Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Infected with something PLEASE help [Closed]

Started by jess7695 , Jan 27 2012 11:36 AM

  • This topic is locked This topic is locked

#1
jess7695
Posted 27 January 2012 - 11:36 AM

jess7695

    New Member

  • Member
  • Pip
  • 3 posts
Hello, I have been using ad-aware as my anti-virus portection but I have been using shareaza to download some old showsall of a sudden I started my computer one day and it took 10 minutes to boot up
when I click on any program it is VERY slow and sometimes just doesnt respond
antivirus scan found nothing, but then I just downleded mbam and while shareaza was open, it blocked 5 attemps of malware -from 193.107.16.156 ,
93.174.93.53 ,
193.169.86.73 port 6346 , 91.223.82.235 and various others which are ongoing when shareaza is open

any help would be greatly appreciated :)
thanks

here is my otl file

OTL logfile created on: 1/27/2012 12:27:19 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Enoch\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.97 Gb Total Physical Memory | 1.32 Gb Available Physical Memory | 44.44% Memory free
5.93 Gb Paging File | 4.10 Gb Available in Paging File | 69.14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 297.99 Gb Total Space | 38.84 Gb Free Space | 13.04% Space Free | Partition Type: NTFS
Drive D: | 641.38 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: ENOCH-PC | User Name: Enoch | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/27 12:27:03 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Enoch\Desktop\OTL.exe
PRC - [2012/01/05 05:30:18 | 000,247,968 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil11e_ActiveX.exe
PRC - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/12/24 17:50:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/12/24 17:50:16 | 000,981,680 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2011/11/03 12:06:56 | 001,744,312 | ---- | M] (Lavasoft Limited ) -- C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
PRC - [2011/10/21 04:09:36 | 000,198,032 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
PRC - [2011/07/28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/06/23 23:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/01/04 16:51:20 | 000,689,464 | ---- | M] (Radialpoint Inc.) -- C:\Program Files\Rogers Online Protection\Rogers Servicepoint Agent\ServicepointService.exe
PRC - [2011/01/04 16:51:14 | 004,318,520 | ---- | M] (Rogers) -- C:\Program Files\Rogers Online Protection\Rogers Servicepoint Agent\RogersServicepointAgent.exe
PRC - [2011/01/04 16:51:14 | 000,488,760 | ---- | M] (Radialpoint Inc.) -- C:\Program Files\Rogers Online Protection\Rogers Servicepoint Agent\RogersServicepointAgentComHandler.exe
PRC - [2010/11/20 16:29:20 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 16:29:19 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/09/24 13:48:54 | 000,296,808 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Common Files\Nuance\dgnsvc.exe
PRC - [2010/09/24 11:03:36 | 000,222,496 | ---- | M] (Acresso Corporation) -- C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
PRC - [2010/06/07 15:10:06 | 000,378,088 | ---- | M] (Rogers) -- C:\Program Files\Rogers Online Protection\Rogers Online Protection\RPS.exe
PRC - [2010/06/07 15:10:06 | 000,166,944 | ---- | M] (Rogers) -- C:\Program Files\Rogers Online Protection\Rogers Online Protection\RpsSecurityAwareR.exe
PRC - [2010/06/07 15:09:06 | 000,382,208 | ---- | M] (Rogers) -- C:\Program Files\Rogers Online Protection\Rogers Online Protection\Fws.exe
PRC - [2010/06/07 12:46:12 | 000,120,048 | ---- | M] (Radialpoint SafeCare Inc.) -- C:\Program Files\Rogers Backup Manager\VaultClientUpgrade.exe
PRC - [2010/06/07 12:46:08 | 001,053,936 | ---- | M] (Radialpoint SafeCare Inc.) -- C:\Program Files\Rogers Backup Manager\VaultClientSRV.exe
PRC - [2009/11/02 16:26:48 | 005,832,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\Rogers Online Protection\Rogers Online Protection\AVG\Identity Protection\agent\bin\AVGIDSAgent.exe
PRC - [2009/11/02 16:26:48 | 000,592,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\Rogers Online Protection\Rogers Online Protection\AVG\Identity Protection\agent\bin\AVGIDSMonitor.exe


========== Modules (No Company Name) ==========

MOD - [2011/07/28 18:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/01/04 16:42:24 | 000,158,208 | ---- | M] () -- C:\Program Files\Rogers Online Protection\Rogers Servicepoint Agent\Windows7Features.dll
MOD - [2010/06/07 12:40:44 | 000,147,456 | ---- | M] () -- C:\Program Files\Rogers Backup Manager\libexpat.dll
MOD - [2009/11/02 16:26:48 | 000,077,824 | ---- | M] () -- C:\Program Files\Rogers Online Protection\Rogers Online Protection\AVG\Identity Protection\agent\bin\boost_log-vc71-mt-1_32.dll
MOD - [2009/11/02 16:26:48 | 000,057,344 | ---- | M] () -- C:\Program Files\Rogers Online Protection\Rogers Online Protection\AVG\Identity Protection\agent\bin\boost_thread-vc71-mt-1_32.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/11/07 14:45:23 | 000,315,392 | ---- | M] (S.C. BitDefender S.R.L) [On_Demand | Stopped] -- C:\Program Files\Rogers Online Protection\Rogers Online Protection\BitDefender\scan.dll -- (scan)
SRV - [2011/11/03 12:06:56 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/10/12 20:55:50 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/01/04 16:51:20 | 000,689,464 | ---- | M] (Radialpoint Inc.) [Auto | Running] -- C:\Program Files\Rogers Online Protection\Rogers Servicepoint Agent\ServicepointService.exe -- (ServicepointService)
SRV - [2010/09/24 13:48:54 | 000,296,808 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Nuance\dgnsvc.exe -- (DragonSvc)
SRV - [2010/06/07 15:10:06 | 000,166,944 | ---- | M] (Rogers) [Auto | Running] -- C:\Program Files\Rogers Online Protection\Rogers Online Protection\RpsSecurityAwareR.exe -- (Radialpoint Security Services)
SRV - [2010/06/07 15:09:06 | 000,382,208 | ---- | M] (Rogers) [Auto | Running] -- C:\Program Files\Rogers Online Protection\Rogers Online Protection\Fws.exe -- (RP_FWS)
SRV - [2010/06/07 12:46:12 | 000,120,048 | ---- | M] (Radialpoint SafeCare Inc.) [Auto | Running] -- C:\Program Files\Rogers Backup Manager\VaultClientUpgrade.exe -- (VaultClientUpgrade)
SRV - [2010/06/07 12:46:08 | 001,053,936 | ---- | M] (Radialpoint SafeCare Inc.) [Auto | Running] -- C:\Program Files\Rogers Backup Manager\VaultClientSRV.exe -- (VaultClientSRV)
SRV - [2009/11/02 16:26:48 | 005,832,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\Rogers Online Protection\Rogers Online Protection\AVG\Identity Protection\agent\Bin\AVGIDSAgent.exe -- (RadialpointIDSAgent)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/06/08 12:07:50 | 001,033,480 | ---- | M] (Raxco Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe -- (PDEngine)
SRV - [2009/06/08 12:07:48 | 000,931,080 | ---- | M] (Raxco Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe -- (PDAgent)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Disabled | Stop_Pending] -- -- (MBAMSwissArmy)
DRV - [2012/01/11 09:19:08 | 000,074,968 | ---- | M] (Sunbelt Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\sbapifs.sys -- (sbapifs)
DRV - [2012/01/10 14:16:32 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/11/07 13:46:31 | 000,053,192 | ---- | M] (Radialpoint Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rp_skt32.sys -- (RPSKT) Security Services Driver (x86)
DRV - [2011/11/03 12:06:56 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2011/11/03 12:06:56 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2011/10/12 20:44:19 | 000,111,744 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TrueSight.sys -- (TrueSight)
DRV - [2010/11/23 18:10:46 | 001,249,792 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2010/11/20 16:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 16:29:20 | 000,117,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST)
DRV - [2010/11/20 16:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2009/11/26 10:50:32 | 000,014,720 | ---- | M] (BitDefender S.R.L.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Rogers Online Protection\Rogers Online Protection\BitDefender\profos.sys -- (Profos)
DRV - [2009/11/02 16:27:02 | 000,030,216 | ---- | M] (AVG Technologies ) [Kernel | On_Demand | Running] -- C:\Program Files\Rogers Online Protection\Rogers Online Protection\AVG\Identity Protection\agent\drivers\AVGIDSfilter.sys -- (RadialpointIDSFilter)
DRV - [2009/11/02 16:27:02 | 000,025,608 | ---- | M] (AVG Technologies ) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\AVGIDSEH.sys -- (RadialpointIDSEH)
DRV - [2009/11/02 16:27:02 | 000,021,208 | ---- | M] (AVG Technologies ) [Kernel | On_Demand | Running] -- C:\Program Files\Rogers Online Protection\Rogers Online Protection\AVG\Identity Protection\agent\drivers\AVGIDSShim.sys -- (RadialpointIDSShim)
DRV - [2009/11/02 16:27:00 | 000,122,376 | ---- | M] (AVG Technologies ) [Kernel | On_Demand | Running] -- C:\Program Files\Rogers Online Protection\Rogers Online Protection\AVG\Identity Protection\agent\drivers\AVGIDSDriver.sys -- (RadialpointIDSDriver)
DRV - [2009/10/23 14:25:54 | 000,285,704 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | Boot | Running] -- C:\Windows\system32\drivers\bdfsfltr.sys -- (bdfsfltr)
DRV - [2009/08/06 06:43:52 | 000,273,960 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink ™
DRV - [2009/06/08 10:00:56 | 000,071,696 | ---- | M] (Raxco Software, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\DefragFs.sys -- (DefragFS)
DRV - [2009/03/30 03:09:28 | 000,239,336 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0103.sys -- (RsFx0103)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Enoch\Desktop\Sega-Cd
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.ixquick.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6711

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll File not found
FF - HKLM\Software\MozillaPlugins\@radialpoint.com/SPA,version=1: C:\Program Files\Rogers Online Protection\Rogers Servicepoint Agent\nprpspa.dll (Rogers)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/12/09 10:33:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/01/03 12:32:36 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2011/11/07 17:32:12 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Shareaza Web Download Hook) - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files\Shareaza\RazaWebHook32.dll (Shareaza Development Team)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll ()
O3 - HKLM\..\Toolbar: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll ()
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [DNS7reminder] C:\Program Files\Nuance\NaturallySpeaking11\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RogersServicepointAgent.exe] C:\Program Files\Rogers Online Protection\Rogers Servicepoint Agent\RogersServicepointAgent.exe (Rogers)
O4 - HKCU..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{387B1064-0BC3-4061-B949-66B554AA8DF3}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2003/08/27 03:47:12 | 000,000,000 | ---D | M] - D:\AutoRun -- [ CDFS ]
O32 - AutoRun File - [2003/08/27 03:47:12 | 000,000,059 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{1170ba2e-f07f-11e0-8367-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{1170ba2e-f07f-11e0-8367-806e6f6e6963}\Shell\AutoRun\command - "" = D:\rhnCD.exe
O33 - MountPoints2\{480a8f80-f9b4-11e0-8870-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{480a8f80-f9b4-11e0-8870-806e6f6e6963}\Shell\AutoRun\command - "" = D:\RunGame.exe -- [2003/08/27 03:47:08 | 000,147,456 | R--- | M] ()
O34 - HKLM BootExecute: (PDBoot.exe)
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/27 12:27:00 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Enoch\Desktop\OTL.exe
[2012/01/27 08:52:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/27 08:52:41 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/01/27 08:52:41 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/01/24 11:24:34 | 000,000,000 | ---D | C] -- C:\Users\Enoch\AppData\Local\assembly
[2012/01/19 18:24:20 | 000,000,000 | ---D | C] -- C:\MUSIC
[2012/01/14 08:16:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft XNA Game Studio 4.0
[2012/01/12 06:48:19 | 000,000,000 | ---D | C] -- C:\Program Files\powerpoint
[2012/01/11 19:53:21 | 000,000,000 | ---D | C] -- C:\Windows\System32\RsFx
[2012/01/11 19:50:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2008
[2012/01/11 19:47:56 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server
[2012/01/11 19:47:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Sync Framework
[2012/01/11 19:47:17 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2012/01/11 19:46:58 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2012/01/11 19:46:58 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2012/01/11 19:45:28 | 000,000,000 | ---D | C] -- C:\ProgramData\PreEmptive Solutions
[2012/01/11 19:44:26 | 000,000,000 | ---D | C] -- C:\Documents\Visual Studio 2010
[2012/01/11 19:43:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 3 SDK
[2012/01/11 19:40:26 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft ASP.NET
[2012/01/11 19:40:19 | 000,000,000 | ---D | C] -- C:\Program Files\IIS
[2012/01/11 19:39:10 | 000,000,000 | ---D | C] -- C:\Windows\System32\Visual Studio 2008Templates
[2012/01/11 19:39:10 | 000,000,000 | ---D | C] -- C:\Windows\System32\Visual Studio 2008
[2012/01/11 19:38:22 | 000,000,000 | ---D | C] -- C:\Windows\System32\Visual Studio 2010Templates
[2012/01/11 19:38:22 | 000,000,000 | ---D | C] -- C:\Windows\System32\Visual Studio 2010
[2012/01/11 19:28:18 | 000,000,000 | ---D | C] -- C:\Windows\System32\1033
[2012/01/11 19:27:17 | 000,000,000 | ---D | C] -- C:\Windows\symbols
[2012/01/11 19:26:46 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SDKs
[2012/01/11 19:26:46 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft F#
[2012/01/11 19:26:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Merge Modules
[2012/01/11 19:26:46 | 000,000,000 | ---D | C] -- C:\Program Files\HTML Help Workshop
[2012/01/11 19:26:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2010
[2012/01/11 19:26:45 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 10.0
[2012/01/11 19:26:45 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Help Viewer
[2012/01/11 18:51:20 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 9.0
[2012/01/11 09:19:24 | 000,074,968 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\sbapifs.sys
[2012/01/11 08:54:44 | 000,000,000 | ---D | C] -- C:\Content
[2012/01/11 08:54:14 | 000,000,000 | ---D | C] -- C:\Documents\SavedGames
[2012/01/11 08:50:56 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft XNA
[2012/01/11 08:18:52 | 000,000,000 | ---D | C] -- C:\Users\Enoch\AppData\Local\Sunbelt Software
[2012/01/11 08:18:35 | 000,000,000 | ---D | C] -- C:\ProgramData\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
[2012/01/10 18:23:16 | 000,101,720 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2012/01/10 18:21:23 | 000,000,000 | ---D | C] -- C:\Users\Enoch\AppData\Local\adaware
[2012/01/10 18:21:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
[2012/01/10 18:21:08 | 000,000,000 | ---D | C] -- C:\Program Files\Toolbar Cleaner
[2012/01/10 18:21:02 | 000,000,000 | ---D | C] -- C:\Program Files\adawaretb
[2012/01/10 18:20:54 | 000,064,512 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2012/01/10 18:20:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2012/01/10 18:20:46 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2012/01/10 18:20:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2012/01/10 14:14:29 | 000,000,000 | ---D | C] -- C:\Program Files\LSoft Technologies
[2012/01/10 14:14:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Active@ ISO Burner
[2012/01/10 14:05:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mathematics
[2012/01/10 14:05:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Mathematics
[2012/01/10 13:57:40 | 000,000,000 | ---D | C] -- C:\Users\Enoch\Downloads
[2012/01/10 13:56:33 | 000,000,000 | ---D | C] -- C:\Users\Enoch\AppData\Roaming\e-academy Inc
[2012/01/10 13:56:33 | 000,000,000 | ---D | C] -- C:\Users\Enoch\AppData\Local\e-academy Inc
[2012/01/10 09:11:36 | 000,000,000 | ---D | C] -- C:\Users\Enoch\Desktop\Sega-Cd
[2012/01/05 14:46:36 | 000,000,000 | ---D | C] -- C:\Users\Enoch\Desktop\MOOVEES
[2012/01/04 10:51:46 | 000,000,000 | ---D | C] -- C:\ProgramData\NaturalSoft Co. Ltd
[2012/01/04 10:51:11 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\NaturalSoft
[2012/01/03 13:00:45 | 000,000,000 | ---D | C] -- C:\Users\Enoch\AppData\Local\DDMSettings
[2011/12/29 12:56:17 | 000,000,000 | ---D | C] -- C:\Documents\Economist
[2011/02/11 20:40:40 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll

========== Files - Modified Within 30 Days ==========

[2012/01/27 12:27:03 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Enoch\Desktop\OTL.exe
[2012/01/27 11:46:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/27 11:46:02 | 2388,238,336 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/27 08:52:53 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/27 08:50:19 | 000,021,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/27 08:50:19 | 000,021,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/26 18:21:18 | 001,376,256 | ---- | M] () -- C:\Documents\rentals.accdb
[2012/01/26 16:06:23 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2012/01/26 16:06:23 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2012/01/25 14:29:55 | 000,724,892 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/01/25 14:29:55 | 000,144,910 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/01/19 13:46:50 | 002,555,904 | ---- | M] () -- C:\Documents\Lending library1.accdb
[2012/01/19 12:51:36 | 002,621,440 | ---- | M] () -- C:\Documents\Database2.accdb
[2012/01/19 12:39:39 | 000,548,864 | ---- | M] () -- C:\Documents\Contacts.accdb
[2012/01/19 12:27:12 | 001,277,952 | ---- | M] () -- C:\Documents\Projects1.accdb
[2012/01/17 10:26:19 | 001,400,832 | ---- | M] () -- C:\Documents\Lending library.accdb
[2012/01/17 10:20:27 | 000,899,646 | ---- | M] () -- C:\Documents\LendingLibrary.accdt
[2012/01/17 10:10:36 | 001,679,360 | ---- | M] () -- C:\Documents\Inventory.accdb
[2012/01/17 10:09:58 | 001,379,832 | ---- | M] () -- C:\Documents\Inventory.accdt
[2012/01/16 19:44:43 | 001,409,024 | ---- | M] () -- C:\Documents\Projects.accdb
[2012/01/15 06:22:57 | 000,458,528 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/01/11 09:19:08 | 000,074,968 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\sbapifs.sys
[2012/01/11 08:34:31 | 000,001,908 | ---- | M] () -- C:\Windows\diagwrn.xml
[2012/01/11 08:34:31 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml
[2012/01/10 18:23:16 | 000,101,720 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2012/01/10 18:23:16 | 000,016,432 | ---- | M] () -- C:\Windows\System32\lsdelete.exe
[2012/01/10 14:51:56 | 000,000,173 | ---- | M] () -- C:\Users\Enoch\AppData\Local\msmathematics.qat.Enoch
[2012/01/05 17:08:27 | 000,065,536 | ---- | M] () -- C:\Users\Enoch\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/05 12:07:36 | 000,089,624 | ---- | M] () -- C:\Documents\Document7787t9.rtf
[2012/01/03 16:15:23 | 000,042,776 | ---- | M] () -- C:\Documents\UNIT1-Teaching.rtf
[2011/12/31 17:45:26 | 000,000,136 | ---- | M] () -- C:\Documents\DUSTARU CHINDARVEE.lnk

========== Files Created - No Company Name ==========

[2012/01/27 08:52:53 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/19 12:52:14 | 001,376,256 | ---- | C] () -- C:\Documents\rentals.accdb
[2012/01/19 12:37:59 | 000,548,864 | ---- | C] () -- C:\Documents\Contacts.accdb
[2012/01/19 12:26:43 | 001,277,952 | ---- | C] () -- C:\Documents\Projects1.accdb
[2012/01/17 10:36:11 | 002,621,440 | ---- | C] () -- C:\Documents\Database2.accdb
[2012/01/17 10:20:27 | 000,899,646 | ---- | C] () -- C:\Documents\LendingLibrary.accdt
[2012/01/17 10:20:26 | 001,400,832 | ---- | C] () -- C:\Documents\Lending library.accdb
[2012/01/17 10:09:58 | 001,379,832 | ---- | C] () -- C:\Documents\Inventory.accdt
[2012/01/17 10:09:57 | 001,679,360 | ---- | C] () -- C:\Documents\Inventory.accdb
[2012/01/15 18:16:42 | 002,555,904 | ---- | C] () -- C:\Documents\Lending library1.accdb
[2012/01/15 18:15:49 | 001,409,024 | ---- | C] () -- C:\Documents\Projects.accdb
[2012/01/13 07:52:45 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012/01/11 09:14:01 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2012/01/11 09:14:01 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2012/01/11 08:34:12 | 000,001,908 | ---- | C] () -- C:\Windows\diagwrn.xml
[2012/01/11 08:34:12 | 000,001,908 | ---- | C] () -- C:\Windows\diagerr.xml
[2012/01/10 19:57:26 | 000,016,432 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2012/01/10 14:22:30 | 000,000,173 | ---- | C] () -- C:\Users\Enoch\AppData\Local\msmathematics.qat.Enoch
[2012/01/05 12:07:36 | 000,089,624 | ---- | C] () -- C:\Documents\Document7787t9.rtf
[2012/01/02 15:02:35 | 000,042,776 | ---- | C] () -- C:\Documents\UNIT1-Teaching.rtf
[2011/12/31 17:45:26 | 000,000,136 | ---- | C] () -- C:\Documents\DUSTARU CHINDARVEE.lnk
[2011/12/07 19:00:07 | 000,458,528 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/12/07 18:19:00 | 001,474,832 | ---- | C] () -- C:\Windows\System32\drivers\sfi.dat
[2011/11/28 10:22:11 | 000,065,536 | ---- | C] () -- C:\Users\Enoch\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/17 09:08:15 | 000,004,096 | -H-- | C] () -- C:\Users\Enoch\AppData\Local\keyfile3.drm
[2011/11/04 11:11:53 | 000,641,536 | ---- | C] () -- C:\Windows\System32\WeUninstall.exe
[2011/11/04 11:11:53 | 000,000,052 | ---- | C] () -- C:\Windows\System32\nwt.sys
[2011/10/18 13:28:40 | 000,000,535 | ---- | C] () -- C:\Windows\eReg.dat
[2011/10/12 20:42:17 | 000,111,744 | ---- | C] () -- C:\Windows\System32\drivers\TrueSight.sys
[2011/10/12 11:09:53 | 002,205,064 | ---- | C] () -- C:\ProgramData\shs_setup_4059-354328.exe
[2011/10/07 14:43:00 | 000,000,017 | ---- | C] () -- C:\Users\Enoch\AppData\Local\resmon.resmoncfg
[2011/10/07 11:17:43 | 000,000,653 | ---- | C] () -- C:\ProgramData\SHSupdates.xml
[2011/02/11 21:10:52 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2011/02/11 21:10:50 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2011/02/11 21:10:50 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2011/02/11 20:38:44 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2009/10/21 14:20:08 | 000,005,504 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen_x86.sys
[2009/07/13 23:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:05:48 | 000,724,892 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 21:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 21:05:48 | 000,144,910 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 21:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 21:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 21:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 18:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/07/13 17:09:19 | 000,139,824 | ---- | C] () -- C:\Windows\System32\igfcg500.bin
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2011/12/07 16:42:04 | 000,000,000 | ---D | M] -- C:\Users\Enoch\AppData\Roaming\CheckPoint
[2012/01/10 13:56:33 | 000,000,000 | ---D | M] -- C:\Users\Enoch\AppData\Roaming\e-academy Inc
[2011/12/07 16:54:36 | 000,000,000 | ---D | M] -- C:\Users\Enoch\AppData\Roaming\MailFrontier
[2011/12/09 18:32:38 | 000,000,000 | ---D | M] -- C:\Users\Enoch\AppData\Roaming\MusicNet
[2011/10/30 17:05:40 | 000,000,000 | ---D | M] -- C:\Users\Enoch\AppData\Roaming\Nuance
[2011/12/02 17:32:28 | 000,000,000 | ---D | M] -- C:\Users\Enoch\AppData\Roaming\Oberon Media
[2011/10/23 13:46:11 | 000,000,000 | ---D | M] -- C:\Users\Enoch\AppData\Roaming\OpenOffice.org
[2011/11/07 14:23:59 | 000,000,000 | ---D | M] -- C:\Users\Enoch\AppData\Roaming\Rogers Online Protection
[2011/12/15 10:26:34 | 000,000,000 | ---D | M] -- C:\Users\Enoch\AppData\Roaming\Shareaza
[2011/12/07 18:00:01 | 000,000,000 | ---D | M] -- C:\Users\Enoch\AppData\Roaming\TestApp
[2011/10/30 15:23:47 | 000,000,000 | ---D | M] -- C:\Users\Enoch\AppData\Roaming\Texthelp Systems
[2011/12/20 10:53:53 | 000,000,000 | ---D | M] -- C:\Users\Enoch\AppData\Roaming\WinAVI
[2011/12/18 07:59:35 | 000,032,610 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 16 bytes -> C:\Documents\The Learning Company:Shareaza.GUID
@Alternate Data Stream - 16 bytes -> C:\Documents\SimCity 4:Shareaza.GUID
@Alternate Data Stream - 16 bytes -> C:\Documents\Shareaza Downloads:Shareaza.GUID
@Alternate Data Stream - 16 bytes -> C:\Documents\SCHOOL:Shareaza.GUID
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:B95DA41A
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:0FF263E8

< End of report >
  • 0

Advertisements

#2
jess7695
Posted 27 January 2012 - 11:54 AM

jess7695

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
oh i forgot to mention malware software did not detect any malware
  • 0

#3
CompCav
Posted 27 January 2012 - 04:02 PM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Hi, jess7695! Posted ImageMy nick name is CompCav and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any questions or you are unsure about anything, just ask and I will help you out. :)

If you have resolved the issues you were originally experiencing, or have received help elsewhere, please let me know so that this topic can be closed.

I am currently still in training and my posts have to be approved by an expert so please expect a delay between my posts.

Please make sure you are saving and printing the instructions out prior to each fix, this way you will have them on hand just in case you are unable to access this site. One of the steps I will be asking you to do requires you to boot into Safe Mode and this process will be much easier for you to perform if the instructions are printed out for you to follow.

If you are ready to get started, please review and follow these guidelines so that we resolve your issues in a timely and effective manner:
  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post.
  • Please make sure to carefully read any instructions that I give you. Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. These instructions are not suitable for any other computer, even if the issues are fairly similar.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. However, the one thing that you should always do, is to make sure your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Just do a Copy/Paste of the entire contents of the log file inside your post and submit.
  • You must reply within four days failure to reply will result in the topic being closed!
  • Please do not PM me directly for help. If you have any questions, post them in this topic. PM me only if I have not responded to your last post in 2 days.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to ultimately reformat your hard drive and reinstall the operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Please have the software and storage media for backing up your data available.


You mentioned using Lavasoft's program but I noticed you have Roger's Online Protection and AVG as well. You should only run one resident antivirus at a time. Please uninstall all but one resident antivirus program before performing the next steps.



Step 1.

Download aswMBR.exe ( 1.8mB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image


On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image


Step 2.

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under Extra Registry select Use SafeList
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    consrv.dll
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s
    C:\Windows\assembly\tmp\U\*.* /s
    %Temp%\smtmp\1\*.*
    %Temp%\smtmp\2\*.*
    %Temp%\smtmp\3\*.*
    %Temp%\smtmp\4\*.*
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs


Step 3.

Please Post:

aswMBR log
OTL.txt
Extras.txt


How is your computer doing?
  • 0

#4
jess7695
Posted 28 January 2012 - 01:58 PM

jess7695

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Helo, thanks for the reply, I did remove a few folders which seemed odd to me and then when I wnet to empty recycle bin it said deleting 330 items, but ithere were only 7 in there when I looked, anywas after I deleted that my comptuer has been working normally, I still have those smae attacks though on shareaza
I have tried avast before, and it didnt do anything,every since I got mbam I actually fel protected, so i have mbam spybot search & destroy and rogers online protection- (but I have disabled all of the antivirus and spyware protection on it.)
btw spybot show 193472 procceses blacklisted, is that normal???

DO you think my problem is gone ? or just hiding?

should I continue or just leave it?
thanks for your time

Edited by jess7695, 28 January 2012 - 01:59 PM.

  • 0

#5
CompCav
Posted 28 January 2012 - 04:04 PM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
My services are to remove malware and improve the performance of your machine. But ultimately it is you that needs to be satisfied. Infection will always be a risk when you use something like shareaza

P2P Warning!:

IMPORTANT You have shareaza P2P (Person to Person) File Sharing Programs on your computer.

As long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur.

Once upon a time, P2P file sharing was fairly safe. This is no longer true. P2P programs form a direct conduit inside your computer, their security measures are easily circumvented, and malware writers are increasingly exploiting them to spread their wares on to your computer. If your P2P program is not configured correctly, your computer may also be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

If you need convincing, please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
infoworld

It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall shareaza, however that choice is up to you. If you choose to remove this program, you can do so via Start > Control Panel > Add/Remove Programs.

If you wish to keep them, please do not use either of them until your computer is cleaned.
  • 0

#6
Essexboy
Posted 01 February 2012 - 01:54 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP