Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

TR/Kazy.27265

Started by Lesle , Jun 28 2011 01:17 AM

  • Please log in to reply

#16
michaelg9
Posted 18 July 2011 - 01:29 PM

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Hello,

Usually, a single BSoD isn't something to worry about, but when they occur often, then you need to do something.

Let's re-check the computer:

  • Double click on OTL icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open a notepad window, OTL.Txt. This is saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it in your topic



Next:
  • Run Malware Bytes AntiMalware (MBAM)
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.


After that, tell me how's your computer working and if there are any problems.
Also do the steps in my previous post, and see what's going on with the AOL problem
  • 0

Advertisements

#17
Lesle
Posted 19 July 2011 - 06:21 PM

Lesle

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Here's the OTL report:

OTL logfile created on: 7/19/2011 8:31:34 PM - Run 4
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Users\Leslie\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.68 Gb Available Physical Memory | 61.24% Memory free
5.49 Gb Paging File | 4.25 Gb Available in Paging File | 77.47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 220.78 Gb Total Space | 171.75 Gb Free Space | 77.79% Space Free | Partition Type: NTFS

Computer Name: LESLIE-PC | User Name: Leslie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/28 02:06:59 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Leslie\Desktop\OTL.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010/12/09 15:28:24 | 001,226,608 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/12/08 17:15:44 | 000,063,360 | ---- | M] (DivX, LLC) -- C:\Program Files (x86)\DivX\DivX Plus Web Player\DDMService.exe
PRC - [2010/02/02 00:10:14 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010/02/02 00:10:10 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2010/01/15 08:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/09/10 09:42:30 | 000,349,480 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
PRC - [2009/08/28 05:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
PRC - [2009/08/18 05:42:08 | 001,157,128 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2009/08/04 01:09:34 | 000,199,464 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
PRC - [2009/07/10 17:48:34 | 000,373,248 | ---- | M] (Orbiscom Ltd. All rights reserved.) -- C:\Program Files (x86)\UCS\Virtual Account Numbers\CitiUCS.exe
PRC - [2009/07/10 17:43:28 | 000,145,920 | ---- | M] (Orbiscom Ltd.) -- C:\Windows\SysWOW64\OBroker.exe
PRC - [2009/07/03 22:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2009/04/16 03:52:06 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
PRC - [2008/07/29 23:29:26 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe


========== Modules (SafeList) ==========

MOD - [2011/06/28 02:06:59 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Leslie\Desktop\OTL.exe
MOD - [2010/08/21 01:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/11/11 14:36:38 | 000,282,616 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2010/11/11 14:36:38 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/09/30 18:44:58 | 000,844,320 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2009/07/29 08:03:42 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/03 22:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/09/10 09:42:46 | 000,305,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)
SRV - [2009/08/28 05:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/03/11 02:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/10/28 23:57:54 | 000,254,464 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\windrvr6.sys -- (WinDriver6)
DRV:64bit: - [2010/10/24 21:25:38 | 000,072,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/07/01 17:52:18 | 000,051,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2009/10/02 01:33:48 | 000,946,688 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
DRV:64bit: - [2009/08/21 05:18:16 | 002,978,296 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/08/09 23:07:14 | 000,222,208 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/07/29 18:11:24 | 006,038,016 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/07/27 03:04:36 | 000,058,880 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/18 08:12:32 | 000,272,432 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/02 07:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009/06/02 07:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009/06/02 07:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2009/05/09 01:14:20 | 000,015,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2009/05/05 04:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/05 04:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2009/05/04 09:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009/04/03 10:39:58 | 000,034,872 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV - [2009/03/25 23:16:08 | 000,025,608 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\Drivers\DKbFltr.sys -- (DKbFltr) Dritek Keyboard Filter Driver (64-bit)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...e4z1l5t4872y410
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...e4z1l5t4872y410

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://new.lds.org/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: ""
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.lds.org"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: citiucs@orbiscom:3.7.11.0
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7550
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26


FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/02/03 10:52:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\citiucs@orbiscom: C:\Program Files (x86)\UCS\Virtual Account Numbers [2010/11/12 00:56:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2010/12/22 01:59:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2010/12/22 01:59:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/06/30 14:16:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/07/15 16:16:24 | 000,000,000 | ---D | M]

[2009/12/28 22:38:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Leslie\AppData\Roaming\Mozilla\Extensions
[2011/07/19 10:32:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Leslie\AppData\Roaming\Mozilla\Firefox\Profiles\7hu15y0z.default\extensions
[2010/11/23 14:49:06 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Leslie\AppData\Roaming\Mozilla\Firefox\Profiles\7hu15y0z.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/07/16 21:31:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/06/04 14:58:36 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010/07/22 10:48:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/07/22 11:21:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/02 16:44:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/09 14:40:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/02/24 00:11:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/07/16 21:31:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2010/12/22 01:59:29 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO
[2010/12/22 01:59:29 | 000,000,000 | ---D | M] (DivX HiQ) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA
[2010/11/12 00:56:19 | 000,000,000 | ---D | M] (Virtual Account Numbers for Firefox) -- C:\PROGRAM FILES (X86)\UCS\VIRTUAL ACCOUNT NUMBERS
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/07/06 17:17:18 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - File not found
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (OToolbarHelper Class) - {7AED0DC9-374E-440D-B966-BE292971225B} - C:\Program Files (x86)\UCS\Virtual Account Numbers\CitiUCSHelper.dll (Orbiscom Ltd. All rights reserved.)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - File not found
O3 - HKLM\..\Toolbar: (Virtual Account Numbers) - {A1BDF46B-9DE6-4090-8791-84F26E00934C} - C:\Program Files (x86)\UCS\Virtual Account Numbers\CitiUCSToolbar.dll (Orbiscom Ltd. All rights reserved.)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files (x86)\Acer\Acer Assist\launcher.exe ()
O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UCS Virtual Account Numbers] C:\Program Files (x86)\UCS\Virtual Account Numbers\CitiUCS.exe (Orbiscom Ltd. All rights reserved.)
O4 - Startup: C:\Users\Leslie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicr...osoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://sundanceglob...br/ieatgpc1.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 12.127.17.85 4.2.2.2
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - Reg Error: Key error. File not found
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/19 20:29:38 | 000,000,000 | R--D | C] -- C:\Users\Leslie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8
[2011/07/19 10:24:45 | 000,000,000 | ---D | C] -- C:\Users\Leslie\AppData\Local\{49E3863A-A827-49FA-8D44-27F30756795B}
[2011/07/16 21:33:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011/07/16 15:12:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011/07/15 16:15:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2011/07/15 16:11:43 | 000,000,000 | ---D | C] -- C:\Users\Leslie\AppData\Local\{30849B9B-6C09-4099-88B1-6D6D5595776B}
[2011/07/13 15:13:00 | 000,000,000 | ---D | C] -- C:\Users\Leslie\AppData\Local\{D4EF02A0-7B36-4171-B128-73AFB2A06EAB}
[2011/07/12 16:15:04 | 000,000,000 | ---D | C] -- C:\Users\Leslie\AppData\Local\{AC9A64B5-774F-44F6-81C7-FB14058AD393}
[2011/07/09 23:13:51 | 000,000,000 | ---D | C] -- C:\Users\Leslie\AppData\Local\{66B8F75F-DE25-4CDA-8078-F1E2252F55FD}
[2011/07/09 11:26:21 | 000,000,000 | ---D | C] -- C:\Users\Leslie\AppData\Local\{8E0525D7-7CAF-428A-8406-25FDC30D0BD0}
[2011/07/08 12:27:11 | 000,000,000 | ---D | C] -- C:\Users\Leslie\AppData\Local\{EC385171-28ED-4031-B959-683B8E47E262}
[2011/07/08 00:13:52 | 000,000,000 | ---D | C] -- C:\Users\Leslie\AppData\Local\{CD65CD6B-E04E-40D4-B267-3F252655DF30}
[2011/07/07 12:13:12 | 000,000,000 | ---D | C] -- C:\Users\Leslie\AppData\Local\{83C35DC4-758C-4855-83D4-EABA9A635C11}
[2011/07/07 00:11:55 | 000,000,000 | ---D | C] -- C:\Users\Leslie\AppData\Local\{94CAAD4A-4F60-44A0-97D0-55EE34135EFB}
[2011/07/06 17:29:07 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/07/06 17:17:31 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2011/07/06 16:54:09 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/07/06 16:54:09 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/07/06 16:54:09 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/07/06 16:54:00 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/07/06 16:53:51 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/07/06 16:53:34 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2011/07/06 16:52:41 | 004,132,986 | R--- | C] (Swearware) -- C:\Users\Leslie\Desktop\ComboFix.exe
[2011/07/06 14:25:25 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/07/06 14:16:10 | 000,000,000 | ---D | C] -- C:\Users\Leslie\Desktop\MBR
[2011/07/06 14:01:53 | 000,000,000 | ---D | C] -- C:\Users\Leslie\Desktop\aswMBR Scan Log
[2011/07/06 13:57:06 | 001,925,512 | ---- | C] (AVAST Software) -- C:\Users\Leslie\Desktop\aswMBR.exe
[2011/07/06 12:10:46 | 000,000,000 | ---D | C] -- C:\Users\Leslie\AppData\Local\{4CD7ACA0-0A98-4B55-B3CC-10E988B34EED}
[2011/07/04 23:46:38 | 000,000,000 | ---D | C] -- C:\Users\Leslie\AppData\Local\{7A578AAA-9FA6-4B93-8E1F-3799FFB1E45E}
[2011/07/04 09:53:33 | 000,000,000 | ---D | C] -- C:\Users\Leslie\AppData\Local\{502E2A80-F3B0-4F51-A9AE-8514397FCFB0}
[2011/07/03 09:53:15 | 000,000,000 | ---D | C] -- C:\Users\Leslie\AppData\Local\{35B0768D-DFC0-4D4D-AB24-58AD82B70A60}
[2011/07/02 16:54:38 | 000,000,000 | ---D | C] -- C:\Users\Leslie\AppData\Local\{E0FA78E4-D7B8-4B8D-89BF-262C93A47DB0}
[2011/07/02 16:25:09 | 000,000,000 | ---D | C] -- C:\Users\Leslie\AppData\Local\{844E5E3E-9DD4-49E1-8008-353E2CA7A002}
[2011/07/01 13:48:19 | 000,000,000 | ---D | C] -- C:\Users\Leslie\AppData\Local\{6ABD9162-5DB1-4A27-A50E-05D63E9A08AE}
[2011/06/30 11:38:48 | 000,000,000 | ---D | C] -- C:\Users\Leslie\AppData\Local\{867AB03F-4179-44F4-B5C9-C39C5F2DAE67}
[2011/06/29 09:33:03 | 000,000,000 | ---D | C] -- C:\Users\Leslie\AppData\Local\{B3E2847F-5021-477F-B5D0-135010E782C0}
[2011/06/28 12:23:37 | 000,000,000 | ---D | C] -- C:\Users\Leslie\AppData\Local\{DE8B0F94-5158-4618-B16E-E4EC03D3BD1B}
[2011/06/28 02:06:19 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Users\Leslie\Desktop\OTL.exe
[2011/06/23 16:57:19 | 000,000,000 | ---D | C] -- C:\Users\Leslie\AppData\Roaming\Malwarebytes
[2011/06/23 16:55:38 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/06/23 16:55:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/06/23 16:55:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/06/23 16:55:26 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/06/23 16:55:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/06/22 11:00:23 | 000,000,000 | ---D | C] -- C:\Users\Leslie\AppData\Roaming\Sammsoft

========== Files - Modified Within 30 Days ==========

[2011/07/19 19:54:24 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/19 19:54:24 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/07/19 19:45:27 | 000,000,632 | RHS- | M] () -- C:\Users\Leslie\ntuser.pol
[2011/07/19 19:44:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/07/19 19:44:17 | 2211,483,648 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/16 15:12:48 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/07/15 16:16:24 | 000,001,983 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/07/14 20:31:55 | 000,582,016 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/07/11 11:51:42 | 001,605,700 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/07/11 11:51:42 | 000,454,498 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/07/11 11:51:42 | 000,005,376 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/07/08 00:33:47 | 000,001,401 | ---- | M] () -- C:\Users\Leslie\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/07/08 00:24:25 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2011/07/08 00:24:10 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2011/07/06 20:43:11 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/06 17:17:18 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/07/06 16:53:24 | 004,132,986 | R--- | M] (Swearware) -- C:\Users\Leslie\Desktop\ComboFix.exe
[2011/07/06 14:11:06 | 000,000,566 | ---- | M] () -- C:\Users\Leslie\Desktop\MBR.zip
[2011/07/06 14:04:09 | 000,000,512 | ---- | M] () -- C:\Users\Leslie\Desktop\MBR.dat
[2011/07/06 13:59:34 | 001,925,512 | ---- | M] (AVAST Software) -- C:\Users\Leslie\Desktop\aswMBR.exe
[2011/06/28 02:06:59 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Leslie\Desktop\OTL.exe
[2011/06/26 02:45:56 | 000,256,000 | ---- | M] () -- C:\Windows\PEV.exe
[2011/06/20 13:02:37 | 000,000,574 | ---- | M] () -- C:\Users\Leslie\AppData\Roaming\wklnhst.dat

========== Files Created - No Company Name ==========

[2011/07/16 15:12:48 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/07/15 16:16:24 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/07/15 16:16:24 | 000,001,983 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/07/08 00:24:25 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2011/07/08 00:24:10 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2011/07/06 16:54:09 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/07/06 16:54:09 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/07/06 16:54:09 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/07/06 16:54:09 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/07/06 16:54:09 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/07/06 14:11:06 | 000,000,566 | ---- | C] () -- C:\Users\Leslie\Desktop\MBR.zip
[2011/07/06 14:04:09 | 000,000,512 | ---- | C] () -- C:\Users\Leslie\Desktop\MBR.dat
[2011/06/23 16:55:40 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/09 18:36:21 | 000,005,342 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/12/01 16:03:46 | 000,000,430 | ---- | C] () -- C:\Windows\Disney.ini
[2010/07/08 11:48:31 | 000,001,571 | ---- | C] () -- C:\Windows\Faxcpp1.ini
[2010/07/08 11:48:31 | 000,000,422 | ---- | C] () -- C:\Windows\Faxcpp.ini
[2010/07/08 11:48:12 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\Twscan32.dll
[2010/07/08 11:48:11 | 000,241,664 | ---- | C] () -- C:\Windows\SysWow64\Image32.dll
[2010/07/08 11:48:11 | 000,122,880 | ---- | C] () -- C:\Windows\SysWow64\Png32.dll
[2010/07/08 11:48:11 | 000,110,592 | ---- | C] () -- C:\Windows\SysWow64\Jpeg32.dll
[2010/07/08 11:48:11 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\Tga32.dll
[2010/07/08 11:48:11 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\Pcx32.dll
[2010/05/01 17:44:47 | 000,014,848 | ---- | C] () -- C:\Users\Leslie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/03 10:52:04 | 000,023,115 | ---- | C] () -- C:\Windows\hpqins15.dat
[2010/01/19 21:38:42 | 000,000,574 | ---- | C] () -- C:\Users\Leslie\AppData\Roaming\wklnhst.dat
[2010/01/18 22:35:15 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/01/12 16:16:23 | 000,157,570 | ---- | C] () -- C:\Windows\hpoins28.dat
[2009/12/28 22:38:31 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/12/28 20:32:49 | 000,000,246 | ---- | C] () -- C:\Windows\wininit.ini
[2009/12/06 03:46:05 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2009/12/06 03:46:05 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2009/12/06 03:46:05 | 000,020,480 | ---- | C] () -- C:\Windows\USB_VIDEO_REG.exe
[2009/12/06 03:46:05 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini
[2009/11/06 02:44:46 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2007/12/12 20:01:47 | 000,000,932 | ---- | C] () -- C:\Windows\hpomdl28.dat

========== LOP Check ==========

[2009/12/28 19:32:16 | 000,000,000 | ---D | M] -- C:\Users\Leslie\AppData\Roaming\Acer
[2010/03/14 20:54:59 | 000,000,000 | ---D | M] -- C:\Users\Leslie\AppData\Roaming\Avery
[2010/08/12 14:22:40 | 000,000,000 | ---D | M] -- C:\Users\Leslie\AppData\Roaming\eSobi
[2010/12/13 19:51:43 | 000,000,000 | ---D | M] -- C:\Users\Leslie\AppData\Roaming\IrfanView
[2009/12/28 19:32:12 | 000,000,000 | ---D | M] -- C:\Users\Leslie\AppData\Roaming\Leadertech
[2011/02/16 16:16:04 | 000,000,000 | ---D | M] -- C:\Users\Leslie\AppData\Roaming\ooVoo Details
[2010/04/24 13:40:41 | 000,000,000 | ---D | M] -- C:\Users\Leslie\AppData\Roaming\OpenOffice.org
[2011/06/23 15:36:54 | 000,000,000 | ---D | M] -- C:\Users\Leslie\AppData\Roaming\Sammsoft
[2011/04/17 15:12:37 | 000,000,000 | ---D | M] -- C:\Users\Leslie\AppData\Roaming\Template
[2011/07/03 09:51:21 | 000,032,646 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >



Here's the MBAM quick scan report:

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7207

Windows 6.1.7600
Internet Explorer 9.0.8112.16421

7/19/2011 9:24:19 PM
mbam-log-2011-07-19 (21-24-19).txt

Scan type: Quick scan
Objects scanned: 234790
Time elapsed: 6 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Since I did just the quick scan, should I do the full scan? I've used my flashdrives since I did the previous full scan.

Should I do the scans with my flashdrives plugged in? They have been used on more public computers. Or are they not likely to be a problem? I did the above scans without them.

Btw, can't use mail in either Firefox or IE on the Admin acct. Will follow your other suggestions next.
Thanks!!

Edited by Lesle, 19 July 2011 - 07:29 PM.

  • 0

#18
Lesle
Posted 19 July 2011 - 09:13 PM

Lesle

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
I went back to your last post to follow those instructions to try to address the AOL problem, and the part about the hidden files I'm still not clear on. I set up a new user account, but still haven't copied stuff and carried it over, because of the hidden files and the things you said not to copy (which I could not find). I updated the browsers, cleared caches, changed password, updated Java (I think). I set security for IE back to default, but couldn't seem to figure out how to do that for Firefox.

Firefox lets me sign in to mail, but does not open it. If I click "basic version" it opens improperly, stuff is not in the right spot, nothing works, so I can't read mail (or even see where it is, actually). IE will try to load, but will not even give me the option to open the basic version. From your link, it worked, but if I try to sign in, it automatically loads, but it loads improperly. I can see the normal page, except it is missing stuff at the top, buttons to open mail, etc. I can see my file folders, but I can't open any of them if I click on them.


The OTL Custom Scan/Fix with the ":Reg..." fix that you quoted I ran and here is that report:

========== REGISTRY ==========
HKEY_LOCAL_MACHINE\System\CCS\Services\Tcpip\Parameters\\"DhcpNameServer" |4.2.2.2 /E : value set successfully!
========== COMMANDS ==========
Error: Unable to interpret < netsh winsock show catalog /c> in the current context!

OTL by OldTimer - Version 3.2.24.1 log created on 07192011_222604

Then you wanted me to run another OTL Quick Scan, and here is that report:

OTL logfile created on: 7/19/2011 10:26:39 PM - Run 5
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Users\Leslie\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.62 Gb Available Physical Memory | 58.92% Memory free
5.49 Gb Paging File | 4.19 Gb Available in Paging File | 76.32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 220.78 Gb Total Space | 171.75 Gb Free Space | 77.79% Space Free | Partition Type: NTFS

Computer Name: LESLIE-PC | User Name: Leslie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/28 02:06:59 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Leslie\Desktop\OTL.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010/12/09 15:28:24 | 001,226,608 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/12/08 17:15:44 | 000,063,360 | ---- | M] (DivX, LLC) -- C:\Program Files (x86)\DivX\DivX Plus Web Player\DDMService.exe
PRC - [2010/02/02 00:10:14 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010/02/02 00:10:10 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2010/01/15 08:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/09/10 09:42:30 | 000,349,480 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
PRC - [2009/08/28 05:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
PRC - [2009/08/18 05:42:08 | 001,157,128 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2009/08/04 01:09:34 | 000,199,464 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
PRC - [2009/07/10 17:48:34 | 000,373,248 | ---- | M] (Orbiscom Ltd. All rights reserved.) -- C:\Program Files (x86)\UCS\Virtual Account Numbers\CitiUCS.exe
PRC - [2009/07/10 17:43:28 | 000,145,920 | ---- | M] (Orbiscom Ltd.) -- C:\Windows\SysWOW64\OBroker.exe
PRC - [2009/07/03 22:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2009/04/16 03:52:06 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
PRC - [2008/07/29 23:29:26 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe


========== Modules (SafeList) ==========

MOD - [2011/06/28 02:06:59 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Leslie\Desktop\OTL.exe
MOD - [2010/08/21 01:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2009/07/13 21:09:00 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\normaliz.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/11/11 14:36:38 | 000,282,616 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2010/11/11 14:36:38 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/09/30 18:44:58 | 000,844,320 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2009/07/29 08:03:42 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/03 22:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/09/10 09:42:46 | 000,305,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)
SRV - [2009/08/28 05:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/03/11 02:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/10/28 23:57:54 | 000,254,464 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\windrvr6.sys -- (WinDriver6)
DRV:64bit: - [2010/10/24 21:25:38 | 000,072,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/07/01 17:52:18 | 000,051,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2009/10/02 01:33:48 | 000,946,688 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
DRV:64bit: - [2009/08/21 05:18:16 | 002,978,296 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/08/09 23:07:14 | 000,222,208 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/07/29 18:11:24 | 006,038,016 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/07/27 03:04:36 | 000,058,880 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/18 08:12:32 | 000,272,432 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/02 07:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009/06/02 07:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009/06/02 07:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2009/05/09 01:14:20 | 000,015,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2009/05/05 04:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/05 04:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2009/05/04 09:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009/04/03 10:39:58 | 000,034,872 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV - [2009/03/25 23:16:08 | 000,025,608 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\Drivers\DKbFltr.sys -- (DKbFltr) Dritek Keyboard Filter Driver (64-bit)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...e4z1l5t4872y410
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...e4z1l5t4872y410

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://new.lds.org/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: ""
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.lds.org"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: citiucs@orbiscom:3.7.11.0
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7550
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26


FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/02/03 10:52:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\citiucs@orbiscom: C:\Program Files (x86)\UCS\Virtual Account Numbers [2010/11/12 00:56:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2010/12/22 01:59:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2010/12/22 01:59:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/06/30 14:16:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/07/15 16:16:24 | 000,000,000 | ---D | M]

[2009/12/28 22:38:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Leslie\AppData\Roaming\Mozilla\Extensions
[2011/07/19 21:57:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Leslie\AppData\Roaming\Mozilla\Firefox\Profiles\7hu15y0z.default\extensions
[2010/11/23 14:49:06 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Leslie\AppData\Roaming\Mozilla\Firefox\Profiles\7hu15y0z.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/07/16 21:31:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/06/04 14:58:36 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010/07/22 10:48:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/07/22 11:21:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/02 16:44:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/09 14:40:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/02/24 00:11:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/07/16 21:31:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2010/12/22 01:59:29 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO
[2010/12/22 01:59:29 | 000,000,000 | ---D | M] (DivX HiQ) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA
[2010/11/12 00:56:19 | 000,000,000 | ---D | M] (Virtual Account Numbers for Firefox) -- C:\PROGRAM FILES (X86)\UCS\VIRTUAL ACCOUNT NUMBERS
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/07/06 17:17:18 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - File not found
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (OToolbarHelper Class) - {7AED0DC9-374E-440D-B966-BE292971225B} - C:\Program Files (x86)\UCS\Virtual Account Numbers\CitiUCSHelper.dll (Orbiscom Ltd. All rights reserved.)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - File not found
O3 - HKLM\..\Toolbar: (Virtual Account Numbers) - {A1BDF46B-9DE6-4090-8791-84F26E00934C} - C:\Program Files (x86)\UCS\Virtual Account Numbers\CitiUCSToolbar.dll (Orbiscom Ltd. All rights reserved.)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files (x86)\Acer\Acer Assist\launcher.exe ()
O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UCS Virtual Account Numbers] C:\Program Files (x86)\UCS\Virtual Account Numbers\CitiUCS.exe (Orbiscom Ltd. All rights reserved.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Leslie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicr...osoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://sundanceglob...br/ieatgpc1.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 12.127.17.85 4.2.2.2
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - Reg Error: Key error. File not found
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/19 22:25:46 | 000,000,000 | ---D | C] -- C:\Users\Leslie\AppData\Local\{6C9902E8-626B-4FF4-88BE-9F005B9EFCB3}
[2011/07/19 20:29:38 | 000,000,000 | R--D | C] -- C:\Users\Leslie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8
[2011/07/19 10:24:45 | 000,000,000 | ---D | C] -- C:\Users\Leslie\AppData\Local\{49E3863A-A827-49FA-8D44-27F30756795B}
[2011/07/16 21:33:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011/07/16 15:12:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011/07/15 16:15:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2011/07/15 16:11:43 | 000,000,000 | ---D | C] -- C:\Users\Leslie\AppData\Local\{30849B9B-6C09-4099-88B1-6D6D5595776B}
[2011/07/13 15:13:00 | 000,000,000 | ---D | C] -- C:\Users\Leslie\AppData\Local\{D4EF02A0-7B36-4171-B128-73AFB2A06EAB}
[2011/07/12 16:15:04 | 000,000,000 | ---D | C] -- C:\Users\Leslie\AppData\Local\{AC9A64B5-774F-44F6-81C7-FB14058AD393}
[2011/07/09 23:13:51 | 000,000,000 | ---D | C] -- C:\Users\Leslie\AppData\Local\{66B8F75F-DE25-4CDA-8078-F1E2252F55FD}
[2011/07/09 11:26:21 | 000,000,000 | ---D | C] -- C:\Users\Leslie\AppData\Local\{8E0525D7-7CAF-428A-8406-25FDC30D0BD0}
[2011/07/08 12:27:11 | 000,000,000 | ---D | C] -- C:\Users\Leslie\AppData\Local\{EC385171-28ED-4031-B959-683B8E47E262}
[2011/07/08 00:13:52 | 000,000,000 | ---D | C] -- C:\Users\Leslie\AppData\Local\{CD65CD6B-E04E-40D4-B267-3F252655DF30}
[2011/07/07 12:13:12 | 000,000,000 | ---D | C] -- C:\Users\Leslie\AppData\Local\{83C35DC4-758C-4855-83D4-EABA9A635C11}
[2011/07/07 00:11:55 | 000,000,000 | ---D | C] -- C:\Users\Leslie\AppData\Local\{94CAAD4A-4F60-44A0-97D0-55EE34135EFB}
[2011/07/06 17:29:07 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/07/06 17:17:31 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2011/07/06 16:54:09 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/07/06 16:54:09 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/07/06 16:54:09 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/07/06 16:54:00 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/07/06 16:53:51 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/07/06 16:53:34 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2011/07/06 16:52:41 | 004,132,986 | R--- | C] (Swearware) -- C:\Users\Leslie\Desktop\ComboFix.exe
[2011/07/06 14:25:25 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/07/06 14:16:10 | 000,000,000 | ---D | C] -- C:\Users\Leslie\Desktop\MBR
[2011/07/06 14:01:53 | 000,000,000 | ---D | C] -- C:\Users\Leslie\Desktop\aswMBR Scan Log
[2011/07/06 13:57:06 | 001,925,512 | ---- | C] (AVAST Software) -- C:\Users\Leslie\Desktop\aswMBR.exe
[2011/07/06 12:10:46 | 000,000,000 | ---D | C] -- C:\Users\Leslie\AppData\Local\{4CD7ACA0-0A98-4B55-B3CC-10E988B34EED}
[2011/07/04 23:46:38 | 000,000,000 | ---D | C] -- C:\Users\Leslie\AppData\Local\{7A578AAA-9FA6-4B93-8E1F-3799FFB1E45E}
[2011/07/04 09:53:33 | 000,000,000 | ---D | C] -- C:\Users\Leslie\AppData\Local\{502E2A80-F3B0-4F51-A9AE-8514397FCFB0}
[2011/07/03 09:53:15 | 000,000,000 | ---D | C] -- C:\Users\Leslie\AppData\Local\{35B0768D-DFC0-4D4D-AB24-58AD82B70A60}
[2011/07/02 16:54:38 | 000,000,000 | ---D | C] -- C:\Users\Leslie\AppData\Local\{E0FA78E4-D7B8-4B8D-89BF-262C93A47DB0}
[2011/07/02 16:25:09 | 000,000,000 | ---D | C] -- C:\Users\Leslie\AppData\Local\{844E5E3E-9DD4-49E1-8008-353E2CA7A002}
[2011/07/01 13:48:19 | 000,000,000 | ---D | C] -- C:\Users\Leslie\AppData\Local\{6ABD9162-5DB1-4A27-A50E-05D63E9A08AE}
[2011/06/30 11:38:48 | 000,000,000 | ---D | C] -- C:\Users\Leslie\AppData\Local\{867AB03F-4179-44F4-B5C9-C39C5F2DAE67}
[2011/06/29 09:33:03 | 000,000,000 | ---D | C] -- C:\Users\Leslie\AppData\Local\{B3E2847F-5021-477F-B5D0-135010E782C0}
[2011/06/28 12:23:37 | 000,000,000 | ---D | C] -- C:\Users\Leslie\AppData\Local\{DE8B0F94-5158-4618-B16E-E4EC03D3BD1B}
[2011/06/28 02:06:19 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Users\Leslie\Desktop\OTL.exe
[2011/06/23 16:57:19 | 000,000,000 | ---D | C] -- C:\Users\Leslie\AppData\Roaming\Malwarebytes
[2011/06/23 16:55:38 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/06/23 16:55:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/06/23 16:55:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/06/23 16:55:26 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/06/23 16:55:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/06/22 11:00:23 | 000,000,000 | ---D | C] -- C:\Users\Leslie\AppData\Roaming\Sammsoft

========== Files - Modified Within 30 Days ==========

[2011/07/19 21:11:35 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/19 19:54:24 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/19 19:54:24 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/07/19 19:45:27 | 000,000,632 | RHS- | M] () -- C:\Users\Leslie\ntuser.pol
[2011/07/19 19:44:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/07/19 19:44:17 | 2211,483,648 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/16 15:12:48 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/07/15 16:16:24 | 000,001,983 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/07/14 20:31:55 | 000,582,016 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/07/11 11:51:42 | 001,605,700 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/07/11 11:51:42 | 000,454,498 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/07/11 11:51:42 | 000,005,376 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/07/08 00:33:47 | 000,001,401 | ---- | M] () -- C:\Users\Leslie\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/07/08 00:24:25 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2011/07/08 00:24:10 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/07/06 19:52:42 | 000,025,912 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/07/06 17:17:18 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/07/06 16:53:24 | 004,132,986 | R--- | M] (Swearware) -- C:\Users\Leslie\Desktop\ComboFix.exe
[2011/07/06 14:11:06 | 000,000,566 | ---- | M] () -- C:\Users\Leslie\Desktop\MBR.zip
[2011/07/06 14:04:09 | 000,000,512 | ---- | M] () -- C:\Users\Leslie\Desktop\MBR.dat
[2011/07/06 13:59:34 | 001,925,512 | ---- | M] (AVAST Software) -- C:\Users\Leslie\Desktop\aswMBR.exe
[2011/06/28 02:06:59 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Leslie\Desktop\OTL.exe
[2011/06/26 02:45:56 | 000,256,000 | ---- | M] () -- C:\Windows\PEV.exe
[2011/06/20 13:02:37 | 000,000,574 | ---- | M] () -- C:\Users\Leslie\AppData\Roaming\wklnhst.dat

========== Files Created - No Company Name ==========

[2011/07/16 15:12:48 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/07/15 16:16:24 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/07/15 16:16:24 | 000,001,983 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/07/08 00:24:25 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2011/07/08 00:24:10 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2011/07/06 16:54:09 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/07/06 16:54:09 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/07/06 16:54:09 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/07/06 16:54:09 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/07/06 16:54:09 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/07/06 14:11:06 | 000,000,566 | ---- | C] () -- C:\Users\Leslie\Desktop\MBR.zip
[2011/07/06 14:04:09 | 000,000,512 | ---- | C] () -- C:\Users\Leslie\Desktop\MBR.dat
[2011/06/23 16:55:40 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/09 18:36:21 | 000,005,342 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/12/01 16:03:46 | 000,000,430 | ---- | C] () -- C:\Windows\Disney.ini
[2010/07/08 11:48:31 | 000,001,571 | ---- | C] () -- C:\Windows\Faxcpp1.ini
[2010/07/08 11:48:31 | 000,000,422 | ---- | C] () -- C:\Windows\Faxcpp.ini
[2010/07/08 11:48:12 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\Twscan32.dll
[2010/07/08 11:48:11 | 000,241,664 | ---- | C] () -- C:\Windows\SysWow64\Image32.dll
[2010/07/08 11:48:11 | 000,122,880 | ---- | C] () -- C:\Windows\SysWow64\Png32.dll
[2010/07/08 11:48:11 | 000,110,592 | ---- | C] () -- C:\Windows\SysWow64\Jpeg32.dll
[2010/07/08 11:48:11 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\Tga32.dll
[2010/07/08 11:48:11 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\Pcx32.dll
[2010/05/01 17:44:47 | 000,014,848 | ---- | C] () -- C:\Users\Leslie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/03 10:52:04 | 000,023,115 | ---- | C] () -- C:\Windows\hpqins15.dat
[2010/01/19 21:38:42 | 000,000,574 | ---- | C] () -- C:\Users\Leslie\AppData\Roaming\wklnhst.dat
[2010/01/18 22:35:15 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/01/12 16:16:23 | 000,157,570 | ---- | C] () -- C:\Windows\hpoins28.dat
[2009/12/28 22:38:31 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/12/28 20:32:49 | 000,000,246 | ---- | C] () -- C:\Windows\wininit.ini
[2009/12/06 03:46:05 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2009/12/06 03:46:05 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2009/12/06 03:46:05 | 000,020,480 | ---- | C] () -- C:\Windows\USB_VIDEO_REG.exe
[2009/12/06 03:46:05 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini
[2009/11/06 02:44:46 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2007/12/12 20:01:47 | 000,000,932 | ---- | C] () -- C:\Windows\hpomdl28.dat

========== LOP Check ==========

[2009/12/28 19:32:16 | 000,000,000 | ---D | M] -- C:\Users\Leslie\AppData\Roaming\Acer
[2010/03/14 20:54:59 | 000,000,000 | ---D | M] -- C:\Users\Leslie\AppData\Roaming\Avery
[2010/08/12 14:22:40 | 000,000,000 | ---D | M] -- C:\Users\Leslie\AppData\Roaming\eSobi
[2010/12/13 19:51:43 | 000,000,000 | ---D | M] -- C:\Users\Leslie\AppData\Roaming\IrfanView
[2009/12/28 19:32:12 | 000,000,000 | ---D | M] -- C:\Users\Leslie\AppData\Roaming\Leadertech
[2011/02/16 16:16:04 | 000,000,000 | ---D | M] -- C:\Users\Leslie\AppData\Roaming\ooVoo Details
[2010/04/24 13:40:41 | 000,000,000 | ---D | M] -- C:\Users\Leslie\AppData\Roaming\OpenOffice.org
[2011/06/23 15:36:54 | 000,000,000 | ---D | M] -- C:\Users\Leslie\AppData\Roaming\Sammsoft
[2011/04/17 15:12:37 | 000,000,000 | ---D | M] -- C:\Users\Leslie\AppData\Roaming\Template
[2011/07/03 09:51:21 | 000,032,646 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

Thank you!

Edited by Lesle, 19 July 2011 - 09:15 PM.

  • 0

#19
michaelg9
Posted 20 July 2011 - 05:10 AM

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Hello,

Before transferring your files to the new account, does your mail work on the new account?

Also, did Compatibility View in IE work? It was one of my suggestions

Is the AOL mail the only web page that's not working properly?

How's your computer and does it have any other problems?
  • 0

#20
Lesle
Posted 21 July 2011 - 09:30 PM

Lesle

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
When I couldn't even maintain a Skype audio-only call and my connection was the problem, I went to speedtest.net and checked out my internet connection speed this afternoon. Download speed .51 Mbps and Upload speed a whopping .05 Mbps. Soooo, I am not always able to get on to even post here. My ISP's tech was surprised I could even check my mail (little does he know!), and it seems it may be related to foliage. Tech's coming on Monday to try to lift my fm antenna a few feet to get above the tree-line, and will look at other stuff as well, just in case. Perhaps some of my comp problems will be solved with that move. I wonder if the weird page load thing is related to that (although clearly the connection speed doesn't cover that slow typing episode).

For now, on the new account, I can look at mail w/ either browser, check banking websites, etc. (provided I don't lose the net in the process). In AOL mail I repeatedly get script error messages sometimes, and it scrolls slooowwwwlllyyy. It types at normal speed.

On the old admin acct, using IE with Compatibility Mode, aol mail works, thank you very much! Have I told you you're a genius yet today?? Kudos to you! (Took me a while to report back on this as I was having trouble figuring out how to even get it to Compat Mode, since after upgrading to IE9, I lost the familiar toolbar and the tool icon didn't offer a compatibility option. Thank you for the link to the tutorial -- I only had to read it twice to notice it told me how to push Alt to get my toolbar to appear. Gulp, embarrassing!) Oh, and I changed IE on the new acct to also do Compat mode, so hopefully that will eliminate the script error messages I was getting.

Is there a way to do that for all the accts at once, or do I have to do each one separately, from each acct? The tutorial just seemed to give the option of one acct or several computers, but didn't see anything about several accts on one computer.
Thanks!!!

Edited by Lesle, 21 July 2011 - 10:34 PM.

  • 0

#21
michaelg9
Posted 22 July 2011 - 06:01 AM

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Hello Leslie,

Happy to hear that we found solutions :unsure:

Is there a way to do that for all the accts at once, or do I have to do each one separately, from each acct?

The idea of creating a new admin account to test the websites was to see if the problem lies in the specific old admin account. If from the new admin, everything is OK, you can move your files to the new one and delete the old account.

If you have other accounts that you want to add the site in compatibility view, you have to do it manually from the IE settings of each account.
Go to Tools > Compatibility view settings
Posted Image
Make sure the web site's address is in the "Add this website" box, and click Add:
Posted Image
Do this on all accounts you want this website to be displayed in compatibility view :)
  • 0

#22
Lesle
Posted 25 July 2011 - 11:21 PM

Lesle

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Michael,
I changed the settings to have the computer show me hidden files. Then I went to a neutral acct (not the old admin, and not the new user acct) and browsed to the old user acct as you suggested, but when I looked at the files in the folder, I didn't see the ntuser files that you said I should not copy. At first, all the files in the folder showed as empty, and I had to go to each one and request permission to gain access. I did this for about half the files in the folder, but did not see the files in question. Rather than spinning my wheels, I wanted to ask you if there is somewhere in particular I should be looking there? It looked like I was just in my Library, in Documents.
Thx!
Leslie
  • 0

#23
michaelg9
Posted 28 July 2011 - 03:02 PM

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Hello,

Very sorry for the late reply.

Most probably they have system file's attribute, so if you can't see them it's OK. Just don't copy the entire C:\Users\Leslie folder, only its subfolders that have something you want. :)
  • 0

#24
michaelg9
Posted 31 July 2011 - 03:10 PM

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Hello

Congratulations! Your logs are clean! :) Now that you are clean, please follow these precautions in order to keep safe:


Over the course of the fix you've used a variety of special tools to help with the cleaning process - none of these are of any use to you now that you're clean, and it's best not to have them hanging around on your computer.

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL for the last time and hit the cleanup button. It will remove all the programs we have used plus itself.


Next:


Uninstall ComboFix from your computer:
  • Click on Start > Run
  • Type Combofix /Uninstall in the run box and click Ok. Note the space between the x and the /u, it needs to be there.
    Posted Image


Next:


Note: If you are using Firefox I would suggest the use of these add-ons:
  • NoScript - for blocking ads and other potential website attacks.
  • McAfee SiteAdvisor - this tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling.


Next:


Automatic Updates for Windows
  • Click Start.
  • Select Settings and then Control Panel.
  • Select Automatic Updates.
  • Click Automatic (recommended)
  • Choose a day and a time when you know the computer will be on and connected to the internet.
  • Click Apply then OK.



Next:


Additional security programs - For additional security, the use of these tools is important:
  • Malwarebytes Anti-Malware. - Update the free version and scan with it often. It is an excellent scanning tool to have on your side.
  • Javacool's SpywareBlaster: - It will protect you from most spy/foistware in it's database by blocking installation of their ActiveX objects.
    Download and install, download the latest updates, and you'll see a list of all spyware programs covered by the program (NOTE: this is NOT spyware found on your computer)

    Press "Enable All Protection", and you're done.
    The spyware that you told Spywareblaster to set the "kill bit" for won't be a hazard to you any longer.
    Although it won't protect you from every form of spyware known to man, it is a very potent extra layer of protection.
    Don't forget to check for updates every week or so.
  • The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer. This little program packs a powerful punch as it block ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers. For information on how to download and install, please read this tutorial

Next:

Upgrading Java:
  • Go here and click Do I have Java
  • It will check your current version and then offer to update to the latest version, if there are any.


Next:


Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.


Next:


Keep a backup of your important files to prevent future data loss.


Happy safe computing !! :unsure:
  • 0

#25
Lesle
Posted 31 July 2011 - 10:14 PM

Lesle

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Thank you! Will digest this info and may ask more questions if I run into trouble. Thank you again!
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP