browser problems

odb · May 14, 2011

hi all

lately i have been having some problems with my pc. it is a few years old and its a HP. not sure about the model and etc at the moment.

any ways the few problems that i am getting are:

1. wuacult.exe. when i turn on my pc this exe uses a lot of memory so takes ages to load up. but i always end the process but keeps coming back.

2. there is another process which has start to use a lot of memory which i cannot remember the name of at the moment. it is connected to norton i believe and its a ccxp something and uses 100 cpu memory and when i ended i cannot connect to the internet any longer

3. certain sites do not load. lately yahoo and certain retails shops are not loading. with yahoo i cannot view any of my mail but loads everything around the mail. also youtube does not function and hard to search for specific videos

can you please let me know what i can do to resolve these issues.

Plastic Nev · May 14, 2011

Hi and welcome to Free Pc Help.

It looks like you may have some malware on your computer. I have asked the experts to have a look so please be patient till someone sees you.

Nev.

odb · May 14, 2011

thanx. for your info i have run malewarebytes. picked a few things but the problem is still there obviously.

etavares · May 14, 2011

Hi odb,

Welcome to Extreme Tech Support - Free PC Help. My name is etavares and I'll be helping you resolve this problem.

Please take note:

If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
- If you are unsure about any of these characteristics just post what you can and we will guide you.

[*]Please tell us if you have your original Windows CD/DVD available.

[*]If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.

[*]Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting. If you will be unable to respond (e.g. vacation, travel, etc.), please let me know ahead of time.

[*]Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.

[*]Use the 'Reply to Thread' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:

We need to create an OTL report,

Please download OTL from this link.
Save it to your desktop.
Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/OTL/otlDesktopIcon.png icon on your desktop.
Click the "Scan All Users" checkbox.
Under the Custom Scan box paste this in:

netsvcs
msconfig
drivers32 /all
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\*.sys /90
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%SYSTEMDRIVE%\*.*
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
%systemroot%\*. /mp /s
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
CREATERESTOREPOINT
Click the Quick Scan button.
The scan should take a few minutes.
Please copy and paste both logs in your reply.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a log from the aswMBR.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then, Please download aswMBR ( 511KB ) to your desktop.

Double click the aswMBR.exe icon to run it
Click the Scan button to start the scan
On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

In your reply, please post both OTL logs and the aswMBR log. Thanks.

odb · May 14, 2011

hi etavares

thank you for your help. please find the information requested:

1: xp 2002 service pack 3

2: i do not have original cd's

i am runing the otl scan now and will copy the log shortly

odb · May 14, 2011

the otl log:

OTL logfile created on: 14/05/2011 15:19:14 - Run 1

OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Owner\My Documents\Downloads

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

511.00 Mb Total Physical Memory | 54.00 Mb Available Physical Memory | 11.00% Memory free

1.00 Gb Paging File | 1.00 Gb Available in Paging File | 54.00% Paging File free

Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 71.60 Gb Total Space | 34.68 Gb Free Space | 48.43% Space Free | Partition Type: NTFS

Drive D: | 4.71 Gb Total Space | 1.16 Gb Free Space | 24.72% Space Free | Partition Type: FAT32

Drive K: | 7.45 Gb Total Space | 0.05 Gb Free Space | 0.67% Space Free | Partition Type: FAT32

Computer Name: YOUR-Q7FWQX3NCP | User Name: Owner | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/14 15:15:48 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\Downloads\OTL.exe

PRC - [2011/05/06 20:21:41 | 001,010,232 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

PRC - [2011/04/29 19:20:51 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe

PRC - [2004/11/02 16:59:50 | 000,316,544 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

PRC - [2002/11/15 10:41:26 | 000,116,336 | ---- | M] (Symantec Corporation) -- c:\Program Files\Norton AntiVirus\Navapsvc.exe

PRC - [2002/11/15 10:29:06 | 000,054,976 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe

PRC - [2002/11/14 19:31:24 | 000,140,992 | ---- | M] (Symantec Corporation) -- c:\Program Files\Norton Personal Firewall\NISUM.EXE

PRC - [2002/11/14 19:30:06 | 000,034,496 | ---- | M] (Symantec Corporation) -- c:\Program Files\Norton Personal Firewall\ccPxySvc.exe

PRC - [2002/11/14 07:44:02 | 000,317,128 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

========== Modules (SafeList) ==========

MOD - [2011/05/14 15:15:48 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\Downloads\OTL.exe

MOD - [2010/08/23 17:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)

SRV - [2011/05/02 21:06:22 | 003,274,328 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_3f211bc.dll -- (Akamai)

SRV - [2010/06/14 15:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)

SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)

SRV - [2004/11/02 16:59:50 | 000,316,544 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe -- (SymWSC)

SRV - [2002/11/15 10:41:26 | 000,116,336 | ---- | M] (Symantec Corporation) [On_Demand | Running] -- c:\Program Files\Norton AntiVirus\Navapsvc.exe -- (navapsvc)

SRV - [2002/11/15 10:30:02 | 000,100,032 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)

SRV - [2002/11/14 19:31:24 | 000,140,992 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Norton Personal Firewall\NISUM.EXE -- (NISUM)

SRV - [2002/11/14 19:30:06 | 000,034,496 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Norton Personal Firewall\ccPxySvc.exe -- (ccPxySvc)

SRV - [2002/11/14 07:44:02 | 000,317,128 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)

========== Driver Services (SafeList) ==========

DRV - [2010/07/21 09:00:00 | 001,362,608 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100721.002\NAVEX15.SYS -- (NAVEX15)

DRV - [2010/07/21 09:00:00 | 000,085,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100721.002\NAVENG.SYS -- (NAVENG)

DRV - [2010/02/26 14:32:58 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)

DRV - [2010/02/26 14:32:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)

DRV - [2010/02/26 14:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)

DRV - [2010/02/26 14:32:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)

DRV - [2010/02/26 14:21:22 | 000,137,344 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys -- (nmwcdnsu)

DRV - [2010/02/26 14:21:22 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)

DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)

DRV - [2004/10/01 10:24:02 | 002,279,424 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)

DRV - [2004/08/04 06:29:51 | 000,166,912 | ---- | M] (S3 Graphics, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3gnbm.sys -- (S3Psddr)

DRV - [2003/12/08 12:53:48 | 000,053,600 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcan5wn.sys -- (alcan5wn) SpeedTouch USB ADSL PPP Networking Driver (NDISWAN)

DRV - [2003/12/08 12:53:46 | 000,070,688 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcaudsl.sys -- (alcaudsl)

DRV - [2003/09/18 13:47:56 | 000,035,552 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\SAVRTPEL.SYS -- (SAVRTPEL)

DRV - [2003/09/18 13:47:48 | 000,235,744 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SAVRT.SYS -- (SAVRT)

DRV - [2003/03/01 14:38:56 | 000,576,512 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)

DRV - [2003/02/27 03:19:50 | 000,260,736 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)

DRV - [2002/12/27 19:41:00 | 000,026,880 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\viaagp1.sys -- (viaagp1)

DRV - [2002/12/25 06:09:48 | 000,030,848 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\SISAGPX.sys -- (SISAGP)

DRV - [2002/11/14 07:46:50 | 000,073,480 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)

DRV - [2002/11/07 13:07:14 | 000,233,632 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\symtdi.sys -- (SYMTDI)

DRV - [2002/11/07 13:07:10 | 000,015,680 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\symredrv.sys -- (SYMREDRV)

DRV - [2002/11/07 13:06:58 | 000,094,784 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SymIDSCo.sys -- (SYMIDSCO)

DRV - [2002/11/07 13:06:54 | 000,039,648 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\symids.sys -- (SYMIDS)

DRV - [2002/11/07 13:06:48 | 000,050,048 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\symndis.sys -- (SYMNDIS)

DRV - [2002/11/07 13:06:42 | 000,138,624 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\symfw.sys -- (SYMFW)

DRV - [2002/11/07 13:06:38 | 000,011,072 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\symdns.sys -- (SYMDNS)

DRV - [2002/10/01 09:22:32 | 000,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)

DRV - [2002/09/07 02:24:00 | 000,013,568 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\nv_agp.sys -- (nv_agp)

DRV - [2002/07/11 14:39:34 | 000,032,256 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)

DRV - [2001/08/18 03:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC)

DRV - [2001/06/04 22:00:00 | 000,014,112 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3771520934-3417903565-3085154701-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://gb8.hpwis.com/

IE - HKU\S-1-5-21-3771520934-3417903565-3085154701-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-gb8.hpwis.com/

IE - HKU\S-1-5-21-3771520934-3417903565-3085154701-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://srch-gb8.hpwis.com/

IE - HKU\S-1-5-21-3771520934-3417903565-3085154701-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.co.uk/broadband

IE - HKU\S-1-5-21-3771520934-3417903565-3085154701-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3771520934-3417903565-3085154701-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - HKLM\software\mozilla\Firefox\extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010/07/29 23:39:00 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/29 19:21:00 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/03 19:37:25 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010/07/29 23:39:06 | 000,000,000 | ---D | M]

[2011/03/27 11:45:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions

[2011/03/27 11:44:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

File not found (No name found) --

[2010/07/11 23:17:10 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

[2010/08/08 21:05:55 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION

[2011/04/29 19:20:44 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll

[2010/01/01 09:00:00 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml

[2010/01/01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

[2010/01/01 09:00:00 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml

[2010/01/01 09:00:00 | 000,001,180 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml

[2010/01/01 09:00:00 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/05/09 00:38:42 | 000,000,736 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()

O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - c:\Program Files\Microsoft Money\System\mnyside.dll (Microsoft Corporation)

O2 - BHO: (ShoppingReport2) - {258C9770-1713-4021-8D7E-1F184A2BD754} - C:\Program Files\ShoppingReport2\Bin\2.7.34\ShoppingReport.dll (SmartShopper Networks)

O2 - BHO: (CNavExtBho Class) - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NAVShExt.dll (Symantec Corporation)

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No CLSID value found.

O3 - HKLM\..\Toolbar: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NAVShExt.dll (Symantec Corporation)

O3 - HKU\S-1-5-21-3771520934-3417903565-3085154701-1003\..\Toolbar\WebBrowser: (no name) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - No CLSID value found.

O3 - HKU\S-1-5-21-3771520934-3417903565-3085154701-1003\..\Toolbar\WebBrowser: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NAVShExt.dll (Symantec Corporation)

O4 - HKLM..\Run: [ccApp] c:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)

O4 - HKLM..\Run: [ccRegVfy] c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe (Symantec Corporation)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-3771520934-3417903565-3085154701-1003\Software\Policies\Microsoft\Internet Explorer\control panel present

O7 - HKU\S-1-5-21-3771520934-3417903565-3085154701-1003\Software\Policies\Microsoft\Internet Explorer\restrictions present

O7 - HKU\S-1-5-21-3771520934-3417903565-3085154701-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)

O9 - Extra Button: ShopperReports - Compare product prices - {DB38E21A-0133-419d-92AD-ECDFD5244D6D} - C:\Program Files\ShoppingReport2\Bin\2.7.34\ShoppingReport.dll (SmartShopper Networks)

O9 - Extra Button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyside.dll (Microsoft Corporation)

O9 - Extra Button: ShopperReports - Compare travel rates - {EB620C54-E229-4942-87CE-E717109FC8C6} - C:\Program Files\ShoppingReport2\Bin\2.7.34\ShoppingReport.dll (SmartShopper Networks)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)

O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab (PCPitstop Utility)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1275863542500 (WUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)

O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)

O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2003/01/02 09:43:53 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2001/07/27 21:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]

O33 - MountPoints2\{4a13de91-faf2-11df-98b5-000c7635165e}\Shell\AutoRun\command - "" = K:\PC/PPTVIEW.EXE /L "PC/playlist.txt"

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKU\S-1-5-21-3771520934-3417903565-3085154701-1003\...exe [@ = exefile] -- Reg Error: Key error. File not found

NetSvcs: 6to4 - File not found

NetSvcs: AppMgmt - File not found

NetSvcs: Ias - File not found

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PHOTOfunSTUDIO 5.0.lnk - C:\Program Files\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe - (Panasonic Corporation)

MsConfig - StartUpReg: AlcxMonitor - hkey= - key= - C:\WINDOWS\ALCXMNTR.EXE (Realtek Semiconductor Corp.)

MsConfig - StartUpReg: ATIModeChange - hkey= - key= - File not found

MsConfig - StartUpReg: ATIPTA - hkey= - key= - C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)

MsConfig - StartUpReg: ctfmon.exe - hkey= - key= - File not found

MsConfig - StartUpReg: HotKeysCmds - hkey= - key= - File not found

MsConfig - StartUpReg: hpsysdrv - hkey= - key= - c:\WINDOWS\system\hpsysdrv.exe (Hewlett-Packard Company)

MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)

MsConfig - StartUpReg: KBD - hkey= - key= - C:\hp\KBD\kbd.exe (Hewlett-Packard Company)

MsConfig - StartUpReg: Microsoft Works Update Detection - hkey= - key= - C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe (Microsoft® Corporation)

MsConfig - StartUpReg: NvCplDaemon - hkey= - key= - File not found

MsConfig - StartUpReg: NVIEW - hkey= - key= - File not found

MsConfig - StartUpReg: nwiz - hkey= - key= - File not found

MsConfig - StartUpReg: PS2 - hkey= - key= - File not found

MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)

MsConfig - StartUpReg: Recguard - hkey= - key= - C:\WINDOWS\SMINST\Recguard.exe ()

MsConfig - StartUpReg: StorageGuard - hkey= - key= - C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)

Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)

Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)

Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)

Drivers32: msacm.iac2 - C:\WINDOWS\System32\iac25_32.ax (Intel Corporation)

Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)

Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)

Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)

Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)

Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)

Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)

Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)

Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)

Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)

Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

Drivers32: vidc.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)

Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)

Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

Drivers32: vidc.iyuv - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)

Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)

Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)

Drivers32: VIDC.MJPG - C:\WINDOWS\System32\Pvmjpg20.dll (Pegasus Imaging Corporation)

Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)

Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)

Drivers32: vidc.uyvy - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)

Drivers32: vidc.yuy2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)

Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

Drivers32: vidc.yvu9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)

Drivers32: vidc.yvyu - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)

Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)

Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT

Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2011/05/12 23:52:17 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent

[2011/05/12 23:44:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\Free Registry Cleaner

[2011/05/12 23:44:55 | 000,000,000 | ---D | C] -- C:\Program Files\Eusing Free Registry Cleaner

[2011/05/12 23:44:16 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2011/05/12 23:29:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\PackageAware

[2011/05/09 00:38:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\GetRightToGo

[2011/05/04 21:41:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan

[2011/05/03 19:34:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\ShoppingReport2

[2011/05/03 19:34:24 | 000,000,000 | ---D | C] -- C:\Program Files\ShoppingReport2

[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/14 15:11:01 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3771520934-3417903565-3085154701-1003UA.job

[2011/05/14 14:33:01 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2011/05/14 14:31:37 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job

[2011/05/14 14:28:17 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2011/05/14 14:28:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011/05/14 14:28:08 | 536,399,872 | -HS- | M] () -- C:\hiberfil.sys

[2011/05/14 01:32:33 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2011/05/12 23:44:58 | 000,000,751 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Eusing Free Registry Cleaner.lnk

[2011/05/10 00:11:05 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3771520934-3417903565-3085154701-1003Core.job

[2011/05/09 20:42:11 | 000,026,415 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\hejazi.jpg

[2011/05/09 19:17:23 | 000,002,295 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Google Chrome.lnk

[2011/05/09 19:17:23 | 000,002,273 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2011/05/09 00:38:42 | 000,000,736 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2011/04/29 22:58:08 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2011/04/29 20:01:03 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer.job

[2011/04/24 02:01:12 | 000,333,332 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Project1.png

[2011/04/16 14:35:08 | 000,259,048 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2011/04/16 02:41:04 | 000,434,138 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2011/04/16 02:41:04 | 000,068,042 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/12 23:44:58 | 000,000,751 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Eusing Free Registry Cleaner.lnk

[2011/05/09 20:42:19 | 000,026,415 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\hejazi.jpg

[2011/04/24 02:01:11 | 000,333,332 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Project1.png

[2011/01/30 18:50:52 | 000,005,606 | ---- | C] () -- C:\WINDOWS\System32\stci.dll

[2010/11/01 22:42:46 | 000,047,836 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat

[2010/09/04 03:04:15 | 000,010,240 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/08/06 22:56:24 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat

[2010/08/06 22:56:24 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat

[2010/08/06 22:56:24 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat

[2010/08/06 22:56:24 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat

[2010/08/06 22:56:24 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat

[2010/08/06 22:56:24 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat

[2010/08/06 22:56:24 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat

[2010/08/06 22:56:24 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat

[2010/08/06 22:56:24 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat

[2010/08/06 22:56:24 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat

[2010/08/06 22:56:24 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat

[2010/08/06 22:56:24 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat

[2010/08/06 22:56:24 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat

[2010/08/06 22:56:24 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat

[2010/08/06 22:56:24 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat

[2010/08/06 22:56:24 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat

[2010/08/06 22:56:24 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat

[2010/08/06 22:56:24 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat

[2010/08/06 22:56:24 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini

[2010/06/12 21:14:35 | 000,057,344 | ---- | C] () -- C:\WINDOWS\WNMHINDR.EXE

[2010/06/12 21:14:35 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\NMH040A.DLL

[2010/06/12 14:02:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2010/06/07 00:19:49 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2010/06/06 23:38:11 | 000,000,032 | -HS- | C] () -- C:\WINDOWS\{D3BB659E-119D-49C0-AF14-6126292918E1}.dat

[2010/06/06 23:38:11 | 000,000,032 | -HS- | C] () -- C:\WINDOWS\System32\{C7C32029-BF24-4C40-BAC0-E79142AD897F}.dat

[2010/06/06 23:21:31 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll

[2003/03/20 00:50:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini

[2003/01/02 16:32:39 | 000,000,531 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

[2003/01/02 16:32:13 | 000,434,138 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2003/01/02 16:32:13 | 000,068,042 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2003/01/02 16:31:53 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

[2003/01/02 12:53:20 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2003/01/02 12:53:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\iAlmcoin.dll

[2003/01/02 12:41:28 | 000,000,032 | -HS- | C] () -- C:\WINDOWS\System32\{FB87616A-9CEE-411F-8EC4-E9C6E419DF82}.dat

[2003/01/02 12:41:28 | 000,000,032 | -HS- | C] () -- C:\WINDOWS\{E71BF92A-8764-401B-8F93-576AD165DB73}.dat

[2003/01/02 12:41:22 | 000,000,014 | ---- | C] () -- C:\WINDOWS\System32\SR2.dat

[2003/01/02 10:38:33 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\syscontr.dll

[2003/01/02 10:38:32 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll

[2003/01/02 10:22:59 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

[2003/01/02 10:16:05 | 000,184,405 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.exe

[2003/01/02 10:12:50 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\sis740.bin

[2003/01/02 10:12:50 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\sis650.bin

[2003/01/02 10:02:38 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

[2003/01/02 09:53:19 | 000,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll

[2003/01/02 09:53:19 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll

[2003/01/02 09:53:03 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll

[2003/01/02 09:47:22 | 000,000,802 | ---- | C] () -- C:\WINDOWS\orun32.ini

[2003/01/02 09:45:40 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2003/01/02 09:41:16 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2003/01/02 09:36:23 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2003/01/02 09:35:36 | 000,259,048 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2003/01/02 02:43:25 | 000,000,438 | ---- | C] () -- C:\WINDOWS\System32\1_ssetup.ini

[2003/01/02 02:43:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\sunistlog.ini

[2003/01/01 10:26:14 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2003/01/01 09:42:08 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2003/01/01 09:42:07 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2003/01/01 09:41:36 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2003/01/01 09:13:09 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2003/01/01 09:13:09 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2003/01/01 09:13:05 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2003/01/01 09:12:59 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2003/01/01 09:12:52 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[2002/05/24 16:00:00 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lockout.dll

[2002/05/24 16:00:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\lockres.dll

========== LOP Check ==========

[2010/06/28 20:25:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations

[2010/07/29 23:29:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaInstallerCache

[2010/08/06 23:09:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panasonic

[2010/06/28 20:32:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite

[2011/02/19 14:36:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop

[2011/05/04 23:11:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan

[2011/01/21 00:11:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!

[2010/10/09 00:10:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2003/01/02 10:35:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\InterTrust

[2003/01/02 10:38:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\SampleView

[2010/10/09 00:14:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DC++

[2011/05/09 00:38:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GetRightToGo

[2003/01/02 10:35:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InterTrust

[2010/12/05 20:34:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InterVideo

[2010/07/29 23:56:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Nokia

[2010/07/30 00:08:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PC Suite

[2003/01/02 10:38:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SampleView

[2011/03/26 18:36:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Serif

[2011/05/03 19:34:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ShoppingReport2

[2010/08/07 22:05:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Uniblue

[2011/05/14 14:31:37 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========

========== Custom Scans ==========

< %systemroot%\system32\*.dll /lockedfiles >

[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.sys /90 >

[2011/03/03 14:21:11 | 001,857,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\win32k.sys

[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >

[2003/01/02 09:35:03 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav

[2003/01/02 09:35:03 | 000,602,112 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav

[2003/01/02 09:35:03 | 000,393,216 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %SYSTEMDRIVE%\*.* >

[2003/01/02 09:43:53 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT

[2010/06/06 23:17:32 | 000,000,196 | RHS- | M] () -- C:\BOOT.BAK

[2010/06/07 01:41:25 | 000,000,283 | RHS- | M] () -- C:\boot.ini

[2003/01/20 18:01:00 | 000,245,920 | RHS- | M] () -- C:\cmldr

[2003/01/02 09:43:53 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS

[2011/05/14 14:28:08 | 536,399,872 | -HS- | M] () -- C:\hiberfil.sys

[2003/01/02 09:43:53 | 000,000,000 | RHS- | M] () -- C:\IO.SYS

[2003/01/02 09:43:53 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS

[2010/06/07 01:31:15 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM

[2010/06/07 22:45:38 | 000,250,048 | RHS- | M] () -- C:\ntldr

[2011/05/14 14:28:05 | 805,306,368 | -HS- | M] () -- C:\pagefile.sys

[2010/06/06 23:24:30 | 000,000,556 | ---- | M] () -- C:\remind.log

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >

[2008/07/06 13:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll

< %systemroot%\*. /mp /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU >

========== Alternate Data Streams ==========

@Alternate Data Stream - 364 bytes -> C:\Documents and Settings\Owner\Desktop\Vietnam 009.Spp:�SummaryInformation

< End of report >

odb · May 14, 2011

i don't think i have any CD emulation programmes. is this like a virtual drive or something?

etavares · May 14, 2011

Yes. Common emulators include Alcohol and Daemon Tools. If you're not sure what that is, you probably don't have one installed.

etavares · May 14, 2011

PS> Did OTL save extras.txt? If so, please also attach that.

odb · May 14, 2011

i did disable drives anyway and ran the aswMBR. saved the log but its dat file so i cant open it !!!!

odb · May 14, 2011

PS> Did OTL save extras.txt? If so, please also attach that.

shall i run again?i closed it

odb · May 14, 2011

aswMBR log:

15:45:51.968 OS Version: Windows 5.1.2600 Service Pack 3

15:45:51.968 Number of processors: 1 586 0x207

15:45:51.968 ComputerName: YOUR-Q7FWQX3NCP UserName: Owner

15:45:52.703 Initialize success

15:46:07.218 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3

15:46:07.218 Disk 0 Vendor: Maxtor_6Y080L0 YAR41BW0 Size: 78167MB BusType: 3

15:46:09.234 Disk 0 MBR read successfully

15:46:09.234 Disk 0 MBR scan

15:46:09.234 Disk 0 unknown MBR code

15:46:11.250 Disk 0 scanning sectors +160060320

15:46:11.265 Disk 0 scanning C:\WINDOWS\system32\drivers

15:46:19.578 Service scanning

15:46:20.968 Disk 0 trace - called modules:

15:46:20.968 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS

15:46:20.968 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82f67ab8]

15:46:20.968 3 CLASSPNP.SYS[f8735fd7] -> nt!IofCallDriver -> \Device\0000005f[0x82fd0f18]

15:46:20.968 5 ACPI.sys[f86ac620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x82f84940]

15:46:20.968 Scan finished successfully

15:46:38.562 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"

15:46:38.562 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt"

etavares · May 14, 2011

Please run OTL again. Before scanning, set Extra Registry to Use SafeList then run a Quick Scan by pushing that button. Please just attach Extras.txt, I don't need OTL.txt again.

Thanks!

Edited May 14, 2011 by etavares

odb · May 14, 2011

OTL logfile created on: 14/05/2011 16:00:28 - Run 2

OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Owner\My Documents\Downloads

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

511.00 Mb Total Physical Memory | 73.00 Mb Available Physical Memory | 14.00% Memory free

1.00 Gb Paging File | 1.00 Gb Available in Paging File | 51.00% Paging File free

Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 71.60 Gb Total Space | 34.65 Gb Free Space | 48.39% Space Free | Partition Type: NTFS

Drive D: | 4.71 Gb Total Space | 1.16 Gb Free Space | 24.72% Space Free | Partition Type: FAT32

Drive K: | 7.45 Gb Total Space | 0.05 Gb Free Space | 0.67% Space Free | Partition Type: FAT32

Computer Name: YOUR-Q7FWQX3NCP | User Name: Owner | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan