Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

The Redirect Virus [Solved]

Started by krystine , Aug 26 2010 03:22 PM

  • This topic is locked This topic is locked

#46
krystine
Posted 02 September 2010 - 10:46 AM

krystine

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts
Thanks for the link, unfortunately none of the steps worked. I guess I am going to restore my PC to before the scan and try to get rid of the virus another way? Do you think that is the best choice? Do you think there's anything my internet provider can do, other than reset the router (which I already did)?

edit: the eset scan worked the first time I think but when I try it now it says "proxy not configured" ... is there any way to fix that? Or was my machine not completely clean after that scan?

edit again: i have my windows 7 disk, maybe i should put it in and see if i can repair windows, rather than re-install

Edited by krystine, 02 September 2010 - 11:21 AM.

  • 0

Advertisements

#47
emeraldnzl
Posted 02 September 2010 - 03:05 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

. I guess I am going to restore my PC to before the scan and try to get rid of the virus another way? Do you think that is the best choice?


No I don't think it is the best choice, sadly I don't think that would fix your connection problem. In fact the virus is likely gone and we are just left with a technical issue to deal with.

Do you think there's anything my internet provider can do, other than reset the router (which I already did)?


It is not the resetting of the router, rather the data/settings needed for your computer and or router to recognise where it should be going to to connect to their server. Your IP should know this.

Before you call them though you could try the following just in case it is a browser problem:

Please go to support Microsoft for instructions on how to repair/reinstall your Internet Explorer.

If IE can be made to work then it will likely just be a matter of re-installing Firefox.
  • 0

#48
krystine
Posted 03 September 2010 - 10:01 AM

krystine

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts
The browser install/re-install didn't work. What do you think of trying to repair my windows with the disk?
Also (potential point of interest?), in my first post when I said my connection was messed up after the scan and I was going to restore, I did before I saw your post saying not to. I had the virus again but could connect okay. I then ran the SAS scan (for the second time) and it did the same thing (got rid of the virus and screwed up my internet).
  • 0

#49
emeraldnzl
Posted 03 September 2010 - 01:18 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

I did before I saw your post saying not to. I had the virus again but could connect okay.


Interesting. See if you can do that restore again but this time don't run SAS, we will deal with the infection a different way now we have identified what is going on (at least think we know lol).

Once you are up and running carry out an OTL scan again:

  • Close all windows and open OTL again.
  • Click Run Scan and let the program run uninterrupted
  • It will produce a log for you. Post the log here.

  • 0

#50
krystine
Posted 04 September 2010 - 02:38 PM

krystine

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts
Sounds good. I've been house sitting over the weekend so I haven't had much access to my machine. I will be back to do the scan tomorrow though (: thanks for being patient.
  • 0

#51
emeraldnzl
Posted 04 September 2010 - 03:40 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

Sounds good. I've been house sitting over the weekend so I haven't had much access to my machine. I will be back to do the scan tomorrow though


Okie dokie. See you then. :)
  • 0

#52
krystine
Posted 05 September 2010 - 10:33 AM

krystine

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts
OTL logfile created on: 9/5/2010 12:29:56 PM - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\Krystine\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 67.00% Memory free
12.00 Gb Paging File | 10.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 581.52 Gb Total Space | 274.12 Gb Free Space | 47.14% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 1.86 Gb Total Space | 0.43 Gb Free Space | 23.09% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KRYSTINE-PC
Current User Name: Krystine
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/09/02 00:28:38 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Krystine\Desktop\OTL.exe
PRC - [2010/07/21 08:01:34 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgemc.exe
PRC - [2010/07/16 08:30:20 | 002,065,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgtray.exe
PRC - [2010/07/16 08:30:17 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
PRC - [2010/07/16 08:29:53 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe
PRC - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2009/12/15 19:27:39 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\javaws.exe
PRC - [2009/12/15 19:27:39 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\javaw.exe
PRC - [2009/10/30 07:57:08 | 000,369,200 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2009/07/26 17:44:34 | 003,883,856 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
PRC - [2009/07/13 21:14:42 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\microsoft shared\ink\TabTip32.exe
PRC - [2009/01/26 16:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe


========== Modules (SafeList) ==========

MOD - [2010/09/02 00:28:38 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Krystine\Desktop\OTL.exe
MOD - [2009/07/13 21:16:16 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\microsoft shared\ink\tiptsf.dll
MOD - [2009/07/13 21:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009/07/13 21:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/11/23 16:53:58 | 000,127,784 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\WTouch\WTouchService.exe -- (WTouchService)
SRV:64bit: - [2009/11/23 16:53:54 | 005,556,520 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Windows\SysNative\Pen_Tablet.exe -- (TabletServicePen)
SRV:64bit: - [2009/08/18 03:36:20 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 21:41:56 | 000,195,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService)
SRV:64bit: - [2009/07/13 21:41:53 | 001,361,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\PeerDistSvc.dll -- (PeerDistSvc)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:24 | 000,689,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cscsvc.dll -- (CscService)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2010/07/21 08:01:34 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/07/16 08:30:17 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/01/21 17:51:12 | 030,963,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/07/16 08:30:19 | 000,317,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (AvgTdiA)
DRV:64bit: - [2010/07/16 08:29:54 | 000,269,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (AvgLdx64)
DRV:64bit: - [2010/06/03 08:22:09 | 000,035,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (AvgMfx64)
DRV:64bit: - [2009/12/04 19:11:36 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009/10/16 02:33:06 | 000,050,176 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/08/27 16:06:34 | 000,018,216 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV:64bit: - [2009/08/18 04:48:48 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/07/13 21:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 21:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:45:55 | 000,200,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmbus.sys -- (vmbus)
DRV:64bit: - [2009/07/13 21:45:55 | 000,046,672 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmstorfl.sys -- (storflt)
DRV:64bit: - [2009/07/13 21:45:55 | 000,034,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\storvsc.sys -- (storvsc)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/07/13 19:42:58 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vms3cap.sys -- (s3cap)
DRV:64bit: - [2009/07/13 19:42:44 | 000,021,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusHID.sys -- (VMBusHID)
DRV:64bit: - [2009/07/13 19:24:27 | 000,514,048 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\csc.sys -- (CSC)
DRV:64bit: - [2009/06/19 13:47:52 | 000,382,464 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr7064.sys -- (rt70x64)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:35:02 | 000,281,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1y60x64.sys -- (e1yexpress) Intel®
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/20 12:54:06 | 000,015,656 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid)
DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/01/09 16:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2007/05/14 16:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2007/02/16 11:12:36 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2007/02/07 14:27:46 | 000,014,104 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\speedfan.sys -- (speedfan)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?rd=1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 84 C6 69 02 E2 E7 CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.ca/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {241aae70-0022-11de-87af-0800200c9a66}:3.6.30.01.10
FF - prefs.js..extensions.enabledItems: {9f94fab0-58a2-11dd-ae16-0800200c9a66}:3.0.26

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/07/24 13:54:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/09/04 17:03:58 | 000,000,000 | ---D | M]

[2009/12/04 16:19:21 | 000,000,000 | ---D | M] -- C:\Users\Krystine\AppData\Roaming\Mozilla\Extensions
[2010/08/29 13:58:05 | 000,000,000 | ---D | M] -- C:\Users\Krystine\AppData\Roaming\Mozilla\Firefox\Profiles\y53eic8b.default\extensions
[2010/03/25 22:46:11 | 000,000,000 | ---D | M] (Blue Fox) -- C:\Users\Krystine\AppData\Roaming\Mozilla\Firefox\Profiles\y53eic8b.default\extensions\{241aae70-0022-11de-87af-0800200c9a66}
[2010/03/25 22:47:45 | 000,000,000 | ---D | M] (AvantGarde Rosepetal) -- C:\Users\Krystine\AppData\Roaming\Mozilla\Firefox\Profiles\y53eic8b.default\extensions\{9f94fab0-58a2-11dd-ae16-0800200c9a66}
[2010/09/04 17:02:50 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Krystine\AppData\Roaming\Mozilla\Firefox\Profiles\y53eic8b.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/08/28 13:22:07 | 000,000,000 | ---D | M] -- C:\Users\Krystine\AppData\Roaming\Mozilla\Firefox\Profiles\y53eic8b.default\extensions\[email protected]
[2010/03/25 22:47:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Krystine\AppData\Roaming\Mozilla\Firefox\Profiles\y53eic8b.default\extensions\{9f94fab0-58a2-11dd-ae16-0800200c9a66}\mozapps\extensions
[2010/09/04 17:02:52 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/09/04 17:02:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

O1 HOSTS File: ([2010/08/28 13:19:39 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [ISUSPM] C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe File not found
O4 - HKCU..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [ZE18MW23GY] C:\Users\Krystine\AppData\Local\Temp\Ncz.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.162.234,93.188.161.234
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{0745478a-e122-11de-af18-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{0745478a-e122-11de-af18-806e6f6e6963}\Shell\AutoRun\command - "" = D:\autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/09/05 12:29:35 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Krystine\Desktop\OTL.exe
[2010/09/02 16:45:19 | 000,000,000 | ---D | C] -- C:\Users\Krystine\Desktop\Tims Christmas
[2010/09/02 16:45:19 | 000,000,000 | ---D | C] -- C:\Users\Krystine\Desktop\SMRTNTKY
[2010/09/02 16:45:15 | 000,000,000 | ---D | C] -- C:\Users\Krystine\Desktop\New Folder
[2010/09/01 18:15:46 | 000,000,000 | ---D | C] -- C:\Users\Krystine\AppData\Roaming\SUPERAntiSpyware.com
[2010/09/01 18:15:46 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/09/01 18:15:41 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2010/09/01 18:15:40 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/09/01 18:08:50 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/08/31 17:57:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2010/08/30 18:28:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/08/30 18:28:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010/08/29 20:41:15 | 000,000,000 | ---D | C] -- C:\Users\Krystine\AppData\Local\Google
[2010/08/29 17:17:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2010/08/27 16:47:50 | 000,000,000 | ---D | C] -- C:\ProgramData\2DBoy
[2010/08/27 16:47:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WorldOfGoo
[2010/08/26 16:55:07 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Krystine\Desktop\TFC.exe
[2010/08/26 16:06:42 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/08/26 15:48:48 | 000,000,000 | ---D | C] -- C:\Program Files\HijackThis
[2010/08/26 15:24:45 | 000,000,000 | ---D | C] -- C:\Users\Krystine\AppData\Roaming\Malwarebytes
[2010/08/26 15:24:44 | 000,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbam.sys
[2010/08/26 15:24:42 | 000,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/08/26 15:24:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/08/26 15:24:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/08/26 15:10:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner
[2010/08/26 14:46:19 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
[2010/08/25 20:45:45 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2010/08/23 17:42:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Delta
[2010/08/12 20:32:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2010/08/12 20:22:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Synchronization Services
[2010/08/12 20:22:25 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010/08/12 20:22:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2010/08/12 20:22:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Sync Framework
[2010/08/12 20:22:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2010/08/12 20:16:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2010/08/08 21:17:37 | 000,000,000 | ---D | C] -- C:\Users\Krystine\Documents\moonshl2
[2010/08/08 21:17:37 | 000,000,000 | ---D | C] -- C:\Users\Krystine\Documents\moonmemo
[2010/08/08 20:39:21 | 000,000,000 | ---D | C] -- C:\Users\Krystine\Documents\eng
[2010/08/08 18:20:39 | 000,000,000 | ---D | C] -- C:\Users\Krystine\Documents\AAA DS
[2010/08/07 02:04:19 | 000,000,000 | ---D | C] -- C:\Users\Krystine\Documents\Heroes of Newerth
[2010/08/07 02:04:07 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_40.dll
[2010/08/07 02:04:07 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_40.dll
[2010/08/07 02:04:07 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_40.dll
[2010/08/07 02:04:06 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_3.dll
[2010/08/07 02:03:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Heroes of Newerth
[2010/04/16 17:53:56 | 001,117,491 | ---- | C] (DVD Shrink ) -- C:\Program Files (x86)\dvdshrink32setup.exe
[2009/12/16 16:47:12 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Krystine\AppData\Roaming\pcouffin.sys
[2009/12/04 17:24:58 | 003,139,840 | ---- | C] (WindSolutions) -- C:\Program Files\CopyTrans.exe

========== Files - Modified Within 30 Days ==========

[2010/09/05 12:30:04 | 007,864,320 | -HS- | M] () -- C:\Users\Krystine\ntuser.dat
[2010/09/05 12:29:44 | 064,339,327 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2010/09/05 12:09:02 | 000,000,298 | -H-- | M] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010/09/05 11:46:05 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3969533455-2505683156-2406357703-1001UA.job
[2010/09/04 20:46:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3969533455-2505683156-2406357703-1001Core.job
[2010/09/04 17:11:15 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/09/04 17:11:15 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/09/04 17:11:01 | 000,717,892 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/09/04 17:11:01 | 000,618,026 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/09/04 17:11:01 | 000,104,340 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/09/04 17:04:18 | 000,524,288 | -HS- | M] () -- C:\Users\Krystine\ntuser.dat{fe1bca48-b6b2-11df-b00f-0025113d5e33}.TMContainer00000000000000000002.regtrans-ms
[2010/09/04 17:04:18 | 000,524,288 | -HS- | M] () -- C:\Users\Krystine\ntuser.dat{fe1bca48-b6b2-11df-b00f-0025113d5e33}.TMContainer00000000000000000001.regtrans-ms
[2010/09/04 17:04:18 | 000,065,536 | -HS- | M] () -- C:\Users\Krystine\ntuser.dat{fe1bca48-b6b2-11df-b00f-0025113d5e33}.TM.blf
[2010/09/04 17:04:05 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/09/04 17:04:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/09/04 17:03:57 | 536,195,071 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/04 17:01:38 | 005,663,598 | -H-- | M] () -- C:\Users\Krystine\AppData\Local\IconCache.db
[2010/09/02 00:28:38 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Krystine\Desktop\OTL.exe
[2010/09/01 21:36:21 | 000,524,288 | -HS- | M] () -- C:\Users\Krystine\ntuser.dat{b09e2749-b625-11df-9521-0025113d5e33}.TMContainer00000000000000000002.regtrans-ms
[2010/09/01 21:36:21 | 000,524,288 | -HS- | M] () -- C:\Users\Krystine\ntuser.dat{b09e2749-b625-11df-9521-0025113d5e33}.TMContainer00000000000000000001.regtrans-ms
[2010/09/01 21:36:21 | 000,065,536 | -HS- | M] () -- C:\Users\Krystine\ntuser.dat{b09e2749-b625-11df-9521-0025113d5e33}.TM.blf
[2010/09/01 18:15:08 | 000,013,409 | ---- | M] () -- C:\Users\Public\Documents\otl fix.docx
[2010/09/01 18:04:42 | 000,016,100 | ---- | M] () -- C:\Users\Public\Documents\Final Schedule for real 2010-11.docx
[2010/09/01 17:51:45 | 000,078,336 | ---- | M] () -- C:\Users\Krystine\Documents\Final Schedule 2010-11.doc
[2010/08/28 13:19:39 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2010/08/27 20:49:38 | 000,000,069 | ---- | M] () -- C:\Windows\MONOLITH.INI
[2010/08/27 20:49:33 | 000,000,622 | ---- | M] () -- C:\Windows\win.ini
[2010/08/27 16:47:43 | 000,001,921 | ---- | M] () -- C:\Users\Public\Desktop\World of Goo.lnk
[2010/08/26 16:55:08 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Krystine\Desktop\TFC.exe
[2010/08/26 16:45:06 | 000,018,655 | ---- | M] () -- C:\Users\Public\Documents\OTL Extras.docx
[2010/08/26 16:44:36 | 000,024,780 | ---- | M] () -- C:\Users\Public\Documents\OTL.docx
[2010/08/26 16:21:36 | 000,013,180 | ---- | M] () -- C:\Users\Public\Documents\first goored.docx
[2010/08/26 16:19:41 | 000,013,631 | ---- | M] () -- C:\Users\Public\Documents\second OTM.docx
[2010/08/26 16:15:20 | 000,013,664 | ---- | M] () -- C:\Users\Public\Documents\first OTM.docx
[2010/08/26 15:24:44 | 000,001,013 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/23 19:40:44 | 000,000,834 | ---- | M] () -- C:\Users\Krystine\Desktop\PSX emulator.lnk
[2010/08/12 20:57:06 | 000,108,840 | ---- | M] () -- C:\Users\Krystine\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/08/12 20:55:26 | 000,415,616 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/08/11 20:58:19 | 000,032,768 | ---- | M] () -- C:\Users\Krystine\Documents\resume - old.doc
[2010/08/11 20:46:20 | 000,030,208 | ---- | M] () -- C:\Users\Krystine\Documents\cover letter outline.doc

========== Files Created - No Company Name ==========

[2010/09/04 17:04:18 | 000,524,288 | -HS- | C] () -- C:\Users\Krystine\ntuser.dat{fe1bca48-b6b2-11df-b00f-0025113d5e33}.TMContainer00000000000000000002.regtrans-ms
[2010/09/04 17:04:18 | 000,524,288 | -HS- | C] () -- C:\Users\Krystine\ntuser.dat{fe1bca48-b6b2-11df-b00f-0025113d5e33}.TMContainer00000000000000000001.regtrans-ms
[2010/09/04 17:04:18 | 000,065,536 | -HS- | C] () -- C:\Users\Krystine\ntuser.dat{fe1bca48-b6b2-11df-b00f-0025113d5e33}.TM.blf
[2010/09/02 16:45:27 | 000,024,576 | ---- | C] () -- C:\Users\Krystine\Desktop\Toilet Lament.doc
[2010/09/01 20:39:28 | 000,524,288 | -HS- | C] () -- C:\Users\Krystine\ntuser.dat{b09e2749-b625-11df-9521-0025113d5e33}.TMContainer00000000000000000002.regtrans-ms
[2010/09/01 20:39:28 | 000,524,288 | -HS- | C] () -- C:\Users\Krystine\ntuser.dat{b09e2749-b625-11df-9521-0025113d5e33}.TMContainer00000000000000000001.regtrans-ms
[2010/09/01 20:39:28 | 000,065,536 | -HS- | C] () -- C:\Users\Krystine\ntuser.dat{b09e2749-b625-11df-9521-0025113d5e33}.TM.blf
[2010/09/01 18:15:07 | 000,013,409 | ---- | C] () -- C:\Users\Public\Documents\otl fix.docx
[2010/09/01 17:42:21 | 000,016,100 | ---- | C] () -- C:\Users\Public\Documents\Final Schedule for real 2010-11.docx
[2010/08/29 20:41:17 | 000,000,920 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3969533455-2505683156-2406357703-1001UA.job
[2010/08/29 20:41:16 | 000,000,868 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3969533455-2505683156-2406357703-1001Core.job
[2010/08/27 20:47:12 | 000,000,069 | ---- | C] () -- C:\Windows\MONOLITH.INI
[2010/08/27 16:47:43 | 000,001,921 | ---- | C] () -- C:\Users\Public\Desktop\World of Goo.lnk
[2010/08/26 16:45:05 | 000,018,655 | ---- | C] () -- C:\Users\Public\Documents\OTL Extras.docx
[2010/08/26 16:44:35 | 000,024,780 | ---- | C] () -- C:\Users\Public\Documents\OTL.docx
[2010/08/26 16:21:35 | 000,013,180 | ---- | C] () -- C:\Users\Public\Documents\first goored.docx
[2010/08/26 16:19:39 | 000,013,631 | ---- | C] () -- C:\Users\Public\Documents\second OTM.docx
[2010/08/26 16:15:18 | 000,013,664 | ---- | C] () -- C:\Users\Public\Documents\first OTM.docx
[2010/08/26 15:24:44 | 000,001,013 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/23 19:40:44 | 000,000,834 | ---- | C] () -- C:\Users\Krystine\Desktop\PSX emulator.lnk
[2010/08/12 18:17:15 | 000,000,298 | -H-- | C] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010/08/11 20:46:17 | 000,030,208 | ---- | C] () -- C:\Users\Krystine\Documents\cover letter outline.doc
[2009/12/16 16:47:49 | 000,001,041 | ---- | C] () -- C:\Users\Krystine\AppData\Roaming\vso_ts_preview.xml
[2009/12/16 16:47:21 | 000,000,033 | ---- | C] () -- C:\Users\Krystine\AppData\Roaming\pcouffin.log
[2009/12/16 16:47:12 | 000,099,384 | ---- | C] () -- C:\Users\Krystine\AppData\Roaming\inst.exe
[2009/12/16 16:47:12 | 000,007,859 | ---- | C] () -- C:\Users\Krystine\AppData\Roaming\pcouffin.cat
[2009/12/16 16:47:12 | 000,001,167 | ---- | C] () -- C:\Users\Krystine\AppData\Roaming\pcouffin.inf
[2009/12/15 20:55:10 | 000,730,638 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/12/11 01:19:40 | 000,001,169 | ---- | C] () -- C:\Program Files\Serail & Readme.bat
[2009/12/04 17:24:58 | 000,013,425 | ---- | C] () -- C:\Program Files\License Agreement.rtf
[2009/12/04 17:24:58 | 000,000,652 | ---- | C] () -- C:\Program Files\CopyTrans.ris
[2009/12/04 17:24:58 | 000,000,603 | ---- | C] () -- C:\Program Files\INSTALLATION_PROCEDURE.txt
[2009/12/04 15:36:36 | 000,000,017 | ---- | C] () -- C:\Users\Krystine\AppData\Local\resmon.resmoncfg
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
< End of report >
  • 0

#53
emeraldnzl
Posted 05 September 2010 - 01:32 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello again krystine,

Please run OTL.exe

  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.162.234,93.188.161.234
O33 - MountPoints2\{0745478a-e122-11de-af18-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{0745478a-e122-11de-af18-806e6f6e6963}\Shell\AutoRun\command - "" = D:\autorun.exe -- File not found

:Commands
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • It will produce a log for you on reboot, please post that log in your next reply.
Next

  • Close all windows and open OTL again.
  • Click Run Scan and let the program run uninterrupted
  • It will produce a log for you. Post the log here.
So when you return please post
  • OTL fix log
  • OTL scan log
  • 0

#54
krystine
Posted 05 September 2010 - 07:09 PM

krystine

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts
When my computer booted up after the fix, no log popped up and I wasn't sure where to/if I could find it.
Here the scan I did after though:

OTL logfile created on: 9/5/2010 9:07:27 PM - Run 2
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\Krystine\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 74.00% Memory free
12.00 Gb Paging File | 10.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 581.52 Gb Total Space | 274.07 Gb Free Space | 47.13% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KRYSTINE-PC
Current User Name: Krystine
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/09/02 00:28:38 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Krystine\Desktop\OTL.exe
PRC - [2010/07/24 13:54:43 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/07/21 08:01:34 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgemc.exe
PRC - [2010/07/16 08:30:20 | 002,065,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgtray.exe
PRC - [2010/07/16 08:30:17 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
PRC - [2010/07/16 08:29:53 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe
PRC - [2010/06/02 20:50:58 | 001,144,104 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2009/10/30 07:57:08 | 000,369,200 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2009/07/26 17:44:34 | 003,883,856 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
PRC - [2009/07/13 21:14:42 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\microsoft shared\ink\TabTip32.exe
PRC - [2009/01/26 16:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe


========== Modules (SafeList) ==========

MOD - [2010/09/02 00:28:38 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Krystine\Desktop\OTL.exe
MOD - [2009/07/13 21:16:16 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\microsoft shared\ink\tiptsf.dll
MOD - [2009/07/13 21:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009/07/13 21:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/11/23 16:53:58 | 000,127,784 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\WTouch\WTouchService.exe -- (WTouchService)
SRV:64bit: - [2009/11/23 16:53:54 | 005,556,520 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Windows\SysNative\Pen_Tablet.exe -- (TabletServicePen)
SRV:64bit: - [2009/08/18 03:36:20 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 21:41:56 | 000,195,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService)
SRV:64bit: - [2009/07/13 21:41:53 | 001,361,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\PeerDistSvc.dll -- (PeerDistSvc)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:24 | 000,689,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cscsvc.dll -- (CscService)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2010/07/21 08:01:34 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/07/16 08:30:17 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/01/21 17:51:12 | 030,963,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/07/16 08:30:19 | 000,317,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (AvgTdiA)
DRV:64bit: - [2010/07/16 08:29:54 | 000,269,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (AvgLdx64)
DRV:64bit: - [2010/06/03 08:22:09 | 000,035,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (AvgMfx64)
DRV:64bit: - [2009/12/04 19:11:36 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009/10/16 02:33:06 | 000,050,176 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/08/27 16:06:34 | 000,018,216 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV:64bit: - [2009/08/18 04:48:48 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/07/13 21:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 21:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:45:55 | 000,200,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmbus.sys -- (vmbus)
DRV:64bit: - [2009/07/13 21:45:55 | 000,046,672 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmstorfl.sys -- (storflt)
DRV:64bit: - [2009/07/13 21:45:55 | 000,034,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\storvsc.sys -- (storvsc)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/07/13 19:42:58 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vms3cap.sys -- (s3cap)
DRV:64bit: - [2009/07/13 19:42:44 | 000,021,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusHID.sys -- (VMBusHID)
DRV:64bit: - [2009/07/13 19:24:27 | 000,514,048 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\csc.sys -- (CSC)
DRV:64bit: - [2009/06/19 13:47:52 | 000,382,464 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr7064.sys -- (rt70x64)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:35:02 | 000,281,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1y60x64.sys -- (e1yexpress) Intel®
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/20 12:54:06 | 000,015,656 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid)
DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/01/09 16:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2007/05/14 16:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2007/02/16 11:12:36 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2007/02/07 14:27:46 | 000,014,104 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\speedfan.sys -- (speedfan)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?rd=1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 84 C6 69 02 E2 E7 CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.ca/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {241aae70-0022-11de-87af-0800200c9a66}:3.6.30.01.10
FF - prefs.js..extensions.enabledItems: {9f94fab0-58a2-11dd-ae16-0800200c9a66}:3.0.26

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/07/24 13:54:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/09/04 17:03:58 | 000,000,000 | ---D | M]

[2009/12/04 16:19:21 | 000,000,000 | ---D | M] -- C:\Users\Krystine\AppData\Roaming\Mozilla\Extensions
[2010/09/05 12:42:06 | 000,000,000 | ---D | M] -- C:\Users\Krystine\AppData\Roaming\Mozilla\Firefox\Profiles\y53eic8b.default\extensions
[2010/03/25 22:46:11 | 000,000,000 | ---D | M] (Blue Fox) -- C:\Users\Krystine\AppData\Roaming\Mozilla\Firefox\Profiles\y53eic8b.default\extensions\{241aae70-0022-11de-87af-0800200c9a66}
[2010/03/25 22:47:45 | 000,000,000 | ---D | M] (AvantGarde Rosepetal) -- C:\Users\Krystine\AppData\Roaming\Mozilla\Firefox\Profiles\y53eic8b.default\extensions\{9f94fab0-58a2-11dd-ae16-0800200c9a66}
[2010/09/04 17:02:50 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Krystine\AppData\Roaming\Mozilla\Firefox\Profiles\y53eic8b.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/08/28 13:22:07 | 000,000,000 | ---D | M] -- C:\Users\Krystine\AppData\Roaming\Mozilla\Firefox\Profiles\y53eic8b.default\extensions\[email protected]
[2010/03/25 22:47:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Krystine\AppData\Roaming\Mozilla\Firefox\Profiles\y53eic8b.default\extensions\{9f94fab0-58a2-11dd-ae16-0800200c9a66}\mozapps\extensions
[2010/09/05 12:42:06 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/09/04 17:02:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

O1 HOSTS File: ([2010/08/28 13:19:39 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [ISUSPM] C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe File not found
O4 - HKCU..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [ZE18MW23GY] C:\Users\Krystine\AppData\Local\Temp\Ncz.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/09/05 12:29:35 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Krystine\Desktop\OTL.exe
[2010/09/01 18:15:46 | 000,000,000 | ---D | C] -- C:\Users\Krystine\AppData\Roaming\SUPERAntiSpyware.com
[2010/09/01 18:15:46 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/09/01 18:15:41 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2010/09/01 18:15:40 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/09/01 18:08:50 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/08/31 17:57:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2010/08/30 18:28:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/08/30 18:28:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010/08/29 20:41:15 | 000,000,000 | ---D | C] -- C:\Users\Krystine\AppData\Local\Google
[2010/08/29 17:17:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2010/08/27 16:47:50 | 000,000,000 | ---D | C] -- C:\ProgramData\2DBoy
[2010/08/27 16:47:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WorldOfGoo
[2010/08/26 16:06:42 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/08/26 15:48:48 | 000,000,000 | ---D | C] -- C:\Program Files\HijackThis
[2010/08/26 15:24:45 | 000,000,000 | ---D | C] -- C:\Users\Krystine\AppData\Roaming\Malwarebytes
[2010/08/26 15:24:44 | 000,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbam.sys
[2010/08/26 15:24:42 | 000,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/08/26 15:24:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/08/26 15:24:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/08/26 15:10:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner
[2010/08/26 14:46:19 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
[2010/08/25 20:45:45 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2010/08/23 17:42:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Delta
[2010/08/12 20:32:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2010/08/12 20:22:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Synchronization Services
[2010/08/12 20:22:25 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010/08/12 20:22:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2010/08/12 20:22:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Sync Framework
[2010/08/12 20:22:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2010/08/12 20:16:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2010/08/08 21:17:37 | 000,000,000 | ---D | C] -- C:\Users\Krystine\Documents\moonshl2
[2010/08/08 21:17:37 | 000,000,000 | ---D | C] -- C:\Users\Krystine\Documents\moonmemo
[2010/08/08 20:39:21 | 000,000,000 | ---D | C] -- C:\Users\Krystine\Documents\eng
[2010/08/08 18:20:39 | 000,000,000 | ---D | C] -- C:\Users\Krystine\Documents\AAA DS
[2010/08/07 02:04:19 | 000,000,000 | ---D | C] -- C:\Users\Krystine\Documents\Heroes of Newerth
[2010/08/07 02:04:07 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_40.dll
[2010/08/07 02:04:07 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_40.dll
[2010/08/07 02:04:07 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_40.dll
[2010/08/07 02:04:06 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_3.dll
[2010/08/07 02:03:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Heroes of Newerth
[2010/04/16 17:53:56 | 001,117,491 | ---- | C] (DVD Shrink ) -- C:\Program Files (x86)\dvdshrink32setup.exe
[2009/12/16 16:47:12 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Krystine\AppData\Roaming\pcouffin.sys
[2009/12/04 17:24:58 | 003,139,840 | ---- | C] (WindSolutions) -- C:\Program Files\CopyTrans.exe

========== Files - Modified Within 30 Days ==========

[2010/09/05 21:08:38 | 007,864,320 | -HS- | M] () -- C:\Users\Krystine\ntuser.dat
[2010/09/05 21:04:58 | 000,000,298 | -H-- | M] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010/09/05 20:46:00 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3969533455-2505683156-2406357703-1001UA.job
[2010/09/05 20:46:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3969533455-2505683156-2406357703-1001Core.job
[2010/09/05 20:24:55 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/09/05 20:24:55 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/09/05 20:24:41 | 000,717,892 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/09/05 20:24:41 | 000,618,026 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/09/05 20:24:41 | 000,104,340 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/09/05 20:17:46 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/09/05 20:17:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/09/05 20:17:36 | 536,195,071 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/05 20:16:46 | 000,524,288 | -HS- | M] () -- C:\Users\Krystine\ntuser.dat{fe1bca48-b6b2-11df-b00f-0025113d5e33}.TMContainer00000000000000000002.regtrans-ms
[2010/09/05 20:16:46 | 000,524,288 | -HS- | M] () -- C:\Users\Krystine\ntuser.dat{fe1bca48-b6b2-11df-b00f-0025113d5e33}.TMContainer00000000000000000001.regtrans-ms
[2010/09/05 20:16:46 | 000,065,536 | -HS- | M] () -- C:\Users\Krystine\ntuser.dat{fe1bca48-b6b2-11df-b00f-0025113d5e33}.TM.blf
[2010/09/05 20:16:44 | 005,666,410 | -H-- | M] () -- C:\Users\Krystine\AppData\Local\IconCache.db
[2010/09/05 17:33:11 | 064,344,501 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2010/09/02 00:28:38 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Krystine\Desktop\OTL.exe
[2010/09/01 21:36:21 | 000,524,288 | -HS- | M] () -- C:\Users\Krystine\ntuser.dat{b09e2749-b625-11df-9521-0025113d5e33}.TMContainer00000000000000000002.regtrans-ms
[2010/09/01 21:36:21 | 000,524,288 | -HS- | M] () -- C:\Users\Krystine\ntuser.dat{b09e2749-b625-11df-9521-0025113d5e33}.TMContainer00000000000000000001.regtrans-ms
[2010/09/01 21:36:21 | 000,065,536 | -HS- | M] () -- C:\Users\Krystine\ntuser.dat{b09e2749-b625-11df-9521-0025113d5e33}.TM.blf
[2010/09/01 18:15:08 | 000,013,409 | ---- | M] () -- C:\Users\Public\Documents\otl fix.docx
[2010/09/01 18:04:42 | 000,016,100 | ---- | M] () -- C:\Users\Public\Documents\Final Schedule for real 2010-11.docx
[2010/09/01 17:51:45 | 000,078,336 | ---- | M] () -- C:\Users\Krystine\Documents\Final Schedule 2010-11.doc
[2010/08/28 13:19:39 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2010/08/27 20:49:38 | 000,000,069 | ---- | M] () -- C:\Windows\MONOLITH.INI
[2010/08/27 20:49:33 | 000,000,622 | ---- | M] () -- C:\Windows\win.ini
[2010/08/27 16:47:43 | 000,001,921 | ---- | M] () -- C:\Users\Public\Desktop\World of Goo.lnk
[2010/08/26 16:45:06 | 000,018,655 | ---- | M] () -- C:\Users\Public\Documents\OTL Extras.docx
[2010/08/26 16:44:36 | 000,024,780 | ---- | M] () -- C:\Users\Public\Documents\OTL.docx
[2010/08/26 16:21:36 | 000,013,180 | ---- | M] () -- C:\Users\Public\Documents\first goored.docx
[2010/08/26 16:19:41 | 000,013,631 | ---- | M] () -- C:\Users\Public\Documents\second OTM.docx
[2010/08/26 16:15:20 | 000,013,664 | ---- | M] () -- C:\Users\Public\Documents\first OTM.docx
[2010/08/26 15:24:44 | 000,001,013 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/23 19:40:44 | 000,000,834 | ---- | M] () -- C:\Users\Krystine\Desktop\PSX emulator.lnk
[2010/08/12 20:57:06 | 000,108,840 | ---- | M] () -- C:\Users\Krystine\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/08/12 20:55:26 | 000,415,616 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/08/11 20:58:19 | 000,032,768 | ---- | M] () -- C:\Users\Krystine\Documents\resume - old.doc
[2010/08/11 20:46:20 | 000,030,208 | ---- | M] () -- C:\Users\Krystine\Documents\cover letter outline.doc

========== Files Created - No Company Name ==========

[2010/09/04 17:04:18 | 000,524,288 | -HS- | C] () -- C:\Users\Krystine\ntuser.dat{fe1bca48-b6b2-11df-b00f-0025113d5e33}.TMContainer00000000000000000002.regtrans-ms
[2010/09/04 17:04:18 | 000,524,288 | -HS- | C] () -- C:\Users\Krystine\ntuser.dat{fe1bca48-b6b2-11df-b00f-0025113d5e33}.TMContainer00000000000000000001.regtrans-ms
[2010/09/04 17:04:18 | 000,065,536 | -HS- | C] () -- C:\Users\Krystine\ntuser.dat{fe1bca48-b6b2-11df-b00f-0025113d5e33}.TM.blf
[2010/09/01 20:39:28 | 000,524,288 | -HS- | C] () -- C:\Users\Krystine\ntuser.dat{b09e2749-b625-11df-9521-0025113d5e33}.TMContainer00000000000000000002.regtrans-ms
[2010/09/01 20:39:28 | 000,524,288 | -HS- | C] () -- C:\Users\Krystine\ntuser.dat{b09e2749-b625-11df-9521-0025113d5e33}.TMContainer00000000000000000001.regtrans-ms
[2010/09/01 20:39:28 | 000,065,536 | -HS- | C] () -- C:\Users\Krystine\ntuser.dat{b09e2749-b625-11df-9521-0025113d5e33}.TM.blf
[2010/09/01 18:15:07 | 000,013,409 | ---- | C] () -- C:\Users\Public\Documents\otl fix.docx
[2010/09/01 17:42:21 | 000,016,100 | ---- | C] () -- C:\Users\Public\Documents\Final Schedule for real 2010-11.docx
[2010/08/29 20:41:17 | 000,000,920 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3969533455-2505683156-2406357703-1001UA.job
[2010/08/29 20:41:16 | 000,000,868 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3969533455-2505683156-2406357703-1001Core.job
[2010/08/27 20:47:12 | 000,000,069 | ---- | C] () -- C:\Windows\MONOLITH.INI
[2010/08/27 16:47:43 | 000,001,921 | ---- | C] () -- C:\Users\Public\Desktop\World of Goo.lnk
[2010/08/26 16:45:05 | 000,018,655 | ---- | C] () -- C:\Users\Public\Documents\OTL Extras.docx
[2010/08/26 16:44:35 | 000,024,780 | ---- | C] () -- C:\Users\Public\Documents\OTL.docx
[2010/08/26 16:21:35 | 000,013,180 | ---- | C] () -- C:\Users\Public\Documents\first goored.docx
[2010/08/26 16:19:39 | 000,013,631 | ---- | C] () -- C:\Users\Public\Documents\second OTM.docx
[2010/08/26 16:15:18 | 000,013,664 | ---- | C] () -- C:\Users\Public\Documents\first OTM.docx
[2010/08/26 15:24:44 | 000,001,013 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/23 19:40:44 | 000,000,834 | ---- | C] () -- C:\Users\Krystine\Desktop\PSX emulator.lnk
[2010/08/12 18:17:15 | 000,000,298 | -H-- | C] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010/08/11 20:46:17 | 000,030,208 | ---- | C] () -- C:\Users\Krystine\Documents\cover letter outline.doc
[2009/12/16 16:47:49 | 000,001,041 | ---- | C] () -- C:\Users\Krystine\AppData\Roaming\vso_ts_preview.xml
[2009/12/16 16:47:21 | 000,000,033 | ---- | C] () -- C:\Users\Krystine\AppData\Roaming\pcouffin.log
[2009/12/16 16:47:12 | 000,099,384 | ---- | C] () -- C:\Users\Krystine\AppData\Roaming\inst.exe
[2009/12/16 16:47:12 | 000,007,859 | ---- | C] () -- C:\Users\Krystine\AppData\Roaming\pcouffin.cat
[2009/12/16 16:47:12 | 000,001,167 | ---- | C] () -- C:\Users\Krystine\AppData\Roaming\pcouffin.inf
[2009/12/15 20:55:10 | 000,730,638 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/12/11 01:19:40 | 000,001,169 | ---- | C] () -- C:\Program Files\Serail & Readme.bat
[2009/12/04 17:24:58 | 000,013,425 | ---- | C] () -- C:\Program Files\License Agreement.rtf
[2009/12/04 17:24:58 | 000,000,652 | ---- | C] () -- C:\Program Files\CopyTrans.ris
[2009/12/04 17:24:58 | 000,000,603 | ---- | C] () -- C:\Program Files\INSTALLATION_PROCEDURE.txt
[2009/12/04 15:36:36 | 000,000,017 | ---- | C] () -- C:\Users\Krystine\AppData\Local\resmon.resmoncfg
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
< End of report >
  • 0

#55
emeraldnzl
Posted 05 September 2010 - 07:18 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

When my computer booted up after the fix, no log popped up and I wasn't sure where to/if I could find it.


Most likely saved as a txt file at C:\_OTL\Moved Files but don't worry now.

Looks like that one is gone, how is your computer, are you still getting the redirects?
  • 0

Advertisements

#56
krystine
Posted 06 September 2010 - 03:31 PM

krystine

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts
I am but is it possible that it came back overnight, because I didn't delete my old restore points? Should I do the fix again and then see if it worked at that point
  • 0

#57
emeraldnzl
Posted 06 September 2010 - 04:02 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

I am but is it possible that it came back overnight, because I didn't delete my old restore points?


Not unless you used System Restore again. :)

Now

In this post we will run another OTL scan to see if that one has regenerated and we will check for another possibility with a different tool.

Also when you come back please tell me a little bit more about those redirects if you can. Maybe where they are sending you or any other symptoms of your machine that might be relevant.

Next

Please download MBRCheck.exe to your Desktop.

  • Double click to run it
  • It will prompt you with some text
  • Left click on title bar (where program name and path is written)
  • From menu chose Edit > Select All
  • Click Enter key on keyboard to copy selected text
  • paste that text back here

After that

We will use OTL in a slightly different way this time.

  • Double click on the OTL icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Standard Registry box change it to All.
  • Under the Extas Registry box check the Use SafeList box.
  • Check the boxes beside LOP Check and Purity Check.
  • Download the following file scan.txt to your Desktop. You may need to right click on it and select "Save"
  • Double click inside the Custom Scan box at the bottom
  • A window will appear saying "Click Ok to load a custom scan from a file or Cancel to cancel"
  • Click the Ok button and navigate to the file scan.txt which we just saved to your desktop
  • Select scan.txt and click Open. Writing will now appear under the Custom Scan box
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
When you return please post
  • MBRCheck scan log
  • OTL logs - OTL.txt and Extras.txt
  • and tell me a bit more about the redirects
  • 0

#58
krystine
Posted 06 September 2010 - 04:19 PM

krystine

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts
MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Ultimate Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: Gateway
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: Gateway
System Product Name: DX4820
Logical Drives Mask: 0x000007ec

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`a9900000 (NTFS)

Size Device Name MBR Status
--------------------------------------------
596 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done!
Press ENTER to exit...



There doesn't seem to be a file attached to word scan.txt .. When I right click the same options show up as if I was to click any other words on the page.

edit: I can visit some results from a google search, but more times than not I get redirected or stuck at a white loading page where it says in the bottom left "waiting for google-analytics.com" or "connecting to results5.google.ca"
Occasionally the correct page will load for maybe 2 seconds and then I get redirected, but sometimes it goes straight to the redirect page which is usually "kdirectory" or "surveys.cnet.com" or "promo.videocop.com."
Also once in a while but not often I will get a pop-up of a random page or just a white page.
More often it seems that I get stuck redirecting somewhere instead of actually ending up at one of those random sites.

Edited by krystine, 06 September 2010 - 04:27 PM.

  • 0

#59
emeraldnzl
Posted 06 September 2010 - 04:25 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

There doesn't seem to be a file attached to word scan.txt


Did you click the blue scan.txt at the bottom of my post? :)

I have just checked it and it works for me.
  • 0

#60
krystine
Posted 06 September 2010 - 04:30 PM

krystine

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts
Ahh I didn't see that :) sorry! Okay I am running the scans now. Also, did you see my edit about the nature of the redirects?
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP