Jump to content

Ozmo

Honorary Members
 View Profile  See their activity

  • Posts

    47

  • Joined

  • Last visited

Reputation

0 Neutral
  1. Ozmo
    I am not going to have time to do this today and I will be out of town for a week or so. I'll get back to working on my computer when I return. I just want to say thank you for all the help you have given me so far. You have been great to work with. Thanks!
  2. Ozmo
    I ran the OTL fix you suggested. Here is the log. ========== OTL ========== HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully! HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully! HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully! OTL by OldTimer - Version 3.2.11.0 log created on 09012010_150430 I do have Ad-Aware and it has been acting up so maybe I'll just uninstall it. I don't have it running all the time though. I just use it for scans but I've never found anything in a scan with it anyways. Also I had to disable Symantec because you are right it just uses too much of my computers resources. I have tried Avira and while it was better it still slowed my machine way down. I don't really think there is much I can do besides getting a new computer that has more power.
  3. Ozmo
    I guess what it comes down to is my computer is super old (going on 9 years) and maybe this is it. Obviously it doesn't work as well as it used to but I've had some serious malware in the past and was able to deal with it. Maybe I just need to buy a new computer. I certainly am not going to pay for more RAM or anything else. I did clear out a few things so I have a little more HD space but that was never an issue for me before. Here are the OTL logs you requested. All processes killed ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 78991 bytes User: All Users User: Andrew Nitchals ->Temp folder emptied: 68229 bytes ->Temporary Internet Files folder emptied: 991548 bytes ->Java cache emptied: 74452498 bytes ->FireFox cache emptied: 92020661 bytes ->Google Chrome cache emptied: 249151973 bytes ->Flash cache emptied: 434683 bytes User: Application Data User: Default User ->Temp folder emptied: 7282467 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 41044 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32902 bytes ->FireFox cache emptied: 16096932 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Owner ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 19528 bytes %systemroot%\System32 .tmp files removed: 3613713 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 32768 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 133061 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 424.00 mb OTL by OldTimer - Version 3.2.11.0 log created on 08302010_230008 Files\Folders moved on Reboot... Registry entries deleted on Reboot... OTL logfile created on: 8/30/2010 11:15:04 PM - Run 5 OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\Andrew Nitchals\Desktop Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 255.00 Mb Total Physical Memory | 2.00 Mb Available Physical Memory | 1.00% Memory free 626.00 Mb Paging File | 105.00 Mb Available in Paging File | 17.00% Paging File free Paging file location(s): C:\pagefile.sys 384 768 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 74.50 Gb Total Space | 10.08 Gb Free Space | 13.53% Space Free | Partition Type: NTFS Drive D: | 7.07 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ANDREW Current User Name: Andrew Nitchals Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2010/08/30 22:56:13 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Andrew Nitchals\Desktop\OTL.exe PRC - [2009/10/07 13:41:53 | 000,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\DNA\btdna.exe PRC - [2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2002/04/26 12:53:36 | 000,012,288 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe PRC - [2002/04/10 16:44:04 | 000,679,936 | ---- | M] (Roxio) -- C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe PRC - [2002/04/03 18:06:18 | 000,282,624 | ---- | M] () -- C:\Program Files\Dell\Support\Alert\bin\DAMon.exe PRC - [2001/08/07 17:06:54 | 000,024,633 | ---- | M] (Microsoft
  4. Ozmo
    I did an Ad Aware scan and ran Hijackthis again as well. Here are those logs if you want to see them. Logfile created: 8/29/2010 17:4:0 Lavasoft Ad-Aware version: 8.0.9 Extended engine version: 8.1 User performing scan: Andrew Nitchals *********************** Definitions database information *********************** Lavasoft definition file: 149.382 Extended engine definition file: 8.1 ******************************** Scan results: ********************************* Scan profile name: Full Scan (ID: full) Objects scanned: 163954 Objects detected: 0 Type Detected ========================== Processes.......: 0 Registry entries: 0 Hostfile entries: 0 Files...........: 0 Folders.........: 0 LSPs............: 0 Cookies.........: 0 Browser hijacks.: 0 MRU objects.....: 0 Scan and cleaning complete: Finished correctly after 5967 seconds *********************************** Settings *********************************** Scan profile: ID: full, enabled:1, value: Full Scan ID: scancriticalareas, enabled:1, value: true ID: scanrunningapps, enabled:1, value: true ID: scanregistry, enabled:1, value: true ID: scanlsp, enabled:1, value: true ID: scanads, enabled:1, value: true ID: scanhostsfile, enabled:1, value: true ID: scanmru, enabled:1, value: true ID: scanbrowserhijacks, enabled:1, value: true ID: scantrackingcookies, enabled:1, value: true ID: closebrowsers, enabled:1, value: false ID: folderstoscan, enabled:1, value: C:\ ID: usespywareheuristics, enabled:1, value: true ID: extendedengine, enabled:0, value: true ID: useheuristics, enabled:0, value: true ID: heuristicslevel, enabled:0, value: mild, domain: medium,mild,strict ID: filescanningoptions, enabled:1 ID: scanrootkits, enabled:1, value: true ID: archives, enabled:1, value: true ID: onlyexecutables, enabled:1, value: false ID: skiplargerthan, enabled:1, value: 20480 Scan global: ID: global, enabled:1 ID: addtocontextmenu, enabled:1, value: true ID: playsoundoninfection, enabled:1, value: false ID: soundfile, enabled:0, value: *to be filled in automatically*\alert.wav Scheduled scan settings: <Empty> Update settings: ID: updates, enabled:1 ID: launchthreatworksafterscan, enabled:1, value: normal, domain: normal,off,silently ID: softwareupdates, enabled:1, value: dontcheck, domain: dontcheck,downloadandinstall ID: licenseandinfo, enabled:1, value: dontcheck, domain: dontcheck,downloadandinstall ID: schedules, enabled:1, value: true ID: updatedaily, enabled:1, value: Daily ID: time, enabled:1, value: Wed Apr 01 17:41:00 2009 ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly ID: weekdays, enabled:1 ID: monday, enabled:1, value: false ID: tuesday, enabled:1, value: false ID: wednesday, enabled:1, value: false ID: thursday, enabled:1, value: false ID: friday, enabled:1, value: false ID: saturday, enabled:1, value: false ID: sunday, enabled:1, value: false ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31 ID: scanprofile, enabled:1, value: ID: auto_deal_with_infections, enabled:1, value: false ID: updateweekly, enabled:1, value: Weekly ID: time, enabled:1, value: Wed Apr 01 17:41:00 2009 ID: frequency, enabled:1, value: weekly, domain: daily,monthly,once,systemstart,weekly ID: weekdays, enabled:1 ID: monday, enabled:1, value: true ID: tuesday, enabled:1, value: false ID: wednesday, enabled:1, value: true ID: thursday, enabled:1, value: false ID: friday, enabled:1, value: false ID: saturday, enabled:1, value: false ID: sunday, enabled:1, value: false ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31 ID: scanprofile, enabled:1, value: ID: auto_deal_with_infections, enabled:1, value: false Appearance settings: ID: appearance, enabled:1 ID: skin, enabled:1, value: default.egl, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Resource ID: showtrayicon, enabled:1, value: true ID: language, enabled:1, value: en, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Language Realtime protection settings: ID: realtime, enabled:1 ID: processprotection, enabled:1, value: false ID: registryprotection, enabled:0, value: false ID: networkprotection, enabled:0, value: false ID: usespywareheuristics, enabled:0, value: false ID: extendedengine, enabled:0, value: false ID: useheuristics, enabled:0, value: false ID: heuristicslevel, enabled:0, value: mild, domain: medium,mild,strict ID: infomessages, enabled:1, value: onlyimportant, domain: display,dontnotify,onlyimportant ****************************** System information ****************************** Computer name: ANDREW Processor name: Intel® Pentium® 4 CPU 2.00GHz Processor identifier: x86 Family 15 Model 2 Stepping 4 Raw info: processorarchitecture 0, processortype 586, processorlevel 15, processor revision 516, number of processors 1 Physical memory available: 175194112 bytes Physical memory total: 267173888 bytes Virtual memory available: 1932009472 bytes Virtual memory total: 2147352576 bytes Memory load: 34% Microsoft Windows XP Home Edition Service Pack 2 (build 2600) Windows startup mode: Running processes: PID: 324 name: \SystemRoot\System32\smss.exe owner: SYSTEM domain: NT AUTHORITY PID: 380 name: \??\C:\WINDOWS\system32\csrss.exe owner: SYSTEM domain: NT AUTHORITY PID: 404 name: \??\C:\WINDOWS\system32\winlogon.exe owner: SYSTEM domain: NT AUTHORITY PID: 448 name: C:\WINDOWS\system32\services.exe owner: SYSTEM domain: NT AUTHORITY PID: 460 name: C:\WINDOWS\system32\lsass.exe owner: SYSTEM domain: NT AUTHORITY PID: 604 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT AUTHORITY PID: 660 name: C:\WINDOWS\system32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY PID: 696 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY PID: 756 name: C:\WINDOWS\System32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY PID: 848 name: C:\WINDOWS\system32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY PID: 1024 name: C:\WINDOWS\Explorer.EXE owner: Andrew Nitchals domain: ANDREW PID: 1040 name: C:\WINDOWS\system32\spoolsv.exe owner: SYSTEM domain: NT AUTHORITY PID: 1280 name: C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe owner: Andrew Nitchals domain: ANDREW PID: 1288 name: C:\Program Files\Dell\Support\Alert\bin\DAMon.exe owner: Andrew Nitchals domain: ANDREW PID: 1328 name: C:\Program Files\Winamp\Winampa.exe owner: Andrew Nitchals domain: ANDREW PID: 1384 name: C:\Program Files\DNA\btdna.exe owner: Andrew Nitchals domain: ANDREW PID: 1404 name: C:\WINDOWS\system32\ctfmon.exe owner: Andrew Nitchals domain: ANDREW PID: 1468 name: C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe owner: Andrew Nitchals domain: ANDREW PID: 1560 name: C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe owner: Andrew Nitchals domain: ANDREW PID: 1684 name: C:\Program Files\Java\jre6\bin\jqs.exe owner: SYSTEM domain: NT AUTHORITY PID: 1712 name: C:\WINDOWS\System32\nvsvc32.exe owner: SYSTEM domain: NT AUTHORITY PID: 464 name: C:\WINDOWS\system32\wscntfy.exe owner: Andrew Nitchals domain: ANDREW PID: 860 name: C:\WINDOWS\System32\alg.exe owner: LOCAL SERVICE domain: NT AUTHORITY PID: 1344 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY PID: 916 name: C:\WINDOWS\system32\wuauclt.exe owner: Andrew Nitchals domain: ANDREW PID: 308 name: C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe owner: Andrew Nitchals domain: ANDREW PID: 1964 name: C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe owner: SYSTEM domain: NT AUTHORITY PID: 1592 name: C:\WINDOWS\System32\wbem\unsecapp.exe owner: SYSTEM domain: NT AUTHORITY PID: 1780 name: C:\WINDOWS\System32\wbem\wmiprvse.exe owner: SYSTEM domain: NT AUTHORITY PID: 1224 name: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe owner: Andrew Nitchals domain: ANDREW Startup items: Name: PostBootReminder imagepath: {7849596a-48ea-486e-8937-a2a3009f31a9} Name: CDBurn imagepath: {fbeb8a05-beee-4442-804e-409d6c4515e9} Name: WebCheck imagepath: {E6FB5E20-DE35-11CF-9C87-00AA005127ED} Name: SysTray imagepath: {35CEC8A3-2BE6-11D2-8773-92E220524153} Name: WPDShServiceObj imagepath: {AAA288BA-9A4C-45B0-95D7-94D524869DB5} Name: {438755C2-A8BA-11D1-B96B-00A0C90312E1} imagepath: Browseui preloader Name: {8C7461EF-2B13-11d2-BE35-3078302C2030} imagepath: Component Categories cache daemon Name: NvCplDaemon imagepath: RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup Name: AdaptecDirectCD imagepath: "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" Name: MySpaceIM imagepath: C:\Program Files\MySpace\IM\MySpaceIM.exe Name: imagepath: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DESKTOP.INI Name: location: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk imagepath: C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe Bootexecute items: Name: imagepath: autocheck autochk * Name: imagepath: lsdelete Running services: Name: ALG displayname: Application Layer Gateway Service Name: AudioSrv displayname: Windows Audio Name: BITS displayname: Background Intelligent Transfer Service Name: Browser displayname: Computer Browser Name: CryptSvc displayname: CryptSvc Name: DcomLaunch displayname: DCOM Server Process Launcher Name: Dhcp displayname: DHCP Client Name: Dnscache displayname: DNS Client Name: ERSvc displayname: Error Reporting Service Name: Eventlog displayname: Event Log Name: EventSystem displayname: COM+ Event System Name: FastUserSwitchingCompatibility displayname: Fast User Switching Compatibility Name: helpsvc displayname: Help and Support Name: HTTPFilter displayname: HTTP SSL Name: JavaQuickStarterService displayname: Java Quick Starter Name: lanmanserver displayname: Server Name: lanmanworkstation displayname: Workstation Name: Lavasoft Ad-Aware Service displayname: Lavasoft Ad-Aware Service Name: LmHosts displayname: TCP/IP NetBIOS Helper Name: Netman displayname: Network Connections Name: Nla displayname: Network Location Awareness (NLA) Name: NVSvc displayname: NVIDIA Display Driver Service Name: PlugPlay displayname: Plug and Play Name: PolicyAgent displayname: IPSEC Services Name: ProtectedStorage displayname: Protected Storage Name: RasMan displayname: Remote Access Connection Manager Name: RpcSs displayname: Remote Procedure Call (RPC) Name: SamSs displayname: Security Accounts Manager Name: Schedule displayname: Task Scheduler Name: seclogon displayname: Secondary Logon Name: SENS displayname: System Event Notification Name: SharedAccess displayname: Windows Firewall/Internet Connection Sharing (ICS) Name: ShellHWDetection displayname: Shell Hardware Detection Name: Spooler displayname: Print Spooler Name: srservice displayname: System Restore Service Name: SSDPSRV displayname: SSDP Discovery Service Name: TapiSrv displayname: Telephony Name: TermService displayname: Terminal Services Name: Themes displayname: Themes Name: TrkWks displayname: Distributed Link Tracking Client Name: w32time displayname: Windows Time Name: WebClient displayname: WebClient Name: winmgmt displayname: Windows Management Instrumentation Name: wscsvc displayname: Security Center Name: wuauserv displayname: Automatic Updates Name: WZCSVC displayname: Wireless Zero Configuration Logfile of HijackThis v1.99.1 Scan saved at 7:02:59 PM, on 8/29/2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\Program Files\Dell\Support\Alert\bin\DAMon.exe C:\Program Files\Winamp\Winampa.exe C:\Program Files\DNA\btdna.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe" O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe" O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Andrew Nitchals\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ? O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_21.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_21.dll O9 - Extra button: UltimateBet - {10F055B8-F443-4adf-948A-EC551E9DBCE4} - C:\Documents and Settings\Andrew Nitchals\Start Menu\Programs\UltimateBet\UltimateBet.lnk O9 - Extra 'Tools' menuitem: UltimateBet - {10F055B8-F443-4adf-948A-EC551E9DBCE4} - C:\Documents and Settings\Andrew Nitchals\Start Menu\Programs\UltimateBet\UltimateBet.lnk O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe O9 - Extra button: Royal Vegas Poker - {FA4904B4-1FAF-4afd-886C-C19D2297BA62} - C:\Program Files\royalvegasMPP\MPPoker.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/games/clients/y/jt0_x.cab O16 - DPF: Yahoo! Cribbage - http://download.games.yahoo.com/games/clients/y/it1_x.cab O16 - DPF: Yahoo! Graffiti - http://download.games.yahoo.com/games/clients/y/grt5_x.cab O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt1_x.cab O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v43/yacscom.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200212...meInstaller.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1204071334749 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1204071319530 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} - http://fdl.msn.com/public/chat/msnchat42.cab O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/...ymmapi_0727.dll O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.com/download.yahoo.com/...bio4_0_2_10.cab O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing) O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
  5. Ozmo
    I got the newest version of Java and the old versions are deleted. I had no problems with this step. I also deleted all the programs we used over the past few days. I then shut off my computer overnight and when I turned it back on the initial problem is still there. When I look at the Task Manager the commit charge in the lower left corner is way too high. It is at around 390,000k when normally it would be about 140,000k. My monitor also froze and I had to unplug it to turn it off. I don't know if the monitor is causing the problems or if that is just a symptom. After restarting my computer several times it finally goes back to normal and I can use it. I still do not think this is related to malware in any way but just to be sure I ran mbam. It found nothing. Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4503 Windows 5.1.2600 Service Pack 2 Internet Explorer 7.0.5730.13 8/29/2010 4:14:55 PM mbam-log-2010-08-29 (16-14-55).txt Scan type: Full scan (A:\|C:\|D:\|E:\|) Objects scanned: 271165 Time elapsed: 1 hour(s), 21 minute(s), 44 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  6. Ozmo
    In your post about installing the newest version of Java you say to remove the old versions first. Can I install the new version first and then remove the old ones? In case the new version doesnt work for me I don't want to be stuck with nothing.
  7. Ozmo
    After restarting my computer I can now connect to the internet I am not convinced that my original problem is fixed but I will need to shut my computer off and on several times to be sure. I also wonder about the missing processes in Task Manager. I went from running 29 to 27 after ComboFix. Maybe those were uneeded processes though. Besides updating Java what else should I do?
  8. Ozmo
    After doing these 2 steps I still can't connect to the internet. Do I need to restart my computer for it to work? Here is the reset.txt log. reset SYSTEM\CurrentControlSet\Services\Dhcp\Parameters\Options\15\RegLocation old REG_MULTI_SZ = SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\?\DhcpDomain SYSTEM\CurrentControlSet\Services\TcpIp\Parameters\DhcpDomain reset SYSTEM\CurrentControlSet\Services\Netbt\Parameters\Interfaces\Tcpip_{32EFC94E-14CC-4E3C-890B-DFD5A96D777C}\NameServerList old REG_MULTI_SZ = <empty> added SYSTEM\CurrentControlSet\Services\Netbt\Parameters\Interfaces\Tcpip_{32EFC94E-14CC-4E3C-890B-DFD5A96D777C}\NetbiosOptions added SYSTEM\CurrentControlSet\Services\Netbt\Parameters\Interfaces\Tcpip_{3B5673A8-184A-4D69-9334-B7BDFB5016D1}\NetbiosOptions reset SYSTEM\CurrentControlSet\Services\Netbt\Parameters\Interfaces\Tcpip_{BB299CB8-E6F0-45A7-823E-209746A793FE}\NameServerList old REG_MULTI_SZ = <empty> added SYSTEM\CurrentControlSet\Services\Netbt\Parameters\Interfaces\Tcpip_{BB299CB8-E6F0-45A7-823E-209746A793FE}\NetbiosOptions added SYSTEM\CurrentControlSet\Services\Netbt\Parameters\Interfaces\Tcpip_{CE113FC6-4E4E-4F95-94D2-72EE614D15B7}\NetbiosOptions deleted SYSTEM\CurrentControlSet\Services\Netbt\Parameters\EnableLmhosts deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{32EFC94E-14CC-4E3C-890B-DFD5A96D777C}\NameServer added SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{56B9BA30-FCCE-499E-9F33-15F3726A98DE}\DisableDynamicUpdate deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{56B9BA30-FCCE-499E-9F33-15F3726A98DE}\IpAutoconfigurationAddress deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{56B9BA30-FCCE-499E-9F33-15F3726A98DE}\IpAutoconfigurationMask deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{56B9BA30-FCCE-499E-9F33-15F3726A98DE}\IpAutoconfigurationSeed reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{56B9BA30-FCCE-499E-9F33-15F3726A98DE}\RawIpAllowedProtocols old REG_MULTI_SZ = 0 reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{56B9BA30-FCCE-499E-9F33-15F3726A98DE}\TcpAllowedPorts old REG_MULTI_SZ = 0 reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{56B9BA30-FCCE-499E-9F33-15F3726A98DE}\UdpAllowedPorts old REG_MULTI_SZ = 0 deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{BB299CB8-E6F0-45A7-823E-209746A793FE}\NameServer deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DontAddDefaultGatewayDefault added SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\SearchList deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\TcpMaxDataRetransmissions deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\UseDomainNameDevolution reset Linkage\UpperBind for PCI\VEN_10EC&DEV_8139&SUBSYS_000113E0&REV_10\4&2AF9ED5&0&10F0. bad value was: REG_MULTI_SZ = Ndisrd reset Linkage\UpperBind for ROOT\MS_NDISWANIP\0000. bad value was: REG_MULTI_SZ = Ndisrd <completed>
  9. Ozmo
    Internet Protocol (TCP/IP) was already checked. When I highlighted it and clicked install I get the message click the item you wish to install. I can choose from Client, Service and Protocol. Do I select Protocol again? I tried selecting protocol and the hit the add button and I get 3 more options to choose from.
  10. Ozmo
    Sorry I forgot to do the repair thing. I did just try it and got this message "Failed to query TCP/IP settings of the connection. Cannot proceed." It still says connected though. I am on a router with 2 other machines. The other 2 computers are having no issues at all. For some reason I was unable to search my old posts on here but you are right that I did not have this issue with ComboFix before. I know I had a similar thing happen in the past with another type of scan though and it was a pretty easy fix but I just don't remember what it was. I think I was probably posting on a different forum at that time.
  11. Ozmo
    Restarting my computer did not work. I am on a LAN and when I look at the icon for it, it says connected so I guess I am connected to the LAN but none of my browsers will display any websites. I had to use ComboFix about a year ago and I think the same thing happened but I don't remember what we did to solve the issue. I think the proxy settings or something were changed but I'm not sure on that. I'll try to find my old posts on here to see if I am having the same issue as last time but any suggestions from you would be great.
  12. Ozmo
    After running ComboFix I can no longer connect to the internet. I also noticed in the Task Manager that my computer is running 27 processes. For the past year or 2 it has always been 29 processes. Maybe they were unneeded but I had no problems before. My computer is very old and the last time I tried to update Java I got messages about not having enough power to run the newer Java but I will try to download the newest version if I can get back connected to the internet.
  13. Ozmo
    I also do not feel that my problem is malware related. After running ComboFix I have another problem though. My computer can no longer connect to the internet. I did notice that ComboFix deleted a few files as well so I'm not sure if that's related or not. Here is the ComboFix log. ComboFix 10-08-25.01 - Andrew Nitchals 08/26/2010 13:21:11.3.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.255.129 [GMT -5:00] Running from: c:\documents and settings\Andrew Nitchals\Desktop\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Andrew Nitchals\Local Settings\Application Data\{A2C79653-2E59-4B8C-9E78-79EC9A16F35F} c:\documents and settings\Andrew Nitchals\Local Settings\Application Data\{A2C79653-2E59-4B8C-9E78-79EC9A16F35F}\chrome.manifest c:\documents and settings\Andrew Nitchals\Local Settings\Application Data\{A2C79653-2E59-4B8C-9E78-79EC9A16F35F}\chrome\content\_cfg.js c:\documents and settings\Andrew Nitchals\Local Settings\Application Data\{A2C79653-2E59-4B8C-9E78-79EC9A16F35F}\chrome\content\c.js c:\documents and settings\Andrew Nitchals\Local Settings\Application Data\{A2C79653-2E59-4B8C-9E78-79EC9A16F35F}\chrome\content\overlay.xul c:\documents and settings\Andrew Nitchals\Local Settings\Application Data\{A2C79653-2E59-4B8C-9E78-79EC9A16F35F}\install.rdf c:\windows\BackUp c:\windows\Downloaded Program Files\dlhelper.dll c:\windows\system32\O.BAT c:\windows\YAHELITE.INI c:\windows\system32\proquota.exe was missing Restored copy from - c:\windows\ServicePackFiles\i386\proquota.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_NDISRD ((((((((((((((((((((((((( Files Created from 2010-07-26 to 2010-08-26 ))))))))))))))))))))))))))))))) . 2010-08-26 18:39 . 2004-08-04 07:56 50176 ----a-w- c:\windows\system32\proquota.exe 2010-08-26 18:39 . 2004-08-04 07:56 50176 ----a-w- c:\windows\system32\dllcache\proquota.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-08-26 18:42 . 2008-10-19 08:40 -------- d-----w- c:\program files\DNA 2010-08-26 18:42 . 2008-10-19 08:39 -------- d-----w- c:\documents and settings\Andrew Nitchals\Application Data\DNA 2010-08-26 18:15 . 2004-02-17 00:09 -------- d-----w- c:\program files\Soulseek 2010-08-23 20:37 . 2004-04-23 21:21 -------- d-----w- c:\program files\UltimateBet 2010-08-23 20:32 . 2007-07-16 23:43 -------- d-----w- c:\documents and settings\Andrew Nitchals\Application Data\BitTorrent 2010-08-20 22:13 . 2006-11-16 00:55 -------- d-----w- c:\program files\Full Tilt Poker 2010-07-28 20:36 . 2010-07-28 20:36 27630760 ----a-w- c:\documents and settings\All Users\Application Data\Yahoo!\YUPDATER\msgup1000_1270_us_u1.exe 2010-07-28 20:32 . 2006-12-15 21:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! 2010-07-17 05:56 . 2005-09-06 23:54 -------- d-----w- c:\program files\PokerStars 2010-06-15 00:23 . 2010-07-28 20:32 607472 ----a-w- c:\documents and settings\All Users\Application Data\Yahoo!\YUPDATER\yupdater.exe 2005-10-27 01:26 . 2004-02-12 01:18 80384 --sha-w- c:\program files\Thumbs.db . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MoneyAgent"="c:\program files\Microsoft Money\System\Money Express.exe" [2001-07-25 184376] "Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704] "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-10-07 323392] "Google Update"="c:\documents and settings\Andrew Nitchals\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-10-01 133104] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-10-06 5058560] "AdaptecDirectCD"="c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-04-10 679936] "Dell|Alert"="c:\program files\Dell\Support\Alert\bin\DAMon.exe" [2002-04-03 282624] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-06-29 286720] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-08 149280] "nwiz"="nwiz.exe" [2003-10-06 741376] "Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-03-03 524632] "WinampAgent"="c:\program files\Winamp\Winampa.exe" [2002-04-26 12288] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-02-01 8699904] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Microsoft Works Calendar Reminders.lnk - c:\program files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [2001-8-7 24633] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Soulseek\\slsk.exe"= "c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"= "c:\\Program Files\\DNA\\btdna.exe"= R0 Lbd;Lbd;c:\windows\SYSTEM32\DRIVERS\Lbd.sys [4/1/2009 5:41 PM 64160] S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 2:06 PM 1029456] . Contents of the 'Scheduled Tasks' folder 2010-08-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1858025970-4264649163-3499916212-1006Core.job - c:\documents and settings\Andrew Nitchals\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-01 03:02] 2010-08-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1858025970-4264649163-3499916212-1006UA.job - c:\documents and settings\Andrew Nitchals\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-01 03:02] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/ uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com IE: {{10F055B8-F443-4adf-948A-EC551E9DBCE4} - c:\documents and settings\Andrew Nitchals\Start Menu\Programs\UltimateBet\UltimateBet.lnk IE: {{FA4904B4-1FAF-4afd-886C-C19D2297BA62} - c:\program files\royalvegasMPP\MPPoker.exe Trusted Zone: aol.com\free DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\Andrew Nitchals\Application Data\Mozilla\Firefox\Profiles\z9s4hcbv.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll . - - - - ORPHANS REMOVED - - - - BHO-{70b34e72-1561-414e-9598-9885d25e0397} - (no file) HKCU-Run-Microsoft Works Update Detection - c:\program files\Microsoft Works\WkDetect.exe AddRemove-HijackThis - c:\documents and settings\Andrew Nitchals\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-08-26 13:42 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Dell|Alert = c:\program files\Dell\Support\Alert\bin\DAMon.exe?p?o?r?t?\?A?l?e?r?t?\?b?i?n?\?D?A?M?o?n?.?e?x?e???????????x:??p???x???P???X???????????P???P????(?w'(?w????????????(???{??????w????????????0????$?w7(?w?o?wS??w???w????????????X*@?????????X????????%@?e????? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-1858025970-4264649163-3499916212-1006\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) [HKEY_USERS\S-1-5-21-1858025970-4264649163-3499916212-1006\Software\Policies\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (S-1-5-21-1858025970-4264649163-3499916212-1006) @Allowed: (Read) (S-1-5-21-1858025970-4264649163-3499916212-1006) @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(2968) c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Java\jre6\bin\jqs.exe c:\windows\System32\nvsvc32.exe c:\windows\system32\wscntfy.exe c:\program files\Yahoo!\Messenger\ymsgr_tray.exe . ************************************************************************** . Completion time: 2010-08-26 13:52:17 - machine was rebooted ComboFix-quarantined-files.txt 2010-08-26 18:52 ComboFix2.txt 2009-04-06 22:41 Pre-Run: 2,812,588,032 bytes free Post-Run: 3,426,963,456 bytes free - - End Of File - - 858ACA1A51EEACE222230FB2015F4AF4
  14. Ozmo
    Here is the RKUnhooker log. RkU Version: 3.8.388.590, Type LE (SR2) ============================================== OS Name: Windows XP Version 5.1.2600 (Service Pack 2) Number of processors #1 ============================================== >Drivers ============================================== 0xBF9D5000 C:\WINDOWS\System32\nv4_disp.dll 4247552 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 52.16 ) 0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2180352 bytes (Microsoft Corporation, NT Kernel & System) 0x804D7000 PnpManager 2180352 bytes 0x804D7000 RAW 2180352 bytes 0x804D7000 WMIxWDM 2180352 bytes 0xBF800000 C:\WINDOWS\System32\win32k.sys 1847296 bytes (Microsoft Corporation, Multi-User Win32 Driver) 0xF8673000 C:\WINDOWS\System32\DRIVERS\nv4_mini.sys 1466368 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 52.16 ) 0xF90F4000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver) 0xF85A4000 C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys 552960 bytes (Conexant Systems, WinACHSF driver) 0xF4066000 C:\WINDOWS\System32\DRIVERS\v124nt.sys 491520 bytes (Conexant Systems, V124NT driver) 0xF62FA000 C:\WINDOWS\System32\DRIVERS\mrxsmb.sys 454656 bytes (Microsoft Corporation, Windows NT SMB Minirdr) 0xF84C2000 C:\WINDOWS\system32\drivers\smwdm.sys 442368 bytes (Analog Devices, Inc., SoundMAX Integrated Digital Audio ) 0xF41DB000 C:\WINDOWS\System32\DRIVERS\k56nt.sys 393216 bytes (Conexant Systems, K56NT driver) 0xF83E8000 C:\WINDOWS\System32\DRIVERS\update.sys 364544 bytes (Microsoft Corporation, Update Driver) 0xF64A6000 C:\WINDOWS\System32\DRIVERS\tcpip.sys 360448 bytes (Microsoft Corporation, TCP/IP Protocol Driver) 0xF4161000 C:\WINDOWS\System32\DRIVERS\srv.sys 335872 bytes (Microsoft Corporation, Server driver) 0xF4258000 C:\WINDOWS\System32\DRIVERS\fallback.sys 290816 bytes (Conexant Systems, Fallback driver) 0xF3DA5000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack) 0xF6568000 C:\WINDOWS\System32\Drivers\cdudf_xp.SYS 237568 bytes (Roxio, CD-UDF NT Filesystem Driver) 0xF6523000 C:\WINDOWS\System32\Drivers\UdfReadr_xp.SYS 208896 bytes (Roxio, CD-UDF NT Filesystem Reader Driver) 0xF4108000 C:\WINDOWS\System32\DRIVERS\faxnt.sys 200704 bytes (Conexant Systems, FaxNT driver) 0xF9212000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT) 0xF90C7000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver) 0xF42C7000 C:\WINDOWS\System32\DRIVERS\mrxdav.sys 180224 bytes (Microsoft Corporation, Windows NT WebDav Minirdr) 0xF6391000 C:\WINDOWS\System32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver) 0xF647E000 C:\WINDOWS\System32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver) 0xF857E000 C:\WINDOWS\System32\DRIVERS\AmosNt.SYS 155648 bytes (Conexant Systems, AmosNT driver) 0xF849E000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices)) 0xF8547000 C:\WINDOWS\System32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library) 0xF863C000 C:\WINDOWS\System32\DRIVERS\USBPORT.SYS 143360 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver) 0xF645C000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock) 0xF62D9000 C:\WINDOWS\System32\DRIVERS\ipnat.sys 135168 bytes (Microsoft Corporation, IP Network Address Translator) 0x806EC000 C:\WINDOWS\system32\hal.dll 131968 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL) 0xF91AA000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager) 0xF91E2000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver) 0xF423B000 C:\WINDOWS\System32\DRIVERS\fsksnt.sys 118784 bytes (Conexant Systems, FSKsNT driver) 0xF90AC000 Mup.sys 110592 bytes (Microsoft Corporation, Multiple UNC Provider driver) 0xF852E000 C:\WINDOWS\System32\Drivers\pwd_2k.SYS 102400 bytes (Roxio, Win2000 Framework for Packet Write Driver) 0xF91CA000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver) 0xF62C1000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes 0xF40DE000 C:\WINDOWS\system32\drivers\tmcomm.sys 98304 bytes (Trend Micro Inc., TrendMicro Common Module) 0xF9181000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface) 0xF8487000 C:\WINDOWS\System32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption)) 0xF4693000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper) 0xF856A000 C:\WINDOWS\System32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver) 0xF865F000 C:\WINDOWS\System32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver) 0xF64FE000 C:\WINDOWS\System32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver) 0xBF9C3000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver) 0xF40F6000 C:\WINDOWS\System32\DRIVERS\spkpnt.sys 73728 bytes (Conexant Systems, SpkpNT driver) 0xF9198000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver) 0xF862B000 C:\WINDOWS\System32\DRIVERS\basic2.sys 69632 bytes (Conexant Systems, NTRksample driver) 0xF9201000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator) 0xF8476000 C:\WINDOWS\System32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler) 0xF93F1000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver) 0xF8839000 C:\WINDOWS\System32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver) 0xF87E9000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter) 0xF92B1000 Lbd.sys 61440 bytes (Lavasoft AB, Boot Driver) 0xF8809000 C:\WINDOWS\System32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver) 0xF8849000 C:\WINDOWS\System32\DRIVERS\rksample.sys 61440 bytes (Conexant Systems, Rksample WDM driver) 0xF51E8000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter) 0xF9361000 C:\WINDOWS\System32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB) 0xF8819000 C:\WINDOWS\System32\DRIVERS\cdrom.sys 53248 bytes (Microsoft Corporation, SCSI CD-ROM Driver) 0xF92A1000 C:\WINDOWS\System32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll) 0xF8829000 C:\WINDOWS\System32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver) 0xF87D9000 C:\WINDOWS\System32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver) 0xF43A3000 C:\WINDOWS\System32\DRIVERS\tonesnt.sys 53248 bytes (Conexant Systems, TonesNT driver) 0xF9281000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver) 0xF9311000 C:\WINDOWS\System32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol) 0xF92D1000 agp440.sys 45056 bytes (Microsoft Corporation, 440 NT AGP Filter) 0xF87F9000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver) 0xF9271000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager) 0xF9301000 C:\WINDOWS\System32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver) 0xF8859000 C:\WINDOWS\System32\DRIVERS\SOAR.SYS 45056 bytes (Conexant Systems, Soar driver) 0xF9351000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy) 0xF9341000 C:\WINDOWS\System32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver) 0xF9291000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver) 0xF93C1000 C:\WINDOWS\System32\Drivers\Fips.SYS 36864 bytes (Microsoft Corporation, FIPS Crypto Driver) 0xF8869000 C:\WINDOWS\System32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver) 0xF9261000 isapnp.sys 36864 bytes (Microsoft Corporation, PNP ISA Bus Driver) 0xF9321000 C:\WINDOWS\System32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier) 0xF9331000 C:\WINDOWS\system32\DRIVERS\ndisrd.sys 36864 bytes (NT Kernel Resources, NDISRD helper driver) 0xF9391000 C:\WINDOWS\System32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver) 0xF3CBD000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver) 0xF92C1000 PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP) 0xF93D1000 C:\WINDOWS\System32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver) 0xF95B9000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver) 0xF9629000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver) 0xF95C9000 C:\WINDOWS\System32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver) 0xF95E1000 C:\WINDOWS\System32\Drivers\MxlW2k.SYS 28672 bytes (MusicMatch, Inc., MusicMatch Access Layer KMD) 0xF94E1000 C:\WINDOWS\System32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension) 0xF95B1000 C:\WINDOWS\System32\DRIVERS\usbehci.sys 28672 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver) 0xF95D1000 C:\WINDOWS\System32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver) 0xF9601000 C:\WINDOWS\System32\Drivers\mmc_2K.SYS 24576 bytes (Roxio, CD-R/RW AddOn MMC Driver (W2K)) 0xF95D9000 C:\WINDOWS\System32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver) 0xF95C1000 C:\WINDOWS\System32\DRIVERS\RTL8139.SYS 24576 bytes (Realtek Semiconductor Corporation , GVC-REALTEK Ethernet 10/100 PCI Adapter) 0xF9619000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver) 0xF9609000 C:\WINDOWS\System32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver) 0xF9621000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver) 0xF94E9000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager) 0xF95F1000 C:\WINDOWS\System32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library) 0xF95F9000 C:\WINDOWS\System32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver) 0xF95E9000 C:\WINDOWS\System32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper) 0xF95A9000 C:\WINDOWS\System32\DRIVERS\usbuhci.sys 20480 bytes (Microsoft Corporation, UHCI USB Miniport Driver) 0xF9639000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver) 0xF9070000 C:\WINDOWS\system32\drivers\MODEMCSA.sys 16384 bytes (Microsoft Corporation, Unimodem CSA Filter) 0xF9749000 C:\WINDOWS\System32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver) 0xF513C000 C:\WINDOWS\System32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver) 0xF9729000 C:\WINDOWS\System32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator) 0xF9671000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver) 0xF773C000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver) 0xF972D000 C:\WINDOWS\System32\DRIVERS\IPFilter.sys 12288 bytes (Microsoft Corporation, Microsoft IntelliPoint) 0xF9739000 C:\WINDOWS\System32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver) 0xF9701000 C:\WINDOWS\System32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver) 0xF9793000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver) 0xF979B000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes 0xF9791000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver) 0xF978F000 C:\WINDOWS\System32\Drivers\i2omgmt.SYS 8192 bytes (Microsoft Corporation, I2O Utility Filter) 0xF9761000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL) 0xF9795000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator) 0xF9803000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver) 0xF9797000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport) 0xF9787000 C:\WINDOWS\System32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator) 0xF978D000 C:\WINDOWS\System32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver) 0xF9763000 C:\WINDOWS\System32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll) 0xF9964000 C:\WINDOWS\System32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver) 0xF9904000 C:\WINDOWS\System32\Drivers\Cdr4_xp.SYS 4096 bytes (Sonic Solutions, CDR4 CD and DVD Place Holder Driver (see PxHelp)) 0xF9905000 C:\WINDOWS\System32\Drivers\Cdralw2k.SYS 4096 bytes (Sonic Solutions, CDRAL Place Holder Driver (see PxHelp)) 0xF9969000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk) 0xF9906000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver) 0xF9829000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver) 0xF9963000 C:\WINDOWS\system32\drivers\SENSUPGD.SYS 4096 bytes (Sensaura Ltd, Sensaura Upgrade) ============================================== >Stealth ==============================================
  15. Ozmo
    Shutting down and restarting seems to have eliminated the problems I was having yesterday. I was just worried if I did shut down that it wouldn't be able to restart. At this point I can use my computer like normal (although the original problem still seems to be there.) I can try the GMER scan again if you would like now that I know I can get my computer back working again if it messes up. Here are the OTL logs. OTL logfile created on: 8/24/2010 2:25:27 PM - Run 4 OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\Andrew Nitchals\Desktop Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 255.00 Mb Total Physical Memory | 99.00 Mb Available Physical Memory | 39.00% Memory free 833.00 Mb Paging File | 617.00 Mb Available in Paging File | 74.00% Paging File free Paging file location(s): C:\pagefile.sys 384 768 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 74.50 Gb Total Space | 2.50 Gb Free Space | 3.36% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded Drive F: | 232.83 Gb Total Space | 0.64 Gb Free Space | 0.28% Space Free | Partition Type: FAT32 Drive G: | 465.65 Gb Total Space | 7.35 Gb Free Space | 1.58% Space Free | Partition Type: FAT32 H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ANDREW Current User Name: Andrew Nitchals Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2010/08/23 22:30:51 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Andrew Nitchals\Desktop\OTL.exe PRC - [2009/10/07 13:41:53 | 000,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\DNA\btdna.exe PRC - [2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2002/04/26 12:53:36 | 000,012,288 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe PRC - [2002/04/10 16:44:04 | 000,679,936 | ---- | M] (Roxio) -- C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe PRC - [2002/04/03 18:06:18 | 000,282,624 | ---- | M] () -- C:\Program Files\Dell\Support\Alert\bin\DAMon.exe PRC - [2001/08/07 17:06:54 | 000,024,633 | ---- | M] (Microsoft
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.