Problems running programs and internet

**KazuoKiriyama77** · 01-09-2010

Hello again Broni.

Computer has problems with Chrome and running anything smoothly including City of Heroes, Firefox, and AVG. I made my attempt to fix the problem. Looks like I need a pro. I get an application failure upon start up. These problems are less than 24 hour new. GMER was running and caused windows to crash and reboot. No log could be found.

OTL logfile created on: 8/31/2010 4:28:40 PM - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\Timothy Hayes\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 82.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 138.85 Gb Free Space | 29.81% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KAZUO-KIRIYAMA
Current User Name: Timothy Hayes
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/08/31 16:27:39 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Timothy Hayes\My Documents\Downloads\OTL.exe
PRC - [2010/08/30 09:27:58 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/07/08 08:45:21 | 002,048,352 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2010/06/15 10:48:27 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.2.183.29\GoogleCrashHandler. exe
PRC - [2009/12/18 22:04:18 | 001,824,040 | ---- | M] (ManyCam LLC) -- C:\Program Files\ManyCam 2.4\ManyCam.exe
PRC - [2009/11/15 12:59:11 | 000,158,752 | ---- | M] (Applian Technologies, Inc.) -- C:\Program Files\Freecorder\FLVSrvc.exe
PRC - [2009/08/22 09:43:45 | 000,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/08/22 09:43:36 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2008/11/10 13:23:38 | 000,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ZuneBusEnum.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/03/23 00:13:46 | 001,591,808 | ---- | M] (YourWare Solutions (TM)) -- C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe

========== Modules (SafeList) ==========

MOD - [2010/08/31 16:27:39 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Timothy Hayes\My Documents\Downloads\OTL.exe
MOD - [2010/08/31 16:22:46 | 000,012,800 | ---- | M] (Applian Technologies, Inc.) -- C:\Documents and Settings\Timothy Hayes\Local Settings\Application Data\FLVService\lib\FLVSrvLib.dll
MOD - [2010/08/29 12:31:35 | 000,047,616 | -H-- | M] () -- C:\WINDOWS\system32\drwtmem.dll
MOD - [2008/04/13 17:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe -- (StyleXPService)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS -- (PrismXL)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2009/08/22 09:43:36 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2008/11/10 13:23:50 | 005,117,568 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2008/11/10 13:23:42 | 000,243,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2008/11/10 13:23:38 | 000,060,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ZuneBusEnum.exe -- (ZuneBusEnum)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2006/12/04 11:57:38 | 000,036,864 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\system32\acs.exe -- (ACS)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\TGTSoft\StyleXP\StyleXPHelper.exe -- (StyleXPHelper)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\AmdLLD.sys -- (AmdLLD)
DRV - [2010/03/26 18

26 | 005,883,936 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2010/03/15 23:51:59 | 010,232,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2009/11/18 07:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009/11/18 07:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ambfilt.sys -- (Ambfilt)
DRV - [2009/08/22 09:43:45 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/08/22 09:43:45 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/06/23 11:01:42 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/06/23 11:01:40 | 000,072,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/06/23 11:01:40 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2008/11/10 13:09:32 | 000,040,832 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\zumbus.sys -- (zumbus)
DRV - [2008/05/07 12

53 | 000,685,816 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/01/14 03:06:32 | 000,021,632 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ManyCam.sys -- (ManyCam)
DRV - [2007/12/20 13:35:26 | 000,014,656 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2007/08/28 17:05:12 | 000,055,808 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\xusb21.sys -- (xusb21)
DRV - [2006/09/11 04:45:38 | 000,019,968 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/09/11 04:45:36 | 000,057,856 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006/07/05 05:33:24 | 000,472,000 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wpn311.sys -- (AR5211)
DRV - [2005/01/07 18:07:18 | 000,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2003/06/11 15:00:00 | 000,090,229 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\P1130Vid.sys -- (P1130VID)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = Yahoo! SearchBar Home Page

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Live Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source? }
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = yahoo.com/
IE - HKCU\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre1.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyServer" = http=71.6.139.135:8080

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170633FE}:0.4.5.15
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8
FF - prefs.js..extensions.enabledItems: firedownload@mozilla.org:2.0.1
FF - prefs.js..extensions.enabledItems: {1392b8d2-5c05-419f-a8f6-b9f15a596612}:2.7.2.0
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: performeroptimum@livejasmin.com:3.1.5.5
FF - prefs.js..extensions.enabledItems: {93AC5297-EC57-4B82-9675-E3658FA44711}:1.0
FF - prefs.js..extensions.enabledItems: {C8B0FA04-8CC9-406F-A0CF-D2D1AAACDFDB}:1.9.1
FF - prefs.js..extensions.enabledItems: {66871bd1-5ba2-4739-b485-2a15f5969bd8}:2.20100123

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5 b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/12/22 10:48:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{93AC529 7-EC57-4B82-9675-E3658FA44711}: C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\{93AC5297-EC57-4B82-9675-E3658FA44711}\ [2009/01/07 12:20:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{C8B0FA0 4-8CC9-406F-A0CF-D2D1AAACDFDB}: C:\Documents and Settings\Timothy Hayes\Local Settings\Application Data\{C8B0FA04-8CC9-406F-A0CF-D2D1AAACDFDB}\ [2010/08/29 12:36:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/30 09:28:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/30 09:28:10 | 000,000,000 | ---D | M]

