Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Google Search Result launched malicous Adobe PDF


  • This topic is locked This topic is locked

#1
TriciaDP72

TriciaDP72

    Member

  • Member
  • PipPip
  • 21 posts
I googled "how big is the internet" and clicked on 3-4 results in top 6 organic listings, PDF launched and was detected by AVG, stopped and Vaulted. When I went to return to browser, it had been closed. When I went to reopen it asked me what application I wanted to open it with..., same when I tried to open AVG. In Network Connections, I had none, so I tried to re-establish one. Tried to open in safe mode, finally got there and successfully established internet connection by using ISP istall disc.

Came to Geeks and ran Malwarebytes, 6 files detected and removed. I want to make sure I have everything removed associated with this so I ran OTL, below is the txt file (THANK YOU!!!!):

OTL logfile created on: 5/28/2011 12:52:43 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Tricia Pobjoy\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.00 Mb Total Physical Memory | 277.92 Mb Available Physical Memory | 27.19% Memory free
2.37 Gb Paging File | 1.67 Gb Available in Paging File | 70.56% Paging File free
Paging file location(s): c:\pagefile.sys 1500 1500 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 1.45 Gb Free Space | 3.90% Space Free | Partition Type: NTFS
Drive D: | 3.12 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: TRICIA | User Name: Tricia Pobjoy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/28 12:52:25 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tricia Pobjoy\My Documents\Downloads\OTL.exe
PRC - [2011/04/30 07:57:06 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/04/26 02:18:23 | 000,140,952 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Tricia Pobjoy\Local Settings\Application Data\Google\Update\1.3.21.53\GoogleCrashHandler.exe
PRC - [2011/04/18 17:40:08 | 002,334,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/04/14 05:36:42 | 001,080,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/03/28 03:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2011/03/16 16:05:14 | 000,656,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2011/02/08 05:33:20 | 000,658,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2009/11/13 12:29:42 | 009,117,504 | ---- | M] (Western Digital) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
PRC - [2009/11/13 12:29:40 | 002,057,536 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
PRC - [2009/11/13 12:28:04 | 000,110,592 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
PRC - [2009/10/14 13:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
PRC - [2009/10/14 13:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2009/10/07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2009/06/16 09:58:08 | 000,020,480 | ---- | M] (Memeo) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
PRC - [2009/04/30 14:39:30 | 005,472,016 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Logitech Vid\Vid.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/04 10:10:26 | 000,030,152 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2007/11/01 17:13:26 | 000,151,552 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PCM4Everio\EverioService.exe
PRC - [2007/01/31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2007/01/04 14:38:18 | 000,112,336 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
PRC - [2004/10/04 04:47:04 | 000,098,304 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
PRC - [2004/10/04 03:40:50 | 000,118,784 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe


========== Modules (SafeList) ==========

MOD - [2011/05/28 12:52:25 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tricia Pobjoy\My Documents\Downloads\OTL.exe
MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (scagent)
SRV - File not found [On_Demand | Stopped] -- -- (NMIndexingService)
SRV - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2009/11/13 12:28:04 | 000,110,592 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2009/10/07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009/06/16 09:58:08 | 000,020,480 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)
SRV - [2008/04/04 10:10:26 | 000,030,152 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Service)
SRV - [2007/01/31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2004/10/04 04:47:04 | 000,098,304 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor)
SRV - [2004/10/04 03:40:50 | 000,118,784 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe -- (PhotoshopElementsDeviceConnect)


========== Driver Services (SafeList) ==========

DRV - [2011/04/14 21:28:42 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/02/10 07:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgldx86.sys -- (Avgldx86)
DRV - [2009/10/07 01:49:50 | 000,023,832 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\lvuvcflt.sys -- (FilterService)
DRV - [2009/10/07 01:49:38 | 006,756,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\lvuvc.sys -- (LVUVC) QuickCam Orbit/Sphere AF(UVC)
DRV - [2009/10/07 01:48:18 | 000,066,456 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\lvselsus.sys -- (lvselsus)
DRV - [2009/10/07 01:47:54 | 000,266,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\lvrs.sys -- (LVRS)
DRV - [2009/10/07 01:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/02/13 12:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wdcsam.sys -- (WDC_SAM)
DRV - [2004/08/03 22:29:49 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys -- (iAimFP4)
DRV - [2004/08/03 22:29:47 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys -- (iAimFP3)
DRV - [2004/08/03 22:29:45 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys -- (iAimTV4)
DRV - [2004/08/03 22:29:43 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys -- (iAimTV3)
DRV - [2004/08/03 22:29:42 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys -- (iAimTV1)
DRV - [2004/08/03 22:29:41 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys -- (iAimTV0)
DRV - [2004/08/03 22:29:37 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys -- (iAimFP0)
DRV - [2004/08/03 22:29:37 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys -- (iAimFP1)
DRV - [2004/08/03 22:29:37 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys -- (iAimFP2)
DRV - [2004/08/03 22:29:36 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys -- (i81x)
DRV - [2004/08/03 22:29:26 | 000,701,440 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtag.sys -- (ati2mtag)
DRV - [2003/08/29 05:59:24 | 001,101,696 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\BCMSM.sys -- (BCMModem)
DRV - [2003/05/23 11:58:30 | 000,043,136 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2002/11/08 12:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook: {347AF52A-7597-E937-0808-2A8D1263EAAD} - Reg Error: Key error. File not found

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default = 69 46 28 7C 68 B7 D0 49 BA 9E B2 41 F6 62 A5 92 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Data = C3 17 11 E0 B2 A4 AC 29 3E F1 D7 B3 41 B1 26 5E 77 7F FB 0D C7 48 7E BE 12 BE E1 AD BE 28 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant_bak = res://C:\WINDOWS\system32\mwdpy.dll/sp.html#37049
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Google, = www.google.com/search?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\MSN, = search.msn.com/results.asp?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Yahoo, = search.yahoo.com/search?p=%s
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9
FF - prefs.js..extensions.enabledItems: [email protected]:1.74
FF - prefs.js..extensions.enabledItems: {feee3d1c-da92-4c21-8665-2425de7f53b7}:1.5
FF - prefs.js..extensions.enabledItems: {8ea9957e-2953-402f-80e0-bceb5f169d6f}:0.5.4
FF - prefs.js..extensions.enabledItems: {f035aa18-ee32-4e6e-81d2-57e32867f8a7}:1.18
FF - prefs.js..extensions.enabledItems: {c4dc572a-3295-40eb-b30f-b54aa4cdc4b7}:0.7.26
FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.14.2
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1374
FF - prefs.js..keyword.URL: "http://search.avg.co...&tp=ab&nt=1&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/05/20 18:39:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/30 07:57:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/30 07:57:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/05/05 13:24:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2011/03/05 12:49:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Tricia Pobjoy\Application Data\Mozilla\Extensions
[2011/02/17 10:01:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Tricia Pobjoy\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/05/27 08:12:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Tricia Pobjoy\Application Data\Mozilla\Firefox\Profiles\645kjuof.default\extensions
[2011/03/10 22:04:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Tricia Pobjoy\Application Data\Mozilla\Firefox\Profiles\645kjuof.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/10 22:06:21 | 000,000,000 | ---D | M] (Flashblock) -- C:\Documents and Settings\Tricia Pobjoy\Application Data\Mozilla\Firefox\Profiles\645kjuof.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2011/03/10 22:05:56 | 000,000,000 | ---D | M] (XHTML Mobile Profile) -- C:\Documents and Settings\Tricia Pobjoy\Application Data\Mozilla\Firefox\Profiles\645kjuof.default\extensions\{8ea9957e-2953-402f-80e0-bceb5f169d6f}
[2011/03/06 10:10:14 | 000,000,000 | ---D | M] (Web Developer) -- C:\Documents and Settings\Tricia Pobjoy\Application Data\Mozilla\Firefox\Profiles\645kjuof.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2011/03/10 22:06:20 | 000,000,000 | ---D | M] (wmlbrowser) -- C:\Documents and Settings\Tricia Pobjoy\Application Data\Mozilla\Firefox\Profiles\645kjuof.default\extensions\{c4dc572a-3295-40eb-b30f-b54aa4cdc4b7}
[2011/03/10 22:05:55 | 000,000,000 | ---D | M] (EWOQ Mobile Setup extension) -- C:\Documents and Settings\Tricia Pobjoy\Application Data\Mozilla\Firefox\Profiles\645kjuof.default\extensions\{f035aa18-ee32-4e6e-81d2-57e32867f8a7}
[2011/03/10 22:04:19 | 000,000,000 | ---D | M] (EWOQ Rater Helper) -- C:\Documents and Settings\Tricia Pobjoy\Application Data\Mozilla\Firefox\Profiles\645kjuof.default\extensions\{feee3d1c-da92-4c21-8665-2425de7f53b7}
[2011/03/29 17:09:42 | 000,000,000 | ---D | M] ("Leapforce - Search Engine Evaluator Toolbar") -- C:\Documents and Settings\Tricia Pobjoy\Application Data\Mozilla\Firefox\Profiles\645kjuof.default\extensions\[email protected]
[2011/05/28 09:10:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/16 13:08:17 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011/05/20 18:39:02 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX4
[2007/10/23 22:06:53 | 000,159,744 | ---- | M] (CNN) -- C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll

O1 HOSTS File: ([2009/09/17 22:11:10 | 000,000,155 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 91.212.127.226 windows-shield.microsoft.com
O1 - Hosts: 91.212.127.226 windows-shield.com
O1 - Hosts: 91.212.127.226 www.windows-shield.com
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [EverioService] C:\Program Files\CyberLink\PCM4Everio\EverioService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [Logitech Vid] C:\Program Files\Logitech\Logitech Vid\vid.exe (Logitech Inc.)
O4 - HKCU..\Run: [msnmsgr] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDSmartWare.lnk = C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Western Digital)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: kernel32.dll = C:\WINDOWS\system32\mssearchnet.exe
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClassicShell = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThemesTab = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: mnihdk.exe = C:\WINDOWS\system\mnihdk.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoColorChoice = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoSizeChoice = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoVisualStyleChoice = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\SYSTEM32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: unitusccu.com ([www] https in Trusted sites)
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} http://housecall-bet...all/xscan60.cab (HouseCall Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.micros...ntent/opuc2.cab (Office Update Installation Engine)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://bin.mcafee.co...76/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1243353414405 (MUWebControl Class)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://bin.mcafee.co...,16/mcgdmgr.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 205.171.3.25
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Tricia Pobjoy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Tricia Pobjoy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/03 12:36:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/05/26 12:12:22 | 000,000,059 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{07b628fc-eb1f-11dd-bd4c-000d56c65aee}\Shell\AutoRun\command - "" = E:\setupSNK.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/28 10:59:32 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/28 10:59:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/28 10:59:28 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/05/28 10:59:28 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/05/27 20:57:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tricia Pobjoy\My Documents\Quicken
[2011/05/27 20:07:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Config
[2011/05/27 18:57:26 | 004,199,784 | ---- | C] (Amyuni Technologies
http://www.amyuni.com) -- C:\WINDOWS\System32\cdintf400.dll
[2011/05/27 18:56:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Quicken 2010
[2011/05/27 18:55:58 | 000,000,000 | ---D | C] -- C:\Program Files\Quicken
[2011/05/27 07:18:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CyberLink PowerDirector Express
[2011/05/27 07:15:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CyberLink PowerProducer
[2011/05/27 07:12:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CyberLink PCM4Everio
[2011/05/20 23:54:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tricia Pobjoy\Application Data\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
[2011/05/20 23:53:05 | 000,000,000 | ---D | C] -- C:\Program Files\Market Samurai
[2011/05/20 23:52:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2011/05/12 19:17:55 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/05/09 09:30:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tricia Pobjoy\Desktop\NCM
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/28 12:45:33 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2011/05/28 12:44:28 | 000,002,048 | ---- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2011/05/28 12:44:27 | 1071,714,304 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/28 12:43:54 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2011/05/28 12:43:52 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2011/05/28 12:23:08 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-672552267-779557215-1803055576-1007UA.job
[2011/05/28 10:59:33 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/28 09:49:45 | 000,001,308 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\7c5376v2708801j145le6486u04v0gq8pv6
[2011/05/28 09:49:44 | 000,001,308 | -HS- | M] () -- C:\Documents and Settings\Tricia Pobjoy\Local Settings\Application Data\7c5376v2708801j145le6486u04v0gq8pv6
[2011/05/28 09:34:02 | 116,341,506 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/05/27 18:57:18 | 000,001,577 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Quicken Deluxe 2010.lnk
[2011/05/27 18:57:18 | 000,000,240 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Free Credit Report and Score.url
[2011/05/27 18:57:03 | 000,000,120 | ---- | M] () -- C:\WINDOWS\QUICKEN.INI
[2011/05/27 07:12:34 | 000,001,716 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PowerCinema NE for Everio.lnk
[2011/05/27 02:23:00 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-672552267-779557215-1803055576-1007Core.job
[2011/05/26 09:53:40 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/05/24 22:24:57 | 000,002,322 | ---- | M] () -- C:\Documents and Settings\Tricia Pobjoy\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/05/24 22:24:56 | 000,002,344 | ---- | M] () -- C:\Documents and Settings\Tricia Pobjoy\Desktop\Google Chrome.lnk
[2011/05/24 16:31:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/05/23 21:29:05 | 000,941,056 | ---- | M] () -- C:\Documents and Settings\Tricia Pobjoy\My Documents\small business accountant.msam
[2011/05/23 20:03:21 | 001,778,688 | ---- | M] () -- C:\Documents and Settings\Tricia Pobjoy\My Documents\local business.msam
[2011/05/23 18:59:51 | 000,192,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2011/05/23 18:44:08 | 000,602,112 | ---- | M] () -- C:\Documents and Settings\Tricia Pobjoy\My Documents\small business marketing.msam
[2011/05/23 10:12:09 | 000,098,304 | ---- | M] () -- C:\Documents and Settings\Tricia Pobjoy\My Documents\small business strategic marketing.msam
[2011/05/22 10:38:25 | 000,256,000 | ---- | M] () -- C:\Documents and Settings\Tricia Pobjoy\My Documents\business venture.msam
[2011/05/22 10:21:23 | 000,278,528 | ---- | M] () -- C:\Documents and Settings\Tricia Pobjoy\My Documents\traffic.msam
[2011/05/22 00:27:33 | 000,102,400 | ---- | M] () -- C:\Documents and Settings\Tricia Pobjoy\My Documents\local business marketing.msam
[2011/05/21 23:36:41 | 000,200,704 | ---- | M] () -- C:\Documents and Settings\Tricia Pobjoy\My Documents\small business internet marketing.msam
[2011/05/20 23:53:36 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Market Samurai.lnk
[2011/05/20 18:43:36 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/05/15 18:03:22 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/05/13 23:12:26 | 000,076,288 | ---- | M] () -- C:\Documents and Settings\Tricia Pobjoy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/12 19:17:55 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/28 10:59:33 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/28 10:39:46 | 1071,714,304 | -HS- | C] () -- C:\hiberfil.sys
[2011/05/28 09:49:42 | 000,001,308 | -HS- | C] () -- C:\Documents and Settings\Tricia Pobjoy\Local Settings\Application Data\7c5376v2708801j145le6486u04v0gq8pv6
[2011/05/28 09:49:42 | 000,001,308 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\7c5376v2708801j145le6486u04v0gq8pv6
[2011/05/27 18:57:18 | 000,001,577 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Quicken Deluxe 2010.lnk
[2011/05/27 18:57:18 | 000,000,240 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Free Credit Report and Score.url
[2011/05/27 18:55:33 | 000,000,120 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2011/05/27 07:12:33 | 000,001,716 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PowerCinema NE for Everio.lnk
[2011/05/27 07:12:11 | 000,198,144 | ---- | C] () -- C:\WINDOWS\System32\_psisdecd.dll
[2011/05/23 20:39:53 | 000,941,056 | ---- | C] () -- C:\Documents and Settings\Tricia Pobjoy\My Documents\small business accountant.msam
[2011/05/23 18:45:20 | 001,778,688 | ---- | C] () -- C:\Documents and Settings\Tricia Pobjoy\My Documents\local business.msam
[2011/05/23 15:21:47 | 000,602,112 | ---- | C] () -- C:\Documents and Settings\Tricia Pobjoy\My Documents\small business marketing.msam
[2011/05/22 10:39:05 | 000,098,304 | ---- | C] () -- C:\Documents and Settings\Tricia Pobjoy\My Documents\small business strategic marketing.msam
[2011/05/22 10:21:34 | 000,256,000 | ---- | C] () -- C:\Documents and Settings\Tricia Pobjoy\My Documents\business venture.msam
[2011/05/22 09:41:21 | 000,278,528 | ---- | C] () -- C:\Documents and Settings\Tricia Pobjoy\My Documents\traffic.msam
[2011/05/21 23:48:41 | 000,102,400 | ---- | C] () -- C:\Documents and Settings\Tricia Pobjoy\My Documents\local business marketing.msam
[2011/05/21 23:00:02 | 000,200,704 | ---- | C] () -- C:\Documents and Settings\Tricia Pobjoy\My Documents\small business internet marketing.msam
[2011/05/20 23:53:36 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Market Samurai.lnk
[2011/05/20 23:53:35 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Market Samurai.lnk
[2010/05/16 13:17:00 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/05/05 22:12:46 | 000,082,289 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010/02/21 23:23:30 | 000,101,112 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/10/07 01:46:36 | 000,025,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2009/10/07 01:23:08 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/05/26 10:05:57 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/12/22 11:06:24 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2008/07/28 01:27:02 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/08/15 22:36:26 | 000,001,156 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2007/08/15 17:55:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/09/02 22:02:27 | 000,076,288 | ---- | C] () -- C:\Documents and Settings\Tricia Pobjoy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/07/05 22:59:16 | 000,000,021 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2005/06/16 00:32:57 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\FileOps.exe
[2005/03/17 11:52:34 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2005/03/02 19:42:59 | 000,000,004 | ---- | C] () -- C:\WINDOWS\RM_RESULT.DAT
[2005/03/02 12:53:24 | 000,000,076 | ---- | C] () -- C:\WINDOWS\System32\ntddetect.dat
[2005/03/02 12:52:38 | 000,000,056 | ---- | C] () -- C:\WINDOWS\sys5235.exe
[2005/03/02 12:02:58 | 000,007,280 | ---- | C] () -- C:\WINDOWS\kwv2.dat
[2005/03/02 11:54:29 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\chrpwf.exe
[2005/03/02 11:48:06 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\ljvhtf.exe
[2005/03/02 11:48:06 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\ljvhtd.exe
[2005/03/02 11:48:06 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\ljvht.dll
[2005/03/02 02:29:55 | 000,072,192 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
[2005/03/02 02:19:57 | 000,000,877 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2005/02/17 04:12:54 | 000,025,157 | ---- | C] () -- C:\WINDOWS\RMAgentOutput.dll
[2005/02/17 04:12:00 | 000,126,976 | ---- | C] () -- C:\WINDOWS\dllTSCLIBMT.dll
[2005/01/25 14:49:10 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\ZPORT4AS.dll
[2005/01/25 14:15:45 | 000,071,749 | ---- | C] () -- C:\WINDOWS\hcextoutput.dll
[2005/01/25 14:14:45 | 000,000,156 | ---- | C] () -- C:\WINDOWS\GetServer.ini
[2005/01/17 15:21:08 | 000,003,547 | -HS- | C] () -- C:\WINDOWS\System32\jtbif.dat
[2005/01/13 00:59:10 | 000,004,354 | -HS- | C] () -- C:\WINDOWS\System32\nekkm.dat
[2005/01/11 11:39:15 | 000,037,027 | ---- | C] () -- C:\WINDOWS\atmoUn.exe
[2004/12/31 17:33:42 | 000,018,638 | ---- | C] () -- C:\WINDOWS\System32\vbdata00.dat
[2004/12/30 23:45:23 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/12/27 06:29:32 | 000,000,056 | ---- | C] () -- C:\WINDOWS\nylin.dll
[2004/12/25 15:27:43 | 000,004,402 | -HS- | C] () -- C:\WINDOWS\nbvwo.dat
[2004/12/19 14:59:19 | 000,000,056 | ---- | C] () -- C:\WINDOWS\opkoo.dll
[2004/12/04 22:49:20 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Tricia Pobjoy\Local Settings\Application Data\fusioncache.dat
[2004/11/21 11:29:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ntyu.dll
[2004/11/21 11:02:23 | 000,000,049 | ---- | C] () -- C:\WINDOWS\pcconfig.dat
[2004/11/16 16:40:53 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/11/14 05:47:08 | 000,000,158 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/11/07 18:21:24 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\cwfzh.dll
[2004/11/06 20:33:19 | 000,000,024 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2004/10/31 17:33:34 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\v229.exe
[2004/10/30 05:21:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ipqx32.dll
[2004/10/15 16:27:43 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2004/10/15 13:43:57 | 000,002,048 | ---- | C] () -- C:\WINDOWS\BOOTSTAT.DAT
[2004/10/14 23:28:54 | 000,001,068 | ---- | C] () -- C:\WINDOWS\LEXSTAT.INI
[2004/10/10 21:51:24 | 000,000,045 | ---- | C] () -- C:\WINDOWS\BKKMEMLJ.ini
[2004/10/08 13:43:05 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2004/10/06 22:25:00 | 000,000,392 | ---- | C] () -- C:\Program Files\csbbcsbb_mpu_mirrors.bin
[2004/10/06 22:25:00 | 000,000,296 | ---- | C] () -- C:\Program Files\csbbcsbb_mpu_rules.dat
[2004/10/06 22:24:59 | 000,003,136 | ---- | C] () -- C:\Program Files\csbbcsbb_ss_edomains.bin
[2004/10/06 22:24:59 | 000,000,632 | ---- | C] () -- C:\Program Files\csbbcsbb_ron_campaigns.bin
[2004/10/06 22:24:59 | 000,000,272 | ---- | C] () -- C:\Program Files\csbbcsbb_ss_rules.dat
[2004/10/06 22:24:59 | 000,000,160 | ---- | C] () -- C:\Program Files\csbbcsbb_ron_rules.dat
[2004/10/06 22:24:59 | 000,000,008 | ---- | C] () -- C:\Program Files\csbbcsbb_ss_idomains.bin
[2004/10/06 22:24:58 | 000,006,736 | ---- | C] () -- C:\Program Files\csbbcsbb_usb_campaigns.bin
[2004/10/06 22:24:58 | 000,004,240 | ---- | C] () -- C:\Program Files\csbbcsbb_tsb_patterns.bin
[2004/10/06 22:24:58 | 000,003,272 | ---- | C] () -- C:\Program Files\csbbcsbb_tsb_edomains.bin
[2004/10/06 22:24:58 | 000,000,256 | ---- | C] () -- C:\Program Files\csbbcsbb_tsb_campaigns.bin
[2004/10/06 22:24:58 | 000,000,120 | ---- | C] () -- C:\Program Files\csbbcsbb_tsb_rules.dat
[2004/10/06 22:24:57 | 000,027,888 | ---- | C] () -- C:\Program Files\csbbcsbb_usb_patterns.bin
[2004/10/06 22:24:57 | 000,000,136 | ---- | C] () -- C:\Program Files\csbbcsbb_dictionary.bin
[2004/10/06 22:24:57 | 000,000,104 | ---- | C] () -- C:\Program Files\csbbcsbb_usb_rules.dat
[2004/10/06 22:24:56 | 000,001,200 | ---- | C] () -- C:\Program Files\csbbcsbb_promos.bin
[2004/10/06 22:24:49 | 000,000,581 | ---- | C] () -- C:\Program Files\csbbcsbb_checks.dat
[2004/10/03 12:42:29 | 000,000,400 | ---- | C] () -- C:\WINDOWS\Belt.ini
[2004/10/02 08:09:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\mfcqv.dll
[2004/10/01 18:33:46 | 000,000,679 | ---- | C] () -- C:\WINDOWS\TSC.ini
[2004/09/25 10:45:04 | 000,000,791 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/09/18 21:09:28 | 000,002,569 | ---- | C] () -- C:\WINDOWS\palfq.dat
[2004/09/16 15:08:25 | 000,036,801 | ---- | C] () -- C:\WINDOWS\driverhpsj.dll
[2004/09/01 17:35:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\addfo32.dll
[2004/09/01 14:57:55 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/08/21 13:13:27 | 000,007,110 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2004/06/27 09:00:00 | 000,077,257 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2004/06/10 22:42:50 | 000,000,023 | ---- | C] () -- C:\WINDOWS\System32\natbox.ini
[2004/05/12 11:46:45 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[2004/03/25 03:47:23 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\msbb321.dll
[2004/03/24 03:18:36 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\bH.dll
[2004/02/05 22:18:09 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Tricia Pobjoy\Application Data\dm.ini
[2004/02/04 17:57:03 | 000,000,174 | ---- | C] () -- C:\WINDOWS\System32\mcini.ini
[2004/01/28 13:33:56 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/01/28 13:33:52 | 000,447,028 | ---- | C] () -- C:\WINDOWS\System32\PERFH009.DAT
[2004/01/28 13:33:52 | 000,073,640 | ---- | C] () -- C:\WINDOWS\System32\PERFC009.DAT
[2004/01/28 13:33:35 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/01/28 13:21:44 | 000,000,549 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2003/10/16 14:47:46 | 000,028,768 | ---- | C] () -- C:\WINDOWS\System32\JAVAW.EXE
[2003/10/16 14:47:46 | 000,024,670 | ---- | C] () -- C:\WINDOWS\System32\JAVA.EXE
[2003/08/13 21:54:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/07/16 09:48:28 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/07/16 09:48:27 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/07/16 09:35:07 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/07/16 09:35:05 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/07/16 09:28:25 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/07/16 09:28:14 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/07/16 09:21:49 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/07/16 09:20:48 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/12/05 18:51:00 | 000,059,392 | R--- | C] () -- C:\WINDOWS\System32\streamhlp.dll
[2002/11/01 17:17:50 | 000,000,256 | ---- | C] () -- C:\WINDOWS\aucfg.ini
[2002/09/03 12:42:36 | 000,440,536 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2002/09/03 12:31:48 | 000,023,348 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2002/08/29 04:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\NOISE.DAT
[2002/07/04 16:05:34 | 000,000,269 | ---- | C] () -- C:\WINDOWS\tmupdate.ini
[2001/12/14 14:34:46 | 000,164,864 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[1999/07/23 14:46:48 | 000,000,116 | ---- | C] () -- C:\WINDOWS\AuHCcup1.ini
[1999/07/23 11:53:20 | 000,129,536 | ---- | C] () -- C:\WINDOWS\AuHCcup1.dll

========== Files - Unicode (All) ==========
[2007/10/21 18:00:54 | 000,000,000 | ---D | M](C:\WINDOWS\System32\? Star Wars Icons) -- C:\WINDOWS\System32\☺ Star Wars Icons
[2007/10/21 18:00:21 | 000,000,000 | ---D | C](C:\WINDOWS\System32\? Star Wars Icons) -- C:\WINDOWS\System32\☺ Star Wars Icons
[2005/03/10 14:08:23 | 000,000,056 | ---- | M] ()(C:\WINDOWS\System32\l?[bleep].exe) -- C:\WINDOWS\System32\lѕ[bleep].exe
[2005/01/11 20:05:07 | 000,000,056 | ---- | C] ()(C:\WINDOWS\System32\l?[bleep].exe) -- C:\WINDOWS\System32\lѕ[bleep].exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 3362 bytes -> C:\WINDOWS\Coffee Bean.bmp:tvnvc
@Alternate Data Stream - 3347 bytes -> C:\WINDOWS\ODBCINST.INI:ivoog
@Alternate Data Stream - 11388 bytes -> C:\WINDOWS\FeatherTexture.bmp:xluuo

< End of report >
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there lets see if we can resolve this

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE - HKLM\..\URLSearchHook: {347AF52A-7597-E937-0808-2A8D1263EAAD} - Reg Error: Key error. File not found
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant_bak = res://C:\WINDOWS\system32\mwdpy.dll/sp.html#37049
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: kernel32.dll = C:\WINDOWS\system32\mssearchnet.exe
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: mnihdk.exe = C:\WINDOWS\system\mnihdk.exe
    [2011/05/28 09:49:45 | 000,001,308 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\7c5376v2708801j145le6486u04v0gq8pv6
    [2011/05/28 09:49:44 | 000,001,308 | -HS- | M] () -- C:\Documents and Settings\Tricia Pobjoy\Local Settings\Application Data\7c5376v2708801j145le6486u04v0gq8pv6
    @Alternate Data Stream - 3362 bytes -> C:\WINDOWS\Coffee Bean.bmp:tvnvc
    @Alternate Data Stream - 3347 bytes -> C:\WINDOWS\ODBCINST.INI:ivoog
    @Alternate Data Stream - 11388 bytes -> C:\WINDOWS\FeatherTexture.bmp:xluuo

    :Files
    ipconfig /flushdns /c
    C:\Documents and Settings\Tricia Pobjoy\Local Settings\Application Data\7c5376v2708801j145le6486u04v0gq8pv6
    C:\Documents and Settings\All Users\Application Data\7c5376v2708801j145le6486u04v0gq8pv6

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image

FINALLY

Update and then run Malwarebytes - posting the resultant log
  • 0

#3
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
User returned
  • 0

#5
TriciaDP72

TriciaDP72

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
OTL Log:
OTL logfile created on: 6/1/2011 5:06:28 PM - Run 3
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Tricia Pobjoy\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.00 Mb Total Physical Memory | 200.56 Mb Available Physical Memory | 19.62% Memory free
2.37 Gb Paging File | 1.58 Gb Available in Paging File | 66.56% Paging File free
Paging file location(s): c:\pagefile.sys 1500 1500 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 1.94 Gb Free Space | 5.21% Space Free | Partition Type: NTFS
Drive D: | 3.12 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: TRICIA | User Name: Tricia Pobjoy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/01 17:05:55 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tricia Pobjoy\My Documents\Downloads\OTL(4).exe
PRC - [2011/04/30 07:57:06 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/04/26 02:18:23 | 000,140,952 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Tricia Pobjoy\Local Settings\Application Data\Google\Update\1.3.21.53\GoogleCrashHandler.exe
PRC - [2011/04/18 17:40:08 | 002,334,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/04/14 05:36:42 | 001,080,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/03/28 03:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2011/03/16 16:05:14 | 000,656,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2011/02/08 05:33:20 | 000,658,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2009/11/13 12:29:42 | 009,117,504 | ---- | M] (Western Digital) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
PRC - [2009/11/13 12:29:40 | 002,057,536 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
PRC - [2009/11/13 12:28:04 | 000,110,592 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
PRC - [2009/10/14 13:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
PRC - [2009/10/14 13:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2009/10/07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2009/06/16 09:58:08 | 000,020,480 | ---- | M] (Memeo) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
PRC - [2009/04/30 14:39:30 | 005,472,016 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Logitech Vid\Vid.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/04 10:10:26 | 000,030,152 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2007/11/01 17:13:26 | 000,151,552 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PCM4Everio\EverioService.exe
PRC - [2007/01/31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2007/01/04 14:38:18 | 000,112,336 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
PRC - [2004/10/04 04:47:04 | 000,098,304 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
PRC - [2004/10/04 03:40:50 | 000,118,784 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe


========== Modules (SafeList) ==========

aswMBR Log:
aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software
Run date: 2011-06-01 17:18:43
-----------------------------
17:18:43.984 OS Version: Windows 5.1.2600 Service Pack 3
17:18:43.984 Number of processors: 1 586 0x209
17:18:43.984 ComputerName: TRICIA UserName:
17:18:46.296 Initialize success
17:18:49.437 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
17:18:49.468 Disk 0 Vendor: WDC_WD400EB-75CPF0 06.04G06 Size: 38166MB BusType: 3
17:18:51.515 Disk 0 MBR read successfully
17:18:51.515 Disk 0 MBR scan
17:18:51.515 Disk 0 Windows XP default MBR code
17:18:53.515 Disk 0 scanning sectors +78156225
17:18:53.546 Disk 0 scanning C:\WINDOWS\system32\drivers
17:19:08.765 Service scanning
17:19:10.093 Disk 0 trace - called modules:
17:19:10.109 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
17:19:10.109 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86771ab8]
17:19:10.109 3 CLASSPNP.SYS[f78a5fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86774d98]
17:19:10.109 Scan finished successfully
17:21:14.734 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Tricia Pobjoy\Desktop\MBR.dat"
17:21:14.750 The log file has been saved successfully to "C:\Documents and Settings\Tricia Pobjoy\Desktop\aswMBR.txt"

Mbam Log:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6702

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

6/1/2011 7:06:06 PM
mbam-log-2011-06-01 (19-06-06).txt

Scan type: Full scan (C:\|)
Objects scanned: 241419
Time elapsed: 1 hour(s), 44 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


THANK YOU!!

Tricia
  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi Tricia - first we will update Internet Explorer to version 8, it is a lot more secure than the ancient version you have at the moment

Download and install IE8 from here

Then could you post all of the OTL log and let me know what problems you are currently experiencing :)
  • 0

#7
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP