Windows Vista Recovery
#1
Posted 04 June 2011 - 04:26 PM
#2
Posted 04 June 2011 - 04:58 PM
Attached Files
#3
Posted 04 June 2011 - 04:58 PM
www.malwarebytes.org
Database version: 6705
Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421
6/4/2011 6:50:27 PM
mbam-log-2011-06-04 (18-50-27).txt
Scan type: Quick scan
Objects scanned: 183751
Time elapsed: 10 minute(s), 46 second(s)
Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 1
Files Infected: 8
Memory Processes Infected:
c:\programdata\sqoxnmcuxyw.exe (Trojan.FakeMS) -> 3656 -> Unloaded process successfully.
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sqoXnmCuXYw (Trojan.FakeMS) -> Value: sqoXnmCuXYw -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\WIlliam\AppData\Local\hiq.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.
Folders Infected:
c:\Users\WIlliam\AppData\Roaming\microsoft\Windows\start menu\Programs\antimalware doctor (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully.
Files Infected:
c:\programdata\sqoxnmcuxyw.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\programdata\31121144.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\Users\WIlliam\AppData\Local\Temp\tmpACA1.tmp (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\Users\WIlliam\local settings\application data\hiq.exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
c:\Users\WIlliam\local settings\application data\yue.exe (Trojan.ExeShell.Gen) -> Quarantined and deleted successfully.
c:\Users\WIlliam\AppData\Roaming\kernel33.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\WIlliam\AppData\Roaming\microsoft\Windows\start menu\Programs\antimalware doctor\antimalware doctor.lnk (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully.
c:\Users\WIlliam\AppData\Roaming\microsoft\Windows\start menu\Programs\antimalware doctor\uninstall.lnk (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully.
#4
Posted 06 June 2011 - 04:07 AM
Download RogueKiller to your desktop
- Quit all running programs
- For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
- When prompted, type 1 and validate
- The RKreport.txt shall be generated next to the executable.
- If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
THEN
Download OTL to your Desktop
- Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
- Select All Users
- Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT
- Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Post both logs
#5
Posted 06 June 2011 - 08:52 PM
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-to...-Remontees.html
Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User: WIlliam [Admin rights]
Mode: Scan -- Date : 06/06/2011 22:50:17
Bad processes: 1
[SUSP PATH] sttray.exe -- c:\windows\sttray.exe -> KILLED
Registry Entries: 5
[SUSP PATH] RNUpgradeHelperResumePrompt_WIlliam.job : c:\users\william\appdata\roaming\real\update\upgradehelper\realplayer\8.01\rnupgagent.exe -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
HOSTS File:
˙ž1
Finished : << RKreport[1].txt >>
RKreport[1].txt
#6
Posted 06 June 2011 - 09:04 PM
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\WIlliam\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.14 Gb Available Physical Memory | 57.20% Memory free
4.22 Gb Paging File | 3.25 Gb Available in Paging File | 76.83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.78 Gb Total Space | 162.04 Gb Free Space | 72.74% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.41 Gb Free Space | 64.08% Space Free | Partition Type: NTFS
Drive E: | 1.36 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Computer Name: WILLIAM-PC | User Name: WIlliam | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/06/06 22:53:02 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\WIlliam\Desktop\OTL.exe
PRC - [2011/06/04 19:21:30 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\realplayer\Update\realsched.exe
PRC - [2011/05/24 12:27:18 | 000,240,288 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10q_ActiveX.exe
PRC - [2011/04/01 05:11:52 | 000,428,640 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
PRC - [2010/09/02 15:23:28 | 001,638,400 | ---- | M] (Eastman Kodak Company) -- C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
PRC - [2010/05/07 18:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2010/01/15 08:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/12/12 18:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/09/29 13:38:50 | 000,081,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
========== Modules (SafeList) ==========
MOD - [2011/06/06 22:53:02 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\WIlliam\Desktop\OTL.exe
MOD - [2010/08/31 11:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV - [2011/05/17 23:12:37 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/04/01 05:11:52 | 000,428,640 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2010/05/07 18:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2008/12/12 18:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/02/06 17:47:12 | 000,105,248 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/11/07 14:27:02 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2006/09/29 13:38:50 | 000,081,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
========== Driver Services (SafeList) ==========
DRV - [2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/04/01 05:11:10 | 004,333,280 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech HD Webcam C270(UVC)
DRV - [2011/04/01 05:09:48 | 000,291,424 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2010/05/07 18:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/09/11 15:47:32 | 000,035,592 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2009/04/11 00:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2008/12/12 18:05:18 | 000,026,416 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\purendis.sys -- (purendis)
DRV - [2008/12/12 18:05:18 | 000,024,880 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\pnarp.sys -- (pnarp)
DRV - [2008/12/04 09:17:15 | 000,645,120 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WUSB54GCv3.sys -- (WUSB54GCv3)
DRV - [2008/01/19 00:25:05 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2007/10/12 01:56:00 | 001,279,000 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2007/02/06 17:44:36 | 001,964,064 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVMVdrv.sys -- (LVMVDrv)
DRV - [2007/02/06 17:42:40 | 001,691,808 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Lvckap.sys -- (LVcKap)
DRV - [2006/12/29 02:49:00 | 000,247,808 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr73.sys -- (netr73)
DRV - [2006/11/22 18:56:52 | 000,647,680 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2006/10/25 00:53:08 | 002,068,992 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/10/18 14:08:18 | 000,258,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2006/10/05 17:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/08/18 14:18:08 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/08/18 14:17:46 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/08/18 14:17:44 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/08/18 14:17:44 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/08/18 14:17:42 | 000,026,008 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/08/18 14:17:40 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/08/18 14:17:38 | 000,104,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/08/18 14:17:38 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/08/17 16:43:52 | 000,007,424 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Program Files\DellSupport\Drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/08/11 11:35:18 | 000,012,920 | ---- | M] (Roxio) [File_System | System | Stopped] -- C:\Windows\System32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/08/11 11:35:16 | 000,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2006/08/04 20:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...er/fix_homepage
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = http://search.msn.com/spbasic.htm
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...er/fix_homepage
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...er/fix_homepage
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...er/fix_homepage
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...er/fix_homepage
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =
IE - HKU\S-1-5-21-1873637470-368310328-3273697420-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKU\S-1-5-21-1873637470-368310328-3273697420-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-1873637470-368310328-3273697420-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1873637470-368310328-3273697420-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1873637470-368310328-3273697420-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/05/16 18:11:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/05/16 18:11:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/06/04 19:21:40 | 000,000,000 | ---D | M]
[2011/02/16 00:00:23 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\WIlliam\AppData\Roaming\Mozilla\Extensions
O1 HOSTS File: ([2011/06/05 11:50:58 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\S-1-5-21-1873637470-368310328-3273697420-1001\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Windows\sttray.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O7 - HKU\S-1-5-21-1873637470-368310328-3273697420-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\S-1-5-21-1873637470-368310328-3273697420-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKU\S-1-5-21-1873637470-368310328-3273697420-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 0
O7 - HKU\S-1-5-21-1873637470-368310328-3273697420-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKU\S-1-5-21-1873637470-368310328-3273697420-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-1873637470-368310328-3273697420-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1873637470-368310328-3273697420-1001\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-1873637470-368310328-3273697420-1001\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} http://www.logitech....Detection32.cab (Device Detection)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://www.popcap.co...ploader_v10.cab (PopCapLoader Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 65.32.5.111 65.32.5.112
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (GTGina.dll) - File not found
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img23.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img23.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: ('autocheck autochk *') - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-1873637470-368310328-3273697420-1001..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2011/06/06 22:53:02 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\WIlliam\Desktop\OTL.exe
[2011/06/06 22:50:16 | 000,000,000 | ---D | C] -- C:\Users\WIlliam\Desktop\RK_Quarantine
[2011/06/06 13:06:18 | 000,000,000 | ---D | C] -- C:\Users\WIlliam\AppData\Local\{3006B7E5-8F02-403A-81A1-200E05A06680}
[2011/06/05 11:50:57 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/04 19:21:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2011/06/04 19:21:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Real
[2011/06/04 16:15:06 | 000,000,000 | -H-D | C] -- C:\Users\WIlliam\AppData\Local\{152FAD2C-2DDB-4293-9DC6-8CF27B77C589}
[2011/06/04 16:14:44 | 000,000,000 | -H-D | C] -- C:\Users\WIlliam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Vista Recovery
[2011/06/04 15:35:46 | 000,000,000 | -H-D | C] -- C:\Users\WIlliam\AppData\Local\{C30FB443-323D-48D2-AD62-50AB47BE03E9}
[2011/05/31 13:16:43 | 000,000,000 | -H-D | C] -- C:\Users\WIlliam\AppData\Local\{BCA2A4B3-269A-4358-B71E-5B56CC022084}
[2011/05/28 18:07:11 | 000,000,000 | -H-D | C] -- C:\Users\WIlliam\AppData\Roaming\go
[2011/05/28 18:07:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Easybits GO
[2011/05/28 15:25:28 | 000,000,000 | -H-D | C] -- C:\Users\WIlliam\AppData\Local\{03D02B04-6868-4BEC-BBF3-23BAFBAFBFC4}
[2011/05/28 01:35:24 | 000,000,000 | -H-D | C] -- C:\Users\WIlliam\AppData\Local\{FFE006FA-24AC-4528-94B1-11A1324EC81B}
[2011/05/28 01:35:24 | 000,000,000 | -H-D | C] -- C:\Users\WIlliam\AppData\Local\{CAFE3401-3D89-4312-8000-800E9E1872AE}
[2011/05/27 13:23:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2011/05/24 12:27:12 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2011/05/24 12:27:12 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2011/05/24 12:27:11 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2011/05/23 17:15:00 | 000,000,000 | -H-D | C] -- C:\Users\WIlliam\AppData\Local\Windows Live
[2011/05/22 03:21:11 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2011/05/21 16:39:23 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2011/05/21 16:39:23 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2011/05/21 16:39:22 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2011/05/19 22:32:51 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011/05/16 18:11:10 | 000,000,000 | -H-D | C] -- C:\Users\WIlliam\AppData\Roaming\DivX
[2011/05/16 18:10:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine
[2011/05/16 18:10:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus
[2011/05/16 18:10:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2011/05/16 18:09:04 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2011/05/16 18:08:25 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2011/05/12 13:30:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype Extras
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/06/06 22:53:02 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\WIlliam\Desktop\OTL.exe
[2011/06/06 22:48:39 | 000,511,488 | ---- | M] () -- C:\Users\WIlliam\Desktop\RogueKiller.exe
[2011/06/06 21:52:04 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/06 21:52:04 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/06 12:30:50 | 000,002,401 | ---- | M] () -- C:\Users\WIlliam\Application Data\Microsoft\Internet Explorer\Quick Launch\Skype.lnk
[2011/06/06 00:45:00 | 000,013,055 | ---- | M] () -- C:\Users\WIlliam\Desktop\Single_User_Shortcuts.zip
[2011/06/06 00:00:00 | 000,000,664 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Run Full System Scan - WIlliam.job
[2011/06/05 11:56:38 | 000,599,588 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/06/05 11:56:38 | 000,103,088 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/06/05 11:53:44 | 000,000,951 | -H-- | M] () -- C:\Users\WIlliam\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer (3).lnk
[2011/06/05 11:52:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/05 11:50:58 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/06/05 00:41:56 | 000,000,951 | -H-- | M] () -- C:\Users\WIlliam\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer (2).lnk
[2011/06/05 00:12:41 | 000,000,951 | -H-- | M] () -- C:\Users\WIlliam\Desktop\Internet Explorer (2).lnk
[2011/06/05 00:04:41 | 000,000,951 | -H-- | M] () -- C:\Users\WIlliam\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk
[2011/06/04 19:21:31 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\System32\pncrt.dll
[2011/06/04 18:36:12 | 000,000,160 | ---- | M] () -- C:\ProgramData\~31121144r
[2011/06/04 18:36:12 | 000,000,136 | ---- | M] () -- C:\ProgramData\~31121144
[2011/06/04 16:18:09 | 000,000,400 | ---- | M] () -- C:\ProgramData\31121144
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/05/27 13:23:30 | 000,001,717 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2011/05/23 17:31:45 | 000,416,376 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/05/23 17:14:08 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2011/05/23 17:14:08 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2011/05/23 17:13:58 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011/05/22 03:21:02 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2011/05/22 03:20:55 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2011/05/19 10:23:31 | 000,010,108 | -HS- | M] () -- C:\Users\WIlliam\AppData\Local\3572q817521g0wy5u7bosv41hubmkdr15
[2011/05/19 10:23:31 | 000,010,108 | -HS- | M] () -- C:\ProgramData\3572q817521g0wy5u7bosv41hubmkdr15
[2011/05/16 18:32:33 | 000,084,992 | -H-- | M] () -- C:\Users\WIlliam\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/12 05:11:21 | 000,000,328 | -H-- | M] () -- C:\Users\WIlliam\Desktop\fix.reg
[2011/05/12 05:00:32 | 000,013,242 | -HS- | M] () -- C:\Users\WIlliam\AppData\Local\230t17d8r0p00q1761g3mnq4h8r4n7k5w62
[2011/05/12 05:00:32 | 000,013,242 | -HS- | M] () -- C:\ProgramData\230t17d8r0p00q1761g3mnq4h8r4n7k5w62
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/06/06 22:48:38 | 000,511,488 | ---- | C] () -- C:\Users\WIlliam\Desktop\RogueKiller.exe
[2011/06/06 00:45:00 | 000,013,055 | ---- | C] () -- C:\Users\WIlliam\Desktop\Single_User_Shortcuts.zip
[2011/06/05 11:53:44 | 000,000,951 | -H-- | C] () -- C:\Users\WIlliam\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer (3).lnk
[2011/06/05 00:41:56 | 000,000,951 | -H-- | C] () -- C:\Users\WIlliam\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer (2).lnk
[2011/06/05 00:41:44 | 000,002,401 | ---- | C] () -- C:\Users\WIlliam\Application Data\Microsoft\Internet Explorer\Quick Launch\Skype.lnk
[2011/06/05 00:12:41 | 000,000,951 | -H-- | C] () -- C:\Users\WIlliam\Desktop\Internet Explorer (2).lnk
[2011/06/05 00:04:41 | 000,000,951 | -H-- | C] () -- C:\Users\WIlliam\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk
[2011/06/04 16:14:45 | 000,000,160 | ---- | C] () -- C:\ProgramData\~31121144r
[2011/06/04 16:14:45 | 000,000,136 | ---- | C] () -- C:\ProgramData\~31121144
[2011/06/04 16:14:39 | 000,000,400 | ---- | C] () -- C:\ProgramData\31121144
[2011/05/24 12:27:12 | 000,001,717 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2011/05/23 17:17:26 | 000,002,027 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2011/05/23 17:13:58 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011/05/22 03:21:02 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2011/05/22 03:20:55 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2011/05/19 09:23:06 | 000,010,108 | -HS- | C] () -- C:\Users\WIlliam\AppData\Local\3572q817521g0wy5u7bosv41hubmkdr15
[2011/05/19 09:23:06 | 000,010,108 | -HS- | C] () -- C:\ProgramData\3572q817521g0wy5u7bosv41hubmkdr15
[2011/05/12 05:11:21 | 000,000,328 | -H-- | C] () -- C:\Users\WIlliam\Desktop\fix.reg
[2011/05/12 04:36:58 | 000,013,242 | -HS- | C] () -- C:\Users\WIlliam\AppData\Local\230t17d8r0p00q1761g3mnq4h8r4n7k5w62
[2011/05/12 04:36:58 | 000,013,242 | -HS- | C] () -- C:\ProgramData\230t17d8r0p00q1761g3mnq4h8r4n7k5w62
[2011/05/01 23:14:44 | 000,172,409 | -HS- | C] () -- C:\Users\WIlliam\AppData\Roaming\d1iQq.com
[2011/05/01 23:01:42 | 000,172,409 | -HS- | C] () -- C:\Users\WIlliam\AppData\Roaming\SQys5f.exe
[2011/05/01 23:01:42 | 000,172,409 | -HS- | C] () -- C:\Users\WIlliam\AppData\Roaming\oyq69.pif
[2011/05/01 23:01:42 | 000,172,409 | -HS- | C] () -- C:\Users\WIlliam\AppData\Roaming\m4ONx.pif
[2011/04/01 05:07:02 | 010,877,272 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2011/04/01 05:07:02 | 000,102,744 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2011/04/01 05:06:56 | 000,331,608 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2011/04/01 04:56:00 | 000,027,872 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2011/01/04 17:39:47 | 000,001,940 | -H-- | C] () -- C:\Users\WIlliam\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/12/11 01:30:37 | 000,000,025 | ---- | C] () -- C:\Windows\clofghls.dll
[2010/12/09 15:39:12 | 000,000,036 | ---- | C] () -- C:\Windows\mafosav.INI
[2010/08/08 19:10:09 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/08/08 06:51:43 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/08/08 06:51:43 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/08/08 00:07:31 | 000,015,312 | ---- | C] () -- C:\Windows\System32\RaCoInst.dat
[2010/05/07 18:46:36 | 000,014,168 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2010/05/07 18:43:30 | 000,025,824 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2010/03/14 08:33:40 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2008/05/16 10:12:35 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2007/03/25 17:56:21 | 000,118,784 | ---- | C] () -- C:\Windows\bwUnin-7.2.0.157-8876480SL.exe
[2007/02/26 22:13:52 | 000,007,592 | -H-- | C] () -- C:\Users\WIlliam\AppData\Local\d3d9caps.dat
[2007/02/18 23:15:55 | 000,001,500 | -H-- | C] () -- C:\Users\WIlliam\AppData\Roaming\wklnhst.dat
[2007/02/08 00:14:48 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat
[2007/02/08 00:13:23 | 000,000,029 | ---- | C] () -- C:\Windows\atid.ini
[2007/02/07 23:20:52 | 000,084,992 | -H-- | C] () -- C:\Users\WIlliam\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/02/07 22:31:20 | 000,001,361 | ---- | C] () -- C:\Windows\System32\WLAN.INI
[2007/02/06 17:42:40 | 001,691,808 | ---- | C] () -- C:\Windows\System32\drivers\Lvckap.sys
[2007/02/05 18:23:19 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2007/02/05 18:23:19 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2007/02/05 18:23:19 | 000,138,101 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2007/02/05 10:52:29 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2007/02/05 10:42:22 | 000,056,056 | ---- | C] () -- C:\Windows\System32\DLAAPI_W.DLL
[2007/02/05 10:42:21 | 000,000,149 | ---- | C] () -- C:\Windows\wininit.ini
[2006/11/07 15:25:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/02 08:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:44:53 | 000,416,376 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 06:33:01 | 000,599,588 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,103,088 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/09/17 00:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/17 00:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
========== LOP Check ==========
[2007/03/19 23:18:51 | 000,000,000 | -H-D | M] -- C:\Users\WIlliam\AppData\Roaming\acccore
[2007/03/19 23:19:52 | 000,000,000 | -H-D | M] -- C:\Users\WIlliam\AppData\Roaming\Aim
[2008/03/24 12:55:54 | 000,000,000 | -H-D | M] -- C:\Users\WIlliam\AppData\Roaming\Amazon
[2008/07/17 08:15:30 | 000,000,000 | -H-D | M] -- C:\Users\WIlliam\AppData\Roaming\Atari
[2010/07/15 19:19:37 | 000,000,000 | -H-D | M] -- C:\Users\WIlliam\AppData\Roaming\CD8872790FFB2047C1C6B310B8156A88
[2011/06/06 16:04:56 | 000,000,000 | -H-D | M] -- C:\Users\WIlliam\AppData\Roaming\go
[2007/09/19 19:20:35 | 000,000,000 | -H-D | M] -- C:\Users\WIlliam\AppData\Roaming\Leadertech
[2008/05/30 23:24:50 | 000,000,000 | -H-D | M] -- C:\Users\WIlliam\AppData\Roaming\MusicNet
[2007/11/06 00:10:19 | 000,000,000 | -H-D | M] -- C:\Users\WIlliam\AppData\Roaming\My Games
[2007/02/18 23:16:03 | 000,000,000 | -H-D | M] -- C:\Users\WIlliam\AppData\Roaming\Template
[2010/06/23 09:59:59 | 000,000,000 | -H-D | M] -- C:\Users\WIlliam\AppData\Roaming\Tific
[2011/06/05 11:51:09 | 000,032,638 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
< MD5 for: EXPLORER.EXE >
[2008/10/29 02:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 23:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2007/11/14 02:50:27 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2007/11/14 02:50:27 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/27 22:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 05:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/19 03:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\SoftwareDistribution\Download\b1d48c0a5500e900499764daaa6a0385\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
[2008/01/19 03:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
[2008/01/19 03:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
< MD5 for: SVCHOST.EXE >
[2006/11/02 05:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
[2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\SoftwareDistribution\Download\b1d48c0a5500e900499764daaa6a0385\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
< MD5 for: USERINIT.EXE >
[2008/01/19 03:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SoftwareDistribution\Download\b1d48c0a5500e900499764daaa6a0385\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008/01/19 03:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008/01/19 03:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/19 03:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006/11/02 05:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
< MD5 for: WINLOGON.EXE >
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006/11/02 05:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008/01/19 03:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\SoftwareDistribution\Download\b1d48c0a5500e900499764daaa6a0385\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
[2008/01/19 03:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
[2008/01/19 03:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
< %systemroot%\*. /mp /s >
< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/05/23 17:13:58 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/05/23 17:13:58 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/05/23 17:13:58 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/05/23 17:13:59 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: iexplore.exe
< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/05/23 17:13:58 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/05/23 17:13:58 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/05/23 17:13:58 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/05/23 17:13:59 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: iexplore.exe
< End of report >
#7
Posted 06 June 2011 - 09:05 PM
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\WIlliam\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.38 Gb Available Physical Memory | 68.89% Memory free
4.22 Gb Paging File | 3.81 Gb Available in Paging File | 90.24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.78 Gb Total Space | 173.94 Gb Free Space | 78.08% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.41 Gb Free Space | 64.08% Space Free | Partition Type: NTFS
Drive E: | 1.36 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Computer Name: WILLIAM-PC | User Name: WIlliam | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"FirstRunDisabled" = 0
"UacDisableNotify" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DoNotAllowExceptions" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe" = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Jukebox -- (Yahoo! Inc.)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0DDFA100-7B56-40B8-892D-B8F13E251A81}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{1132565F-3C83-426E-9844-FE8D28EC5F8B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{73281E20-C69E-4AF6-A00D-3CCF58DC473A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9F1471E8-6400-47DB-AACB-7FE4396FBC5C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E3AC3EF0-6A0C-4422-94B9-437647A7CAD1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{FE1371B8-2845-470D-9588-BEC65D498801}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{047E1AE2-B590-4A42-BA72-6D10FF33B666}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{09C80647-3EA5-4EB5-9429-95F5E0923291}" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"{0C291ED4-856B-4049-832A-EC6F08B8F690}" = protocol=6 | dir=in | app=c:\program files\aim7\aim.exe |
"{13A559F0-6DBE-413E-9FDE-83A4413653E9}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{19BE9B10-BC96-4E5E-BBD6-6E44802B1385}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{20AEDCFC-C867-45F2-9926-5902D2DE16B3}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{26B65086-BA25-4BCB-833D-0D53C6086A57}" = dir=in | app=c:\program files\msn messenger\livecall.exe |
"{2851E987-7D0F-466F-8354-C892AC3BAECF}" = protocol=6 | dir=in | app=c:\program files\stardock games\sins of a solar empire\sins of a solar empire.exe |
"{3DA44A1A-D2FF-4CDD-9941-3EDE95318F29}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{43F22ACE-2628-47BF-A59E-6FDDF1E9F277}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{47D45825-FDED-4AF0-8A37-53287E7A7B59}" = protocol=17 | dir=in | app=c:\program files\firefly studios\stronghold 2\stronghold2.exe |
"{4CA7F60C-0958-4012-8B4B-4D2DEF41FAD9}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{54AFE6EA-7A27-4252-8E51-6B3C35EAFA73}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{5C706C57-8A01-4620-8BAC-D6EE83972F76}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{61011F5E-D46A-42FC-AB46-0FC9528B50DB}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{68966B85-FBE7-45BE-8397-A222BE7D1548}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{7DA35BD4-C5F0-463B-ACF9-48107AEF84A6}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{860AFFA3-2AA6-4639-AE8E-070A66669CEC}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{8E6B7D44-1CD8-4CCB-9FE4-09FC8A7AB852}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{94BC56FC-F467-4271-81AE-8DFC7763CA14}" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"{9AF318B5-08BE-4420-9E7A-A3F8C5ADCC57}" = protocol=17 | dir=in | app=c:\program files\yahoo!\yahoo! music jukebox\yahoomusicengine.exe |
"{A49ABF66-DFAF-48EF-B5AF-1B74E78D90AD}" = protocol=6 | dir=in | app=c:\program files\firefly studios\stronghold 2\stronghold2.exe |
"{A7D1B3B6-3203-49BD-9522-565436796B3D}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{A934A941-B40F-4900-83C2-DBBBA8B0B6A9}" = protocol=17 | dir=in | app=c:\program files\stardock games\sins of a solar empire\sins of a solar empire.exe |
"{AE087BFF-4972-43A0-A294-DBE6F0521CD2}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"{B1A4D2CC-8C02-4C64-BD44-61C868A955AE}" = protocol=17 | dir=in | app=c:\program files\ubisoft\the settlers - rise of an empire\base\bin\settlers6.exe |
"{B707A364-30D7-45E2-9ADC-33A630DB1F69}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{BE9C732D-A394-4088-9029-8DFA490C8747}" = protocol=17 | dir=in | app=c:\program files\firaxis games\sid meier's civilization 4\civilization4.exe |
"{BECAD683-96A9-450D-83D7-107EBC1693B6}" = protocol=6 | dir=in | app=c:\program files\yahoo!\yahoo! music jukebox\yahoomusicengine.exe |
"{BF83257C-7BB5-4C17-8B30-1C38E7A3E016}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{C4BE3161-36B6-48B8-BEF4-82A5229F6A6E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CAB702C7-93B6-4D74-9084-84C10EA388FA}" = protocol=6 | dir=in | app=c:\program files\ubisoft\the settlers - rise of an empire\base\bin\settlers6.exe |
"{D064AD3B-F107-4410-9DAF-4FAFD1A9B2EE}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{D404176A-F020-46A9-B466-DBFBB99014E6}" = protocol=6 | dir=in | app=c:\program files\firaxis games\sid meier's civilization 4\civilization4.exe |
"{DAE9B9FC-908A-472A-B6A3-4E3E1D6D1A42}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E0FEBBB2-2E4E-4335-8DD3-97F0B4BFC977}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E5DACBA9-F693-43BE-BD17-4F548E103CDD}" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"{EC37E543-D364-4BBF-B149-61D4E013DA73}" = protocol=17 | dir=in | app=c:\program files\aim7\aim.exe |
"{FBA0B60E-1595-471F-A0D3-10A01260D039}" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5}" = Dell System Customization Wizard
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2357B8BC-88C9-4A72-818C-050CC4EB0778}" = AOL Install
"{281ECE39-F043-492B-8337-F2E546B5604A}" = PowerDVD
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java SE Runtime Environment 6
"{33BC9D7E-E790-495E-A4EA-CFB160C17A91}" = Logitech Gaming Software 5.08
"{350FB27C-CF62-4EF3-AF9D-70FF313FE221}" = iTunes
"{35725FBC-A136-4A46-9F29-091759D9BB93}" = MVision
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3E25E350-949F-4DB7-8288-2A60E018B4C1}" = Games, Music, & Photos Launcher
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{54F6C98F-94A0-421C-B90E-0B6A2A96A9CF}" = Pure Networks Platform
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5E68BB65-4059-4FE5-AAC4-0CD1D79BBDE2}" = EarthLink Setup Files
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FCDE341-328B-434B-9F21-AF5BADB57852}" = Symantec Technical Support Web Controls
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"{7D9B77E1-0078-0001-4447-ADD4C0A93D1D}" = Sansa Media Converter
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Documentation & Support Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1033-7B44-A70800000002}" = Adobe Reader 7.0.8
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CCFF1E13-77A2-4032-8B12-7566982A27DF}" = Internet Service Offers Launcher
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D3F80A98-05AB-4D8C-9272-766CCFA6A48D}" = THE SETTLERS - Rise of an Empire
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{EC3B8CA2-49B8-4D38-BE9C-ABD0F6029168}" = Yahoo! Music Jukebox
"{ECCA8FE7-767A-4C8A-9DAA-BAB60F877C41}" = Sins of a Solar Empire
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F08F36A8-7EEA-DB4D-00D1-2CA68C2DD445}" = ATI Catalyst Control Center Ex
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"{F855C3AE-992D-4B84-A09D-07103CDCDAC2}" = Compact Wireless-G USB Adapter
"{FC053571-8507-44E4-8B6D-AACEAB8CA57C}" = Sansa Media Converter
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player
"AIM_7" = AIM 7
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.3
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 PCI V.92 Modem
"DivX Setup.divx.com" = DivX Setup
"Google Desktop" = Google Desktop
"InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"Linksys Wireless Manager" = Linksys Wireless Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"RealPlayer 12.0" = RealPlayer
"Sins of a Solar Empire" = Sins of a Solar Empire
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Steam App 8930" = Sid Meier's Civilization V
"ViewpointMediaPlayer" = Viewpoint Media Player
"Virtools3DLifePlayer" = Virtools 3D Life Player
"WinLiveSuite" = Windows Live Essentials
"Yahoo! Messenger" = Yahoo! Messenger
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1873637470-368310328-3273697420-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 5/24/2011 3:48:41 PM | Computer Name = WIlliam-PC | Source = Application Error | ID = 1000
Description = Faulting application UMVPFSrv.exe, version 13.25.1014.0, time stamp
0x4d955c8d, faulting module UMVPL.dll, version 13.0.1774.0, time stamp 0x4be4bfff,
exception code 0xc0000005, fault offset 0x00001e1c, process id 0x4f4, application
start time 0x01cc1990c94e73c9.
Error - 6/4/2011 3:36:27 PM | Computer Name = WIlliam-PC | Source = Application Error | ID = 1000
Description = Faulting application msnmsgr.exe, version 15.4.3508.1109, time stamp
0x4cda7240, faulting module wlupdate.15.4.105.0.dll_unloaded, version 0.0.0.0,
time stamp 0x4c9afde5, exception code 0xc0000005, fault offset 0x676c7750, process
id 0xb6c, application start time 0x01cc22ee903205e0.
Error - 6/4/2011 4:22:38 PM | Computer Name = WIlliam-PC | Source = EventSystem | ID = 4609
Description =
Error - 6/4/2011 5:31:10 PM | Computer Name = WIlliam-PC | Source = EventSystem | ID = 4609
Description =
Error - 6/4/2011 5:32:58 PM | Computer Name = WIlliam-PC | Source = EventSystem | ID = 4609
Description =
Error - 6/4/2011 5:32:58 PM | Computer Name = WIlliam-PC | Source = SignInAssistant | ID = 0
Description =
Error - 6/4/2011 5:32:58 PM | Computer Name = WIlliam-PC | Source = SignInAssistant | ID = 0
Description =
Error - 6/4/2011 5:32:58 PM | Computer Name = WIlliam-PC | Source = SignInAssistant | ID = 0
Description =
Error - 6/4/2011 5:32:59 PM | Computer Name = WIlliam-PC | Source = SignInAssistant | ID = 0
Description =
Error - 6/4/2011 5:38:50 PM | Computer Name = WIlliam-PC | Source = System Restore | ID = 8193
Description =
[ System Events ]
Error - 6/4/2011 4:28:09 PM | Computer Name = WIlliam-PC | Source = Application Popup | ID = 876
Description = Driver DLACDBHM.SYS has been blocked from loading.
Error - 6/4/2011 4:40:06 PM | Computer Name = WIlliam-PC | Source = Application Popup | ID = 876
Description = Driver DLACDBHM.SYS has been blocked from loading.
Error - 6/4/2011 5:03:45 PM | Computer Name = WIlliam-PC | Source = Application Popup | ID = 876
Description = Driver DLACDBHM.SYS has been blocked from loading.
Error - 6/4/2011 5:29:20 PM | Computer Name = WIlliam-PC | Source = Application Popup | ID = 876
Description = Driver DLACDBHM.SYS has been blocked from loading.
Error - 6/4/2011 5:31:03 PM | Computer Name = WIlliam-PC | Source = DCOM | ID = 10005
Description =
Error - 6/4/2011 5:31:10 PM | Computer Name = WIlliam-PC | Source = DCOM | ID = 10005
Description =
Error - 6/4/2011 5:31:16 PM | Computer Name = WIlliam-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 6/4/2011 5:31:16 PM | Computer Name = WIlliam-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 6/4/2011 5:31:23 PM | Computer Name = WIlliam-PC | Source = DCOM | ID = 10005
Description =
Error - 6/4/2011 5:31:24 PM | Computer Name = WIlliam-PC | Source = DCOM | ID = 10005
Description =
< End of report >
#8
Posted 07 June 2011 - 07:10 AM
Run RogueKiller and select Option 6
THEN
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
:OTL
O3 - HKU\S-1-5-21-1873637470-368310328-3273697420-1001\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
2011/06/04 16:15:06 | 000,000,000 | -H-D | C] -- C:\Users\WIlliam\AppData\Local\{152FAD2C-2DDB-4293-9DC6-8CF27B77C589}
[2011/06/04 16:14:44 | 000,000,000 | -H-D | C] -- C:\Users\WIlliam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Vista Recovery
[2011/06/04 15:35:46 | 000,000,000 | -H-D | C] -- C:\Users\WIlliam\AppData\Local\{C30FB443-323D-48D2-AD62-50AB47BE03E9}
[2011/05/31 13:16:43 | 000,000,000 | -H-D | C] -- C:\Users\WIlliam\AppData\Local\{BCA2A4B3-269A-4358-B71E-5B56CC022084}
[2011/05/28 15:25:28 | 000,000,000 | -H-D | C] -- C:\Users\WIlliam\AppData\Local\{03D02B04-6868-4BEC-BBF3-23BAFBAFBFC4}
[2011/05/28 01:35:24 | 000,000,000 | -H-D | C] -- C:\Users\WIlliam\AppData\Local\{FFE006FA-24AC-4528-94B1-11A1324EC81B}
[2011/05/28 01:35:24 | 000,000,000 | -H-D | C] -- C:\Users\WIlliam\AppData\Local\{CAFE3401-3D89-4312-8000-800E9E1872AE}
[2011/06/04 18:36:12 | 000,000,160 | ---- | M] () -- C:\ProgramData\~31121144r
[2011/06/04 18:36:12 | 000,000,136 | ---- | M] () -- C:\ProgramData\~31121144
[2011/06/04 16:18:09 | 000,000,400 | ---- | M] () -- C:\ProgramData\31121144
[2011/05/19 10:23:31 | 000,010,108 | -HS- | M] () -- C:\ProgramData\3572q817521g0wy5u7bosv41hubmkdr15
[2011/05/16 18:32:33 | 000,084,992 | -H-- | M] () -- C:\Users\WIlliam\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/12 05:11:21 | 000,000,328 | -H-- | M] () -- C:\Users\WIlliam\Desktop\fix.reg
[2011/05/12 05:00:32 | 000,013,242 | -HS- | M] () -- C:\Users\WIlliam\AppData\Local\230t17d8r0p00q1761g3mnq4h8r4n7k5w62
[2011/05/12 05:00:32 | 000,013,242 | -HS- | M] () -- C:\ProgramData\230t17d8r0p00q1761g3mnq4h8r4n7k5w62
[2011/05/19 09:23:06 | 000,010,108 | -HS- | C] () -- C:\Users\WIlliam\AppData\Local\3572q817521g0wy5u7bosv41hubmkdr15
[2011/05/19 09:23:06 | 000,010,108 | -HS- | C] () -- C:\ProgramData\3572q817521g0wy5u7bosv41hubmkdr15
[2011/05/12 05:11:21 | 000,000,328 | -H-- | C] () -- C:\Users\WIlliam\Desktop\fix.reg
[2011/05/12 04:36:58 | 000,013,242 | -HS- | C] () -- C:\Users\WIlliam\AppData\Local\230t17d8r0p00q1761g3mnq4h8r4n7k5w62
[2011/05/12 04:36:58 | 000,013,242 | -HS- | C] () -- C:\ProgramData\230t17d8r0p00q1761g3mnq4h8r4n7k5w62
[2011/05/01 23:14:44 | 000,172,409 | -HS- | C] () -- C:\Users\WIlliam\AppData\Roaming\d1iQq.com
[2011/05/01 23:01:42 | 000,172,409 | -HS- | C] () -- C:\Users\WIlliam\AppData\Roaming\SQys5f.exe
[2011/05/01 23:01:42 | 000,172,409 | -HS- | C] () -- C:\Users\WIlliam\AppData\Roaming\oyq69.pif
[2011/05/01 23:01:42 | 000,172,409 | -HS- | C] () -- C:\Users\WIlliam\AppData\Roaming\m4ONx.pif
:files
attrib -H c:\*.* /s /d /c
ipconfig /flushdns /c
C:\Users\WIlliam\AppData\Local\230t17d8r0p00q1761g3mnq4h8r4n7k5w62
C:\ProgramData\230t17d8r0p00q1761g3mnq4h8r4n7k5w62
C:\Users\WIlliam\AppData\Local\3572q817521g0wy5u7bosv41hubmkdr15
C:\ProgramData\3572q817521g0wy5u7bosv41hubmkdr15
:Commands
[purity]
[resethosts]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot] - Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
#9
Posted 07 June 2011 - 09:42 AM
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\WIlliam\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.36 Gb Available Physical Memory | 67.99% Memory free
4.22 Gb Paging File | 3.64 Gb Available in Paging File | 86.25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.78 Gb Total Space | 159.93 Gb Free Space | 71.79% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.41 Gb Free Space | 64.08% Space Free | Partition Type: NTFS
Drive E: | 1.36 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Computer Name: WILLIAM-PC | User Name: WIlliam | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/06/06 22:53:02 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\WIlliam\Desktop\OTL.exe
PRC - [2011/06/04 19:21:30 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\realplayer\Update\realsched.exe
PRC - [2011/04/01 05:11:52 | 000,428,640 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
PRC - [2010/09/02 15:23:28 | 001,638,400 | ---- | M] (Eastman Kodak Company) -- C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
PRC - [2010/05/07 18:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2010/01/15 08:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/12/12 18:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/11/22 18:56:00 | 000,303,104 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\sttray.exe
PRC - [2006/09/29 13:38:50 | 000,081,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
========== Modules (SafeList) ==========
MOD - [2011/06/06 22:53:02 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\WIlliam\Desktop\OTL.exe
MOD - [2010/08/31 11:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV - [2011/05/17 23:12:37 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/04/01 05:11:52 | 000,428,640 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2010/05/07 18:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2008/12/12 18:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/02/06 17:47:12 | 000,105,248 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/11/07 14:27:02 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2006/09/29 13:38:50 | 000,081,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
========== Driver Services (SafeList) ==========
DRV - [2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/04/01 05:11:10 | 004,333,280 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech HD Webcam C270(UVC)
DRV - [2011/04/01 05:09:48 | 000,291,424 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2010/05/07 18:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/09/11 15:47:32 | 000,035,592 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2009/04/11 00:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2008/12/12 18:05:18 | 000,026,416 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\purendis.sys -- (purendis)
DRV - [2008/12/12 18:05:18 | 000,024,880 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\pnarp.sys -- (pnarp)
DRV - [2008/12/04 09:17:15 | 000,645,120 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WUSB54GCv3.sys -- (WUSB54GCv3)
DRV - [2008/01/19 00:25:05 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2007/10/12 01:56:00 | 001,279,000 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2007/02/06 17:44:36 | 001,964,064 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVMVdrv.sys -- (LVMVDrv)
DRV - [2007/02/06 17:42:40 | 001,691,808 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Lvckap.sys -- (LVcKap)
DRV - [2006/12/29 02:49:00 | 000,247,808 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr73.sys -- (netr73)
DRV - [2006/11/22 18:56:52 | 000,647,680 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2006/10/25 00:53:08 | 002,068,992 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/10/18 14:08:18 | 000,258,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2006/10/05 17:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/08/18 14:18:08 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/08/18 14:17:46 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/08/18 14:17:44 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/08/18 14:17:44 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/08/18 14:17:42 | 000,026,008 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/08/18 14:17:40 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/08/18 14:17:38 | 000,104,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/08/18 14:17:38 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/08/17 16:43:52 | 000,007,424 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Program Files\DellSupport\Drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/08/11 11:35:18 | 000,012,920 | ---- | M] (Roxio) [File_System | System | Stopped] -- C:\Windows\System32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/08/11 11:35:16 | 000,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2006/08/04 20:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...er/fix_homepage
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = http://search.msn.com/spbasic.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/05/16 18:11:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/05/16 18:11:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/06/04 19:21:40 | 000,000,000 | ---D | M]
[2011/02/16 00:00:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\WIlliam\AppData\Roaming\Mozilla\Extensions
O1 HOSTS File: ([2011/06/07 11:33:21 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Windows\sttray.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} http://www.logitech....Detection32.cab (Device Detection)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://www.popcap.co...ploader_v10.cab (PopCapLoader Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 65.32.5.111 65.32.5.112
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (GTGina.dll) - File not found
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img23.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img23.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: ('autocheck autochk *') - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/06/07 11:36:08 | 000,000,000 | ---D | C] -- C:\Users\WIlliam\AppData\Local\{74AC0B42-4B4D-4164-9E19-69AE2B09CFB4}
[2011/06/06 22:53:02 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\WIlliam\Desktop\OTL.exe
[2011/06/06 22:50:16 | 000,000,000 | ---D | C] -- C:\Users\WIlliam\Desktop\RK_Quarantine
[2011/06/06 13:06:18 | 000,000,000 | ---D | C] -- C:\Users\WIlliam\AppData\Local\{3006B7E5-8F02-403A-81A1-200E05A06680}
[2011/06/05 11:50:57 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/04 19:21:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2011/06/04 19:21:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Real
[2011/06/04 16:15:06 | 000,000,000 | ---D | C] -- C:\Users\WIlliam\AppData\Local\{152FAD2C-2DDB-4293-9DC6-8CF27B77C589}
[2011/05/28 18:07:11 | 000,000,000 | ---D | C] -- C:\Users\WIlliam\AppData\Roaming\go
[2011/05/28 18:07:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Easybits GO
[2011/05/27 13:23:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2011/05/24 12:27:12 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2011/05/24 12:27:12 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2011/05/24 12:27:11 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2011/05/23 17:15:00 | 000,000,000 | ---D | C] -- C:\Users\WIlliam\AppData\Local\Windows Live
[2011/05/22 03:21:11 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2011/05/21 16:39:23 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2011/05/21 16:39:23 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2011/05/21 16:39:22 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2011/05/19 22:32:51 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011/05/16 18:11:10 | 000,000,000 | ---D | C] -- C:\Users\WIlliam\AppData\Roaming\DivX
[2011/05/16 18:10:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine
[2011/05/16 18:10:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus
[2011/05/16 18:10:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2011/05/16 18:09:04 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2011/05/16 18:08:25 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2011/05/12 13:30:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype Extras
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/06/07 11:34:58 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/07 11:34:58 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/07 11:34:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/07 11:33:21 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/06/06 23:19:41 | 000,002,401 | ---- | M] () -- C:\Users\WIlliam\Application Data\Microsoft\Internet Explorer\Quick Launch\Skype.lnk
[2011/06/06 22:53:02 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\WIlliam\Desktop\OTL.exe
[2011/06/06 22:48:39 | 000,511,488 | ---- | M] () -- C:\Users\WIlliam\Desktop\RogueKiller.exe
[2011/06/06 00:45:00 | 000,013,055 | ---- | M] () -- C:\Users\WIlliam\Desktop\Single_User_Shortcuts.zip
[2011/06/06 00:00:00 | 000,000,664 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Run Full System Scan - WIlliam.job
[2011/06/05 11:56:38 | 000,599,588 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/06/05 11:56:38 | 000,103,088 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/06/05 11:53:44 | 000,000,951 | ---- | M] () -- C:\Users\WIlliam\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer (3).lnk
[2011/06/05 00:41:56 | 000,000,951 | ---- | M] () -- C:\Users\WIlliam\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer (2).lnk
[2011/06/05 00:12:41 | 000,000,951 | ---- | M] () -- C:\Users\WIlliam\Desktop\Internet Explorer (2).lnk
[2011/06/05 00:04:41 | 000,000,951 | ---- | M] () -- C:\Users\WIlliam\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk
[2011/06/04 19:21:31 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\System32\pncrt.dll
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/05/27 13:23:30 | 000,001,717 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2011/05/27 13:23:29 | 000,001,719 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2011/05/23 17:35:13 | 000,000,945 | ---- | M] () -- C:\Users\WIlliam\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/05/23 17:31:45 | 000,416,376 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/05/23 17:14:08 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2011/05/23 17:14:08 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2011/05/23 17:13:58 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011/05/22 03:21:02 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2011/05/22 03:20:55 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/06/07 11:30:11 | 000,002,223 | ---- | C] () -- C:\Users\WIlliam\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Music Jukebox.lnk
[2011/06/07 11:30:11 | 000,002,032 | ---- | C] () -- C:\Users\Public\Desktop\ Sansa Media Converter.lnk
[2011/06/07 11:30:11 | 000,001,878 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/06/07 11:30:11 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/06/07 11:30:11 | 000,001,719 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2011/06/07 11:30:11 | 000,001,693 | ---- | C] () -- C:\Users\WIlliam\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk
[2011/06/07 11:30:11 | 000,001,669 | ---- | C] () -- C:\Users\Public\Desktop\AIM.lnk
[2011/06/07 11:30:11 | 000,001,475 | ---- | C] () -- C:\Users\Public\Desktop\Logitech Webcam Software .lnk
[2011/06/07 11:30:11 | 000,000,945 | ---- | C] () -- C:\Users\WIlliam\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/06/07 11:30:11 | 000,000,940 | ---- | C] () -- C:\Users\WIlliam\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/06/07 11:30:11 | 000,000,788 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2011/06/07 11:30:11 | 000,000,780 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/07 11:30:11 | 000,000,258 | ---- | C] () -- C:\Users\WIlliam\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2011/06/07 11:30:11 | 000,000,240 | ---- | C] () -- C:\Users\WIlliam\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2011/06/06 22:48:38 | 000,511,488 | ---- | C] () -- C:\Users\WIlliam\Desktop\RogueKiller.exe
[2011/06/06 00:45:00 | 000,013,055 | ---- | C] () -- C:\Users\WIlliam\Desktop\Single_User_Shortcuts.zip
[2011/06/05 11:53:44 | 000,000,951 | ---- | C] () -- C:\Users\WIlliam\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer (3).lnk
[2011/06/05 00:41:56 | 000,000,951 | ---- | C] () -- C:\Users\WIlliam\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer (2).lnk
[2011/06/05 00:41:44 | 000,002,401 | ---- | C] () -- C:\Users\WIlliam\Application Data\Microsoft\Internet Explorer\Quick Launch\Skype.lnk
[2011/06/05 00:12:41 | 000,000,951 | ---- | C] () -- C:\Users\WIlliam\Desktop\Internet Explorer (2).lnk
[2011/06/05 00:04:41 | 000,000,951 | ---- | C] () -- C:\Users\WIlliam\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk
[2011/05/24 12:27:12 | 000,001,717 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2011/05/23 17:17:26 | 000,002,027 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2011/05/23 17:13:58 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011/05/22 03:21:02 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2011/05/22 03:20:55 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2011/04/01 05:07:02 | 010,877,272 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2011/04/01 05:07:02 | 000,102,744 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2011/04/01 05:06:56 | 000,331,608 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2011/04/01 04:56:00 | 000,027,872 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2011/01/04 17:39:47 | 000,001,940 | -H-- | C] () -- C:\Users\WIlliam\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/12/11 01:30:37 | 000,000,025 | ---- | C] () -- C:\Windows\clofghls.dll
[2010/12/09 15:39:12 | 000,000,036 | ---- | C] () -- C:\Windows\mafosav.INI
[2010/08/08 19:10:09 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/08/08 06:51:43 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/08/08 06:51:43 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/08/08 00:07:31 | 000,015,312 | ---- | C] () -- C:\Windows\System32\RaCoInst.dat
[2010/05/07 18:46:36 | 000,014,168 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2010/05/07 18:43:30 | 000,025,824 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2010/03/14 08:33:40 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2008/05/16 10:12:35 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2007/03/25 17:56:21 | 000,118,784 | ---- | C] () -- C:\Windows\bwUnin-7.2.0.157-8876480SL.exe
[2007/02/26 22:13:52 | 000,007,592 | ---- | C] () -- C:\Users\WIlliam\AppData\Local\d3d9caps.dat
[2007/02/18 23:15:55 | 000,001,500 | ---- | C] () -- C:\Users\WIlliam\AppData\Roaming\wklnhst.dat
[2007/02/08 00:14:48 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat
[2007/02/08 00:13:23 | 000,000,029 | ---- | C] () -- C:\Windows\atid.ini
[2007/02/07 22:31:20 | 000,001,361 | ---- | C] () -- C:\Windows\System32\WLAN.INI
[2007/02/06 17:42:40 | 001,691,808 | ---- | C] () -- C:\Windows\System32\drivers\Lvckap.sys
[2007/02/05 18:23:19 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2007/02/05 18:23:19 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2007/02/05 18:23:19 | 000,138,101 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2007/02/05 10:52:29 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2007/02/05 10:42:22 | 000,056,056 | ---- | C] () -- C:\Windows\System32\DLAAPI_W.DLL
[2007/02/05 10:42:21 | 000,000,149 | ---- | C] () -- C:\Windows\wininit.ini
[2006/11/07 15:25:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/02 08:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:44:53 | 000,416,376 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 06:33:01 | 000,599,588 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,103,088 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/09/17 00:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/17 00:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
========== LOP Check ==========
[2007/03/19 23:18:51 | 000,000,000 | ---D | M] -- C:\Users\WIlliam\AppData\Roaming\acccore
[2007/03/19 23:19:52 | 000,000,000 | ---D | M] -- C:\Users\WIlliam\AppData\Roaming\Aim
[2008/03/24 12:55:54 | 000,000,000 | ---D | M] -- C:\Users\WIlliam\AppData\Roaming\Amazon
[2008/07/17 08:15:30 | 000,000,000 | ---D | M] -- C:\Users\WIlliam\AppData\Roaming\Atari
[2010/07/15 19:19:37 | 000,000,000 | ---D | M] -- C:\Users\WIlliam\AppData\Roaming\CD8872790FFB2047C1C6B310B8156A88
[2011/06/07 08:04:53 | 000,000,000 | ---D | M] -- C:\Users\WIlliam\AppData\Roaming\go
[2007/09/19 19:20:35 | 000,000,000 | ---D | M] -- C:\Users\WIlliam\AppData\Roaming\Leadertech
[2008/05/30 23:24:50 | 000,000,000 | ---D | M] -- C:\Users\WIlliam\AppData\Roaming\MusicNet
[2007/11/06 00:10:19 | 000,000,000 | ---D | M] -- C:\Users\WIlliam\AppData\Roaming\My Games
[2007/02/18 23:16:03 | 000,000,000 | ---D | M] -- C:\Users\WIlliam\AppData\Roaming\Template
[2010/06/23 09:59:59 | 000,000,000 | ---D | M] -- C:\Users\WIlliam\AppData\Roaming\Tific
[2011/06/07 11:33:55 | 000,032,638 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report >
#10
Posted 07 June 2011 - 09:43 AM
#11
Posted 07 June 2011 - 09:52 AM
Subject to no further problems
I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems
Now the best part of the day ----- Your log now appears clean
A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
:Commands
[resethosts]
[purity]
[emptytemp]
[EMPTYFLASH]
[Reboot]
- Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.
We will now confirm that your hidden files are set to that, as some of the tools I use will change that
- Click Start.
- Open My Computer.
- Select the Tools menu and click Folder Options.
- Select the View Tab.
- Under the Hidden files and folders heading select Do not show hidden files and folders.
- Click Yes to confirm.
- Click OK.
SPRING CLEAN
To manually create a new Restore Point
- Go to Control Panel and select System
- Select System
- On the left select System Protection and accept the warning if you get one
- Select System Protection Tab
- Select Create at the bottom
- Type in a name i.e. Clean
- Select Create
Now we can purge the infected ones
- GoStart > All programs > Accessories > system tools page
- Select Performance Information and Tools
- Right click Disc cleanup an select run as administrator
- Select Your main drive and accept the warning if you get one
- For a few moments the system will make some calculations
- Select the More Options tab
- In the System Restore and Shadow Backups select Clean up
- Select Delete on the pop up
- Select OK
- Select Delete
Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
Malwarebytes. Update and run weekly to keep your system clean
Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link
It is critical to have both a firewall and anti virus to protect your system and to keep them updated.
To keep your operating system up to date visit
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?
Keep safe
#12
Posted 07 June 2011 - 10:37 AM
#13
Posted 07 June 2011 - 10:50 AM
#14
Posted 09 June 2011 - 07:23 AM
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users