[2009/02/17 01:04:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Timothy Hayes\Application Data\Mozilla\Extensions
[2009/02/17 01:04:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Timothy Hayes\Application Data\Mozilla\Extensions\contact@callgraph.in
[2010/04/17 02:24:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Timothy Hayes\Application Data\Mozilla\Firefox\Profiles\acwd192g.Kazuo\exten sions
[2010/03/01 13:15:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Timothy Hayes\Application Data\Mozilla\Firefox\Profiles\acwd192g.Kazuo\exten sions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/17 02:24:41 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Timothy Hayes\Application Data\Mozilla\Firefox\Profiles\acwd192g.Kazuo\exten sions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/03/01 13:15:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Timothy Hayes\Application Data\Mozilla\Firefox\Profiles\acwd192g.Kazuo\exten sions\staged-xpis
[2010/08/30 13:41:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Timothy Hayes\Application Data\Mozilla\Firefox\Profiles\vhc11xtm.default\ext ensions
[2010/08/30 09:28:39 | 000,000,000 | ---D | M] (Freecorder Toolbar) -- C:\Documents and Settings\Timothy Hayes\Application Data\Mozilla\Firefox\Profiles\vhc11xtm.default\ext ensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
[2010/05/01 20:20:32 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Timothy Hayes\Application Data\Mozilla\Firefox\Profiles\vhc11xtm.default\ext ensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/01 20:20:22 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Timothy Hayes\Application Data\Mozilla\Firefox\Profiles\vhc11xtm.default\ext ensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/04/17 02:24:40 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Timothy Hayes\Application Data\Mozilla\Firefox\Profiles\vhc11xtm.default\ext ensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/03/01 12:49:51 | 000,000,000 | ---D | M] (MidnightFox) -- C:\Documents and Settings\Timothy Hayes\Application Data\Mozilla\Firefox\Profiles\vhc11xtm.default\ext ensions\{66871bd1-5ba2-4739-b485-2a15f5969bd8}
[2010/03/01 12:49:49 | 000,000,000 | ---D | M] (4chan) -- C:\Documents and Settings\Timothy Hayes\Application Data\Mozilla\Firefox\Profiles\vhc11xtm.default\ext ensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE}
[2010/08/30 09:28:40 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Timothy Hayes\Application Data\Mozilla\Firefox\Profiles\vhc11xtm.default\ext ensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/08/30 09:28:38 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Timothy Hayes\Application Data\Mozilla\Firefox\Profiles\vhc11xtm.default\ext ensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/08/30 09:28:37 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Timothy Hayes\Application Data\Mozilla\Firefox\Profiles\vhc11xtm.default\ext ensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/05/01 20:20:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Timothy Hayes\Application Data\Mozilla\Firefox\Profiles\vhc11xtm.default\ext ensions\firedownload@mozilla.org
[2010/03/11 16:58:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Timothy Hayes\Application Data\Mozilla\Firefox\Profiles\vhc11xtm.default\ext ensions\performeroptimum@livejasmin.com
[2010/08/30 09:28:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Timothy Hayes\Application Data\Mozilla\Firefox\Profiles\vhc11xtm.default\ext ensions\tineye@ideeinc.com
[2009/02/10 17:08:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Timothy Hayes\Application Data\Mozilla\Firefox\Profiles\vhc11xtm.default\ext ensions\ultimatemyspacetoolbar@me.dium.com
[2010/03/01 12:49:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Timothy Hayes\Application Data\Mozilla\Firefox\Profiles\vhc11xtm.default\ext ensions\{66871bd1-5ba2-4739-b485-2a15f5969bd8}\chrome\mozapps\extensions
[2010/03/01 12:49:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Timothy Hayes\Application Data\Mozilla\Firefox\Profiles\vhc11xtm.default\ext ensions\{66871bd1-5ba2-4739-b485-2a15f5969bd8}\chrome\mozapps\extensions\CVS
[2009/12/01 11:50:20 | 000,002,160 | ---- | M] () -- C:\Documents and Settings\Timothy Hayes\Application Data\Mozilla\Firefox\Profiles\vhc11xtm.default\sea rchplugins\MySpace.xml
[2010/08/30 13:41:29 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/09/03 17:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
[2010/01/13 15:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll

O1 HOSTS File: ([2009/07/25 01:45:45 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O2 - BHO: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre1.dll (Conduit Ltd.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\s wg.dll (Google Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\YTSingleInsta nce.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Freecorder Toolbar) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - C:\Program Files\Freecorder\tbFre1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BootSkin Startup Jobs] C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe ()
O4 - HKLM..\Run: [Freecorder FLV Service] C:\Program Files\Freecorder\FLVSrvc.exe (Applian Technologies, Inc.)
O4 - HKLM..\Run: [LogonStudio] C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe (Stardock and Luca Saggese)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [Vcekelaguzeya] C:\WINDOWS\obeliroquqof.DLL File not found
O4 - HKCU..\Run: [FreeRAM XP] C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe (YourWare Solutions (TM))
O4 - HKCU..\Run: [ManyCam] C:\Program Files\ManyCam 2.4\ManyCam.exe (ManyCam LLC)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe (Google Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/downlo...22/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/ca..._2.3.6.108.cab (CDownloadCtrl Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab (MSN Games - Installer)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (C:\WINDOWS\system32\logonuiX.exe) - C:\WINDOWS\system32\logonuiX.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\Timothy Hayes\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Timothy Hayes\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/12/20 12:58:41 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: caclatch - (C:\WINDOWS\system32\drwtmem.dll) - C:\WINDOWS\system32\drwtmem.dll ()
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

Drivers32: aux - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\System32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\WINDOWS\System32\lhacm.acm (Microsoft Corporation)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.IYUV - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.UYVY - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.VP60 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: VIDC.WMV3 - C:\WINDOWS\System32\wmv9vcm.dll (Microsoft Corporation)
Drivers32: VIDC.YUY2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVU9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17746478449557504)

========== Files/Folders - Created Within 90 Days ==========

[2010/08/29 12:36:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Timothy Hayes\Local Settings\Application Data\{C8B0FA04-8CC9-406F-A0CF-D2D1AAACDFDB}
[2010/08/26 23:10:20 | 000,000,000 | ---D | C] -- C:\Program Files\Chit Chat For Facebook
[2010/08/26 23:10:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Chit Chat For Facebook
[2010/08/20 00:09:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Timothy Hayes\My Documents\The Morbid Chronicles
[2010/08/15 11:17:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\Performance
[2010/08/15 11:17:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Timothy Hayes\Local Settings\Application Data\Microsoft Corporation
[2010/08/15 11:17:04 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Windows 7 Upgrade Advisor
[2010/08/15 00:15:08 | 000,000,000 | ---D | C] -- C:\Program Files\YourWare Solutions
[2010/08/11 23:29:52 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Timothy Hayes\Desktop\Unused Desktop Shortcuts
[2010/08/04 02:14:00 | 000,000,000 | ---D | C] -- C:\Program Files\Audacity
[2010/07/28 12:15:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Timothy Hayes\Local Settings\Application Data\PunkBuster
[2010/07/28 03:11:07 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Timothy Hayes\Recent
[2010/07/23 13

34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2010/07/23 13

06 | 000,000,000 | ---D | C] -- C:\Program Files\real
[2010/07/21 22:26:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Timothy Hayes\Desktop\Cinema Snob
[2010/07/18 21:25:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Timothy Hayes\Local Settings\Application Data\AIM
[2010/07/18 21:25:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AIM
[2010/07/18 21:25:31 | 000,000,000 | ---D | C] -- C:\Program Files\AIM
[2010/07/18 21:25:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Software Update Utility
[2010/07/12 02:19:46 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2010/07/12 02:19:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Real
[2010/07/12 02:19:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Real
[2010/07/12 02:19:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Timothy Hayes\Application Data\Real
[2010/06/17 16:59:48 | 000,000,000 | ---D | C] -- C:\Program Files\CohBeta

========== Files - Modified Within 90 Days ==========

[2010/08/31 16:31:05 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\vvypl.sys
[2010/08/31 16:22:52 | 000,276,202 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010/08/31 16:22:45 | 000,000,024 | ---- | M] () -- C:\WINDOWS\LogonStudio.ini
[2010/08/31 16:22:41 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-790525478-261478967-839522115-1004.job
[2010/08/31 16:22:40 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-790525478-261478967-839522115-1004.job
[2010/08/31 16:22:39 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/31 16:20:46 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/08/31 16:20:27 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/31 16:20:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/31 15:43:35 | 009,699,328 | -H-- | M] () -- C:\Documents and Settings\Timothy Hayes\NTUSER.DAT
[2010/08/31 15:43:24 | 004,843,292 | -H-- | M] () -- C:\Documents and Settings\Timothy Hayes\Local Settings\Application Data\IconCache.db
[2010/08/31 15:22:54 | 064,139,718 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/08/31 15:01:01 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-790525478-261478967-839522115-1004UA.job
[2010/08/31 14:53:01 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/31 14:07:10 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Timothy Hayes\ntuser.ini
[2010/08/31 14:06:52 | 000,000,696 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/08/31 14:06:52 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/08/31 14:06:52 | 000,000,222 | RHS- | M] () -- C:\boot.ini
[2010/08/31 13:13:05 | 000,013,744 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/31 13:06:23 | 000,290,829 | ---- | M] () -- C:\Documents and Settings\Timothy Hayes\Desktop\1283283165744.jpg
[2010/08/30 20:01:01 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-790525478-261478967-839522115-1004Core.job
[2010/08/30 10:16:43 | 000,052,404 | ---- | M] () -- C:\Documents and Settings\Timothy Hayes\Desktop\Panyasee.jpg
[2010/08/29 23

11 | 029,262,725 | ---- | M] () -- C:\Documents and Settings\Timothy Hayes\Desktop\xvideos.com_407355dd0b9c087908278364 7edaf5dc.wmv
[2010/08/29 23:11:28 | 000,002,356 | ---- | M] () -- C:\Documents and Settings\Timothy Hayes\Desktop\Google Chrome.lnk
[2010/08/29 23:11:28 | 000,002,334 | ---- | M] () -- C:\Documents and Settings\Timothy Hayes\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/08/29 23:10:25 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Usemeriwedoke.dat
[2010/08/29 12:36:35 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Lbolihe.bin
[2010/08/29 12:31:35 | 000,047,616 | -H-- | M] () -- C:\WINDOWS\System32\drwtmem.dll
[2010/08/28 16:04:19 | 000,152,576 | ---- | M] () -- C:\Documents and Settings\Timothy Hayes\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/26 23:45:45 | 080,480,608 | ---- | M] () -- C:\Documents and Settings\Timothy Hayes\Desktop\Avenged Sevenfold - Nightmare (2010).rar
[2010/08/22 23:26:24 | 000,019,510 | ---- | M] () -- C:\Documents and Settings\Timothy Hayes\Desktop\1282543169738.jpg
[2010/08/22 13:15:19 | 000,032,564 | ---- | M] () -- C:\Documents and Settings\Timothy Hayes\Desktop\Dark Steel PSD.jpg
[2010/08/21 22:59:55 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/08/21 13:52:06 | 000,070,788 | ---- | M] () -- C:\Documents and Settings\Timothy Hayes\Desktop\THE MORBID CHRONICLES.jpg
[2010/08/18 21:23:34 | 000,000,840 | ---- | M] () -- C:\Documents and Settings\Timothy Hayes\Desktop\City of Heroes & Villains.lnk
[2010/08/12 21:17:57 | 000,000,666 | ---- | M] () -- C:\Documents and Settings\Timothy Hayes\Desktop\Shortcut to iTunes.lnk
[2010/08/12 03:26:25 | 000,268,600 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/12 03:09:37 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/08/12 03:08:31 | 000,497,192 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/12 03:08:31 | 000,437,812 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/12 03:08:31 | 000,070,220 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/09 09:27:20 | 006,039,585 | ---- | M] () -- C:\Documents and Settings\Timothy Hayes\Desktop\01.Nightmare.mp3
[2010/07/28 12:16:01 | 000,137,544 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010/07/28 12:15:52 | 000,189,480 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr
[2010/07/28 12:13:53 | 000,139,152 | ---- | M] () -- C:\Documents and Settings\Timothy Hayes\Application Data\PnkBstrK.sys
[2010/07/28 12:13:35 | 000,794,408 | ---- | M] () -- C:\WINDOWS\System32\pbsvc.exe
[2010/07/28 10:14:35 | 000,254,848 | ---- | M] () -- C:\Documents and Settings\Timothy Hayes\My Documents\cc_20100728_101426.reg
[2010/07/28 01:24:44 | 000,000,089 | ---- | M] () -- C:\WINDOWS\cdplayer.ini
[2010/07/23 13

08 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2010/07/20 18:18:15 | 000,010,853 | ---- | M] () -- C:\Documents and Settings\Timothy Hayes\My Documents\Riddle me this.docx
[2010/07/18 21:25:49 | 000,001,396 | -H-- | M] () -- C:\IPH.PH
[2010/07/18 21:25:45 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\Timothy Hayes\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk
[2010/07/12 02:13:43 | 000,006,914 | ---- | M] () -- C:\Documents and Settings\Timothy Hayes\My Documents\Cinema Snob.m3u
[2010/06/27 00:34:46 | 000,000,663 | ---- | M] () -- C:\Documents and Settings\Timothy Hayes\Desktop\Shortcut to screenshots.lnk
[2010/06/17 00:07:49 | 000,011,145 | ---- | M] () -- C:\Documents and Settings\Timothy Hayes\My Documents\All Same.docx

========== Files Created - No Company Name ==========

[2010/08/31 13:06:23 | 000,290,829 | ---- | C] () -- C:\Documents and Settings\Timothy Hayes\Desktop\1283283165744.jpg
[2010/08/31 00:18:18 | 000,001,626 | ---- | C] () -- C:\Documents and Settings\Timothy Hayes\Desktop\Mozilla Firefox.lnk
[2010/08/30 10:16:41 | 000,052,404 | ---- | C] () -- C:\Documents and Settings\Timothy Hayes\Desktop\Panyasee.jpg
[2010/08/29 23:20:07 | 029,262,725 | ---- | C] () -- C:\Documents and Settings\Timothy Hayes\Desktop\xvideos.com_407355dd0b9c087908278364 7edaf5dc.wmv
[2010/08/29 23:11:28 | 000,002,356 | ---- | C] () -- C:\Documents and Settings\Timothy Hayes\Desktop\Google Chrome.lnk
[2010/08/29 23:11:28 | 000,002,334 | ---- | C] () -- C:\Documents and Settings\Timothy Hayes\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/08/29 12:36:35 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Usemeriwedoke.dat
[2010/08/29 12:36:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Lbolihe.bin
[2010/08/29 12:31:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\vvypl.sys
[2010/08/29 12:31:35 | 000,047,616 | -H-- | C] () -- C:\WINDOWS\System32\drwtmem.dll
[2010/08/29 12:31:31 | 000,000,024 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\hngmfc.dat
[2010/08/28 16:07:06 | 006,039,585 | ---- | C] () -- C:\Documents and Settings\Timothy Hayes\Desktop\01.Nightmare.mp3
[2010/08/26 23:41:29 | 080,480,608 | ---- | C] () -- C:\Documents and Settings\Timothy Hayes\Desktop\Avenged Sevenfold - Nightmare (2010).rar
[2010/08/22 23:26:24 | 000,019,510 | ---- | C] () -- C:\Documents and Settings\Timothy Hayes\Desktop\1282543169738.jpg
[2010/08/22 13:15:19 | 000,032,564 | ---- | C] () -- C:\Documents and Settings\Timothy Hayes\Desktop\Dark Steel PSD.jpg
[2010/08/21 13:52:06 | 000,070,788 | ---- | C] () -- C:\Documents and Settings\Timothy Hayes\Desktop\THE MORBID CHRONICLES.jpg
[2010/08/12 21:17:57 | 000,000,666 | ---- | C] () -- C:\Documents and Settings\Timothy Hayes\Desktop\Shortcut to iTunes.lnk
[2010/08/03 03:01:08 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/07/28 12:15:52 | 000,189,480 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.xtr
[2010/07/28 12:13:54 | 000,137,544 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010/07/28 12:13:53 | 000,139,152 | ---- | C] () -- C:\Documents and Settings\Timothy Hayes\Application Data\PnkBstrK.sys
[2010/07/28 12:13:36 | 000,189,480 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2010/07/28 12:13:35 | 000,794,408 | ---- | C] () -- C:\WINDOWS\System32\pbsvc.exe
[2010/07/28 12:13:35 | 000,075,064 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2010/07/28 10:14:28 | 000,254,848 | ---- | C] () -- C:\Documents and Settings\Timothy Hayes\My Documents\cc_20100728_101426.reg
[2010/07/20 18:18:14 | 000,010,853 | ---- | C] () -- C:\Documents and Settings\Timothy Hayes\My Documents\Riddle me this.docx
[2010/07/18 21:25:45 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\Timothy Hayes\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk
[2010/07/12 02

05 | 000,000,089 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2010/07/12 02:20:37 | 000,000,294 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-790525478-261478967-839522115-1004.job
[2010/07/12 02:20:36 | 000,000,302 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-790525478-261478967-839522115-1004.job
[2010/07/12 02:13:43 | 000,006,914 | ---- | C] () -- C:\Documents and Settings\Timothy Hayes\My Documents\Cinema Snob.m3u
[2010/06/27 00:34:46 | 000,000,663 | ---- | C] () -- C:\Documents and Settings\Timothy Hayes\Desktop\Shortcut to screenshots.lnk
[2010/06/18 04:53:16 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/06/17 00:07:49 | 000,011,145 | ---- | C] () -- C:\Documents and Settings\Timothy Hayes\My Documents\All Same.docx
[2010/02/10 08:26:54 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\mszuc-oid.dll
[2010/01/02 05:46:16 | 000,000,024 | ---- | C] () -- C:\WINDOWS\LogonStudio.ini
[2010/01/02 05:46:08 | 000,187,392 | ---- | C] () -- C:\WINDOWS\System32\JPGUtils.dll
[2010/01/02 04:39:58 | 000,172,928 | ---- | C] () -- C:\WINDOWS\System32\drivers\vidstub.sys
[2009/07/23 16:35:53 | 000,001,408 | ---- | C] () -- C:\Program Files\amtffd.txt
[2009/07/14 17:15:00 | 000,178,432 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2009/06/11 10:53:52 | 000,223,232 | ---- | C] () -- C:\WINDOWS\System32\sqlite3.dll
[2009/06/11 10:53:51 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\SQLiteWrapper.dll
[2009/05/11 09:42:02 | 000,009,843 | ---- | C] () -- C:\WINDOWS\System32\mswun-oie.dll
[2009/01/06 09:35:13 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\mszunaerr.dll
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/07/11 23:47:06 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2008/07/11 23:47:06 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2008/07/11 23:47:06 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2008/05/07 12

52 | 000,685,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008/01/06 00:17:37 | 000,000,168 | ---- | C] () -- C:\WINDOWS\CS_MD_T.ini
[2007/12/25 19:26:02 | 000,000,762 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2007/12/25 03:34:33 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/12/23 23:04:12 | 000,152,576 | ---- | C] () -- C:\Documents and Settings\Timothy Hayes\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/06/28 09:43:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2003/08/07 12:01:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll

========== LOP Check ==========

[2008/11/19 23:34:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2008/03/20 21:59:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Age of Empires 3
[2010/07/18 21:25:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
[2010/08/27 21:57:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Chit Chat For Facebook
[2009/06/24 18:30:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Free Labs
[2009/05/17 08:41:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2010/03/31 18:59:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2010/08/03 09:42:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/07/26 00:53:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/03/11 15:43:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2010/01/02 05:32:52 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{56FC2B0D-3D08-45E7-B370-9A9DACA17E2F}
[2010/03/11 18:33:28 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Timothy Hayes\Application Data\.#
[2007/12/29 19:22:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Timothy Hayes\Application Data\acccore
[2009/07/05 11:48:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Timothy Hayes\Application Data\BitTorrent
[2008/02/05 16:36:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Timothy Hayes\Application Data\DNA
[2008/02/05 16:37:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Timothy Hayes\Application Data\fizzy
[2009/05/06 15:30:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Timothy Hayes\Application Data\Gmote
[2010/01/31 16

17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Timothy Hayes\Application Data\ManyCam
[2008/02/12 10:09:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Timothy Hayes\Application Data\Opera
[2008/11/02 23:34:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Timothy Hayes\Application Data\SPORE
[2008/07/23 16:43:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Timothy Hayes\Application Data\SPORE Creature Creator
[2010/01/02 05:32:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Timothy Hayes\Application Data\Stardock
[2010/08/29 12:31:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Timothy Hayes\Application Data\uTorrent

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2007/12/20 12:58:41 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/12/26 17:23:08 | 000,000,281 | ---- | M] () -- C:\boot-orig.ini
[2009/04/28 01:40:41 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/08/31 14:06:52 | 000,000,222 | RHS- | M] () -- C:\boot.ini
[2009/07/26 00:41:42 | 000,009,148 | ---- | M] () -- C:\Bug.txt
[2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2009/07/25 01:49:12 | 000,021,364 | ---- | M] () -- C:\ComboFix.txt
[2007/12/20 12:58:41 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2008/03/20 21:57:05 | 000,000,216 | ---- | M] () -- C:\DebugTrace-RockallDLL.log
[2009/04/28 01:54:48 | 000,000,081 | ---- | M] () -- C:\DVDPATH.TXT
[2007/12/20 12:58:41 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/07/18 21:25:49 | 000,001,396 | -H-- | M] () -- C:\IPH.PH
[2009/07/26 00:47:15 | 000,010,652 | ---- | M] () -- C:\JavaRa.log
[2007/12/20 12:58:41 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2007/12/21 03:18:06 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/09/16 16:25:51 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2009/06/17 21:47:38 | 000,262,144 | ---- | M] () -- C:\ntuser.dat
[2009/06/17 21:47:39 | 000,001,024 | -H-- | M] () -- C:\ntuser.dat.LOG
[2010/08/31 16:20:18 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2008/02/06 01:55:57 | 000,002,126 | ---- | M] () -- C:\rapport.txt
[2009/07/26 00:41:42 | 000,000,233 | ---- | M] () -- C:\Start_.cmd
[2010/08/31 16:20:45 | 000,000,627 | ---- | M] () -- C:\sti.log
[2010/03/18 20:01:17 | 000,155,648 | -H-- | M] () -- C:\SZKGFS.dat
[2008/08/02 10:39:59 | 000,009,078 | ---- | M] () -- C:\WoGDebug1.txt
[2007/12/21 03:10:00 | 000,000,146 | ---- | M] () -- C:\YServer.txt

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/07/06 05:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpi pelineprintproc.dll
[2007/03/28 14:57:34 | 000,274,944 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp5ha .dll
[2006/10/26 19

12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr .dll

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >

< %systemroot%\Fonts\*.dll >

< %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2007/12/20 20:44:07 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2007/12/20 20:44:07 | 000,602,112 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2007/12/20 20:44:07 | 000,409,600 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\user32.dll /md5 >
[2008/04/13 17:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2008/04/13 17:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll

< %systemroot%\system32\ws2help.dll /md5 >
[2008/04/13 17:12:10 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=9789E95E1D88EEB4B922BF3EA7779C28 -- C:\WINDOWS\system32\ws2help.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< >

< Read more: http://www.d-a-l.com/help/spyware-ad...#ixzz0yEH2Q4Hp >
Invalid Switch: 68933-read-first-important-instructions-updated.html#ixzz0yEH2Q4Hp

========== Alternate Data Streams ==========

@Alternate Data Stream - 179 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8927A071

< End of report >

**broni** · 01-09-2010

Always paste all logs into your reply.
GMER and MBRCheck logs are missing.

Malwarebytes' Anti-Malware 1.46
Malwarebytes

Database version: 4518

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

8/31/2010 3:43:02 PM
mbam-log-2010-08-31 (15-43-02).txt

Scan type: Quick scan
Objects scanned: 157766
Time elapsed: 5 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Settings\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Settings\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Settings\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\asyncmac (Rootkit.Bubnix) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\SOFTWARE\Microsoft\Windows\CurrentV ersion\Run\microsoft updater v2 (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\Zwangie (Adware.Zwangi) -> Quarantined and deleted successfully.
C:\Program Files\Zwangie\Zwangie_deleted_ (Adware.Zwangi) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\drivers\asyncmac.sys (Rootkit.Bubnix) -> Quarantined and deleted successfully.
C:\Program Files\Zwangie\Zwangie_deleted_\zwangie.dll (Adware.Zwangi) -> Quarantined and deleted successfully.
C:\Program Files\Zwangie\Zwangie_deleted_\zwangie.exe (Adware.Zwangi) -> Quarantined and deleted successfully.
C:\Documents and Settings\Timothy Hayes\Application Data\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.

**broni** · 01-09-2010

Also, I cleaned your computer back here: http://www.d-a-l.com/help/spyware-ad...han-usual.html and you even didn't care to give me a final word about your computer behavior.
In case, you don't know, it wasn't very nice of you....

**KazuoKiriyama77** · 01-09-2010

My apologies, Broni. My mother's computer is still running well.

I think I missed the MBRcheck step. GMER report wasn't accessible. My computer simply crashed with not chance of getting a report.

For what it's worth, I've been able to run programs after running the scanners you had me use. Here's the MBR:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000001d

Kernel Drivers (total 133):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xB85A8000 \WINDOWS\system32\KDCOM.DLL
0xB84B8000 \WINDOWS\system32\BOOTVID.dll
0xB7EBD000 sptd.sys
0xB85AA000 \WINDOWS\System32\Drivers\WMILIB.SYS
0xB7EA5000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
0xB7E77000 ACPI.sys
0xB7E66000 pci.sys
0xB80A8000 ohci1394.sys
0xB80B8000 \WINDOWS\System32\DRIVERS\1394BUS.SYS
0xB80C8000 isapnp.sys
0xB7DA6000 vvypl.sys
0xB8670000 pciide.sys
0xB8328000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
0xB80D8000 MountMgr.sys
0xB7D87000 ftdisk.sys
0xB8330000 PartMgr.sys
0xB80E8000 VolSnap.sys
0xB7D6F000 atapi.sys
0xB80F8000 disk.sys
0xB8108000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
0xB7D4F000 fltmgr.sys
0xB7D3D000 sr.sys
0xB8118000 PxHelp20.sys
0xB7D26000 KSecDD.sys
0xB7D13000 WudfPf.sys
0xB7C86000 Ntfs.sys
0xB7C59000 NDIS.sys
0xB8128000 sbp2port.sys
0xB7C3F000 Mup.sys
0xB82C8000 \SystemRoot\System32\DRIVERS\processr.sys
0xB8430000 \SystemRoot\System32\DRIVERS\usbohci.sys
0xB78E0000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
0xB8438000 \SystemRoot\System32\DRIVERS\usbehci.sys
0xB82D8000 \SystemRoot\System32\DRIVERS\imapi.sys
0xB82E8000 \SystemRoot\System32\DRIVERS\cdrom.sys
0xB82F8000 \SystemRoot\System32\DRIVERS\redbook.sys
0xB78BD000 \SystemRoot\System32\DRIVERS\ks.sys
0xB7BF3000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0xB8308000 \SystemRoot\System32\DRIVERS\nic1394.sys
0xB7898000 \SystemRoot\System32\DRIVERS\HDAudBus.sys
0xB8318000 \SystemRoot\System32\DRIVERS\nvnetbus.sys
0xB777C000 \SystemRoot\System32\DRIVERS\NVNRM.SYS
0xB6DB9000 \SystemRoot\System32\DRIVERS\nv4_mini.sys
0xB6DA5000 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
0xB6D3E000 \SystemRoot\System32\Drivers\alw1354d.SYS
0xB8498000 \SystemRoot\System32\DRIVERS\fdc.sys
0xB8158000 \SystemRoot\System32\DRIVERS\serial.sys
0xB7918000 \SystemRoot\System32\DRIVERS\serenum.sys
0xB6CE8000 \SystemRoot\System32\DRIVERS\parport.sys
0xB84A0000 \SystemRoot\system32\DRIVERS\ManyCam.sys
0xB8168000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0xB87C5000 \SystemRoot\System32\DRIVERS\audstub.sys
0xB8178000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
0xB7914000 \SystemRoot\System32\DRIVERS\ndistapi.sys
0xB6CD1000 \SystemRoot\System32\DRIVERS\ndiswan.sys
0xB8188000 \SystemRoot\System32\DRIVERS\raspppoe.sys
0xB8198000 \SystemRoot\System32\DRIVERS\raspptp.sys
0xB84A8000 \SystemRoot\System32\DRIVERS\TDI.SYS
0xB6C20000 \SystemRoot\System32\DRIVERS\psched.sys
0xB81A8000 \SystemRoot\System32\DRIVERS\msgpc.sys
0xB84B0000 \SystemRoot\System32\DRIVERS\ptilink.sys
0xB8340000 \SystemRoot\System32\DRIVERS\raspti.sys
0xB81B8000 \SystemRoot\System32\DRIVERS\termdd.sys
0xB8390000 \SystemRoot\System32\DRIVERS\kbdclass.sys
0xB8398000 \SystemRoot\System32\DRIVERS\mouclass.sys
0xB85E4000 \SystemRoot\System32\DRIVERS\swenum.sys
0xB6BC2000 \SystemRoot\System32\DRIVERS\update.sys
0xB7908000 \SystemRoot\System32\DRIVERS\mssmbios.sys
0xB81C8000 \SystemRoot\system32\DRIVERS\zumbus.sys
0xB81D8000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS
0xB6B46000 \SystemRoot\System32\Drivers\wdf01000.sys
0xB81E8000 \SystemRoot\System32\DRIVERS\usbhub.sys
0xB85E6000 \SystemRoot\System32\DRIVERS\USBD.SYS
0xB81F8000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xB6500000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xB64DC000 \SystemRoot\system32\drivers\portcls.sys
0xB8208000 \SystemRoot\system32\drivers\drmk.sys
0xB8218000 \SystemRoot\System32\DRIVERS\NVENETFD.sys
0xB83A8000 \SystemRoot\System32\DRIVERS\flpydisk.sys
0xB85EC000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xB876E000 \SystemRoot\System32\Drivers\Null.SYS
0xB85EE000 \SystemRoot\System32\Drivers\Beep.SYS
0xB83B8000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xB83C0000 \SystemRoot\System32\drivers\vga.sys
0xB85F0000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xB85F2000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xB83C8000 \SystemRoot\System32\Drivers\Msfs.SYS
0xB83D0000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB7BDF000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xB428E000 \SystemRoot\System32\DRIVERS\ipsec.sys
0xB4235000 \SystemRoot\System32\DRIVERS\tcpip.sys
0xB41E5000 \SystemRoot\System32\DRIVERS\netbt.sys
0xB41BF000 \SystemRoot\System32\DRIVERS\ipnat.sys
0xB419D000 \SystemRoot\System32\drivers\afd.sys
0xB8278000 \SystemRoot\System32\DRIVERS\wanarp.sys
0xB8288000 \SystemRoot\System32\DRIVERS\netbios.sys
0xB4178000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
0xB8298000 \SystemRoot\System32\DRIVERS\arp1394.sys
0xB83D8000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xB414D000 \SystemRoot\System32\DRIVERS\rdbss.sys
0xB40DD000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
0xB82A8000 \SystemRoot\System32\Drivers\Fips.SYS
0xB7920000 \SystemRoot\System32\DRIVERS\hidusb.sys
0xB82B8000 \SystemRoot\System32\DRIVERS\HIDCLASS.SYS
0xB40C6000 \SystemRoot\system32\DRIVERS\P1130Vid.sys
0xB83E0000 \SystemRoot\System32\DRIVERS\usbccgp.sys
0xB791C000 \SystemRoot\System32\DRIVERS\mouhid.sys
0xB83E8000 \SystemRoot\System32\Drivers\avgmfx86.sys
0xB4075000 \SystemRoot\System32\Drivers\avgldx86.sys
0xB6B3E000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xB6CA1000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB3FE5000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xB85FC000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB64D8000 \SystemRoot\System32\drivers\Dxapi.sys
0xB83F8000 \SystemRoot\System32\watchdog.sys
0xBD000000 \SystemRoot\System32\drivers\dxg.sys
0xB8693000 \SystemRoot\System32\drivers\dxgthk.sys
0xBD012000 \SystemRoot\System32\nv4_disp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xB3B41000 \SystemRoot\system32\DRIVERS\AegisP.sys
0xB3C49000 \SystemRoot\System32\DRIVERS\ndisuio.sys
0xB3980000 \SystemRoot\System32\DRIVERS\mrxdav.sys
0xB85C6000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xB3839000 \SystemRoot\System32\DRIVERS\srv.sys
0xB3324000 \SystemRoot\system32\drivers\wdmaud.sys
0xB36C1000 \SystemRoot\system32\drivers\sysaudio.sys
0xB2F6F000 \SystemRoot\System32\Drivers\HTTP.sys
0xB2302000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll
0x10000000 \Program Files\DAEMON Tools\daemon.dll

Processes (total 36):
0 System Idle Process
4 System
712 C:\WINDOWS\system32\smss.exe
760 csrss.exe
784 C:\WINDOWS\system32\winlogon.exe
832 C:\WINDOWS\system32\services.exe
872 C:\WINDOWS\system32\lsass.exe
1064 C:\WINDOWS\system32\nvsvc32.exe
1096 C:\WINDOWS\system32\svchost.exe
1144 svchost.exe
1244 C:\WINDOWS\system32\svchost.exe
1284 C:\WINDOWS\system32\svchost.exe
1452 svchost.exe
1588 svchost.exe
1696 C:\WINDOWS\system32\spoolsv.exe
1824 svchost.exe
1864 C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
1976 C:\WINDOWS\system32\svchost.exe
2008 C:\WINDOWS\system32\svchost.exe
200 C:\WINDOWS\system32\svchost.exe
604 C:\WINDOWS\system32\svchost.exe
640 C:\WINDOWS\system32\ZuneBusEnum.exe
876 C:\Program Files\Google\Update\1.2.183.29\GoogleCrashHandler. exe
1104 C:\Program Files\AVG\AVG8\avgrsx.exe
2240 alg.exe
3188 C:\WINDOWS\explorer.exe
3380 C:\PROGRA~1\AVG\AVG8\avgtray.exe
3492 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
3656 C:\Program Files\Freecorder\FLVSrvc.exe
4052 C:\WINDOWS\system32\svchost.exe
324 C:\WINDOWS\system32\ctfmon.exe
2732 C:\Program Files\ManyCam 2.4\ManyCam.exe
464 C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
2604 C:\PROGRA~1\Yahoo!\MESSEN~1\Ymsgr_tray.exe
3148 C:\Program Files\Mozilla Firefox\firefox.exe
2800 C:\Documents and Settings\Timothy Hayes\My Documents\Downloads\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: WDCWD5000AAKS-00YGA0, Rev: 12.01C02

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A

Done!

**broni** · 01-09-2010

MBRCheck log looks good

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
NOTE. If Combofix asks you to install Recovery Console, please allow it.
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt"

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

**KazuoKiriyama77** · 01-09-2010

Big problem. While ComboFix was doing its thing, the computer rebooted. Now when starting up, it gives me a black screen after verifying the pool data. I tried to go into safe mode, but I'm on a usb keyboard. I can get a normal keyboard tomorrow unless you have another solution.

**KazuoKiriyama77** · 01-09-2010

Btw, I'm posting from my phone.

**broni** · 01-09-2010

Regular keyboard would be helpful, so we can see, if we can get to safe mode, last known good configuration, or use recovery console.

**KazuoKiriyama77** · 02-09-2010

Ok.Got a ps2 keyboard.

Safe mode was a no go.

Last known good config didn't work either.

Not seeing the recovery.

I'm able to boot from my OS disk...

**broni** · 02-09-2010

Let's see, if we can look at your computer booting from an external source.

Please download OTLPE (filesize 120,9 MB)

When downloaded double click on OTLPENet.exe and make sure there is a blank CD in your CD drive. This will automatically create a bootable CD.
Reboot your system using the boot CD you just created.
- Note : If you do not know how to set your computer to boot from CD follow the steps here
Your system should now display a REATOGO-X-PE desktop.
Depending on your type of internet connection, you should be able to get online as well so you can access this topic more easily.
Double-click on the OTLPE icon.
When asked Do you wish to load the remote registry, select Yes
When asked Do you wish to load remote user profile(s) for scanning, select Yes
Ensure the box Automatically Load All Remaining Users" is checked and press OK
OTL should now start.
Press Run Scan to start the scan.
When finished, the file will be saved in drive C:\OTL.txt
Copy this file to your USB drive if you do not have internet connection on this system
Please post the contents of the OTL.txt file in your reply.

Problems running programs and internet

Problems running programs and internet

Similar Threads

64 Bit PC running 32 bit Programs

Please help - programs and Internet won't load!

Programs not accessing internet

Prob with IE/Other internet programs

running programs prevent scandisk