2003/04/10 05:49:37 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2008/01/02 17:53:58 | 000,020,480 | ---- | M] () -- C:\CREDITOR LETTERS#2.doc
[2007/10/04 12:36:42 | 000,019,968 | ---- | M] () -- C:\CREDITOR LETTERS-4-07.doc
[2007/06/02 09:42:54 | 000,019,456 | ---- | M] () -- C:\cREDITORS' LETTERS.doc
[2007/08/28 13:13:19 | 000,019,456 | ---- | M] () -- C:\Doc1.doc
[2006/01/10 13:53:50 | 000,019,456 | ---- | M] () -- C:\Doc2.doc
[2008/07/16 15:48:08 | 000,000,144 | ---- | M] () -- C:\domains.dat
[2003/06/25 16:29:00 | 000,003,666 | ---- | M] () -- C:\Dynamic Split.log
[2006/01/10 13:52:23 | 000,020,992 | ---- | M] () -- C:\family tree.doc
[2004/08/27 15:00:04 | 000,051,200 | ---- | M] () -- C:\fdoscnew.doc
[2004/08/27 15:01:24 | 000,051,200 | ---- | M] () -- C:\Frank Doscher.doc
[2007/05/30 12:36:56 | 000,019,968 | ---- | M] () -- C:\Fraud JC Penney.doc
[2003/10/16 22:58:14 | 000,020,480 | ---- | M] () -- C:\Frenchman's Reserve.doc
[2003/10/22 10:51:13 | 000,019,968 | ---- | M] () -- C:\Gino ltr.doc
[2010/07/22 20:00:30 | 259,047,424 | -HS- | M] () -- C:\hiberfil.sys
[2006/06/04 07:38:00 | 000,025,088 | ---- | M] () -- C:\INFO OF RELATIVES.doc
[2003/04/10 05:49:37 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2003/10/08 16:33:21 | 000,011,960 | ---- | M] () -- C:\Jay Resume.wpd
[2003/10/16 23:00:10 | 000,012,145 | ---- | M] () -- C:\jay's resume.wpd
[2005/11/20 12:06:00 | 000,020,480 | ---- | M] () -- C:\JCPenney.doc
[2007/05/22 21:02:47 | 000,019,456 | ---- | M] () -- C:\Jim's car.doc
[2007/12/03 16:31:15 | 000,019,968 | ---- | M] () -- C:\Lawyer letter.doc
[2003/10/08 16:07:59 | 000,008,453 | ---- | M] () -- C:\LEASE-Sonny.doc
[2010/05/08 14:37:05 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2004/10/21 13:12:42 | 000,019,456 | ---- | M] () -- C:\medication.doc
[2003/04/10 05:49:37 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/05/04 10:45:39 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010/05/19 22:10:06 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/07/22 20:00:29 | 390,070,272 | -HS- | M] () -- C:\pagefile.sys
[2003/10/16 23:01:23 | 000,090,929 | ---- | M] () -- C:\PERSONAL RESUME JAY NICHOLAS DINIELLI343 E.wpd
[2006/10/25 17:18:59 | 000,019,456 | ---- | M] () -- C:\PETA CARD.doc
[2004/10/21 11:20:03 | 000,019,968 | ---- | M] () -- C:\PHONES.doc
[2005/08/29 12:03:57 | 000,003,152 | ---- | M] () -- C:\Pixie
[2005/09/23 21:35:39 | 000,019,456 | ---- | M] () -- C:\Pixie
[2003/10/12 23:42:53 | 000,001,921 | ---- | M] () -- C:\POEM - AN ANGEL WITH WINGS.doc
[2009/01/29 22:03:28 | 000,000,666 | ---- | M] () -- C:\remind.log
[2007/03/24 12:40:31 | 000,020,480 | ---- | M] () -- C:\sears Premier MC.doc
[2008/07/14 22:55:38 | 000,000,261 | -H-- | M] () -- C:\T4Metrics.log
[2008/11/09 14:59:07 | 000,000,594 | ---- | M] () -- C:\updatedatfix.log
[2008/08/05 14:54:41 | 000,053,459 | ---- | M] () -- C:\VETlog.dmp
[2008/08/05 14:54:41 | 000,489,884 | ---- | M] () -- C:\VETlog.txt
[2005/07/18 02:38:15 | 000,015,360 | ---- | M] () -- C:\WHEELE~1.DOC
[2006/10/05 18:53:22 | 000,000,026 | ---- | M] () -- C:\wizard.txt

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2007/03/28 13:57:34 | 000,274,944 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp5ha.dll
[2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >

< %systemroot%\Fonts\*.dll >

< %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2003/04/09 22:40:23 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2003/04/09 22:40:23 | 000,602,112 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2003/04/09 22:40:23 | 000,385,024 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\user32.dll /md5 >
[2008/04/13 20:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2008/04/13 20:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll

< %systemroot%\system32\ws2help.dll /md5 >
[2008/04/13 20:12:10 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=9789E95E1D88EEB4B922BF3EA7779C28 -- C:\WINDOWS\system32\ws2help.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >
< End of report >

Blue Star · 2010/07/22

extras.............

OTL Extras logfile created on: 7/22/2010 8:26:43 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

247.00 Mb Total Physical Memory | 59.00 Mb Available Physical Memory | 24.00% Memory free
606.00 Mb Paging File | 323.00 Mb Available in Paging File | 53.00% Paging File free
Paging file location(s): C:\pagefile.sys 372 744 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.66 Gb Total Space | 54.17 Gb Free Space | 77.76% Space Free | Partition Type: NTFS
Drive D: | 4.88 Gb Total Space | 1.30 Gb Free Space | 26.69% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-SZ6X6SEFXO
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabledxpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabledxpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01F9D88C-3C86-4E82-840A-101A3221F67A}" = Microsoft Money 2003
"{02548730-180A-487e-A726-A75CB6650AF7}" = D1400
"{02B42D23-10F2-4862-ADA4-3DF1EA0021B2}" = Microsoft Money 2003 System Pack
"{03E66394-42F0-4745-85F7-0A2F8F35C09F}" = HP Deskjet Printer Driver Software 9.0
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{14589F05-C658-4594-9429-D437BA688686}" = IntelliMover Data Transfer Demo
"{15C70064-2463-49dd-9A88-B700F75BB428}" = dj_sf_ProductContext
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F7CCFA3-D926-4882-B2A5-A0217ED25597}" = PC-Doctor for Windows
"{22466889-7642-488d-AA0E-F619704CF7AB}" = DeviceDiscovery
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java(TM) 6 Update 19
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2A267BC6-F77F-4DD4-825F-7AEB1F68B4B1}" = HpSdpAppCoreApp
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{415CDA53-9100-476F-A7B2-476691E117C7}" = HP Smart Web Printing
"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply
"{48BD24F5-13DE-493A-A7CE-28A85113FF0C}" = HP Deskjet printer preloaded drivers
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F535C04-86BE-47D1-98C6-8AB26D28482B}" = Singlesnet
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{730837D4-FF5E-48DB-BA49-33E732DFF0B3}" = PanoStandAlone
"{75C22B40-6D12-4439-80DC-CAB3313EADA5}" = dj_sf_software_req
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{8214CC02-6271-4DC8-B8DD-779933450264}" = RecordNow
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics Driver
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD Player
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{B43357AA-3A6D-4D94-B56E-43C44D09E548}" = Microsoft .NET Framework (English) v1.0.3705
"{B639110D-747F-40DC-9682-95D94EF73790}" = dj_sf_software
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{D1EB1C2B-275A-4B8B-B4C3-02BC2C1BA86D}" = ErrorFix
"{DB0BB9FA-1B60-4036-8E29-3D56D8085256}" = WOT for Internet Explorer
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{EEF397AC-DAEF-4C04-90A9-5B2BD31875DC}" = Simple Installer - Multilanguage Version
"{EFE673F6-688A-42ed-9C6C-9DD8CF5A9B89}" = D1400_Help
"{F4E57F49-84B4-4CF2-B0A1-8CA1752BDF7E}" = OmniPass
"{F61F2821-694C-475F-99AB-6AF2EFDF40FD}" = Quicken 2003 New User Edition
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"ATT-PRT22" = ATT-PRT22
"ATT-RemoteControl" = ATT-RemoteControl
"avast5" = avast! Free Antivirus
"BackWeb-1940576 Uninstaller" = Compaq Connections
"ESET Online Scanner" = ESET Online Scanner v3
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"HPExtendedCapabilities" = HP Customer Participation Program 9.0
"ie8" = Windows Internet Explorer 8
"InstallShield_{F61F2821-694C-475F-99AB-6AF2EFDF40FD}" = Quicken 2003 New User Edition
"Instant Support" = Instant Support
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate" = LiveUpdate 1.80 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework Full v1.0.3705 (1033)" = Microsoft .NET Framework (English) v1.0.3705
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"Python 2.2 combined Win32 extensions" = Python 2.2 combined Win32 extensions
"RealPlayer 6.0" = RealOne Player
"S3Display" = S3Display
"S3Gamma2" = S3Gamma2
"S3Info2" = S3Info2
"S3Overlay" = S3Overlay
"ViewpointMediaPlayer" = Viewpoint Media Player
"Windows XP Service Pack" = Windows XP Service Pack 3
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Software Update" = Yahoo! Software Update

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/17/2010 11:02:25 PM | Computer Name = YOUR-SZ6X6SEFXO | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft .NET Framework (English) -- Error 1706.No valid
source could be found for product Microsoft .NET Framework (English). The Windows
installer cannot continue.

Error - 7/17/2010 11:02:27 PM | Computer Name = YOUR-SZ6X6SEFXO | Source = MsiInstaller | ID = 1024
Description = Product: Microsoft .NET Framework (English) - Update '{14303301-758B-402B-9A0D-2C6A591680DB}'
could not be installed. Error code 1603. Windows Installer can create logs to help
troubleshoot issues with installing software packages. Use the following link for
instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error - 7/19/2010 3:03:38 AM | Computer Name = YOUR-SZ6X6SEFXO | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft .NET Framework (English) -- Error 1706.No valid
source could be found for product Microsoft .NET Framework (English). The Windows
installer cannot continue.

Error - 7/19/2010 3:03:40 AM | Computer Name = YOUR-SZ6X6SEFXO | Source = MsiInstaller | ID = 1024
Description = Product: Microsoft .NET Framework (English) - Update '{14303301-758B-402B-9A0D-2C6A591680DB}'
could not be installed. Error code 1603. Windows Installer can create logs to help
troubleshoot issues with installing software packages. Use the following link for
instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error - 7/19/2010 7:40:09 PM | Computer Name = YOUR-SZ6X6SEFXO | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft .NET Framework (English) -- Error 1706.No valid
source could be found for product Microsoft .NET Framework (English). The Windows
installer cannot continue.

Error - 7/19/2010 7:40:11 PM | Computer Name = YOUR-SZ6X6SEFXO | Source = MsiInstaller | ID = 1024
Description = Product: Microsoft .NET Framework (English) - Update '{14303301-758B-402B-9A0D-2C6A591680DB}'
could not be installed. Error code 1603. Windows Installer can create logs to help
troubleshoot issues with installing software packages. Use the following link for
instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error - 7/22/2010 8:11:02 PM | Computer Name = YOUR-SZ6X6SEFXO | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 7/17/2010 6:52:56 PM | Computer Name = YOUR-SZ6X6SEFXO | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2

Error - 7/17/2010 6:55:27 PM | Computer Name = YOUR-SZ6X6SEFXO | Source = System Error | ID = 1003
Description = Error code 10000050, parameter1 fef3700b, parameter2 00000000, parameter3
efa95f60, parameter4 00000000.

Error - 7/17/2010 7:12:56 PM | Computer Name = YOUR-SZ6X6SEFXO | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2

Error - 7/17/2010 11:02:30 PM | Computer Name = YOUR-SZ6X6SEFXO | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Microsoft .NET Framework 1.0 Service Pack 3, English Version.

Error - 7/18/2010 1:44:37 PM | Computer Name = YOUR-SZ6X6SEFXO | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2

Error - 7/19/2010 3:07:17 AM | Computer Name = YOUR-SZ6X6SEFXO | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Microsoft .NET Framework 1.0 Service Pack 3, English Version.

Error - 7/19/2010 6:39:48 PM | Computer Name = YOUR-SZ6X6SEFXO | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2

Error - 7/19/2010 6:57:24 PM | Computer Name = YOUR-SZ6X6SEFXO | Source = Service Control Manager | ID = 7034
Description = The Softex OmniPass Service service terminated unexpectedly. It has
done this 1 time(s).

Error - 7/19/2010 7:40:14 PM | Computer Name = YOUR-SZ6X6SEFXO | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Microsoft .NET Framework 1.0 Service Pack 3, English Version.

Error - 7/22/2010 8:01:28 PM | Computer Name = YOUR-SZ6X6SEFXO | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2

< End of report >

broni · 2010/07/22

Firstly, your aunt's computer was infected. That should be pretty much clean by now.
Another issue is this:

247.00 Mb Total Physical Memory
Click to expand...

XP needs at least 512MB of RAM to run smoothly (1GB ideally).

Now...

Update your Java version here: http://www.java.com/en/download/installed.jsp
During installation, make sure to UN-check any pre-checked extra "garbage" installation, like Yahoo toolbar, or others (if offered).
Uninstall all previous Java versions, through Add\Remove (Programs & Features in Vista/7).

===============================================================

Run OTL
Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following
Code:
:OTL
PRC - [2010/07/22 20:21:21 | 000,389,120 | R--- | M] () -- C:\ComboFix\CF3549.cfxxe
PRC - [2008/05/07 05:07:23 | 000,135,168 | R--- | M] () -- C:\ComboFix\CSCRIPT.cfxxe
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys -- (catchme)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O16 - DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA499} https://setup.bellsouth.net/wizlet/P...ller_6-1-2.cab (Reg Error: Value error.)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
[2010/07/19 18:50:49 | 003,738,829 | R--- | C] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2007/01/22 19:10:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Viewpoint
[2006/05/25 22:16:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint


:Services

:Reg

:Files
C:\ComboFix

:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
[Reboot]
Then click the [color= "#FF0000"]Run Fix[/color] button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.

Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Blue Star · 2010/07/22

All processes killed
========== OTL ==========
No active process named CF3549.cfxxe was found!
No active process named CSCRIPT.cfxxe was found!
Service catchme stopped successfully!
Service catchme deleted successfully!
File C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}\ not found.
Starting removal of ActiveX control {321FB770-1FBE-4BFE-BDC1-6F622D4FA499}
C:\WINDOWS\Downloaded Program Files\MotiveClient.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{321FB770-1FBE-4BFE-BDC1-6F622D4FA499}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{321FB770-1FBE-4BFE-BDC1-6F622D4FA499}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{321FB770-1FBE-4BFE-BDC1-6F622D4FA499}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{321FB770-1FBE-4BFE-BDC1-6F622D4FA499}\ not found.
File Animation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab not found.
Starting removal of ActiveX control DirectAnimation Java Classes
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\DirectAnimation Java Classes\ not found.
File oft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab not found.
Starting removal of ActiveX control Microsoft XML Parser for Java
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
File C:\Documents and Settings\Owner\Desktop\ComboFix.exe not found.
C:\Documents and Settings\Owner\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03 folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02 folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01 folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00 folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Viewpoint\Viewpoint Experience Technology\Resources folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Viewpoint\Viewpoint Experience Technology folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Viewpoint folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_03 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_02 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_01 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_00 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint folder moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\ComboFix folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 0 bytes

User: Owner
->Temp folder emptied: 9269983 bytes
->Temporary Internet Files folder emptied: 6352385 bytes
->Java cache emptied: 210594 bytes
->Flash cache emptied: 17576 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 39097 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 17005 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 166440 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 15.00 mb

[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService
->Flash cache emptied: 0 bytes

User: Owner
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.9.1 log created on 07222010_224334

Files\Folders moved on Reboot...
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\IHB1A0I3\113ce987-2b1b-469e-b639-39b1d3dac068_3rd_party_BBS[1].htm moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\DRUSU457\ads[3].htm moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\1DENEK7R\94105-active-re-aunties-extremely-slooooow-machine[1].html moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\1DENEK7R\p-01-0VIaSjnOLg[1].gif moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
File move failed. C:\WINDOWS\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Blue Star · 2010/07/22

the java install gave me a way old restore point. Wiped out OTL When I dlit and try to run it, I get an error that OTL won't run from a temp folder. I dl to desktop....

file path c:/docs and settings/temp/desktop...what is this?

broni · 2010/07/22

the java install gave me a way old restore point
Click to expand...

Say again...

Blue Star · 2010/07/22

when the machine rebooted after java install, windows started in an old restore point...before IE8 install.

Blue Star · 2010/07/22

the java install caused everything to be wiped clean and restored me to prior to IE8 install. Wiped out my wallpaper, OTL, Malwarebytes, etc.

Blue Star · 2010/07/22

it restored old stuff I got rid of months ago

Blue Star · 2010/07/22

I must log off and continue tomorrow.....sorry...

broni · 2010/07/22

when the machine rebooted after java install, windows started in an old restore point
Click to expand...

I've never heard of such thing.
How do you know, some restore point has been used?

Log in or Sign up

Solved re: Auntie's Extremely Slooooow Machine

Blue Star Well-Known Member Thread Starter

Blue Star Well-Known Member Thread Starter

broni Moderator Malware Analyst

Blue Star Well-Known Member Thread Starter

broni Moderator Malware Analyst

Blue Star Well-Known Member Thread Starter

broni Moderator Malware Analyst

Blue Star Well-Known Member Thread Starter

broni Moderator Malware Analyst

Blue Star Well-Known Member Thread Starter

Blue Star Well-Known Member Thread Starter

broni Moderator Malware Analyst

Blue Star Well-Known Member Thread Starter

Blue Star Well-Known Member Thread Starter

broni Moderator Malware Analyst

Blue Star Well-Known Member Thread Starter

Blue Star Well-Known Member Thread Starter

Blue Star Well-Known Member Thread Starter

Blue Star Well-Known Member Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Solved re: Auntie's Extremely Slooooow Machine

Blue Star Well-Known Member Thread Starter

Blue Star Well-Known Member Thread Starter

broni Moderator Malware Analyst

Blue Star Well-Known Member Thread Starter

broni Moderator Malware Analyst

Blue Star Well-Known Member Thread Starter

broni Moderator Malware Analyst

Blue Star Well-Known Member Thread Starter

broni Moderator Malware Analyst

Blue Star Well-Known Member Thread Starter

Blue Star Well-Known Member Thread Starter

broni Moderator Malware Analyst

Blue Star Well-Known Member Thread Starter

Blue Star Well-Known Member Thread Starter

broni Moderator Malware Analyst

Blue Star Well-Known Member Thread Starter

Blue Star Well-Known Member Thread Starter

Blue Star Well-Known Member Thread Starter

Blue Star Well-Known Member Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches