Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Google Redirect/Browser Update Virsu


  • This topic is locked This topic is locked

#46
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Ok well the majority of the MBAM deletions were orphan registry entries

And three update registry keys that needed reseting

Could I have one more OTL from this system please and an update on the problems with the first
  • 0

Advertisements


#47
rbarnhart1

rbarnhart1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
I ran the Quick Scan with the original scan settings. It did not generate an Extras file. Here's the log:

OTL logfile created on: 6/11/2011 9:51:16 PM - Run 2
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Tamara\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.31 Gb Available Physical Memory | 65.97% Memory free
4.21 Gb Paging File | 3.06 Gb Available in Paging File | 72.54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 291.83 Gb Total Space | 178.52 Gb Free Space | 61.17% Space Free | Partition Type: NTFS
Drive D: | 6.26 Gb Total Space | 0.87 Gb Free Space | 13.98% Space Free | Partition Type: NTFS
Drive K: | 1.86 Gb Total Space | 1.70 Gb Free Space | 91.07% Space Free | Partition Type: FAT32

Computer Name: MY-PC | User Name: Tamara | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/30 11:31:06 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Tamara\Desktop\OTL.exe
PRC - [2011/04/01 20:17:08 | 000,067,400 | ---- | M] (Microsoft Corporation) -- C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe
PRC - [2010/09/07 11:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2009/11/23 20:53:58 | 004,781,352 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\WTouch\WTouchUser.exe
PRC - [2009/11/23 20:53:58 | 000,113,448 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\WTouch\WTouchService.exe
PRC - [2009/11/23 20:53:56 | 004,497,704 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\System32\Pen_Tablet.exe
PRC - [2009/11/23 20:53:56 | 001,823,528 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\System32\WTablet\Pen_TabletUser.exe
PRC - [2009/11/18 04:42:52 | 000,275,072 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
PRC - [2009/11/18 04:02:34 | 000,563,840 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe
PRC - [2009/11/18 04:02:34 | 000,173,696 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe
PRC - [2009/11/17 20:49:08 | 000,366,720 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe
PRC - [2009/09/15 19:47:44 | 000,878,080 | ---- | M] (ActMask Co.,Ltd - http://www.all2pdf.com) -- C:\WINDOWS\System32\PrintDisp.exe
PRC - [2009/06/16 07:38:34 | 000,077,824 | ---- | M] (ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM) -- C:\WINDOWS\System32\PrintCtrl.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2009/02/15 17:34:39 | 001,358,384 | R--- | M] (Linksys, LLC) -- C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe
PRC - [2008/12/12 19:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2008/12/12 19:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2008/09/16 12:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
PRC - [2008/06/02 18:50:34 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/06/02 18:50:32 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/01/19 03:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008/01/15 11:26:18 | 004,874,240 | ---- | M] (Realtek Semiconductor) -- C:\WINDOWS\RtHDVCpl.exe
PRC - [2007/11/09 13:35:06 | 000,077,876 | ---- | M] (SafeNet) -- C:\Program Files\Juniper\NetScreen-Remote\SafeCfg.exe
PRC - [2007/11/09 13:35:04 | 000,413,746 | ---- | M] (SafeNet) -- C:\Program Files\Juniper\NetScreen-Remote\IreIKE.exe
PRC - [2007/11/09 13:35:04 | 000,073,782 | ---- | M] (SafeNet) -- C:\Program Files\Juniper\NetScreen-Remote\IPSecMon.exe
PRC - [2007/08/29 22:12:30 | 000,344,064 | ---- | M] (Kmaestro) -- C:\Program Files\HP USB Multimedia Keyboard\Kmaestro.exe
PRC - [2007/01/08 15:51:56 | 000,053,248 | ---- | M] (Chicony) -- C:\WINDOWS\ModLEDKey.exe
PRC - [2006/11/02 08:35:35 | 000,176,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wpcumi.exe
PRC - [2006/09/28 09:42:24 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
PRC - [2006/09/03 14:32:28 | 000,208,896 | ---- | M] () -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
PRC - [2002/03/19 12:15:46 | 000,036,864 | ---- | M] (D-Link) -- C:\Program Files\WZCBDL Service\WZCBDLS.exe


========== Modules (SafeList) ==========

MOD - [2011/05/30 11:31:06 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Tamara\Desktop\OTL.exe
MOD - [2010/08/31 11:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (CLTNetCnService)
SRV - [2011/04/01 20:17:08 | 000,067,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe -- (MsDepSvc)
SRV - [2010/10/12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/08/22 15:20:39 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/04/21 13:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\System32\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/04/21 13:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2009/11/23 20:53:58 | 000,113,448 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\WTouch\WTouchService.exe -- (WTouchService)
SRV - [2009/11/23 20:53:56 | 004,497,704 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\WINDOWS\System32\Pen_Tablet.exe -- (TabletServicePen)
SRV - [2009/11/18 04:42:52 | 000,253,568 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2009/11/18 04:16:42 | 000,137,344 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2009/06/16 07:38:34 | 000,077,824 | ---- | M] (ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM) [Auto | Running] -- C:\WINDOWS\System32\PrintCtrl.exe -- (Printer Control)
SRV - [2009/04/11 02:28:17 | 000,052,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2008/12/12 19:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2008/09/16 12:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0)
SRV - [2008/06/02 18:50:34 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/11/09 13:35:04 | 000,413,746 | ---- | M] (SafeNet) [Auto | Running] -- C:\Program Files\Juniper\NetScreen-Remote\IreIKE.exe -- (IreIKE)
SRV - [2007/11/09 13:35:04 | 000,073,782 | ---- | M] (SafeNet) [Auto | Running] -- C:\Program Files\Juniper\NetScreen-Remote\IPSecMon.exe -- (IPSECMON)
SRV - [2006/09/11 20:02:44 | 000,544,256 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe -- (Remote UI Service) Intel®
SRV - [2006/09/11 20:01:04 | 000,167,936 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe -- (MCLServiceATL) Intel®
SRV - [2006/09/11 19:56:32 | 000,075,264 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe -- (ISSM) Intel®
SRV - [2006/09/11 19:56:20 | 000,188,416 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe -- (AlertService) Intel®
SRV - [2006/09/03 14:32:28 | 000,208,896 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe -- (DQLWinService)
SRV - [2006/09/01 03:47:56 | 000,026,624 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe -- (M1 Server) Intel® Viiv™
SRV - [2006/05/10 13:13:52 | 000,029,696 | R--- | M] (Intel® Corporation) [Auto | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe -- (IntelDHSvcConf)
SRV - [2002/03/19 12:15:46 | 000,036,864 | ---- | M] (D-Link) [Auto | Start_Pending] -- C:\Program Files\WZCBDL Service\WZCBDLS.exe -- (WZCBDLService)


========== Driver Services (SafeList) ==========

DRV - [2010/09/07 10:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/09/07 10:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/09/07 10:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/09/07 10:47:30 | 000,050,768 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2010/09/07 10:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/06/01 23:15:04 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/04/03 11:02:54 | 000,240,608 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\RsFx0150.sys -- (RsFx0150)
DRV - [2009/07/09 13:16:24 | 000,013,480 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\WacomVTHid.sys -- (WacomVTHid)
DRV - [2009/05/20 15:54:06 | 000,013,736 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2008/12/12 19:05:18 | 000,026,416 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\purendis.sys -- (purendis)
DRV - [2008/12/12 19:05:18 | 000,024,880 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\pnarp.sys -- (pnarp)
DRV - [2008/12/05 19:32:02 | 000,655,872 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\netr28u.sys -- (netr28u)
DRV - [2008/05/08 05:05:18 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2008/05/08 05:03:18 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2007/11/09 13:20:50 | 000,138,296 | ---- | M] (SafeNet) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\IpSecDrv.sys -- (IPSECDRV)
DRV - [2007/10/26 15:41:58 | 000,027,408 | ---- | M] (Deterministic Networks Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\vapco.sys -- (DniVap) SafeNet WAN Miniport (VA)
DRV - [2007/10/18 07:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/09/07 09:40:46 | 000,128,144 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\dne2000.sys -- (DNE)
DRV - [2007/02/16 15:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2006/07/13 14:14:16 | 000,004,608 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys -- (TSHWMDTCP)
DRV - [2005/12/12 12:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\PS2.sys -- (Ps2)
DRV - [2005/08/15 08:27:32 | 000,536,634 | ---- | M] (SafeNet) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\Crypto.sys -- (Crypto)
DRV - [2002/09/27 18:21:26 | 000,022,912 | ---- | M] (D-Link Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\System32\NIOC.sys -- (NIOC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...lion&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...lion&pf=desktop


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3253985537-1783120850-3274599005-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT2418376
IE - HKU\S-1-5-21-3253985537-1783120850-3274599005-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3253985537-1783120850-3274599005-1001\..\URLSearchHook: {DC94FEC3-3F89-46D5-B104-ABEBB4940DDA} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-3253985537-1783120850-3274599005-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3253985537-1783120850-3274599005-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========


FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/09/08 17:19:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/08 18:36:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/08 18:36:30 | 000,000,000 | ---D | M]

[2010/08/25 08:40:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tamara\AppData\Roaming\mozilla\Extensions
[2010/08/25 08:40:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tamara\AppData\Roaming\mozilla\Extensions\{fa12e233-4cc1-431c-be50-f3e47860a7ea}
[2009/07/31 10:30:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tamara\AppData\Roaming\mozilla\Extensions\[email protected]
[2011/06/10 18:13:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tamara\AppData\Roaming\mozilla\Firefox\Profiles\u7vwi61q.default\extensions
[2011/03/22 08:57:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Tamara\AppData\Roaming\mozilla\Firefox\Profiles\u7vwi61q.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/13 18:55:55 | 000,000,000 | ---D | M] (PageTheme) -- C:\Users\Tamara\AppData\Roaming\mozilla\Firefox\Profiles\u7vwi61q.default\extensions\{A5DCA3F5-ED5A-4ed3-9671-DBB0C68FA469}
[2011/06/10 17:46:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/04/17 11:33:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/06/08 18:36:25 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2009/11/19 18:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/11/19 18:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
[2011/06/08 18:36:27 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/06/10 17:46:24 | 000,000,098 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\Hewlett-Packard\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\Hewlett-Packard\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKU\S-1-5-21-3253985537-1783120850-3274599005-1001\..\Toolbar\WebBrowser: (My Power Mall Toolbar) - {AB455519-4E14-498B-A0A9-7DCEF42440FC} - File not found
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BtcMaestro] C:\Program Files\HP USB Multimedia Keyboard\KMaestro.exe (Kmaestro)
O4 - HKLM..\Run: [CCUTRAYICON] File not found
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LchDrv] C:\Windows\LchDrvKey.exe ()
O4 - HKLM..\Run: [ledpointer] C:\Windows\CNYHKey.exe (Chicony)
O4 - HKLM..\Run: [Linksys Wireless Manager] C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe (Linksys, LLC)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroCheck] C:\Windows\System32\\NeroCheck.exe ()
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [PrintDisp] C:\WINDOWS\System32\PrintDisp.exe (ActMask Co.,Ltd - http://www.all2pdf.com)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SkypeCtl] File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WPCUMI] C:\WINDOWS\System32\wpcumi.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Launcher] C:\WINDOWS\SMINST\Launcher.exe (soft thinks)
O7 - HKU\S-1-5-21-3253985537-1783120850-3274599005-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3253985537-1783120850-3274599005-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-3253985537-1783120850-3274599005-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\Hewlett-Packard\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 216.196.228.36 207.40.122.15 216.68.1.100
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/01/17 20:44:10 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/11/22 14:08:16 | 000,000,110 | -H-- | M] () - K:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/06/11 12:04:04 | 000,000,000 | ---D | C] -- C:\Users\Tamara\AppData\Roaming\Malwarebytes
[2011/06/11 12:03:58 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/06/11 12:03:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/06/11 12:03:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/06/11 12:03:55 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/06/11 12:03:55 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/06/11 12:03:30 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Tamara\Desktop\mbam-setup.exe
[2011/06/10 17:46:10 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/09 21:43:51 | 000,000,000 | ---D | C] -- C:\Users\Tamara\Desktop\tdsskiller
[2011/06/08 19:15:11 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Tamara\Desktop\OTL.exe
[2011/06/08 19:15:07 | 000,586,240 | ---- | C] (AVAST Software) -- C:\Users\Tamara\Desktop\aswMBR.exe
[2011/06/07 17:32:48 | 001,437,488 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Tamara\Desktop\TDSSKiller.exe
[2011/06/06 10:06:57 | 000,000,000 | ---D | C] -- C:\Users\Tamara\AppData\Roaming\TeamViewer
[2011/05/23 20:11:23 | 000,000,000 | ---D | C] -- C:\Users\Tamara\AppData\Roaming\TS3Client
[2011/05/23 20:08:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
[2011/05/23 20:08:16 | 000,000,000 | ---D | C] -- C:\Program Files\TeamSpeak 3 Client
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/11 21:15:57 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/11 21:15:57 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/11 21:02:59 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3253985537-1783120850-3274599005-1001UA.job
[2011/06/11 17:07:21 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3253985537-1783120850-3274599005-1001.job
[2011/06/11 15:58:03 | 000,000,438 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Tamara.job
[2011/06/11 13:15:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/11 13:15:20 | 2137,485,312 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/11 12:03:58 | 000,000,868 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/11 02:03:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3253985537-1783120850-3274599005-1001Core.job
[2011/06/10 17:46:24 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/06/09 21:26:18 | 001,305,136 | ---- | M] () -- C:\Users\Tamara\Desktop\tdsskiller.zip
[2011/06/08 19:15:58 | 000,743,952 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/06/08 19:15:57 | 000,153,924 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/06/07 17:32:48 | 001,437,488 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Tamara\Desktop\TDSSKiller.exe
[2011/05/30 18:30:46 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Tamara\Desktop\mbam-setup.exe
[2011/05/30 11:31:06 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Tamara\Desktop\OTL.exe
[2011/05/30 10:15:43 | 000,000,905 | ---- | M] () -- C:\Users\Tamara\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/05/30 10:05:58 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2011/05/30 10:05:58 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2011/05/30 10:05:44 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011/05/30 09:32:38 | 000,586,240 | ---- | M] (AVAST Software) -- C:\Users\Tamara\Desktop\aswMBR.exe
[2011/05/23 20:08:43 | 000,000,921 | ---- | M] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/11 12:03:58 | 000,000,868 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/09 21:43:41 | 001,305,136 | ---- | C] () -- C:\Users\Tamara\Desktop\tdsskiller.zip
[2011/06/08 18:36:31 | 000,000,820 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/05/30 10:05:44 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011/05/23 20:08:20 | 000,000,921 | ---- | C] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2011/03/13 18:56:53 | 000,043,520 | ---- | C] () -- C:\Windows\System32\sutil32.dll
[2011/01/30 09:45:04 | 000,552,448 | ---- | C] () -- C:\Windows\mHotkey.exe
[2011/01/30 09:45:04 | 000,294,912 | ---- | C] () -- C:\Windows\PIC.dll
[2011/01/30 09:45:04 | 000,049,152 | ---- | C] () -- C:\Windows\CNYUSB.dll
[2011/01/30 09:45:04 | 000,036,864 | ---- | C] () -- C:\Windows\LchDrvKey.exe
[2011/01/30 09:45:04 | 000,024,576 | ---- | C] () -- C:\Windows\HKNTDLL.dll
[2011/01/30 09:45:04 | 000,011,776 | ---- | C] () -- C:\Windows\HIDMNT.dll
[2011/01/30 09:45:04 | 000,005,120 | ---- | C] () -- C:\Windows\HKCYDLL.dll
[2011/01/30 09:45:04 | 000,000,360 | ---- | C] () -- C:\Windows\CNYHKey.ini
[2010/09/08 17:09:50 | 000,172,241 | ---- | C] () -- C:\Windows\hpoins37.dat
[2010/08/25 08:40:21 | 000,691,200 | ---- | C] () -- C:\Windows\System32\PrintLog.exe
[2010/08/25 08:40:21 | 000,524,288 | ---- | C] () -- C:\Windows\System32\PrtPass.exe
[2010/08/23 22:22:04 | 000,148,984 | ---- | C] () -- C:\Windows\hpoins19.dat
[2010/08/23 22:21:47 | 000,026,952 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2010/07/06 06:08:51 | 000,143,360 | ---- | C] () -- C:\Windows\System32\nsldap32v50.dll
[2010/06/27 03:52:42 | 000,000,029 | ---- | C] () -- C:\Windows\PControl.ini
[2010/03/21 08:52:28 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll
[2010/03/21 08:52:27 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll
[2010/02/02 16:05:58 | 000,000,558 | ---- | C] () -- C:\Windows\hpomdl37.dat
[2010/01/29 12:46:08 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/01/29 12:46:07 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/10/10 11:00:46 | 000,000,552 | ---- | C] () -- C:\Users\Tamara\AppData\Local\d3d8caps.dat
[2009/05/25 11:24:51 | 000,000,680 | ---- | C] () -- C:\Users\Tamara\AppData\Local\d3d9caps.dat
[2009/03/01 21:14:23 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/02/25 12:01:21 | 000,000,016 | ---- | C] () -- C:\Windows\popcinfo.dat
[2009/02/24 19:34:56 | 000,000,000 | ---- | C] () -- C:\Windows\Game.INI
[2008/11/14 19:37:16 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/03/29 08:51:08 | 000,031,007 | ---- | C] () -- C:\Users\Tamara\AppData\Roaming\UserTile.png
[2008/03/25 16:56:08 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1461.dll
[2008/01/24 21:23:45 | 000,000,715 | ---- | C] () -- C:\Windows\Edmark.ini
[2008/01/24 21:21:04 | 000,000,519 | ---- | C] () -- C:\Windows\pipeline.ini
[2008/01/23 22:35:09 | 000,000,087 | ---- | C] () -- C:\Windows\encore_launcher.ini
[2008/01/23 22:33:39 | 000,000,163 | ---- | C] () -- C:\Windows\compedia.ini
[2008/01/23 15:14:50 | 000,020,992 | ---- | C] () -- C:\Windows\jestertb.dll
[2008/01/23 14:24:57 | 000,000,035 | ---- | C] () -- C:\Windows\A4W.INI
[2008/01/23 14:15:30 | 000,000,196 | ---- | C] () -- C:\Windows\QTW.INI
[2008/01/01 12:40:47 | 000,083,216 | ---- | C] () -- C:\Windows\System32\KmRemove.exe
[2007/12/06 19:23:17 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2007/09/25 19:24:48 | 000,027,648 | ---- | C] () -- C:\Users\Tamara\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/09/18 16:19:17 | 000,000,110 | ---- | C] () -- C:\Users\Tamara\AppData\Roaming\wklnhst.dat
[2007/08/24 20:46:48 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1322.dll
[2007/03/06 11:49:42 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1227.dll
[2007/01/17 20:37:06 | 000,049,152 | ---- | C] () -- C:\Windows\System32\ChCfg.exe
[2007/01/17 20:32:58 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom24.dll
[2007/01/17 20:32:58 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes24.dll
[2007/01/17 20:23:22 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1114.dll
[2006/11/09 10:19:08 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,304,344 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,743,952 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,153,924 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/08/11 03:00:40 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/08/11 03:00:40 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/06/23 14:09:34 | 000,019,968 | R--- | C] () -- C:\Windows\System32\cpuinf32.dll
[2005/07/12 14:44:42 | 000,015,872 | ---- | C] () -- C:\Windows\System32\InsDrvZD64.DLL
[2004/09/16 16:24:26 | 003,375,104 | ---- | C] () -- C:\Windows\System32\qt-mt331.dll
[2004/03/23 16:38:00 | 000,028,672 | ---- | C] () -- C:\Windows\System32\InsDrvZD.dll
[2003/04/02 10:13:58 | 000,086,016 | ---- | C] () -- C:\Windows\System32\minunzip.dll
[2003/03/14 12:24:00 | 000,024,576 | ---- | C] () -- C:\Windows\System32\ZyDelReg.exe
[2002/06/09 13:07:30 | 000,053,315 | ---- | C] () -- C:\Windows\System32\DevCtrl.dll

========== LOP Check ==========

[2010/08/25 08:39:56 | 000,000,000 | ---D | M] -- C:\Users\Tamara\AppData\Roaming\AVE INTERVISION
[2010/07/03 09:15:04 | 000,000,000 | ---D | M] -- C:\Users\Tamara\AppData\Roaming\DAEMON Tools Lite
[2011/04/28 03:24:54 | 000,000,000 | ---D | M] -- C:\Users\Tamara\AppData\Roaming\FileZilla
[2009/08/05 21:35:23 | 000,000,000 | ---D | M] -- C:\Users\Tamara\AppData\Roaming\FrostWire
[2010/11/01 06:59:58 | 000,000,000 | ---D | M] -- C:\Users\Tamara\AppData\Roaming\GetRightToGo
[2010/06/20 17:47:19 | 000,000,000 | ---D | M] -- C:\Users\Tamara\AppData\Roaming\Image Zone Express
[2009/07/31 10:49:40 | 000,000,000 | ---D | M] -- C:\Users\Tamara\AppData\Roaming\LimeWire
[2010/07/03 09:25:15 | 000,000,000 | ---D | M] -- C:\Users\Tamara\AppData\Roaming\My Games
[2009/10/02 18:36:33 | 000,000,000 | ---D | M] -- C:\Users\Tamara\AppData\Roaming\Notepad++
[2010/11/16 19:10:14 | 000,000,000 | ---D | M] -- C:\Users\Tamara\AppData\Roaming\OverDrive
[2008/03/29 08:51:07 | 000,000,000 | ---D | M] -- C:\Users\Tamara\AppData\Roaming\PeerNetworking
[2009/08/23 20:32:04 | 000,000,000 | ---D | M] -- C:\Users\Tamara\AppData\Roaming\PlayFirst
[2008/06/16 22:05:02 | 000,000,000 | ---D | M] -- C:\Users\Tamara\AppData\Roaming\Printer Info Cache
[2007/09/04 11:02:06 | 000,000,000 | ---D | M] -- C:\Users\Tamara\AppData\Roaming\School Zone Preferences
[2011/06/06 10:06:57 | 000,000,000 | ---D | M] -- C:\Users\Tamara\AppData\Roaming\TeamViewer
[2007/09/18 16:19:19 | 000,000,000 | ---D | M] -- C:\Users\Tamara\AppData\Roaming\Template
[2011/06/01 12:52:01 | 000,000,000 | ---D | M] -- C:\Users\Tamara\AppData\Roaming\TS3Client
[2011/01/02 10:54:43 | 000,000,000 | ---D | M] -- C:\Users\Tamara\AppData\Roaming\Unity
[2011/04/23 10:46:34 | 000,000,000 | ---D | M] -- C:\Users\Tamara\AppData\Roaming\WinBatch
[2011/06/10 17:46:21 | 000,000,000 | RHSD | M] -- C:\Users\Tamara\AppData\Roaming\WindowsUpdate
[2010/08/22 14:56:33 | 000,000,000 | ---D | M] -- C:\Users\Tamara\AppData\Roaming\WTouch
[2011/06/11 13:13:52 | 000,032,588 | ---- | M] () -- C:\WINDOWS\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/10/29 02:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 23:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2007/11/14 10:15:05 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2007/11/14 10:15:05 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\WINDOWS\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/27 22:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 05:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/19 03:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: SVCHOST.EXE >
[2006/11/02 05:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\WINDOWS\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
[2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\WINDOWS\System32\svchost.exe
[2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\WINDOWS\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/19 03:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\WINDOWS\System32\userinit.exe
[2008/01/19 03:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\WINDOWS\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006/11/02 05:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\WINDOWS\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\WINDOWS\System32\winlogon.exe
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\WINDOWS\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006/11/02 05:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\WINDOWS\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008/01/19 03:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\WINDOWS\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/06/08 18:36:27 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/06/08 18:36:27 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/06/08 18:36:27 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/06/08 18:36:25 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/06/08 18:36:25 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/06/08 18:36:25 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\Tamara\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2011/06/06 01:28:58 | 001,011,768 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\Tamara\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2011/06/06 01:28:58 | 001,011,768 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\Tamara\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/06/06 01:28:58 | 001,011,768 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\Tamara\AppData\Local\Google\Chrome\Application\chrome.exe" [2011/06/06 01:28:58 | 001,011,768 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/05/30 10:05:44 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/05/30 10:05:44 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/05/30 10:05:44 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/05/30 10:05:45 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2011/05/30 10:05:45 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2010/08/20 17:00:18 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2010/08/20 17:00:18 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2010/08/20 17:00:18 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2010/08/20 17:00:18 | 002,388,264 | ---- | M] (Apple Inc.)

========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:17639624

< End of report >
  • 0

#48
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
How is it behaving now ?
  • 0

#49
rbarnhart1

rbarnhart1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
As of now, no sign of the virus. Although, I believe it showed up last night after I ran malewarebytes but before I ran the OTL scan. Should I try to do the Run/Fix step that failed the other day?
  • 0

#50
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
No need it looks as though the offending file was taken out before OTL failed

What is the current state of system number one ?

A few things to tidy up here and then I would like to wait for a day to ensure that nothing was missed

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE - HKU\S-1-5-21-3253985537-1783120850-3274599005-1001\..\URLSearchHook: {DC94FEC3-3F89-46D5-B104-ABEBB4940DDA} - Reg Error: Key error. File not found
    [2011/06/10 17:46:21 | 000,000,000 | RHSD | M] -- C:\Users\Tamara\AppData\Roaming\WindowsUpdate
    [2011/06/11 15:58:03 | 000,000,438 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Tamara.job

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

  • 0

#51
rbarnhart1

rbarnhart1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Virus keeps coming back on both systems...so I killed both computers, reset the router and reloaded operating system on both. Virus has been removed permanently :-). Thanks for your help.
  • 0

#52
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
A drastic solution - but in the circumstances probably the right one... Sorry I could not get a full resolution for you
  • 0

#53
rbarnhart1

rbarnhart1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Yeah, I know what you mean. It just got to the point that I had too much time invested. I appreciate all the work you did, though. If I have a problem in the future, I will stop by. :-)
  • 0

#54
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP