Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Google redirects almost everything, MS Sec. Ess. will not start. Have


  • This topic is locked This topic is locked

#1
Lazarus Long

Lazarus Long

    Member

  • Member
  • PipPip
  • 17 posts
Couple days ago got the AntiMalware Doctor appearing on my desktop and trying to install itself. Ran RKill and MBAM to try to remove it but MBAM locked up when I tried to delete the infections identified. Rebooted, ran RKill again, started Microsoft Security Essentials and scanned. It also identified a bunch of crap and tried to remove it but locked up. So I rebooted and used BIOS to boot from my backup hard drive, then ran MBAM on the main drive. It found and claimed to remove the stuff. So I rebooted back on the main drive and all seemed fine until I did a google and got redirected. Again and again. Knew something was up, ran RKILL and MBAM but they found nothing. Tried MS Sec. Ess. and it would not start. Tried reactivating it from services.msc and the antimalware part claims to have started but the main program will flash its home screen and tray icon for half a second (the red tray icon of course) and then disappear. Tried the google redirect fix guide on this site and it appeared to work, but MS Sec. Ess. still would not start. I rebooted and the redirects are back, and MSSE still cannot start. RKill, TDSSKiller, and MBAM all claim to find no infections now. Tried removing some files and registry keys identified by MBAM but they come back after every reboot, or within moments of being deleted. Have been at this for a couple days now trying various self helps to no avail. I can overwhelm the google redirect by opening a whole bunch of new tabs at the same time--most will redirect to ads or search engines but one or two will get to where I actually want to go. But I have exhausted my bag of tricks and despaired of fixing this without expert help. I am also concerned about what data or private information I might be losing. So here is my most recent log from OTL:
  • 0

Advertisements


#2
Lazarus Long

Lazarus Long

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
OTL logfile created on: 5/14/2011 9:38:36 PM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\The Collison Family\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 506.00 Mb Available Physical Memory | 49.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 126.96 Gb Total Space | 35.80 Gb Free Space | 28.20% Space Free | Partition Type: NTFS
Drive D: | 332.03 Gb Total Space | 116.85 Gb Free Space | 35.19% Space Free | Partition Type: NTFS
Drive E: | 149.05 Gb Total Space | 6.83 Gb Free Space | 4.59% Space Free | Partition Type: NTFS
Drive H: | 95.78 Mb Total Space | 81.39 Mb Free Space | 84.98% Space Free | Partition Type: FAT
Drive I: | 485.98 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive X: | 146.48 Gb Total Space | 20.86 Gb Free Space | 14.24% Space Free | Partition Type: NTFS

Computer Name: YELLOWSUBMARINE | User Name: The Collison Family | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/14 20:10:07 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\The Collison Family\Desktop\OTL.exe
PRC - [2008/10/15 16:47:00 | 000,143,360 | ---- | M] () -- C:\Program Files\Razer\Lachesis\razertra.exe
PRC - [2008/10/14 11:46:14 | 000,172,032 | ---- | M] () -- C:\Program Files\Razer\Lachesis\razerhid.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/16 17:05:16 | 000,274,432 | ---- | M] (razercfg MFC Application) -- C:\Program Files\Razer\Lachesis\OSD.exe
PRC - [2007/06/05 10:37:12 | 000,163,840 | ---- | M] (Razer Inc.) -- C:\Program Files\Razer\Lachesis\razerofa.exe


========== Modules (SafeList) ==========

MOD - [2011/05/14 20:10:07 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\The Collison Family\Desktop\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (itlperf)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [Disabled | Stopped] -- -- (gupdate) Google Update Service (gupdate)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/03/09 08:30:08 | 000,092,592 | ---- | M] (TomTom) [Disabled | Stopped] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/07/10 10:33:24 | 000,079,360 | ---- | M] (Creative Labs) [Disabled | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010/03/11 14:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2010/02/12 10:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Disabled | Stopped] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2007/12/17 04:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) [Disabled | Stopped] -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE -- (EPSON_EB_RPCV4_01) EPSON V5 Service4(01)
SRV - [2007/01/11 04:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) [Disabled | Stopped] -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)
SRV - [2007/01/04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) [Disabled | Stopped] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


========== Driver Services (SafeList) ==========

DRV - [2010/11/26 00:17:40 | 005,555,712 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2010/08/19 06:41:58 | 000,101,904 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtihdXP3.sys -- (AtiHDAudioService)
DRV - [2010/04/28 07:44:02 | 000,054,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2010/03/18 20:50:12 | 000,189,528 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\haP17v2k.sys -- (hap17v2k)
DRV - [2010/03/18 20:50:04 | 000,162,904 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k)
DRV - [2010/03/18 20:49:56 | 000,798,808 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2010/03/18 20:45:42 | 000,092,760 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2010/03/18 20:45:28 | 000,157,272 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2010/03/18 20:45:20 | 000,014,424 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2010/03/18 20:45:12 | 000,127,576 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2010/03/18 20:40:56 | 000,018,904 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctgame.sys -- (ctgame)
DRV - [2010/03/18 20:40:48 | 000,347,144 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2010/03/18 20:40:40 | 000,528,472 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2010/03/18 20:40:32 | 000,511,064 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2010/03/18 20:39:36 | 000,100,952 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CTERFXFX.SYS -- (CTERFXFX.SYS)
DRV - [2010/03/18 20:39:36 | 000,100,952 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTERFXFX.sys -- (CTERFXFX)
DRV - [2010/03/18 20:39:28 | 000,566,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CTSBLFX.SYS -- (CTSBLFX.SYS)
DRV - [2010/03/18 20:39:28 | 000,566,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTSBLFX.sys -- (CTSBLFX)
DRV - [2010/03/18 20:39:18 | 000,555,096 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CTAUDFX.SYS -- (CTAUDFX.SYS)
DRV - [2010/03/18 20:39:18 | 000,555,096 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTAUDFX.sys -- (CTAUDFX)
DRV - [2010/03/18 20:39:10 | 000,099,416 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\COMMONFX.SYS -- (COMMONFX.SYS)
DRV - [2010/03/18 20:39:10 | 000,099,416 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COMMONFX.sys -- (COMMONFX)
DRV - [2009/06/02 09:26:28 | 000,099,856 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2009/01/13 19:13:52 | 000,049,160 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2009/01/13 19:13:44 | 000,014,728 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2009/01/13 19:13:28 | 000,029,192 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2009/01/13 19:13:20 | 000,019,336 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2007/08/08 11:04:16 | 000,012,032 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Lachesis.sys -- (LachesisFltr)
DRV - [2007/07/19 23:44:54 | 000,110,120 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\pnp680r.sys -- (Pnp680r)
DRV - [2007/04/17 20:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\regi.sys -- (regi)
DRV - [2007/04/12 08:10:26 | 000,164,608 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CT20XUT.DLL -- (CT20XUT.DLL)
DRV - [2007/04/12 08:10:26 | 000,066,816 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTHWIUT.DLL -- (CTHWIUT.DLL)
DRV - [2007/04/12 08:10:24 | 001,317,632 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEXFIFX.DLL -- (CTEXFIFX.DLL)
DRV - [2007/04/12 08:10:22 | 000,323,328 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEDSPSY.DLL -- (CTEDSPSY.DLL)
DRV - [2007/04/12 08:10:22 | 000,128,768 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEDSPIO.DLL -- (CTEDSPIO.DLL)
DRV - [2007/04/12 08:10:20 | 000,280,320 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEDSPFX.DLL -- (CTEDSPFX.DLL)
DRV - [2007/04/12 08:10:18 | 000,168,192 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEAPSFX.DLL -- (CTEAPSFX.DLL)
DRV - [2007/02/08 09:45:14 | 000,029,184 | R--- | M] (Thesycon GmbH, Germany) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dsiarhwprog.sys -- (dsiarhwprog)
DRV - [2006/08/02 10:45:32 | 000,114,560 | ---- | M] (Mars Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mr7910.sys -- (mr7910)
DRV - [2005/12/21 11:23:26 | 000,014,592 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Usbicp.sys -- (uisp)
DRV - [2002/06/10 15:33:32 | 000,013,780 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2001/08/17 12:49:04 | 000,051,552 | ---- | M] (Kensington Technology Group) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ntgrip.sys -- (ntgrip)
DRV - [2000/07/24 01:01:00 | 000,019,537 | ---- | M] (Brother Industries Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\BrPar.sys -- (BrPar)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.foxnews.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:1.7.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.2


[2011/04/08 16:01:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\The Collison Family\Application Data\Mozilla\Extensions
[2011/04/08 16:01:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\The Collison Family\Application Data\Mozilla\Extensions\[email protected]
[2011/04/08 16:01:07 | 000,000,000 | ---D | M] (Map status indicator) -- C:\PROGRAM FILES\TOMTOM HOME 2\XUL\EXTENSIONS\[email protected]

O1 HOSTS File: ([2011/05/14 21:16:48 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [Lachesis] C:\Program Files\Razer\Lachesis\razerhid.exe ()
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([windowsupdate] http in Trusted sites)
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} http://www.logitech....Detection32.cab (Device Detection)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1278737081811 (WUWebControl Class)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creat...101/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1278805891218 (MUWebControl Class)
O16 - DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} http://www.mpix.com/...geUploader6.cab (Image Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} http://web1.shutterf...ds/Uploader.cab (Shutterfly Picture Upload Plugin)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creat...13/CTPIDPDE.cab (Creative Software AutoUpdate Support Package)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creat...15113/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\itlntfy: DllName - itlnfw32.dll - File not found
O20 - Winlogon\Notify\mexehon: DllName - C:\Documents and Settings\NetworkService\Local Settings\Application Data\mexehon.dll - C:\Documents and Settings\NetworkService\Local Settings\Application Data\mexehon.dll ()
O24 - Desktop WallPaper: C:\Documents and Settings\The Collison Family\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\The Collison Family\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/07/09 23:54:10 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2005/11/26 23:28:07 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2005/11/26 20:29:12 | 000,000,000 | ---- | M] () - H:\AUTOEXEC.BAT -- [ FAT ]
O32 - AutoRun File - [2004/11/10 00:10:28 | 000,000,041 | R--- | M] () - I:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2008/08/30 16:18:26 | 000,360,960 | R--- | M] () - I:\Autorun.exe -- [ CDFS ]
O33 - MountPoints2\{15f8a5dc-fb46-11df-ae22-0007e90a244e}\Shell - "" = AutoRun
O33 - MountPoints2\{15f8a5dc-fb46-11df-ae22-0007e90a244e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{15f8a5dc-fb46-11df-ae22-0007e90a244e}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
O33 - MountPoints2\{72c3512e-a474-11df-ad7a-0007e90a244e}\Shell - "" = AutoRun
O33 - MountPoints2\{72c3512e-a474-11df-ad7a-0007e90a244e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{72c3512e-a474-11df-ad7a-0007e90a244e}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL FileConverter.exe
O33 - MountPoints2\{72c3512e-a474-11df-ad7a-0007e90a244e}\Shell\setup\command - "" = N:\FileConverter.exe
O33 - MountPoints2\N\Shell - "" = AutoRun
O33 - MountPoints2\N\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\N\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/14 21:22:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\The Collison Family\Desktop\GooredFix Backups
[2011/05/14 21:16:47 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/05/14 21:06:58 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\The Collison Family\Desktop\GooredFix.exe
[2011/05/14 21:03:28 | 000,519,680 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\The Collison Family\Desktop\OTM.exe
[2011/05/14 21:02:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\The Collison Family\Desktop\ERunt
[2011/05/14 20:10:05 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\The Collison Family\Desktop\OTL.exe
[2011/05/14 19:22:27 | 000,274,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2011/05/14 19:22:27 | 000,016,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2011/05/14 19:22:01 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/05/14 18:24:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\The Collison Family\Application Data\ElevatedDiagnostics
[2011/05/14 18:11:07 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/05/14 16:02:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Games for Windows Marketplace
[2011/05/14 09:50:32 | 001,407,280 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\The Collison Family\Desktop\tyler123.exe
[2011/05/14 01:56:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2011/05/13 21:27:26 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2011/05/13 07:04:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/05/12 22:02:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/05/12 21:51:33 | 000,222,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2011/05/12 04:54:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple Computer
[2011/05/11 22:25:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/05/11 21:29:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/05/11 20:43:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/05/11 20:43:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/05/11 20:29:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\The Collison Family\Application Data\1E51D0DB24463FB82FEB26284C423FE6
[2011/04/27 10:40:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\The Collison Family\Start Menu\Programs\Steam
[2011/04/27 10:11:13 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_5.dll
[2011/04/27 10:11:13 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_5.dll
[2011/04/27 10:11:12 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dcsx_42.dll
[2011/04/27 10:11:12 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_42.dll
[2011/04/27 10:11:12 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx11_42.dll
[2011/04/27 10:11:11 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_41.dll
[2011/04/27 10:11:11 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_41.dll
[2011/04/27 10:11:10 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_41.dll
[2011/04/27 10:11:10 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_4.dll
[2011/04/27 10:11:10 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_4.dll
[2011/04/27 10:11:10 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_3.dll
[2011/04/27 10:11:09 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_6.dll
[2011/04/27 10:11:08 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_40.dll
[2011/04/27 10:11:08 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_40.dll
[2011/04/27 10:11:06 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_3.dll
[2011/04/27 10:11:05 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_39.dll
[2011/04/27 10:11:05 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_39.dll
[2011/04/27 10:11:05 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_2.dll
[2011/04/25 14:24:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Photo Crop Editor
[2011/04/25 14:24:16 | 000,000,000 | ---D | C] -- C:\Program Files\iFoxSoft
[2011/04/25 11:33:20 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdv.sys
[2011/04/25 11:33:16 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avc.sys
[2011/04/25 11:33:13 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\61883.sys
[2011/04/25 08:01:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\The Collison Family\Local Settings\Application Data\Logitech
[2011/04/25 07:59:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Logitech
[2011/04/25 07:59:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Logitech
[2011/04/25 07:59:10 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2011/04/24 13:10:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\The Collison Family\Desktop\Bean's Timeline
[2011/04/22 09:49:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\NAMCO BANDAI Games
[2011/04/22 09:45:48 | 000,000,000 | ---D | C] -- C:\Program Files\NAMCO BANDAI Games
[2011/04/22 09:45:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\The Collison Family\My Documents\Snoopy vs. the Red Baron
[2011/04/04 13:10:14 | 000,122,368 | ---- | C] ( ) -- C:\WINDOWS\System32\lagarith.dll
[2010/03/18 19:18:32 | 000,010,752 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2010/03/18 18:59:50 | 000,010,240 | ---- | C] ( ) -- C:\WINDOWS\System32\killapps.exe

========== Files - Modified Within 30 Days ==========

[2011/05/14 21:36:00 | 000,000,912 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/14 21:34:35 | 000,000,908 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/14 21:34:33 | 000,000,340 | -HS- | M] () -- C:\WINDOWS\tasks\ydbmdpdstq.job
[2011/05/14 21:34:33 | 000,000,332 | -HS- | M] () -- C:\WINDOWS\tasks\tgtu.job
[2011/05/14 21:34:33 | 000,000,300 | -HS- | M] () -- C:\WINDOWS\tasks\Gjijarmulr.job
[2011/05/14 21:34:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/14 21:32:12 | 000,031,812 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000002-00000000-0000000C-00001102-00000004-10021102}.rfx
[2011/05/14 21:32:12 | 000,031,812 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000002-00000000-0000000C-00001102-00000004-10021102}.rfx
[2011/05/14 21:32:12 | 000,031,440 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000002-00000000-0000000C-00001102-00000004-10021102}.rfx
[2011/05/14 21:32:12 | 000,031,440 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000002-00000000-0000000C-00001102-00000004-10021102}.rfx
[2011/05/14 21:32:12 | 000,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-0000000C-00001102-00000004-10021102}.rfx
[2011/05/14 21:31:59 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2011/05/14 21:16:48 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/05/14 21:06:59 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\The Collison Family\Desktop\GooredFix.exe
[2011/05/14 21:03:30 | 000,519,680 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\The Collison Family\Desktop\OTM.exe
[2011/05/14 20:10:07 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\The Collison Family\Desktop\OTL.exe
[2011/05/14 19:46:54 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/14 19:43:28 | 000,280,536 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/05/14 19:27:28 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/05/14 18:11:07 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/05/14 16:00:49 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/05/14 09:47:56 | 001,407,280 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\The Collison Family\Desktop\tyler123.exe
[2011/05/14 07:07:04 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/13 21:30:49 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\The Collison Family\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/05/13 16:58:10 | 000,143,360 | RHS- | M] () -- C:\WINDOWS\System32\ping6U.dll
[2011/05/12 02:21:34 | 001,006,778 | ---- | M] () -- C:\Documents and Settings\The Collison Family\Desktop\iExplore.exe
[2011/05/07 18:11:23 | 000,002,283 | ---- | M] () -- C:\Documents and Settings\The Collison Family\Application Data\Microsoft\Internet Explorer\Quick Launch\Skype.lnk
[2011/04/25 13:20:14 | 000,075,264 | ---- | M] () -- C:\Documents and Settings\The Collison Family\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/22 09:49:00 | 000,001,917 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Play Snoopy vs. The Red Baron™.lnk
[2011/04/21 20:26:58 | 000,526,102 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/21 20:26:58 | 000,095,592 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

========== Files Created - No Company Name ==========

[2011/05/14 19:22:06 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/05/13 21:30:49 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\The Collison Family\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/05/13 21:30:49 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\The Collison Family\Start Menu\Programs\Internet Explorer.lnk
[2011/05/13 16:58:11 | 000,000,300 | -HS- | C] () -- C:\WINDOWS\tasks\Gjijarmulr.job
[2011/05/13 16:58:10 | 000,143,360 | RHS- | C] () -- C:\WINDOWS\System32\ping6U.dll
[2011/05/13 09:14:32 | 000,011,264 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\mexehon.dll
[2011/05/12 21:48:36 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2011/05/12 02:21:32 | 001,006,778 | ---- | C] () -- C:\Documents and Settings\The Collison Family\Desktop\iExplore.exe
[2011/05/11 20:43:54 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/11 20:30:12 | 000,000,340 | -HS- | C] () -- C:\WINDOWS\tasks\ydbmdpdstq.job
[2011/05/11 20:30:12 | 000,000,332 | -HS- | C] () -- C:\WINDOWS\tasks\tgtu.job
[2011/04/28 05:29:32 | 000,225,262 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msimain.sdb
[2011/04/22 09:49:00 | 000,001,917 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Play Snoopy vs. The Red Baron™.lnk
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2011/04/04 13:10:20 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2011/04/04 13:10:20 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2011/04/04 13:10:14 | 002,712,064 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2011/04/04 13:10:14 | 000,631,808 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/04/04 13:10:14 | 000,243,200 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011/04/04 13:10:13 | 000,080,896 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/01/07 19:27:36 | 000,000,285 | ---- | C] () -- C:\WINDOWS\EReg072.dat
[2011/01/07 19:27:14 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2010/11/19 23:53:53 | 000,430,176 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1708537768-1715567821-725345543-1004-0.dat
[2010/11/19 23:53:49 | 000,281,498 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2010/09/11 22:52:41 | 000,000,319 | ---- | C] () -- C:\WINDOWS\game.ini
[2010/09/11 13:18:06 | 000,000,053 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2010/09/11 13:18:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2010/08/15 15:16:57 | 000,006,266 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2010/08/15 15:16:57 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\43BB1A47B6.sys
[2010/07/30 20:16:37 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010/07/30 20:16:37 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\The Collison Family\Application Data\PnkBstrK.sys
[2010/07/30 20:16:15 | 000,107,832 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2010/07/30 20:16:11 | 002,250,024 | ---- | C] () -- C:\WINDOWS\System32\pbsvc.exe
[2010/07/30 20:16:11 | 000,066,872 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2010/07/30 14:02:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2010/07/30 13:53:15 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2010/07/30 13:53:05 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2010/07/30 13:53:05 | 000,224,001 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2010/07/30 13:53:05 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2010/07/28 09:27:59 | 000,000,159 | ---- | C] () -- C:\WINDOWS\Hop.ini
[2010/07/26 16:25:11 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/07/21 21:20:59 | 000,001,013 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2010/07/10 23:29:26 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2010/07/10 23:29:26 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2010/07/10 23:29:26 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2010/07/10 23:29:26 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2010/07/10 23:29:26 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2010/07/10 23:29:26 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2010/07/10 23:29:26 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2010/07/10 23:29:26 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2010/07/10 23:29:26 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2010/07/10 23:29:26 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2010/07/10 23:29:26 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2010/07/10 23:29:26 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2010/07/10 23:29:26 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2010/07/10 23:29:26 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2010/07/10 23:29:26 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2010/07/10 23:29:26 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2010/07/10 23:22:45 | 000,000,145 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI
[2010/07/10 23:22:45 | 000,000,040 | ---- | C] () -- C:\WINDOWS\BRDIAG.INI
[2010/07/10 23:22:45 | 000,000,023 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2010/07/10 23:22:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\BROHL504.INI
[2010/07/10 23:22:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2010/07/10 23:22:43 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\BROSNMP.DLL
[2010/07/10 23:22:43 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC32.DLL
[2010/07/10 23:22:43 | 000,004,608 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC16.DLL
[2010/07/10 23:22:42 | 000,011,604 | ---- | C] () -- C:\WINDOWS\HL-5040.INI
[2010/07/10 23:21:22 | 000,000,092 | ---- | C] () -- C:\WINDOWS\System32\HL504def.dat
[2010/07/10 18:40:13 | 000,075,264 | ---- | C] () -- C:\Documents and Settings\The Collison Family\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/10 17:49:48 | 003,618,376 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/07/10 17:18:09 | 000,000,225 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2010/07/10 15:17:00 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_5040.ini
[2010/07/10 07:32:01 | 000,000,447 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2010/07/10 07:32:01 | 000,000,052 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2010/07/10 07:32:00 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2010/07/10 01:09:41 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2010/07/09 23:55:34 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/07/09 23:52:19 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/07/09 18:43:14 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/07/09 18:42:28 | 000,280,536 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/14 12:51:44 | 000,000,033 | ---- | C] () -- C:\WINDOWS\lg.ini
[2010/03/18 19:59:54 | 000,050,439 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2010/03/18 19:59:50 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2010/03/18 19:19:58 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CTBurst.dll
[2010/03/18 19:17:50 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\psconv.exe
[2010/03/18 19:07:54 | 000,386,852 | ---- | C] () -- C:\WINDOWS\System32\ctdnlstr.dat
[2010/03/18 19:07:54 | 000,051,787 | ---- | C] () -- C:\WINDOWS\System32\ctdlang.dat
[2010/03/18 19:03:12 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\regplib.exe
[2010/03/18 19:02:14 | 000,149,838 | ---- | C] () -- C:\WINDOWS\System32\ctbas2w.dat
[2010/03/18 19:00:42 | 000,274,587 | ---- | C] () -- C:\WINDOWS\System32\ctsbas2w.dat
[2010/03/18 19:00:28 | 000,241,084 | ---- | C] () -- C:\WINDOWS\System32\CTSBASW.DAT
[2010/03/18 19:00:28 | 000,115,166 | ---- | C] () -- C:\WINDOWS\System32\CTBASICW.DAT
[2010/03/18 18:59:56 | 000,313,207 | ---- | C] () -- C:\WINDOWS\System32\ctstatic.dat
[2010/03/18 18:59:56 | 000,053,932 | ---- | C] () -- C:\WINDOWS\System32\ctdaught.dat
[2010/03/18 18:59:54 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\enlocstr.exe
[2009/07/08 15:10:56 | 000,000,307 | ---- | C] () -- C:\WINDOWS\System32\kill.ini
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/08/13 20:45:02 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\ctmmactl.dll
[2007/06/19 08:59:36 | 000,070,400 | ---- | C] () -- C:\WINDOWS\System32\PhysXLoader.dll
[2007/04/20 07:57:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2007/04/20 07:57:28 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2007/04/20 07:57:28 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2007/04/20 07:57:28 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2007/04/20 07:57:28 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2007/04/20 07:57:28 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2007/04/20 07:57:28 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2007/04/20 07:57:28 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2007/04/20 07:57:28 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2007/04/12 08:10:28 | 000,105,728 | ---- | C] () -- C:\WINDOWS\System32\APOMgrH.dll
[2007/02/07 00:58:00 | 000,000,525 | ---- | C] () -- C:\WINDOWS\xxclone.ini
[2001/08/18 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/18 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/18 08:00:00 | 000,526,102 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/18 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/18 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/18 08:00:00 | 000,095,592 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/18 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/18 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/18 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/18 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2001/08/18 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

< End of report >
  • 0

#3
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there on completion of this run could you try to update MSE please

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    SRV - File not found [Auto | Stopped] -- -- (itlperf)
    O20 - Winlogon\Notify\itlntfy: DllName - itlnfw32.dll - File not found
    O20 - Winlogon\Notify\mexehon: DllName - C:\Documents and Settings\NetworkService\Local Settings\Application Data\mexehon.dll - C:\Documents and Settings\NetworkService\Local Settings\Application Data\mexehon.dll ()
    [2011/04/04 13:10:14 | 000,122,368 | ---- | C] ( ) -- C:\WINDOWS\System32\lagarith.dll
    [2011/05/14 21:34:33 | 000,000,340 | -HS- | M] () -- C:\WINDOWS\tasks\ydbmdpdstq.job
    [2011/05/14 21:34:33 | 000,000,332 | -HS- | M] () -- C:\WINDOWS\tasks\tgtu.job
    [2011/05/14 21:34:33 | 000,000,300 | -HS- | M] () -- C:\WINDOWS\tasks\Gjijarmulr.job
    [2011/05/13 16:58:10 | 000,143,360 | RHS- | M] () -- C:\WINDOWS\System32\ping6U.dll
    [2011/05/13 16:58:11 | 000,000,300 | -HS- | C] () -- C:\WINDOWS\tasks\Gjijarmulr.job
    [2011/05/13 16:58:10 | 000,143,360 | RHS- | C] () -- C:\WINDOWS\System32\ping6U.dll
    [2011/05/13 09:14:32 | 000,011,264 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\mexehon.dll
    [2011/05/11 20:30:12 | 000,000,340 | -HS- | C] () -- C:\WINDOWS\tasks\ydbmdpdstq.job
    [2011/05/11 20:30:12 | 000,000,332 | -HS- | C] () -- C:\WINDOWS\tasks\tgtu.job

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image
  • 0

#4
Lazarus Long

Lazarus Long

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Thank you for your quick reply. I will try these steps after my son's hockey game. I should add that last night after posting I booted into safe mode on the main drive and MSSE was able to start, but could not activate real time protection. Updated and ran full scan, it did not detect anything on that run. Reboot into normal mode and the problem is still there; lots of redirects and MSSE will not start. I also should mention that for a while I was getting those Generic Host errors that another user here was mentioning but they seem to have gone away at least for the time being. Back in a couple hours.
  • 0

#5
Lazarus Long

Lazarus Long

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
I followed your instructions to the letter.

Boy, was it tempting to click that FixMBR button...

But I did exactly as directed. MSSE is now running with green flag and says it is up to date.

Requested logs posted below. Not sure if it matters but the only application open while I ran the tools was MS Word with a copy of your instructions.

If I understand correctly, this thread will be closed if I am cured, so thank you in advance. But how can I be certain that there is nothing else nefarious going on, given how unsuccessful MSSE and MBAM were at finding the culprits? I am also interested in learning more about how this is done. Can someone with only rudimentary knowledge make it through GeekU or do you need a lot of prior knowledge?
  • 0

#6
Lazarus Long

Lazarus Long

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
OTL logfile created on: 5/15/2011 1:13:36 PM - Run 3
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\The Collison Family\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 639.00 Mb Available Physical Memory | 62.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 126.96 Gb Total Space | 35.69 Gb Free Space | 28.11% Space Free | Partition Type: NTFS
Drive D: | 332.03 Gb Total Space | 116.85 Gb Free Space | 35.19% Space Free | Partition Type: NTFS
Drive E: | 149.05 Gb Total Space | 6.83 Gb Free Space | 4.59% Space Free | Partition Type: NTFS
Drive H: | 95.78 Mb Total Space | 81.39 Mb Free Space | 84.98% Space Free | Partition Type: FAT
Drive I: | 3.35 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive X: | 146.48 Gb Total Space | 20.86 Gb Free Space | 14.24% Space Free | Partition Type: NTFS

Computer Name: YELLOWSUBMARINE | User Name: The Collison Family | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/14 20:10:07 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\The Collison Family\Desktop\OTL.exe
PRC - [2010/11/30 13:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2010/04/26 11:06:44 | 000,096,112 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe
PRC - [2008/10/15 16:47:00 | 000,143,360 | ---- | M] () -- C:\Program Files\Razer\Lachesis\razertra.exe
PRC - [2008/10/14 11:46:14 | 000,172,032 | ---- | M] () -- C:\Program Files\Razer\Lachesis\razerhid.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/16 17:05:16 | 000,274,432 | ---- | M] (razercfg MFC Application) -- C:\Program Files\Razer\Lachesis\OSD.exe
PRC - [2007/06/05 10:37:12 | 000,163,840 | ---- | M] (Razer Inc.) -- C:\Program Files\Razer\Lachesis\razerofa.exe


========== Modules (SafeList) ==========

MOD - [2011/05/14 20:10:07 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\The Collison Family\Desktop\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [Disabled | Stopped] -- -- (gupdate) Google Update Service (gupdate)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/03/09 08:30:08 | 000,092,592 | ---- | M] (TomTom) [Disabled | Stopped] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/07/10 10:33:24 | 000,079,360 | ---- | M] (Creative Labs) [Disabled | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010/03/11 14:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2010/02/12 10:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Disabled | Stopped] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2007/12/17 04:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) [Disabled | Stopped] -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE -- (EPSON_EB_RPCV4_01) EPSON V5 Service4(01)
SRV - [2007/01/11 04:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) [Disabled | Stopped] -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)
SRV - [2007/01/04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) [Disabled | Stopped] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


========== Driver Services (SafeList) ==========

DRV - [2010/11/26 00:17:40 | 005,555,712 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2010/08/19 06:41:58 | 000,101,904 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtihdXP3.sys -- (AtiHDAudioService)
DRV - [2010/04/28 07:44:02 | 000,054,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2010/03/18 20:50:12 | 000,189,528 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\haP17v2k.sys -- (hap17v2k)
DRV - [2010/03/18 20:50:04 | 000,162,904 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k)
DRV - [2010/03/18 20:49:56 | 000,798,808 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2010/03/18 20:45:42 | 000,092,760 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2010/03/18 20:45:28 | 000,157,272 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2010/03/18 20:45:20 | 000,014,424 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2010/03/18 20:45:12 | 000,127,576 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2010/03/18 20:40:56 | 000,018,904 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctgame.sys -- (ctgame)
DRV - [2010/03/18 20:40:48 | 000,347,144 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2010/03/18 20:40:40 | 000,528,472 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2010/03/18 20:40:32 | 000,511,064 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2010/03/18 20:39:36 | 000,100,952 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CTERFXFX.SYS -- (CTERFXFX.SYS)
DRV - [2010/03/18 20:39:36 | 000,100,952 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTERFXFX.sys -- (CTERFXFX)
DRV - [2010/03/18 20:39:28 | 000,566,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CTSBLFX.SYS -- (CTSBLFX.SYS)
DRV - [2010/03/18 20:39:28 | 000,566,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTSBLFX.sys -- (CTSBLFX)
DRV - [2010/03/18 20:39:18 | 000,555,096 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CTAUDFX.SYS -- (CTAUDFX.SYS)
DRV - [2010/03/18 20:39:18 | 000,555,096 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTAUDFX.sys -- (CTAUDFX)
DRV - [2010/03/18 20:39:10 | 000,099,416 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\COMMONFX.SYS -- (COMMONFX.SYS)
DRV - [2010/03/18 20:39:10 | 000,099,416 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COMMONFX.sys -- (COMMONFX)
DRV - [2009/06/02 09:26:28 | 000,099,856 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2009/01/13 19:13:52 | 000,049,160 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2009/01/13 19:13:44 | 000,014,728 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2009/01/13 19:13:28 | 000,029,192 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2009/01/13 19:13:20 | 000,019,336 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2007/08/08 11:04:16 | 000,012,032 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Lachesis.sys -- (LachesisFltr)
DRV - [2007/07/19 23:44:54 | 000,110,120 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\pnp680r.sys -- (Pnp680r)
DRV - [2007/04/17 20:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\regi.sys -- (regi)
DRV - [2007/04/12 08:10:26 | 000,164,608 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CT20XUT.DLL -- (CT20XUT.DLL)
DRV - [2007/04/12 08:10:26 | 000,066,816 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTHWIUT.DLL -- (CTHWIUT.DLL)
DRV - [2007/04/12 08:10:24 | 001,317,632 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEXFIFX.DLL -- (CTEXFIFX.DLL)
DRV - [2007/04/12 08:10:22 | 000,323,328 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEDSPSY.DLL -- (CTEDSPSY.DLL)
DRV - [2007/04/12 08:10:22 | 000,128,768 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEDSPIO.DLL -- (CTEDSPIO.DLL)
DRV - [2007/04/12 08:10:20 | 000,280,320 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEDSPFX.DLL -- (CTEDSPFX.DLL)
DRV - [2007/04/12 08:10:18 | 000,168,192 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEAPSFX.DLL -- (CTEAPSFX.DLL)
DRV - [2007/02/08 09:45:14 | 000,029,184 | R--- | M] (Thesycon GmbH, Germany) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dsiarhwprog.sys -- (dsiarhwprog)
DRV - [2006/08/02 10:45:32 | 000,114,560 | ---- | M] (Mars Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mr7910.sys -- (mr7910)
DRV - [2005/12/21 11:23:26 | 000,014,592 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Usbicp.sys -- (uisp)
DRV - [2002/06/10 15:33:32 | 000,013,780 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2001/08/17 12:49:04 | 000,051,552 | ---- | M] (Kensington Technology Group) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ntgrip.sys -- (ntgrip)
DRV - [2000/07/24 01:01:00 | 000,019,537 | ---- | M] (Brother Industries Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\BrPar.sys -- (BrPar)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.foxnews.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:1.7.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.2


[2011/04/08 16:01:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\The Collison Family\Application Data\Mozilla\Extensions
[2011/04/08 16:01:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\The Collison Family\Application Data\Mozilla\Extensions\[email protected]
[2011/04/08 16:01:07 | 000,000,000 | ---D | M] (Map status indicator) -- C:\PROGRAM FILES\TOMTOM HOME 2\XUL\EXTENSIONS\[email protected]

O1 HOSTS File: ([2011/05/15 13:07:40 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [Lachesis] C:\Program Files\Razer\Lachesis\razerhid.exe ()
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([windowsupdate] http in Trusted sites)
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} http://www.logitech....Detection32.cab (Device Detection)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1278737081811 (WUWebControl Class)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creat...101/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1278805891218 (MUWebControl Class)
O16 - DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} http://www.mpix.com/...geUploader6.cab (Image Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} http://web1.shutterf...ds/Uploader.cab (Shutterfly Picture Upload Plugin)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creat...13/CTPIDPDE.cab (Creative Software AutoUpdate Support Package)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creat...15113/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\The Collison Family\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\The Collison Family\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/07/09 23:54:10 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2005/11/26 23:28:07 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2005/11/26 20:29:12 | 000,000,000 | ---- | M] () - H:\AUTOEXEC.BAT -- [ FAT ]
O32 - AutoRun File - [2009/10/07 16:14:39 | 000,000,035 | R--- | M] () - I:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{15f8a5dc-fb46-11df-ae22-0007e90a244e}\Shell - "" = AutoRun
O33 - MountPoints2\{15f8a5dc-fb46-11df-ae22-0007e90a244e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{15f8a5dc-fb46-11df-ae22-0007e90a244e}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
O33 - MountPoints2\{72c3512e-a474-11df-ad7a-0007e90a244e}\Shell - "" = AutoRun
O33 - MountPoints2\{72c3512e-a474-11df-ad7a-0007e90a244e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{72c3512e-a474-11df-ad7a-0007e90a244e}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL FileConverter.exe
O33 - MountPoints2\{72c3512e-a474-11df-ad7a-0007e90a244e}\Shell\setup\command - "" = N:\FileConverter.exe
O33 - MountPoints2\N\Shell - "" = AutoRun
O33 - MountPoints2\N\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\N\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/15 13:07:38 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/14 21:22:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\The Collison Family\Desktop\GooredFix Backups
[2011/05/14 21:16:47 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/05/14 21:06:58 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\The Collison Family\Desktop\GooredFix.exe
[2011/05/14 21:03:28 | 000,519,680 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\The Collison Family\Desktop\OTM.exe
[2011/05/14 21:02:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\The Collison Family\Desktop\ERunt
[2011/05/14 20:10:05 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\The Collison Family\Desktop\OTL.exe
[2011/05/14 19:22:01 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/05/14 18:24:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\The Collison Family\Application Data\ElevatedDiagnostics
[2011/05/14 16:02:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Games for Windows Marketplace
[2011/05/14 09:50:32 | 001,407,280 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\The Collison Family\Desktop\tyler123.exe
[2011/05/14 01:56:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2011/05/13 21:27:26 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2011/05/13 07:04:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/05/12 22:02:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/05/12 04:54:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple Computer
[2011/05/11 22:25:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/05/11 21:29:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/05/11 20:43:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/05/11 20:43:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/05/11 20:29:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\The Collison Family\Application Data\1E51D0DB24463FB82FEB26284C423FE6
[2011/04/27 10:40:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\The Collison Family\Start Menu\Programs\Steam
[2011/04/25 14:24:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Photo Crop Editor
[2011/04/25 14:24:16 | 000,000,000 | ---D | C] -- C:\Program Files\iFoxSoft
[2011/04/25 08:01:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\The Collison Family\Local Settings\Application Data\Logitech
[2011/04/25 07:59:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Logitech
[2011/04/25 07:59:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Logitech
[2011/04/25 07:59:10 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2011/04/24 13:10:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\The Collison Family\Desktop\Bean's Timeline
[2011/04/22 09:49:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\NAMCO BANDAI Games
[2011/04/22 09:45:48 | 000,000,000 | ---D | C] -- C:\Program Files\NAMCO BANDAI Games
[2011/04/22 09:45:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\The Collison Family\My Documents\Snoopy vs. the Red Baron
[2010/03/18 19:18:32 | 000,010,752 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2010/03/18 18:59:50 | 000,010,240 | ---- | C] ( ) -- C:\WINDOWS\System32\killapps.exe

========== Files - Modified Within 30 Days ==========

[2011/05/15 13:10:32 | 000,000,908 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/15 13:10:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/15 13:08:03 | 000,031,812 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000002-00000000-0000000C-00001102-00000004-10021102}.rfx
[2011/05/15 13:08:03 | 000,031,812 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000002-00000000-0000000C-00001102-00000004-10021102}.rfx
[2011/05/15 13:08:03 | 000,031,440 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000002-00000000-0000000C-00001102-00000004-10021102}.rfx
[2011/05/15 13:08:03 | 000,031,440 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000002-00000000-0000000C-00001102-00000004-10021102}.rfx
[2011/05/15 13:08:03 | 000,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-0000000C-00001102-00000004-10021102}.rfx
[2011/05/15 13:07:40 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/05/15 13:03:44 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/05/15 05:36:00 | 000,000,912 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/14 21:31:59 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2011/05/14 21:06:59 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\The Collison Family\Desktop\GooredFix.exe
[2011/05/14 21:03:30 | 000,519,680 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\The Collison Family\Desktop\OTM.exe
[2011/05/14 20:10:07 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\The Collison Family\Desktop\OTL.exe
[2011/05/14 19:46:54 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/14 19:43:28 | 000,280,536 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/05/14 19:27:28 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/05/14 16:00:49 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/05/14 09:47:56 | 001,407,280 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\The Collison Family\Desktop\tyler123.exe
[2011/05/14 07:07:04 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/13 21:30:49 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\The Collison Family\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/05/12 02:21:34 | 001,006,778 | ---- | M] () -- C:\Documents and Settings\The Collison Family\Desktop\iExplore.exe
[2011/05/07 18:11:23 | 000,002,283 | ---- | M] () -- C:\Documents and Settings\The Collison Family\Application Data\Microsoft\Internet Explorer\Quick Launch\Skype.lnk
[2011/04/25 13:20:14 | 000,075,264 | ---- | M] () -- C:\Documents and Settings\The Collison Family\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/22 09:49:00 | 000,001,917 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Play Snoopy vs. The Red Baron™.lnk
[2011/04/21 20:26:58 | 000,526,102 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/21 20:26:58 | 000,095,592 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

========== Files Created - No Company Name ==========

[2011/05/15 06:40:03 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/05/14 19:22:06 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/05/13 21:30:49 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\The Collison Family\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/05/13 21:30:49 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\The Collison Family\Start Menu\Programs\Internet Explorer.lnk
[2011/05/12 21:48:36 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2011/05/12 02:21:32 | 001,006,778 | ---- | C] () -- C:\Documents and Settings\The Collison Family\Desktop\iExplore.exe
[2011/05/11 20:43:54 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/28 05:29:32 | 000,225,262 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msimain.sdb
[2011/04/22 09:49:00 | 000,001,917 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Play Snoopy vs. The Red Baron™.lnk
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2011/04/04 13:10:20 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2011/04/04 13:10:20 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2011/04/04 13:10:14 | 002,712,064 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2011/04/04 13:10:14 | 000,631,808 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/04/04 13:10:14 | 000,243,200 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011/04/04 13:10:13 | 000,080,896 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/01/07 19:27:36 | 000,000,285 | ---- | C] () -- C:\WINDOWS\EReg072.dat
[2011/01/07 19:27:14 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2010/11/19 23:53:53 | 000,430,176 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1708537768-1715567821-725345543-1004-0.dat
[2010/11/19 23:53:49 | 000,281,498 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2010/09/11 22:52:41 | 000,000,319 | ---- | C] () -- C:\WINDOWS\game.ini
[2010/09/11 13:18:06 | 000,000,053 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2010/09/11 13:18:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2010/08/15 15:16:57 | 000,006,266 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2010/08/15 15:16:57 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\43BB1A47B6.sys
[2010/07/30 20:16:37 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010/07/30 20:16:37 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\The Collison Family\Application Data\PnkBstrK.sys
[2010/07/30 20:16:15 | 000,107,832 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2010/07/30 20:16:11 | 002,250,024 | ---- | C] () -- C:\WINDOWS\System32\pbsvc.exe
[2010/07/30 20:16:11 | 000,066,872 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2010/07/30 14:02:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2010/07/30 13:53:15 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2010/07/30 13:53:05 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2010/07/30 13:53:05 | 000,224,001 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2010/07/30 13:53:05 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2010/07/28 09:27:59 | 000,000,159 | ---- | C] () -- C:\WINDOWS\Hop.ini
[2010/07/26 16:25:11 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/07/21 21:20:59 | 000,001,013 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2010/07/10 23:29:26 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2010/07/10 23:29:26 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2010/07/10 23:29:26 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2010/07/10 23:29:26 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2010/07/10 23:29:26 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2010/07/10 23:29:26 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2010/07/10 23:29:26 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2010/07/10 23:29:26 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2010/07/10 23:29:26 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2010/07/10 23:29:26 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2010/07/10 23:29:26 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2010/07/10 23:29:26 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2010/07/10 23:29:26 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2010/07/10 23:29:26 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2010/07/10 23:29:26 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2010/07/10 23:29:26 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2010/07/10 23:22:45 | 000,000,145 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI
[2010/07/10 23:22:45 | 000,000,040 | ---- | C] () -- C:\WINDOWS\BRDIAG.INI
[2010/07/10 23:22:45 | 000,000,023 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2010/07/10 23:22:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\BROHL504.INI
[2010/07/10 23:22:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2010/07/10 23:22:43 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\BROSNMP.DLL
[2010/07/10 23:22:43 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC32.DLL
[2010/07/10 23:22:43 | 000,004,608 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC16.DLL
[2010/07/10 23:22:42 | 000,011,604 | ---- | C] () -- C:\WINDOWS\HL-5040.INI
[2010/07/10 23:21:22 | 000,000,092 | ---- | C] () -- C:\WINDOWS\System32\HL504def.dat
[2010/07/10 18:40:13 | 000,075,264 | ---- | C] () -- C:\Documents and Settings\The Collison Family\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/10 17:49:48 | 003,618,376 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/07/10 17:18:09 | 000,000,225 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2010/07/10 15:17:00 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_5040.ini
[2010/07/10 07:32:01 | 000,000,447 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2010/07/10 07:32:01 | 000,000,052 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2010/07/10 07:32:00 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2010/07/10 01:09:41 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2010/07/09 23:55:34 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/07/09 23:52:19 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/07/09 18:43:14 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/07/09 18:42:28 | 000,280,536 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/14 12:51:44 | 000,000,033 | ---- | C] () -- C:\WINDOWS\lg.ini
[2010/03/18 19:59:54 | 000,050,439 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2010/03/18 19:59:50 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2010/03/18 19:19:58 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CTBurst.dll
[2010/03/18 19:17:50 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\psconv.exe
[2010/03/18 19:07:54 | 000,386,852 | ---- | C] () -- C:\WINDOWS\System32\ctdnlstr.dat
[2010/03/18 19:07:54 | 000,051,787 | ---- | C] () -- C:\WINDOWS\System32\ctdlang.dat
[2010/03/18 19:03:12 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\regplib.exe
[2010/03/18 19:02:14 | 000,149,838 | ---- | C] () -- C:\WINDOWS\System32\ctbas2w.dat
[2010/03/18 19:00:42 | 000,274,587 | ---- | C] () -- C:\WINDOWS\System32\ctsbas2w.dat
[2010/03/18 19:00:28 | 000,241,084 | ---- | C] () -- C:\WINDOWS\System32\CTSBASW.DAT
[2010/03/18 19:00:28 | 000,115,166 | ---- | C] () -- C:\WINDOWS\System32\CTBASICW.DAT
[2010/03/18 18:59:56 | 000,313,207 | ---- | C] () -- C:\WINDOWS\System32\ctstatic.dat
[2010/03/18 18:59:56 | 000,053,932 | ---- | C] () -- C:\WINDOWS\System32\ctdaught.dat
[2010/03/18 18:59:54 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\enlocstr.exe
[2009/07/08 15:10:56 | 000,000,307 | ---- | C] () -- C:\WINDOWS\System32\kill.ini
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/08/13 20:45:02 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\ctmmactl.dll
[2007/06/19 08:59:36 | 000,070,400 | ---- | C] () -- C:\WINDOWS\System32\PhysXLoader.dll
[2007/04/20 07:57:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2007/04/20 07:57:28 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2007/04/20 07:57:28 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2007/04/20 07:57:28 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2007/04/20 07:57:28 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2007/04/20 07:57:28 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2007/04/20 07:57:28 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2007/04/20 07:57:28 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2007/04/20 07:57:28 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2007/04/12 08:10:28 | 000,105,728 | ---- | C] () -- C:\WINDOWS\System32\APOMgrH.dll
[2007/02/07 00:58:00 | 000,000,525 | ---- | C] () -- C:\WINDOWS\xxclone.ini
[2001/08/18 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/18 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/18 08:00:00 | 000,526,102 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/18 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/18 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/18 08:00:00 | 000,095,592 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/18 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/18 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/18 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/18 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2001/08/18 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2010/07/10 23:29:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2010/07/10 14:19:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Razer
[2010/09/11 13:19:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\The Learning Company
[2011/04/08 16:01:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2011/05/12 02:13:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Collison Family\Application Data\1E51D0DB24463FB82FEB26284C423FE6
[2010/12/07 05:32:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Collison Family\Application Data\Bioshock2
[2010/12/12 19:35:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Collison Family\Application Data\com.Shutterfly.ExpressUploader
[2010/10/27 15:16:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Collison Family\Application Data\DNA Digital Media Group
[2011/05/14 18:24:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Collison Family\Application Data\ElevatedDiagnostics
[2011/01/27 23:03:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Collison Family\Application Data\Notepad++
[2011/04/08 16:01:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Collison Family\Application Data\TomTom
[2011/01/09 16:50:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Collison Family\Application Data\Unity
[2010/07/10 07:34:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Collison Family\Application Data\Windows Desktop Search
[2010/07/10 20:18:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Collison Family\Application Data\Windows Search
[2011/05/15 13:03:44 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



< End of report >
  • 0

#7
Lazarus Long

Lazarus Long

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software
Run date: 2011-05-15 13:16:55
-----------------------------
13:16:55.421 OS Version: Windows 5.1.2600 Service Pack 3
13:16:55.421 Number of processors: 1 586 0x207
13:16:55.421 ComputerName: YELLOWSUBMARINE UserName:
13:16:56.140 Initialize success
13:17:04.796 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
13:17:04.796 Disk 0 Vendor: WDC_WD5000AAKB-00H8A0 05.04E05 Size: 476940MB BusType: 3
13:17:04.812 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-c
13:17:04.812 Disk 1 Vendor: IOMEGA_ZIP_100 23.D Size: 96MB BusType: 2
13:17:04.812 Disk 2 \Device\Harddisk2\DR2 -> \Device\Scsi\Pnp680r1Port2Path0Target0Lun0
13:17:04.812 Disk 2 Vendor: WDC_WD16 08.0 Size: 152627MB BusType: 1
13:17:04.812 Disk 3 \Device\Harddisk3\DR3 -> \Device\Scsi\Pnp680r1Port2Path1Target0Lun0
13:17:04.812 Disk 3 Vendor: ST316002 8.01 Size: 152627MB BusType: 1
13:17:06.828 Disk 0 MBR read successfully
13:17:06.828 Disk 0 MBR scan
13:17:06.828 Disk 0 Windows XP default MBR code
13:17:08.828 Disk 0 scanning sectors +962566605
13:17:08.843 Disk 0 scanning C:\WINDOWS\system32\drivers
13:17:13.359 Service scanning
13:17:14.750 Disk 0 trace - called modules:
13:17:14.765 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys intelide.sys PCIIDEX.SYS
13:17:14.765 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f8cab8]
13:17:14.765 3 CLASSPNP.SYS[f750ffd7] -> nt!IofCallDriver -> \Device\00000064[0x86f73eb0]
13:17:14.765 5 ACPI.sys[f7466620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x86f52940]
13:17:14.781 Scan finished successfully
13:17:51.250 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\The Collison Family\Desktop\MBR.dat"
13:17:51.250 The log file has been saved successfully to "C:\Documents and Settings\The Collison Family\Desktop\aswMBR.txt"
  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

If I understand correctly, this thread will be closed if I am cured, so thank you in advance. But how can I be certain that there is nothing else nefarious going on, given how unsuccessful MSSE and MBAM were at finding the culprits? I am also interested in learning more about how this is done. Can someone with only rudimentary knowledge make it through GeekU or do you need a lot of prior knowledge?


Panic not the topic will only be closed when you are happy :yes: No prior knowledge is neccessary to learn, but, a basic knowledge of windows would be usefull and ease the pain :unsure:

The MBR looks good :)

The OTL log looks good :)

So what I would like now is for you to update MBAM and run a quick scan - to check that nothing was downloaded prior to running the last fix... Also what problems are you currently experiencing
  • 0

#9
Lazarus Long

Lazarus Long

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
MBAM reports 0 objects infected after quick scan. Redirects are gone. MSSE up and running green flag. Should I do a scan with it? Also, MSSE was running when I did the MBAM quick scan; hope that was ok.

Another problem I was having was inability to start the windows update. This one went away when I went through the google redirect fix guide on this site, even though the redirects did not go away.

Browser seems to be running nice and snappy too. So unless there is something else you want me to do or something I have overlooked, I will officially declare myself happy :)

Thanks once more for your outstanding service!
  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK try windows updates to make sure they work and then .........

Subject to no further problems :unsure:

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :yes:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click Do I have Java
  • It will check your current version and then offer to update to the latest version

SPRING CLEAN

Download and run Puran Disc Defragmenter
For the first run I would recommend a boot defrag and disk check

Posted Image


Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Posted Image Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?
Keep safe :)
  • 0

#11
Lazarus Long

Lazarus Long

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Thank you so much for this information. I will follow your recommendations and get back in a day or two to let you know how things are going. Once again, I deeply appreciate your assistance.
  • 0

#12
Lazarus Long

Lazarus Long

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
I have run the OTL cleanups and Java update as directed. That is about all I have time for tonight; it's getting late.

Question: Is it necessary to hide the files? Am I exposing myself to security issues by having them not hidden?

Also, is the Windows firewall adequate or do I need a supplement or replacement?
  • 0

#13
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
The only reason to hide those files is to prevent inadvertent deletion :)

A third party firewall is a good idea for XP, in the guide is a list of some firewalls that we recommend follow this link in my last post How did I get infected in the first place ?
  • 0

#14
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP