Jump to content

Recommended Posts

Hi, I have a Toshiba Satellite laptop running WIndows XP. I have noticed that it is getting slower and slower; boot up takes almost 15 minutes, opening IE takes almost 5 minutes to get a page and freezes if left on a page too long, programs take forever to open...etc. I have both Norton Antivirus and Malwarebytes and run them constantly. Everytime I come up clean.

I ran the instructions from the post "I'm infected..." and attached the results. If anyone can assist me I would greatly appreciate it.

Thanks in advance for your help!

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Database version: 7665

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

9/6/2011 8:59:54 PM

mbam-log-2011-09-06 (20-59-53).txt

Scan type: Full scan (C:\|)

Objects scanned: 274922

Time elapsed: 1 hour(s), 51 minute(s), 38 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

attach.zip

Link to post
Share on other sites

Hello and :welcome:

It looks like you might have a rootkit infection.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

Link to post
Share on other sites

Hi again,

COMBOFIX

---------------

Please download ComboFix from one of these locations:


Bleepingcomputer
ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Query_RC.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

Link to post
Share on other sites

Hi Elise! I hope you have a nice weekend. This is the Combofix log. I can't make heads or tails of it. Thank you!

ComboFix 11-09-09.03 - Phill 09/09/2011 7:02.3.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.142 [GMT -4:00]

Running from: c:\documents and settings\Phill\Desktop\ComboFix.exe

AV: Symantec AntiVirus Corporate Edition *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory

c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\ehshell.exe.a87fcbb.ini

c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\MCInstaller.exe.17e5e154.ini

c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\MCInstaller.exe.269f8317.ini

c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\MCInstaller.exe.86175743.ini

c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\MCInstaller.exe.935cd69c.ini

c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\MCInstaller.exe.a947503a.ini

c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\MCInstaller.exe.c6ac0d4f.ini

c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\MCInstaller.exe.cb6c347c.ini

c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini

c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\RegAsm.exe.ca35bcc8.ini

c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\SL12.tmp.a36f932a.ini

c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\SL15.tmp.6f34b02d.ini

c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\SL47.tmp.399291ec.ini

c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\SLBE.tmp.6a051d6c.ini

c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\SLDA.tmp.86ac63e6.ini

c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\SLE0.tmp.9c9a95f4.ini

c:\documents and settings\Administrator\WINDOWS

c:\documents and settings\Default User\WINDOWS

c:\documents and settings\Phill\Desktop\Setup.exe

c:\documents and settings\Phill\Local Settings\Application Data\ApplicationHistory

c:\documents and settings\Phill\Local Settings\Application Data\ApplicationHistory\ehshell.exe.a87fcbb.ini

c:\documents and settings\Phill\Local Settings\Application Data\ApplicationHistory\ID3-TagIT.exe.9b127d35.ini

c:\documents and settings\Phill\Local Settings\Application Data\ApplicationHistory\MCInstaller.exe.17e5e154.ini

c:\documents and settings\Phill\Local Settings\Application Data\ApplicationHistory\MCInstaller.exe.269f8317.ini

c:\documents and settings\Phill\Local Settings\Application Data\ApplicationHistory\MCInstaller.exe.86175743.ini

c:\documents and settings\Phill\Local Settings\Application Data\ApplicationHistory\MCInstaller.exe.935cd69c.ini

c:\documents and settings\Phill\Local Settings\Application Data\ApplicationHistory\MCInstaller.exe.a947503a.ini

c:\documents and settings\Phill\Local Settings\Application Data\ApplicationHistory\MCInstaller.exe.c6ac0d4f.ini

c:\documents and settings\Phill\Local Settings\Application Data\ApplicationHistory\MCInstaller.exe.cb6c347c.ini

c:\documents and settings\Phill\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini

c:\documents and settings\Phill\Local Settings\Application Data\ApplicationHistory\ngen.exe.89f695a3.ini

c:\documents and settings\Phill\Local Settings\Application Data\ApplicationHistory\RegAsm.exe.ca35bcc8.ini

c:\documents and settings\Phill\Local Settings\Application Data\ApplicationHistory\SL12.tmp.a36f932a.ini

c:\documents and settings\Phill\Local Settings\Application Data\ApplicationHistory\SL15.tmp.6f34b02d.ini

c:\documents and settings\Phill\Local Settings\Application Data\ApplicationHistory\SL1C.tmp.bfa18bf5.ini

c:\documents and settings\Phill\Local Settings\Application Data\ApplicationHistory\SL47.tmp.399291ec.ini

c:\documents and settings\Phill\Local Settings\Application Data\ApplicationHistory\SLBE.tmp.6a051d6c.ini

c:\documents and settings\Phill\Local Settings\Application Data\ApplicationHistory\SLDA.tmp.86ac63e6.ini

c:\documents and settings\Phill\Local Settings\Application Data\ApplicationHistory\SLE0.tmp.9c9a95f4.ini

c:\documents and settings\Phill\My Documents\1375.wmv

c:\documents and settings\Phill\My Documents\2011.jpg

c:\documents and settings\Phill\My Documents\26.jpg

c:\documents and settings\Phill\My Documents\456.jpg

c:\documents and settings\Phill\My Documents\5675.jpg

c:\documents and settings\Phill\My Documents\75.jpg

c:\documents and settings\Phill\WINDOWS

c:\program files\Shared

c:\program files\Shared\shared.sig

c:\windows\system32\comct332.ocx

c:\windows\system32\config\systemprofile\WINDOWS

.

.

((((((((((((((((((((((((( Files Created from 2011-08-09 to 2011-09-09 )))))))))))))))))))))))))))))))

.

.

2011-09-03 10:17 . 2011-09-03 10:17 599040 -c----w- c:\windows\system32\dllcache\crypt32.dll

2011-08-26 17:32 . 2011-08-26 17:32 -------- d-----w- c:\documents and settings\Phill\Application Data\ElevatedDiagnostics

2011-08-13 01:24 . 2011-06-24 14:10 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys

2011-08-13 01:24 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-09-03 10:17 . 2006-02-15 14:02 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-08-13 15:14 . 2011-05-22 04:08 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-07-15 13:29 . 2006-02-15 14:03 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-07-08 14:02 . 2006-02-15 14:03 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys

2011-07-06 23:52 . 2009-10-16 19:51 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-06 23:52 . 2009-10-16 19:51 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-06-24 14:10 . 2006-02-15 15:34 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2011-06-23 18:36 . 2006-02-15 14:04 916480 ----a-w- c:\windows\system32\wininet.dll

2011-06-23 18:36 . 2006-02-15 14:02 43520 ------w- c:\windows\system32\licmgr10.dll

2011-06-23 18:36 . 2006-02-15 14:02 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-06-23 12:05 . 2006-02-15 14:02 385024 ------w- c:\windows\system32\html.iec

2011-06-20 17:44 . 2006-02-15 14:04 293376 ----a-w- c:\windows\system32\winsrv.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-12-16 82009]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 761945]

"Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2005-11-30 73728]

"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-27 122880]

"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-03-07 53408]

"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-03-17 124656]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-19 202256]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]

"RoxioDragToDisc"="c:\program files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe" [2005-11-22 1687552]

"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe" [2005-11-22 163840]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-14 421160]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2010-09-21 04:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2011-04-14 15:32 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]

2005-11-22 01:47 1687552 ----a-w- c:\program files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]

2005-11-22 13:34 163840 ----a-w- c:\program files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

2010-03-19 19:38 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"YahooAUService"=2 (0x2)

"RoxWatch"=2 (0x2)

"RoxUPnPRenderer"=3 (0x3)

"RoxLiveShare"=2 (0x2)

"iPod Service"=3 (0x3)

"Bonjour Service"=2 (0x2)

"Apple Mobile Device"=2 (0x2)

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=

"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=

"c:\\Program Files\\uTorrent\\utorrent.exe"=

"c:\\Program Files\\Roxio\\Easy Media Creator 8\\Audio Master\\MusicDiscCreator.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\SightSpeed\\SightSpeed.exe"=

"c:\\Program Files\\Roxio\\Easy Media Creator 8\\Creator Classic\\Creator8.exe"=

"c:\\Program Files\\Common Files\\Roxio Shared\\SharedCom\\RoxUpnpRenderer.exe"=

"c:\\Program Files\\Roxio\\Easy Media Creator 8\\Digital Home\\RoxUpnpServer.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R3 SavRoam;SavRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2006-03-17 115952]

R3 V0250Dev;Live! Cam Notebook Pro;c:\windows\system32\DRIVERS\V0250Dev.sys [2006-04-05 163840]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-07-29 105592]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]

2009-03-08 09:32 128512 ----a-w- c:\windows\system32\advpack.dll

.

Contents of the 'Scheduled Tasks' folder

.

2011-09-09 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3666311666-1665443491-2880438058-1005.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

.

2011-09-09 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3666311666-1665443491-2880438058-1005.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

.

2006-08-14 c:\windows\Tasks\Registration reminder 1.job

- c:\windows\system32\OOBE\oobebaln.exe [2006-02-15 00:12]

.

2006-08-14 c:\windows\Tasks\Registration reminder 2.job

- c:\windows\system32\OOBE\oobebaln.exe [2006-02-15 00:12]

.

2006-08-14 c:\windows\Tasks\Registration reminder 3.job

- c:\windows\system32\OOBE\oobebaln.exe [2006-02-15 00:12]

.

2011-09-09 c:\windows\Tasks\User_Feed_Synchronization-{38EEBFD6-F86D-4EB1-906B-DE4C937497E0}.job

- c:\windows\system32\msfeedssync.exe [2007-08-13 09:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.yahoo.com/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Connection Wizard,ShellNext = hxxp://www.toshibadirect.com/dpdstart

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

TCP: DhcpNameServer = 192.168.10.1

FF - ProfilePath - c:\documents and settings\Phill\Application Data\Mozilla\Firefox\Profiles\cjxfzrv6.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox 3.1 Beta 2\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\program files\real\realplayer\browserrecord\firefox\ext

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-09-09 07:55

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600

.

device: opened successfully

user: MBR read successfully

kernel: MBR read successfully

user != kernel MBR !!!

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(1056)

c:\program files\SUPERAntiSpyware\SASWINLO.DLL

c:\windows\system32\WININET.dll

.

Completion time: 2011-09-09 08:21:38

ComboFix-quarantined-files.txt 2011-09-09 12:20

ComboFix2.txt 2010-09-16 10:16

.

Pre-Run: 3,120,312,320 bytes free

Post-Run: 4,370,759,680 bytes free

.

- - End Of File - - 12B685340A096659A4A8177104AFF8F3

Link to post
Share on other sites

No need for a HJT log, however, I'd like to do an additional rootkit scan. Because normal tools don't see anything, lets do an offline dump to be sure.

Try this please. You will need a USB drive.

Download GETxPUD.exe to the desktop of your clean computer

  • Run GETxPUD.exe
  • A new folder will appear on the desktop.
  • Open the GETxPUD folder and click on the get&burn.bat
  • The program will download xpud_0.9.2.iso, and upon finished will open BurnCDCC ready to burn the image.
  • Click on Start and follow the prompts to burn the image to a CD.
  • Remove the USB & CD and insert it in the sick computer
  • Boot the Sick computer with the CD you just burned
  • The computer must be set to boot from the CD
  • Gently tap F12 and choose to boot from the CD
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?)
  • Press Tool at the top
  • Choose Open Terminal
  • Type the following and press enter:
    dd if=/dev/sda of=mbr.bin bs=512 count=1
  • Press Enter
  • After it has finished a file will be located on your USB drive named mbr.bin
  • Remove the USB drive and insert it back in your working computer and navigate to mbr.bin, zip it up and attach it to your next reply.

This will allow me to have a look at the MasterBootRecord of your drive and see if it is infected.

Link to post
Share on other sites

Hi Elise hope you had a good weekend :D! I am attaching the MBR now. One small things, since I have been following your instructions I noticed my speakers are messed up. They basically stutter and not just when I play a file (music/video). When I restart the laptop the even the Windows sound is stuttering. Is this related or just coincidental?

mbr.zip

Link to post
Share on other sites

Hi, that looks clean. Stuttering speakers can be caused by extreme slowness (look in Task Manager to see how much CPU is used at the time). However it can also be an isolated problem.

OTL

-----

Please download OTL from one of the following mirrors:

[*]Save it to your desktop.

[*]Double click on the otlicon.png icon on your desktop.

[*]Click the "Scan All Users" checkbox.

[*]Push the runscan.png button.

[*]Two reports will open, copy and paste them in a reply here:

  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized

Link to post
Share on other sites

Hi again! This is the OTL.txt

OTL logfile created on: 9/14/2011 12:41:37 AM - Run 1

OTL by OldTimer - Version 3.2.28.0 Folder = C:\Documents and Settings\Phill\Desktop

Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

501.93 Mb Total Physical Memory | 90.89 Mb Available Physical Memory | 18.11% Memory free

1.24 Gb Paging File | 0.91 Gb Available in Paging File | 73.07% Paging File free

Paging file location(s): C:\pagefile.sys 800 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 111.54 Gb Total Space | 3.68 Gb Free Space | 3.30% Space Free | Partition Type: NTFS

Computer Name: STEWIE | User Name: Phill | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/14 00:41:02 | 000,581,632 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Phill\Desktop\OTL.exe

PRC - [2010/03/19 15:38:02 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe

PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2007/01/01 17:22:02 | 003,739,648 | ---- | M] (Google) -- C:\Program Files\Google\Google Talk\googletalk.exe

PRC - [2006/03/17 09:34:30 | 000,124,656 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe

PRC - [2006/03/17 09:34:20 | 001,799,408 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe

PRC - [2006/03/17 09:34:12 | 000,030,448 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe

PRC - [2006/03/07 16:03:02 | 000,169,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

PRC - [2006/03/07 16:02:34 | 000,192,160 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

PRC - [2006/03/07 16:02:14 | 000,053,408 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe

PRC - [2006/02/06 15:50:24 | 001,160,848 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

PRC - [2005/12/20 15:22:14 | 000,035,328 | ---- | M] (TOSHIBA Corp.) -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

PRC - [2005/12/16 04:21:00 | 000,151,552 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\Toshiba.exe

PRC - [2005/11/30 16:25:22 | 000,073,728 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Tvs\TvsTray.exe

PRC - [2005/11/28 14:41:50 | 000,602,182 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe

PRC - [2005/11/22 09:28:38 | 000,864,256 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe

PRC - [2005/04/26 20:13:20 | 000,122,880 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

PRC - [2004/08/13 14:26:46 | 000,803,976 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton GoBack\GBTray.exe

PRC - [2004/08/13 14:26:46 | 000,763,016 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton GoBack\GBPoll.exe

========== Modules (No Company Name) ==========

MOD - [2011/02/04 18:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll

MOD - [2010/02/05 14:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll

MOD - [2008/04/13 20:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll

MOD - [2008/04/13 20:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll

MOD - [2005/11/28 14:59:16 | 000,876,544 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\Libeay32.dll

MOD - [2005/11/28 14:59:16 | 000,208,965 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll

MOD - [2005/11/28 14:59:16 | 000,053,322 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\IntStngs.dll

MOD - [2005/11/22 09:15:12 | 004,448,256 | R--- | M] () -- C:\Program Files\Common Files\Roxio Shared\DLLShared\ROXIPP4.dll

MOD - [2004/07/20 21:04:02 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\TosBtHcrpAPI.dll

========== Win32 Services (SafeList) ==========

SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)

SRV - [2006/03/17 09:34:24 | 000,115,952 | ---- | M] (symantec) [On_Demand | Stopped] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)

SRV - [2006/03/17 09:34:20 | 001,799,408 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)

SRV - [2006/03/17 09:34:12 | 000,030,448 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)

SRV - [2006/03/07 16:03:02 | 000,169,632 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)

SRV - [2006/03/07 16:02:34 | 000,192,160 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)

SRV - [2006/02/23 14:41:02 | 002,045,632 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate)

SRV - [2006/02/06 15:50:24 | 001,160,848 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)

SRV - [2006/01/24 23:06:58 | 000,214,720 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)

SRV - [2005/12/20 15:22:14 | 000,035,328 | ---- | M] (TOSHIBA Corp.) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe -- (TAPPSRV)

SRV - [2005/11/22 09:29:52 | 000,233,472 | ---- | M] (Sonic Solutions) [Disabled | Stopped] -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe -- (RoxLiveShare)

SRV - [2005/11/22 09:28:38 | 000,864,256 | ---- | M] (Sonic Solutions) [On_Demand | Running] -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe -- (RoxMediaDB)

SRV - [2005/11/22 09:26:14 | 000,155,648 | ---- | M] (Sonic Solutions) [Disabled | Stopped] -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe -- (RoxWatch)

SRV - [2005/11/21 22:47:56 | 000,045,056 | ---- | M] (Sonic Solutions) [Disabled | Stopped] -- C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe -- (RoxUPnPRenderer)

SRV - [2005/11/21 22:47:10 | 000,409,600 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe -- (RoxUpnpServer)

SRV - [2005/07/12 21:14:42 | 000,040,960 | ---- | M] () [Disabled | Stopped] -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)

SRV - [2004/08/28 04:33:00 | 000,110,592 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) [Disabled | Stopped] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service)

SRV - [2004/08/13 14:26:46 | 000,763,016 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton GoBack\GBPoll.exe -- (GBPoll)

========== Driver Services (SafeList) ==========

DRV - [2011/08/18 04:00:00 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110909.002\navex15.sys -- (NAVEX15)

DRV - [2011/08/18 04:00:00 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110909.002\naveng.sys -- (NAVENG)

DRV - [2011/07/29 04:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)

DRV - [2011/07/29 04:00:00 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)

DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)

DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)

DRV - [2006/04/05 05:46:30 | 000,163,840 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\V0250Dev.sys -- (V0250Dev)

DRV - [2006/02/06 15:50:22 | 000,389,776 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)

DRV - [2006/01/31 16:29:20 | 000,107,696 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)

DRV - [2006/01/24 23:06:36 | 000,195,776 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)

DRV - [2006/01/24 23:06:32 | 000,024,768 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)

DRV - [2005/12/19 23:41:58 | 000,054,968 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)

DRV - [2005/12/19 23:41:56 | 000,337,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)

DRV - [2005/12/09 20:48:40 | 004,123,136 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2005/12/04 13:55:30 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel®

DRV - [2005/11/30 15:01:02 | 000,043,392 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Tvs.sys -- (Tvs)

DRV - [2005/11/30 14:12:00 | 000,162,560 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)

DRV - [2005/11/28 15:09:26 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)

DRV - [2005/11/22 00:49:40 | 000,050,176 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\RxFilter.sys -- (RxFilter)

DRV - [2005/11/15 13:00:22 | 001,122,656 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)

DRV - [2005/10/22 07:05:00 | 000,311,680 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\Cdudf_xp.sys -- (cdudf_xp)

DRV - [2005/10/22 07:05:00 | 000,119,168 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\Pwd_2k.sys -- (pwd_2k)

DRV - [2005/10/22 07:05:00 | 000,027,264 | ---- | M] (Sonic Solutions) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\dvd_2k.sys -- (dvd_2K)

DRV - [2005/10/22 07:05:00 | 000,027,136 | ---- | M] (Sonic Solutions) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\mmc_2k.sys -- (mmc_2K)

DRV - [2005/10/20 18:03:42 | 000,006,144 | ---- | M] (Toshiba Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NBSMI.sys -- (TVALD)

DRV - [2005/09/09 18:47:10 | 000,009,344 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfec.sys -- (tosrfec)

DRV - [2005/08/24 19:20:28 | 000,009,472 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tbiosdrv.sys -- (tbiosdrv)

DRV - [2005/06/02 07:33:00 | 000,102,384 | ---- | M] (Matsushita Electric Industrial Co.,Ltd.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\meiudf.sys -- (meiudf)

DRV - [2005/01/12 04:05:46 | 000,204,160 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\KR10N.sys -- (KR10N)

DRV - [2004/08/13 14:26:46 | 000,170,718 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\GoBack2k.sys -- (GoBack2K)

DRV - [2004/08/13 14:26:46 | 000,016,132 | R--- | M] (Symantec Corporation) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\GBFSHook.sys -- (GBFSHook)

DRV - [2004/08/13 14:26:46 | 000,004,093 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\GBDevice.sys -- (GBDevice)

DRV - [2003/09/19 05:47:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)

DRV - [2003/01/10 16:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"

FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"

FF - prefs.js..browser.search.param.yahoo-type: "${8}"

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"

FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0

FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.732: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.732: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.732: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/03/19 15:39:28 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox 3.1 Beta 2\components [2010/12/21 15:24:38 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox 3.1 Beta 2\plugins [2011/06/01 03:22:53 | 000,000,000 | ---D | M]

[2008/12/17 20:06:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Phill\Application Data\Mozilla\Extensions

[2011/06/01 02:56:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Phill\Application Data\Mozilla\Firefox\Profiles\cjxfzrv6.default\extensions

[2011/06/01 02:56:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Phill\Application Data\Mozilla\Firefox\Profiles\cjxfzrv6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/10/27 20:31:49 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Phill\Application Data\Mozilla\Firefox\Profiles\cjxfzrv6.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

[2010/03/19 15:39:28 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT

O1 HOSTS File: ([2011/09/09 07:54:42 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

O3: - HKCU\..\Toolbar\WebBrowser - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

O3: - HKCU\..\Toolbar\WebBrowser - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.

O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)

O4 - HKLM..\Run: [intelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)

O4 - HKLM..\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)

O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

O4 - HKLM..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)

O4 - HKCU..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Norton GoBack.lnk = C:\Program Files\Norton GoBack\GBTray.exe (Symantec Corporation)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O15 - HKCU\..Trusted Domains: internet ([]about in Internet)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab (Java Plug-in 1.5.0_04)

O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab (Java Plug-in 1.5.0_04)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.10.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5BFBD495-6F37-46AB-AC44-956752EC37A6}: DhcpNameServer = 192.168.10.1

O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)

O20 - Winlogon\Notify\NavLogon: DllName - (C:\WINDOWS\system32\NavLogon.dll) - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)

O24 - Desktop WallPaper: C:\Documents and Settings\Phill\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Phill\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/02/15 11:38:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/14 00:41:00 | 000,581,632 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Phill\Desktop\OTL.exe

[2011/09/09 06:51:37 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2011/09/09 06:51:37 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2011/09/09 06:51:36 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2011/09/09 06:51:36 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2011/09/09 06:51:01 | 000,000,000 | ---D | C] -- C:\ComboFix

[2011/09/09 06:50:54 | 000,000,000 | ---D | C] -- C:\Qoobox

[2011/09/09 06:45:27 | 004,201,032 | R--- | C] (Swearware) -- C:\Documents and Settings\Phill\Desktop\ComboFix.exe

[2011/09/08 13:10:32 | 001,402,672 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Phill\Desktop\TDSSKiller.exe

[2011/09/07 05:49:13 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Phill\Start Menu\Programs\Administrative Tools

[2011/09/06 19:06:05 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Phill\Desktop\dds.scr

[2011/09/06 19:05:52 | 000,607,017 | ---- | C] (Swearware) -- C:\Documents and Settings\Phill\Desktop\dds.pif

[2011/09/06 19:05:30 | 000,607,260 | ---- | C] (Swearware) -- C:\Documents and Settings\Phill\Desktop\dds.com

[2011/09/03 06:17:37 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll

[2011/08/26 13:32:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Phill\Application Data\ElevatedDiagnostics

[2011/08/26 07:47:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0

[2011/08/26 07:46:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell

[2011/08/22 18:49:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Phill\My Documents\Guard Dog

[2011/08/22 18:49:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Phill\My Documents\New Folder (3)

[2006/02/15 12:25:00 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\DLLVGA.dll

[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/09/14 00:47:35 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{38EEBFD6-F86D-4EB1-906B-DE4C937497E0}.job

[2011/09/14 00:41:34 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3666311666-1665443491-2880438058-1005.job

[2011/09/14 00:41:33 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3666311666-1665443491-2880438058-1005.job

[2011/09/14 00:41:02 | 000,581,632 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Phill\Desktop\OTL.exe

[2011/09/13 15:42:16 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2011/09/13 15:38:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011/09/13 15:37:32 | 526,381,056 | -HS- | M] () -- C:\hiberfil.sys

[2011/09/13 15:29:58 | 000,000,325 | RHS- | M] () -- C:\boot.ini

[2011/09/09 07:54:42 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2011/09/09 06:45:13 | 004,201,032 | R--- | M] (Swearware) -- C:\Documents and Settings\Phill\Desktop\ComboFix.exe

[2011/09/08 21:33:19 | 021,432,217 | ---- | M] () -- C:\Documents and Settings\Phill\My Documents\update20110901_amateur-suck-it-like-a-star.mp4

[2011/09/08 18:40:02 | 021,796,105 | ---- | M] () -- C:\Documents and Settings\Phill\My Documents\update20110901_amateur-huge-tits-wife-censoreded.mp4

[2011/09/08 18:37:09 | 008,058,975 | ---- | M] () -- C:\Documents and Settings\Phill\My Documents\update20110901_amateur-redhead-gives-a-great-handjob.mp4

[2011/09/08 18:35:38 | 009,597,667 | ---- | M] () -- C:\Documents and Settings\Phill\My Documents\update20110901_amateur-sexy-big-boobed-asian-censoreding.mp4

[2011/09/08 13:10:04 | 001,386,304 | ---- | M] () -- C:\Documents and Settings\Phill\Desktop\tdsskiller.zip

[2011/09/07 16:45:54 | 001,402,672 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Phill\Desktop\TDSSKiller.exe

[2011/09/07 13:32:36 | 000,004,498 | ---- | M] () -- C:\Documents and Settings\Phill\Desktop\attach.zip

[2011/09/06 19:06:31 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Phill\Desktop\xrrf6hht.exe

[2011/09/06 19:06:05 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Phill\Desktop\dds.scr

[2011/09/06 19:05:54 | 000,607,017 | ---- | M] (Swearware) -- C:\Documents and Settings\Phill\Desktop\dds.pif

[2011/09/06 19:05:31 | 000,607,260 | ---- | M] (Swearware) -- C:\Documents and Settings\Phill\Desktop\dds.com

[2011/09/06 19:02:29 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Phill\defogger_reenable

[2011/09/06 19:00:22 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Phill\Desktop\Defogger.exe

[2011/09/03 06:17:37 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll

[2011/08/30 02:39:20 | 000,109,568 | ---- | M] () -- C:\Documents and Settings\Phill\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/08/28 15:58:48 | 000,168,994 | ---- | M] () -- C:\Documents and Settings\Phill\My Documents\update20110825_amateur-blow-a-load-on-her-face.mp4

[2011/08/28 15:30:57 | 006,149,907 | ---- | M] () -- C:\Documents and Settings\Phill\My Documents\update20110825_twins-kick-some-kinect-ass.mp4

[2011/08/28 15:28:21 | 035,946,279 | ---- | M] () -- C:\Documents and Settings\Phill\My Documents\amateur-hit-all-the-holes.mp4

[2011/08/28 06:18:21 | 018,195,139 | ---- | M] () -- C:\Documents and Settings\Phill\My Documents\update20110825_amateur-sexy-redhead-69-action.mp4

[2011/08/27 16:19:27 | 081,674,044 | ---- | M] () -- C:\Documents and Settings\Phill\My Documents\Sound Advice 109.m4a

[2011/08/27 07:15:40 | 030,151,376 | ---- | M] () -- C:\Documents and Settings\Phill\My Documents\update20110825_amateur-wife-censoreded-then-facial.mp4

[2011/08/27 07:14:59 | 019,896,430 | ---- | M] () -- C:\Documents and Settings\Phill\My Documents\update20110825_amateur-wife-loves-her-big-toys.mp4

[2011/08/26 07:48:22 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2011/08/22 19:06:16 | 000,107,740 | ---- | M] () -- C:\Documents and Settings\Phill\My Documents\canyons2.jpg

[2011/08/22 19:03:45 | 000,039,353 | ---- | M] () -- C:\Documents and Settings\Phill\My Documents\mirror.jpg

[2011/08/22 19:00:27 | 017,790,808 | ---- | M] () -- C:\Documents and Settings\Phill\My Documents\update20110818_amateur-sexy-wife-gets-censoreded-hard.mp4

[2011/08/22 19:00:04 | 015,904,398 | ---- | M] () -- C:\Documents and Settings\Phill\My Documents\update20110818_amateur-small-girl-takes-a-big-penis.mp4

[2011/08/22 18:59:47 | 016,844,413 | ---- | M] () -- C:\Documents and Settings\Phill\My Documents\update20110818_amateur-hottie-blonde-shakes-her-hips.mp4

[2011/08/22 18:58:40 | 007,366,091 | ---- | M] () -- C:\Documents and Settings\Phill\My Documents\update20110818_amateur-handcuffed-and-censoreded.mp4

[2011/08/22 18:58:09 | 014,482,891 | ---- | M] () -- C:\Documents and Settings\Phill\My Documents\update20110818_amateur-up-the-bum-and-in-the-mouth.mp4

[2011/08/22 18:55:53 | 029,391,521 | ---- | M] () -- C:\Documents and Settings\Phill\My Documents\update20110818_amateur-asian-couple-in-bed.mp4

[2011/08/22 18:45:28 | 000,081,870 | ---- | M] () -- C:\Documents and Settings\Phill\My Documents\census-tits.jpg

[2011/08/22 18:41:59 | 027,384,032 | ---- | M] () -- C:\Documents and Settings\Phill\My Documents\update20110818_amateur-wife-gets-banged.mp4

[2011/08/22 18:40:56 | 032,542,998 | ---- | M] () -- C:\Documents and Settings\Phill\My Documents\update20110818_amateur-sucking-and-humping.mp4

[2011/08/22 18:38:41 | 011,999,092 | ---- | M] () -- C:\Documents and Settings\Phill\My Documents\update20110818_amateur-those-are-some-very-very-big-tits.mp4

[2011/08/22 18:36:55 | 025,286,057 | ---- | M] () -- C:\Documents and Settings\Phill\My Documents\update20110818_amateur-little-cutie-censoreded-beautifully.mp4

[2011/08/22 18:33:27 | 008,801,965 | ---- | M] () -- C:\Documents and Settings\Phill\My Documents\update20110818_amateur-couch-solo.mp4

[2011/08/20 07:43:21 | 005,013,855 | ---- | M] () -- C:\Documents and Settings\Phill\My Documents\update20110818_amateur-asian-girl-tit-censored-and-facial.mp4

[2011/08/20 07:41:42 | 016,554,225 | ---- | M] () -- C:\Documents and Settings\Phill\My Documents\update20110818_amateur-sexy-ginger-swallows.mp4

[2011/08/20 07:38:52 | 021,263,656 | ---- | M] () -- C:\Documents and Settings\Phill\My Documents\update20110818_amateur-mall-bathroom-head.mp4

[2011/08/20 07:35:17 | 028,009,554 | ---- | M] () -- C:\Documents and Settings\Phill\My Documents\update20110818_amateur-dynamite-redhead-takes-two-guys.mp4

[2011/08/17 16:21:32 | 004,187,189 | ---- | M] () -- C:\Documents and Settings\Phill\My Documents\P8170009.JPG

[2011/08/17 13:15:28 | 004,291,179 | ---- | M] () -- C:\Documents and Settings\Phill\My Documents\P8170008.JPG

[2011/08/17 13:07:54 | 003,550,306 | ---- | M] () -- C:\Documents and Settings\Phill\My Documents\P8170007.JPG

[2011/08/17 12:57:04 | 003,404,434 | ---- | M] () -- C:\Documents and Settings\Phill\My Documents\P8170006.JPG

[2011/08/17 12:56:48 | 004,079,085 | ---- | M] () -- C:\Documents and Settings\Phill\My Documents\P8170005.JPG

[2011/08/17 12:31:28 | 003,643,485 | ---- | M] () -- C:\Documents and Settings\Phill\My Documents\P8170004.JPG

[2011/08/17 12:31:22 | 003,826,023 | ---- | M] () -- C:\Documents and Settings\Phill\My Documents\P8170003.JPG

[2011/08/17 12:31:16 | 003,688,887 | ---- | M] () -- C:\Documents and Settings\Phill\My Documents\P8170002.JPG

[2011/08/17 12:25:16 | 004,475,606 | ---- | M] () -- C:\Documents and Settings\Phill\My Documents\P8170001.JPG

[2011/08/16 13:54:00 | 000,153,666 | ---- | M] () -- C:\Documents and Settings\Phill\My Documents\knives.png

[2011/08/16 05:54:30 | 000,105,976 | ---- | M] () -- C:\Documents and Settings\Phill\My Documents\gunsnammo.jpg

[2011/08/16 05:46:27 | 000,047,513 | ---- | M] () -- C:\Documents and Settings\Phill\My Documents\roshambo.jpg

[2011/08/16 05:45:40 | 000,079,354 | ---- | M] () -- C:\Documents and Settings\Phill\My Documents\phone.jpg

[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/09 06:51:37 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2011/09/09 06:51:37 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2011/09/09 06:51:36 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2011/09/09 06:51:36 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2011/09/09 06:51:36 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2011/09/08 21:32:18 | 021,432,217 | ---- | C] () -- C:\Documents and Settings\Phill\My Documents\update20110901_amateur-suck-it-like-a-star.mp4

[2011/09/08 18:38:56 | 021,796,105 | ---- | C] () -- C:\Documents and Settings\Phill\My Documents\update20110901_amateur-huge-tits-wife-censoreded.mp4

[2011/09/08 18:36:38 | 008,058,975 | ---- | C] () -- C:\Documents and Settings\Phill\My Documents\update20110901_amateur-redhead-gives-a-great-handjob.mp4

[2011/09/08 18:34:36 | 009,597,667 | ---- | C] () -- C:\Documents and Settings\Phill\My Documents\update20110901_amateur-sexy-big-boobed-asian-censoreding.mp4

[2011/09/08 13:10:00 | 001,386,304 | ---- | C] () -- C:\Documents and Settings\Phill\Desktop\tdsskiller.zip

[2011/09/07 13:32:30 | 000,004,498 | ---- | C] () -- C:\Documents and Settings\Phill\Desktop\attach.zip

[2011/09/06 19:06:30 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Phill\Desktop\xrrf6hht.exe

[2011/09/06 19:02:29 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Phill\defogger_reenable

[2011/09/06 19:00:16 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Phill\Desktop\Defogger.exe

[2011/08/30 02:41:53 | 000,000,278 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3666311666-1665443491-2880438058-1005.job

[2011/08/28 15:30:24 | 006,149,907 | ---- | C] () -- C:\Documents and Settings\Phill\My Documents\update20110825_twins-kick-some-kinect-ass.mp4

[2011/08/28 15:26:33 | 035,946,279 | ---- | C] () -- C:\Documents and Settings\Phill\My Documents\amateur-hit-all-the-holes.mp4

[2011/08/28 06:17:47 | 018,195,139 | ---- | C] () -- C:\Documents and Settings\Phill\My Documents\update20110825_amateur-sexy-redhead-69-action.mp4

[2011/08/27 16:19:28 | 081,674,044 | ---- | C] () -- C:\Documents and Settings\Phill\My Documents\Sound Advice 109.m4a

[2011/08/27 07:15:40 | 030,151,376 | ---- | C] () -- C:\Documents and Settings\Phill\My Documents\update20110825_amateur-wife-censoreded-then-facial.mp4

[2011/08/27 07:13:55 | 019,896,430 | ---- | C] () -- C:\Documents and Settings\Phill\My Documents\update20110825_amateur-wife-loves-her-big-toys.mp4

[2011/08/27 07:02:38 | 000,168,994 | ---- | C] () -- C:\Documents and Settings\Phill\My Documents\update20110825_amateur-blow-a-load-on-her-face.mp4

[2011/08/22 19:06:39 | 000,107,740 | ---- | C] () -- C:\Documents and Settings\Phill\My Documents\canyons2.jpg

[2011/08/22 19:04:24 | 000,039,353 | ---- | C] () -- C:\Documents and Settings\Phill\My Documents\mirror.jpg

[2011/08/22 19:00:28 | 017,790,808 | ---- | C] () -- C:\Documents and Settings\Phill\My Documents\update20110818_amateur-sexy-wife-gets-censoreded-hard.mp4

[2011/08/22 19:00:04 | 015,904,398 | ---- | C] () -- C:\Documents and Settings\Phill\My Documents\update20110818_amateur-small-girl-takes-a-big-penis.mp4

[2011/08/22 18:59:47 | 016,844,413 | ---- | C] () -- C:\Documents and Settings\Phill\My Documents\update20110818_amateur-hottie-blonde-shakes-her-hips.mp4

[2011/08/22 18:58:31 | 007,366,091 | ---- | C] () -- C:\Documents and Settings\Phill\My Documents\update20110818_amateur-handcuffed-and-censoreded.mp4

[2011/08/22 18:58:09 | 014,482,891 | ---- | C] () -- C:\Documents and Settings\Phill\My Documents\update20110818_amateur-up-the-bum-and-in-the-mouth.mp4

[2011/08/22 18:54:56 | 029,391,521 | ---- | C] () -- C:\Documents and Settings\Phill\My Documents\update20110818_amateur-asian-couple-in-bed.mp4

[2011/08/22 18:46:28 | 000,081,870 | ---- | C] () -- C:\Documents and Settings\Phill\My Documents\census-tits.jpg

[2011/08/22 18:41:59 | 027,384,032 | ---- | C] () -- C:\Documents and Settings\Phill\My Documents\update20110818_amateur-wife-gets-banged.mp4

[2011/08/22 18:39:19 | 032,542,998 | ---- | C] () -- C:\Documents and Settings\Phill\My Documents\update20110818_amateur-sucking-and-humping.mp4

[2011/08/22 18:38:41 | 011,999,092 | ---- | C] () -- C:\Documents and Settings\Phill\My Documents\update20110818_amateur-those-are-some-very-very-big-tits.mp4

[2011/08/22 18:32:50 | 008,801,965 | ---- | C] () -- C:\Documents and Settings\Phill\My Documents\update20110818_amateur-couch-solo.mp4

[2011/08/20 07:43:14 | 005,013,855 | ---- | C] () -- C:\Documents and Settings\Phill\My Documents\update20110818_amateur-asian-girl-tit-censored-and-facial.mp4

[2011/08/20 07:41:42 | 016,554,225 | ---- | C] () -- C:\Documents and Settings\Phill\My Documents\update20110818_amateur-sexy-ginger-swallows.mp4

[2011/08/20 07:38:53 | 021,263,656 | ---- | C] () -- C:\Documents and Settings\Phill\My Documents\update20110818_amateur-mall-bathroom-head.mp4

[2011/08/20 07:34:14 | 028,009,554 | ---- | C] () -- C:\Documents and Settings\Phill\My Documents\update20110818_amateur-dynamite-redhead-takes-two-guys.mp4

[2011/08/20 07:26:53 | 025,286,057 | ---- | C] () -- C:\Documents and Settings\Phill\My Documents\update20110818_amateur-little-cutie-censoreded-beautifully.mp4

[2011/08/17 16:21:32 | 004,187,189 | ---- | C] () -- C:\Documents and Settings\Phill\My Documents\P8170009.JPG

[2011/08/17 13:15:28 | 004,291,179 | ---- | C] () -- C:\Documents and Settings\Phill\My Documents\P8170008.JPG

[2011/08/17 13:07:54 | 003,550,306 | ---- | C] () -- C:\Documents and Settings\Phill\My Documents\P8170007.JPG

[2011/08/17 12:57:04 | 003,404,434 | ---- | C] () -- C:\Documents and Settings\Phill\My Documents\P8170006.JPG

[2011/08/17 12:56:48 | 004,079,085 | ---- | C] () -- C:\Documents and Settings\Phill\My Documents\P8170005.JPG

[2011/08/17 12:31:28 | 003,643,485 | ---- | C] () -- C:\Documents and Settings\Phill\My Documents\P8170004.JPG

[2011/08/17 12:31:22 | 003,826,023 | ---- | C] () -- C:\Documents and Settings\Phill\My Documents\P8170003.JPG

[2011/08/17 12:31:16 | 003,688,887 | ---- | C] () -- C:\Documents and Settings\Phill\My Documents\P8170002.JPG

[2011/08/17 12:25:16 | 004,475,606 | ---- | C] () -- C:\Documents and Settings\Phill\My Documents\P8170001.JPG

[2011/08/16 13:57:57 | 000,153,666 | ---- | C] () -- C:\Documents and Settings\Phill\My Documents\knives.png

[2011/08/16 05:54:56 | 000,105,976 | ---- | C] () -- C:\Documents and Settings\Phill\My Documents\gunsnammo.jpg

[2011/08/16 05:46:47 | 000,047,513 | ---- | C] () -- C:\Documents and Settings\Phill\My Documents\roshambo.jpg

[2011/08/16 05:46:04 | 000,079,354 | ---- | C] () -- C:\Documents and Settings\Phill\My Documents\phone.jpg

[2010/02/15 01:21:49 | 000,014,276 | -HS- | C] () -- C:\Documents and Settings\Phill\Local Settings\Application Data\86S46Vh322ctJ

[2009/12/10 17:26:39 | 000,065,940 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat

[2009/02/26 22:35:12 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll

[2008/08/22 12:42:23 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\Phill\Application Data\WavCodec.wff

[2007/11/20 20:29:12 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

[2007/11/01 00:55:27 | 000,000,194 | ---- | C] () -- C:\Documents and Settings\Phill\Application Data\wklnhst.dat

[2007/07/25 14:55:45 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2007/07/25 14:55:44 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2007/05/26 21:23:46 | 000,544,256 | ---- | C] () -- C:\WINDOWS\System32\janGraphics.dll

[2007/05/24 18:40:38 | 000,004,212 | RH-- | C] () -- C:\WINDOWS\System32\zllictbl.dat

[2006/12/19 20:56:42 | 000,109,568 | ---- | C] () -- C:\Documents and Settings\Phill\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2006/12/15 11:30:00 | 002,108,000 | ---- | C] () -- C:\Documents and Settings\Phill\Local Settings\Application Data\rx_audio.Cache

[2006/12/15 11:29:33 | 030,036,272 | ---- | C] () -- C:\Documents and Settings\Phill\Local Settings\Application Data\rx_image.Cache

[2006/11/07 18:25:25 | 000,000,512 | ---- | C] () -- C:\WINDOWS\eReg.dat

[2006/09/19 15:29:49 | 000,000,047 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2006/08/18 21:42:02 | 000,635,337 | ---- | C] () -- C:\WINDOWS\System32\unins000.exe

[2006/08/18 21:42:02 | 000,002,155 | ---- | C] () -- C:\WINDOWS\System32\unins000.dat

[2006/08/18 21:39:52 | 000,077,824 | ---- | C] () -- C:\WINDOWS\Startup.exe

[2006/08/18 21:35:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI

[2006/08/14 19:06:10 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini

[2006/08/14 19:02:43 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Phill\Local Settings\Application Data\fusioncache.dat

[2006/06/05 23:40:00 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2006/06/05 23:37:46 | 000,004,528 | R--- | C] () -- C:\WINDOWS\System32\SETBROWS.EXE

[2006/02/25 03:02:55 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2006/02/25 00:28:54 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\TDispVol.dll

[2006/02/16 11:07:58 | 000,000,012 | ---- | C] () -- C:\WINDOWS\dirsaver.ini

[2006/02/16 05:55:04 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2006/02/16 05:50:52 | 000,000,344 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2006/02/16 05:25:21 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll

[2006/02/16 05:25:21 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll

[2006/02/16 05:25:21 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll

[2006/02/16 05:25:21 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll

[2006/02/16 05:25:21 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll

[2006/02/16 05:25:21 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll

[2006/02/15 12:41:53 | 000,036,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\CSIIDecoder_kern_i386.sys

[2006/02/15 12:41:53 | 000,029,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys

[2006/02/15 12:40:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI

[2006/02/15 12:28:50 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini

[2006/02/15 12:28:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll

[2006/02/15 12:28:50 | 000,010,165 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini

[2006/02/15 12:28:50 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini

[2006/02/15 12:25:00 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\TCtrlIO.dll

[2006/02/15 12:21:55 | 000,000,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTHDAEQ1.dat

[2006/02/15 12:21:55 | 000,000,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTHDAEQ0.dat

[2006/02/15 12:21:53 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll

[2006/02/15 12:21:53 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe

[2006/02/15 11:44:19 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2006/02/15 11:41:14 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2006/02/15 11:35:33 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2006/02/15 11:34:07 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

[2006/02/15 10:09:00 | 000,000,341 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

[2006/02/15 10:03:52 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2006/02/15 10:03:40 | 000,483,538 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2006/02/15 10:03:40 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2006/02/15 10:03:40 | 000,080,776 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2006/02/15 10:03:40 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2006/02/15 10:03:34 | 000,004,688 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2006/02/15 10:03:31 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2006/02/15 10:03:28 | 000,531,856 | ---- | C] () -- C:\WINDOWS\System32\msqjhznl.dll

[2006/02/15 10:03:27 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[2006/02/15 10:03:06 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2006/02/15 10:03:05 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2006/02/15 10:02:37 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2006/02/15 10:02:16 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

[2006/02/15 03:30:19 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2006/02/15 03:29:32 | 000,313,176 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2005/12/01 18:05:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini

[2005/11/14 14:40:28 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll

[2005/11/10 11:30:04 | 003,596,288 | R--- | C] () -- C:\WINDOWS\System32\qt-dx331.dll

[2005/11/10 11:30:02 | 000,524,288 | R--- | C] () -- C:\WINDOWS\System32\divxsm.exe

[2005/09/02 18:44:08 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll

[2005/08/24 19:20:28 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\tbiosdrv.sys

[2005/08/05 18:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

[2005/07/23 01:30:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll

[2005/07/15 14:35:56 | 000,831,488 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll

[2005/07/15 14:35:56 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll

[2004/11/30 04:10:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\besch.exe

[2004/11/30 04:10:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\besched.dll

[2004/07/20 21:04:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll

[2004/01/15 18:43:28 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll

[2004/01/13 22:46:00 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll

[2003/10/02 01:00:00 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lockout.dll

[2003/10/02 01:00:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\lockres.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Phill\My Documents\SD2.dmsd:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Phill\My Documents\SD1.dmsd:Roxio EMC Stream

< End of report >

Link to post
Share on other sites

...And this is the Extra.txt. I hope this is where the answer lies...

OTL Extras logfile created on: 9/14/2011 12:41:37 AM - Run 1

OTL by OldTimer - Version 3.2.28.0 Folder = C:\Documents and Settings\Phill\Desktop

Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

501.93 Mb Total Physical Memory | 90.89 Mb Available Physical Memory | 18.11% Memory free

1.24 Gb Paging File | 0.91 Gb Available in Paging File | 73.07% Paging File free

Paging file location(s): C:\pagefile.sys 800 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 111.54 Gb Total Space | 3.68 Gb Free Space | 3.30% Space Free | Partition Type: NTFS

Computer Name: STEWIE | User Name: Phill | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [iD3-TagIT] -- "C:\Program Files\ID3-TagIT 3\ID3-TagIT.exe" "/P=%1" ( )

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusOverride" = 1

"FirewallOverride" = 0

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 1

"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\TOSHIBA\ivp\NetInt\Netint.exe" = C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrade Engine -- (TOSHIBA Corporation)

"C:\TOSHIBA\Ivp\ISM\pinger.exe" = C:\TOSHIBA\IVP\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger -- (TOSHIBA Corporation)

"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader -- (America Online, Inc.)

"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google)

"C:\Program Files\uTorrent\utorrent.exe" = C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)

"C:\Program Files\Roxio\Easy Media Creator 8\Audio Master\MusicDiscCreator.exe" = C:\Program Files\Roxio\Easy Media Creator 8\Audio Master\MusicDiscCreator.exe:*:Enabled:Roxio Music Disc Creator -- (Sonic Solutions)

"C:\Program Files\SightSpeed\SightSpeed.exe" = C:\Program Files\SightSpeed\SightSpeed.exe:*:Enabled:SightSpeed -- (SightSpeed Inc.)

"C:\Program Files\Roxio\Easy Media Creator 8\Creator Classic\Creator8.exe" = C:\Program Files\Roxio\Easy Media Creator 8\Creator Classic\Creator8.exe:*:Enabled:Creator8 -- (Sonic Solutions)

"C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe" = C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe:*:Enabled:Roxio UPnP Renderer Service -- (Sonic Solutions)

"C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe" = C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe:*:Enabled:Roxio Upnp Service -- (Sonic Solutions)

"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0

"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView

"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist

"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate

"{1F76ACFA-22FE-49F6-BC05-F4EC835F48CC}" = Norton GoBack 4.0 (Symantec Corporation)

"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)

"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe

"{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator 2

"{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{353FE16B-30FE-469A-BF55-B978F4218003}" = iTunes

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA

"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0

"{425A2BC2-AA64-4107-9C29-484245BBEA05}" = TOSHIBA Software Upgrades

"{4497AFF6-98C4-4F49-B073-F48F42BCBF9E}" = TIPCI

"{47D2103B-FD51-4017-9C20-DD408B17D726}" = Office 2003 Trial Assistant

"{48CF9A66-5F03-4025-ABD0-B3A3FA095A59}" = TOSHIBA SD Memory Card Format

"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime

"{64212898-097F-4F3F-AECA-6D34A7EF82DF}" = TOSHIBA Zooming Utility

"{64DD71BC-3109-4C88-9AD3-D5422644B722}" = TOSHIBA Hotkey Utility

"{6815FCDD-401D-481E-BA88-31B4754C2B46}" = Macromedia Flash Player 8

"{69BE47C2-36FE-4397-8199-85D8EAE69982}" = TOSHIBA TouchPad ON/Off Utility

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}" = Safari

"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel

"{78C68CB9-3DF5-44F3-AB9D-FA305C5EB85C}" = TOSHIBA Utilities

"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX

"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support

"{868901EE-7807-4F89-A134-7C705D34F91F}" = Roxio Easy Media Creator 8 Suite

"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver

"{8B12BA86-ADAC-4BA6-B441-FFC591087252}" = TOSHIBA Virtual Sound

"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr

"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp

"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003

"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz

"{90F80409-6000-11D3-8CFE-0150048383C9}" = Remove Hidden Data Tool

"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for TOSHIBA

"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig

"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!

"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders

"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML

"{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}" = DVD-RAM Driver

"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer

"{A011A1DC-7F1D-4EA8-BD11-0C5F9718E428}" = Symantec AntiVirus

"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}" = TOSHIBA Controls

"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.2

"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR

"{BE3F89C0-42D5-11D5-A40A-00105AC8331A}" = Metamail (Toshiba Registration Utility)

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour

"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update

"{C45F4811-31D5-4786-801D-F79CD06EDD85}" = SD Secure Module

"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba

"{D2A0F8F4-CE50-4857-A21C-3061682B2E87}" = Sansa Media Converter

"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore

"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications

"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)

"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01

"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0

"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi

"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe

"AC3Filter" = AC3Filter (remove only)

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.5

"CCleaner" = CCleaner

"Creative Live! Cam Notebook Pro User's Guide English" = Creative Live! Cam Notebook Pro User's Guide (English)

"Creative Software AutoUpdate" = Creative Software AutoUpdate

"Creative VF0250" = Creative Live! Cam Notebook Pro Driver (1.01.03.0405)

"Creative WebCam Center" = Creative WebCam Center

"ffdshow_is1" = ffdshow [rev 1620] [2007-11-18]

"Free FLV Converter_is1" = Free FLV Converter V 6.7.4

"GEOXCodec" = GeoVision MPEG4

"HijackThis" = HijackThis 2.0.2

"ID3-TagIT 3_is1" = ID3-TagIT 3

"ie8" = Windows Internet Explorer 8

"InstallShield_{4497AFF6-98C4-4F49-B073-F48F42BCBF9E}" = Texas Instruments PCIxx21/x515/xx12 drivers.

"Kana WallChanger_is1" = Kana WallChanger 2.2

"KC Softwares VideoInspector_is1" = KC Softwares VideoInspector

"LiveUpdate" = LiveUpdate 3.0 (Symantec Corporation)

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)

"PC Diagnostic Tool" = TOSHIBA PC Diagnostic Tool

"Power Saver" = TOSHIBA Power Saver

"ProInst" = Intel® PROSet/Wireless Software

"PROSet" = Intel® PRO Network Connections Drivers

"RealPlayer 12.0" = RealPlayer

"Sanse Playlister_is1" = Sanse Playlister Ver1.3

"SightSpeed" = SightSpeed

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"SysInfo" = Creative System Information

"TOSHIBA Software Modem" = TOSHIBA Software Modem

"TOSHIBA TV Tuner" = TOSHIBA TV Tuner 4.0.12.73

"uTorrent" = µTorrent

"VB Runtimes Pack, release 7_is1" = VB Runtimes Pack, release 7

"WavePad" = WavePad Uninstall

"Windows Media Format Runtime" = Windows Media Format Runtime

"WinRAR archiver" = WinRAR archiver

"Xvid_is1" = Xvid 1.1.3 final uninstall

"Yahoo! Messenger" = Yahoo! Messenger

"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 9/6/2011 5:40:20 PM | Computer Name = STEWIE | Source = Application Hang | ID = 1002

Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/6/2011 5:40:41 PM | Computer Name = STEWIE | Source = Application Hang | ID = 1002

Description = Hanging application RecordingManager.exe, version 1.0.1.721, hang

module hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/6/2011 5:41:07 PM | Computer Name = STEWIE | Source = Application Hang | ID = 1001

Description = Fault bucket 1180947459.

Error - 9/6/2011 5:41:44 PM | Computer Name = STEWIE | Source = Application Hang | ID = 1001

Description = Fault bucket 1756046937.

Error - 9/9/2011 6:50:28 AM | Computer Name = STEWIE | Source = Symantec AntiVirus | ID = 16711725

Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec

AntiVirus\VPTray.exe Event Info: Terminate Process Action Taken: Blocked Actor Process:

C:\32788R22FWJFW\pev.3XE (PID 408) Time: Friday, September 09, 2011 6:50:27 AM

Error - 9/9/2011 6:50:28 AM | Computer Name = STEWIE | Source = Symantec AntiVirus | ID = 16711725

Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec

AntiVirus\VPTray.exe Event Info: Terminate Process Action Taken: Blocked Actor Process:

C:\32788R22FWJFW\License\iexplore.exe (PID 2564) Time: Friday, September 09, 2011

6:50:28 AM

Error - 9/13/2011 3:26:53 PM | Computer Name = STEWIE | Source = Application Hang | ID = 1002

Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/13/2011 3:26:53 PM | Computer Name = STEWIE | Source = Application Hang | ID = 1002

Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/13/2011 3:27:26 PM | Computer Name = STEWIE | Source = Application Hang | ID = 1001

Description = Fault bucket 1180947459.

Error - 9/13/2011 3:27:26 PM | Computer Name = STEWIE | Source = Application Hang | ID = 1001

Description = Fault bucket 1180947459.

[ System Events ]

Error - 9/7/2011 6:39:51 AM | Computer Name = STEWIE | Source = atapi | ID = 262153

Description = The device, \Device\Ide\IdePort0, did not respond within the timeout

period.

Error - 9/7/2011 6:39:54 AM | Computer Name = STEWIE | Source = atapi | ID = 262153

Description = The device, \Device\Ide\IdePort0, did not respond within the timeout

period.

Error - 9/7/2011 6:40:07 AM | Computer Name = STEWIE | Source = atapi | ID = 262153

Description = The device, \Device\Ide\IdePort0, did not respond within the timeout

period.

Error - 9/7/2011 6:40:17 AM | Computer Name = STEWIE | Source = atapi | ID = 262153

Description = The device, \Device\Ide\IdePort0, did not respond within the timeout

period.

Error - 9/7/2011 6:40:22 AM | Computer Name = STEWIE | Source = atapi | ID = 262153

Description = The device, \Device\Ide\IdePort0, did not respond within the timeout

period.

Error - 9/7/2011 6:40:24 AM | Computer Name = STEWIE | Source = atapi | ID = 262153

Description = The device, \Device\Ide\IdePort0, did not respond within the timeout

period.

Error - 9/7/2011 6:40:28 AM | Computer Name = STEWIE | Source = atapi | ID = 262153

Description = The device, \Device\Ide\IdePort0, did not respond within the timeout

period.

Error - 9/8/2011 5:44:45 AM | Computer Name = STEWIE | Source = Service Control Manager | ID = 7023

Description = The HID Input Service service terminated with the following error:

%%126

Error - 9/8/2011 5:44:45 AM | Computer Name = STEWIE | Source = Service Control Manager | ID = 7009

Description = Timeout (30000 milliseconds) waiting for the Symantec AntiVirus service

to connect.

Error - 9/8/2011 6:10:52 PM | Computer Name = STEWIE | Source = Service Control Manager | ID = 7023

Description = The HID Input Service service terminated with the following error:

%%126

< End of report >

Link to post
Share on other sites

501.93 Mb Total Physical Memory | 90.89 Mb Available Physical Memory | 18.11% Memory free

1.24 Gb Paging File | 0.91 Gb Available in Paging File | 73.07% Paging File free

Paging file location(s): C:\pagefile.sys 800 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 111.54 Gb Total Space | 3.68 Gb Free Space | 3.30% Space Free | Partition Type: NTFS

You have 3,68 GB of free space, which is very little. Windows needs at least 25% of free space to function properly.

You also have not a lot of RAM installed for XP, but I think that once you free up some space, things will improve.

Link to post
Share on other sites

OMG if that is the case I am completely embarrassed! I need to get an external HD to remove some of the files but that will be a couple of days. Do you want to close this ticket and if there is anymore issues I can repost or IM you?

Also, stupid question but can anyone do anything malicious to me since I just exposed myself to the world?

Thank you so much for your help and patience. It's people like you that restore my faith in humanity.

Link to post
Share on other sites

No problem, just let me know when you are ready to move on and if the cleanup improved matters. :)

An indication for this problem is here:

Error - 9/7/2011 6:40:28 AM | Computer Name = STEWIE | Source = atapi | ID = 262153

Description = The device, \Device\Ide\IdePort0, did not respond within the timeout

period.

Error - 9/8/2011 5:44:45 AM | Computer Name = STEWIE | Source = Service Control Manager | ID = 7023

Description = The HID Input Service service terminated with the following error:

%%126

Your HD just stopped responding (it had to manage all ongoing operations in a very small space, which basically overloaded it).
Link to post
Share on other sites

Hi Elise, hopw you had a good weekend. I was able to get an external HD and transfer about 30gb onto it, freeing up 60gb of space. I don't do the math I just calls it the ways I sees it. I then ran disk defragmenter and shut off the computer when it was done. I waited about a day and rebooted it and same problem, it took a good 15 minutes to get to where I could use it, IE took several minutes to load.

I didn't add any RAM but I took a look at the task manager and it seems I have a lot of processes running. In fact when I wasn't doing anything the CPU usage was still averaging 40% and the little blue light that indicates HD activity keeps blinking.

I know I should get more RAM but is that going to cut the load time? I seem to remember when I first got this it was pretty quick.

Oh, and the stupid speakers keep stuttering :(

Any advice?

Link to post
Share on other sites

  • 2 weeks later...

Hi Elise, I am back again!

Ok, I had someone add another 512 of RAM so I think that brings me up to a gig. Accessing IE, surfing and opening programs is definately faster, however bootup takes about 7 minutes to get to the main desktopand another few minutes after before I can open anything. However once it is up it is running nicely.

I also emptied out My Documents so I have 69.5GB of space to fill.

The hiccup is video/audio. Video no longer streams from the internet smoothly or plays from a video file smoothly. Audio keeps hiccuping. I noticed these things started after I ran some of the programs to check my computer. I haven't deleted anything yet so I don';t know if that will clear anything up. Any suggestions? I can live with the bootup time, I would just like to clear up this a/v issue.

Thanks for your time.

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.