Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Win7 64bit - Search Engine Redirect

Started by cramit02 , Jun 30 2011 08:45 AM

  • This topic is locked This topic is locked

#1
cramit02
Posted 30 June 2011 - 08:45 AM

cramit02

    Member

  • Member
  • PipPip
  • 78 posts
Morning folks, I have a laptop with Win7 Home Premium 64-bit loaded onto it,
freshly reformatted (FRESH reformat, 8hrs ago; owners personal files restored),
with a Google Redirect problem. I suspect something came with the owners
personal files after the format and has messed with this install as well. The
original reason for the format was due to a Black Screen w/ Cursor issue, not a
redirect problem although I'm sure it had one. In the process of finding a
resolution to the KSOD I was able to get MBAM to run thru Hiren's boot and it
found 11 Malware.Packer.Gen variants. -- I have run Rkill, TDSSKiller and MBAM
(in that order) all with 0 results. I'm thinking this'll be a HiJackThis fix but I don't
want to pilfer thru each line blindly.

When I try to run HijackThis an error window occurs:

"For some reason your system denied write access to the Hosts file. If any hijacked domains are in this file, HijackThis may NOT be able to fix this.

If that happens, you need to edit the file yourself. To do this, click Start, Run and type:

notepad C:\Windows\System32\drivers\etc\hosts

and press Enter. Find the line(s) HijackThis reports and delete them.
Save the file as 'hosts.'(with quotes), and reboot.

For Vista: simply, exit HijackThis, right click on the HijackThis icon, choose 'Run as administrator'."

Attached is the HijackThis log:
---


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:42:40 AM, on 6/30/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Users\Teresa\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 4353 bytes





Attached is the OTL log:
---


OTL logfile created on: 6/30/2011 10:20:34 AM - Run 1
OTL by OldTimer - Version 3.2.7.1 Folder = F:\GoFlex\Utilities\OTL
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 68.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298.09 Gb Total Space | 258.79 Gb Free Space | 86.82% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 465.76 Gb Total Space | 368.95 Gb Free Space | 79.21% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TERESA-PC
Current User Name: Teresa
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/07/06 06:34:48 | 000,574,976 | ---- | M] (OldTimer Tools) -- F:\GoFlex\Utilities\OTL\OTL.exe
PRC - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe


========== Modules (SafeList) ==========

MOD - [2010/11/20 20:23:55 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
MOD - [2010/07/06 06:34:48 | 000,574,976 | ---- | M] (OldTimer Tools) -- F:\GoFlex\Utilities\OTL\OTL.exe
MOD - [2009/07/13 18:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/11/11 14:36:38 | 000,282,616 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2010/11/11 14:36:38 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/06/29 12:44:38 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/03/02 13:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\AESTSr64.exe -- (AESTFilters)
SRV - [2010/03/18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/02/11 19:16:38 | 010,628,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/11/20 20:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 20:23:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 20:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/20 20:23:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/10/24 21:25:38 | 000,072,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2009/09/28 09:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/08 00:45:50 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/29 12:44:38 | 000,487,424 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/06/10 13:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 75 D3 55 D9 37 37 CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.109.67.169 213.109.73.170 1.1.1.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{6e7cdb74-a038-11e0-b9f4-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{6e7cdb74-a038-11e0-b9f4-806e6f6e6963}\Shell\AutoRun\command - "" = D:\autoRcd.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2011/06/30 09:32:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2011/06/27 15:00:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011/06/27 15:00:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2011/06/27 14:45:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2011/06/27 14:30:33 | 000,000,000 | ---D | C] -- C:\Users\Teresa\AppData\Roaming\Malwarebytes
[2011/06/27 10:13:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\L&H
[2011/06/27 10:12:48 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2011/06/27 10:12:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2011/06/27 10:11:21 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2011/06/26 21:51:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2011/06/26 21:49:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2011/06/26 21:49:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2011/06/26 21:49:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2011/06/26 21:14:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2011/06/26 21:14:49 | 000,000,000 | ---D | C] -- C:\Intel
[2011/06/26 21:13:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2011/06/26 21:13:09 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/06/26 20:50:14 | 000,000,000 | ---D | C] -- C:\Users\Teresa\AppData\Local\DDMSettings
[2011/06/26 20:48:38 | 000,000,000 | ---D | C] -- C:\Users\Teresa\AppData\Roaming\DivX
[2011/06/26 20:47:48 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2011/06/26 20:47:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DivX Shared
[2011/06/26 20:43:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2011/06/26 20:43:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Real
[2011/06/26 20:43:19 | 000,000,000 | ---D | C] -- C:\Users\Teresa\AppData\Roaming\Real
[2011/06/26 20:42:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DivX
[2011/06/26 20:40:22 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2011/06/26 20:29:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2011/06/26 20:29:20 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2011/06/26 17:05:03 | 000,000,000 | ---D | C] -- C:\Users\Teresa\AppData\Local\WindowsUpdate
[2011/06/26 16:06:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CyberLink
[2011/06/26 16:02:28 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/06/26 16:01:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/06/26 16:00:19 | 000,000,000 | ---D | C] -- C:\Users\Teresa\Desktop\Utilities
[2011/06/26 15:59:25 | 000,000,000 | ---D | C] -- C:\Users\Teresa\AppData\Roaming\Yahoo!
[2011/06/26 15:59:25 | 000,000,000 | ---D | C] -- C:\Users\Teresa\AppData\Roaming\WinRAR
[2011/06/26 15:59:25 | 000,000,000 | ---D | C] -- C:\Users\Teresa\AppData\Roaming\Windows Live Writer
[2011/06/26 15:59:25 | 000,000,000 | ---D | C] -- C:\Users\Teresa\AppData\Roaming\WildTangent
[2011/06/26 15:59:25 | 000,000,000 | ---D | C] -- C:\Users\Teresa\AppData\Roaming\vlc
[2011/06/26 15:59:25 | 000,000,000 | ---D | C] -- C:\Users\Teresa\AppData\Roaming\uTorrent
[2011/06/26 15:59:25 | 000,000,000 | ---D | C] -- C:\Users\Teresa\AppData\Roaming\TP
[2011/06/26 15:59:25 | 000,000,000 | ---D | C] -- C:\Users\Teresa\AppData\Roaming\SoftGrid Client
[2011/06/26 15:59:25 | 000,000,000 | ---D | C] -- C:\Users\Teresa\AppData\Roaming\skypePM
[2011/06/26 15:59:25 | 000,000,000 | ---D | C] -- C:\Users\Teresa\AppData\Roaming\Skype
[2011/06/26 15:59:14 | 000,000,000 | ---D | C] -- C:\Users\Teresa\AppData\Roaming\Sammsoft
[2011/06/26 15:59:12 | 000,000,000 | ---D | C] -- C:\Users\Teresa\AppData\Roaming\PCDr
[2011/06/26 15:59:06 | 000,000,000 | ---D | C] -- C:\Users\Teresa\AppData\Roaming\Macromedia
[2011/06/26 15:59:06 | 000,000,000 | ---D | C] -- C:\Users\Teresa\AppData\Roaming\Google
[2011/06/26 15:59:06 | 000,000,000 | ---D | C] -- C:\Users\Teresa\AppData\Roaming\Dell
[2011/06/26 15:59:06 | 000,000,000 | ---D | C] -- C:\Users\Teresa\AppData\Roaming\CyberLink
[2011/06/26 15:59:06 | 000,000,000 | ---D | C] -- C:\Users\Teresa\AppData\Roaming\Adobe
[2011/06/26 15:58:49 | 000,000,000 | ---D | C] -- C:\Users\Teresa\AppData\Local\{A6B48823-4E15-46E4-9ECA-04E5FED863C0}
[2011/06/26 15:58:49 | 000,000,000 | ---D | C] -- C:\Users\Teresa\AppData\Local\{A3A2B954-8ECE-4449-B1DB-302A29B79670}
[2011/06/26 15:58:49 | 000,000,000 | ---D | C] -- C:\Users\Teresa\AppData\Local\{598D7560-622F-4A99-BBAF-0855C1FD4096}
[2011/06/26 15:58:49 | 000,000,000 | ---D | C] -- C:\Users\Teresa\AppData\Local\{26AED268-174D-4D2E-A530-C47228DE5650}
[2011/06/26 15:58:48 | 000,000,000 | ---D | C] -- C:\Users\Teresa\AppData\Local\Yahoo!
[2011/06/26 15:58:48 | 000,000,000 | ---D | C] -- C:\Users\Teresa\AppData\Local\Yahoo
[2011/06/26 15:58:48 | 000,000,000 | ---D | C] -- C:\Users\Teresa\AppData\Local\Windows Live Writer
[2011/06/26 15:58:48 | 000,000,000 | ---D | C] -- C:\Users\Teresa\AppData\Local\Windows Live
[2011/06/26 15:58:41 | 000,000,000 | ---D | C] -- C:\Users\Teresa\AppData\Local\SoftThinks
[2011/06/26 15:58:41 | 000,000,000 | ---D | C] -- C:\Users\Teresa\AppData\Local\SoftGrid Client
[2011/06/26 15:58:41 | 000,000,000 | ---D | C] -- C:\Users\Teresa\AppData\Local\PowerDVD DX
[2011/06/26 15:58:41 | 000,000,000 | ---D | C] -- C:\Users\Teresa\AppData\Local\PageRage
[2011/06/26 15:58:41 | 000,000,000 | ---D | C] -- C:\Users\Teresa\AppData\Local\Microsoft Help
[2011/06/26 15:58:40 | 000,000,000 | ---D | C] -- C:\Users\Teresa\AppData\Local\Microsoft Games
[2011/06/26 15:58:12 | 000,000,000 | ---D | C] -- C:\Users\Teresa\AppData\Local\Google
[2011/06/26 15:58:12 | 000,000,000 | ---D | C] -- C:\Users\Teresa\AppData\Local\Diagnostics
[2011/06/26 15:58:12 | 000,000,000 | ---D | C] -- C:\Users\Teresa\AppData\Local\DataSafeOnline
[2011/06/26 15:58:12 | 000,000,000 | ---D | C] -- C:\Users\Teresa\AppData\Local\Adobe
[2011/06/26 15:58:12 | 000,000,000 | ---D | C] -- C:\Users\Teresa\AppData\Local\.#
[2011/06/26 15:52:23 | 000,000,000 | ---D | C] -- C:\Users\Teresa\My Backup Files
[2011/06/26 15:52:23 | 000,000,000 | ---D | C] -- C:\Users\Teresa\Hiren_Boot_Logs
[2011/06/26 15:24:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Dell
[2011/06/26 15:22:33 | 012,151,808 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\idtcpl64.cpl
[2011/06/26 15:22:33 | 003,593,216 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\stlang64.dll
[2011/06/26 15:22:33 | 000,564,224 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\idt64mp1.exe
[2011/06/26 15:22:32 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SRSLabs
[2011/06/26 15:22:07 | 001,431,040 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\stapo64.dll
[2011/06/26 15:22:07 | 000,598,016 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\stapi64.dll
[2011/06/26 15:22:07 | 000,487,424 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\drivers\stwrt64.sys
[2011/06/26 15:22:07 | 000,431,616 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\stcplx64.dll
[2011/06/26 15:22:07 | 000,209,920 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\st646217.dll
[2011/06/26 15:22:06 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2011/06/26 15:22:06 | 000,000,000 | ---D | C] -- C:\Program Files\IDT
[2011/06/26 15:21:56 | 000,000,000 | ---D | C] -- C:\dell
[2011/06/26 15:08:02 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2011/06/26 15:07:48 | 000,000,000 | -HSD | C] -- C:\Boot
[2011/06/26 14:42:27 | 000,000,000 | R--D | C] -- C:\Users\Teresa\Searches
[2011/06/26 14:42:27 | 000,000,000 | -H-D | C] -- C:\Users\Teresa\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2011/06/26 14:42:17 | 000,000,000 | ---D | C] -- C:\Users\Teresa\AppData\Roaming\Identities
[2011/06/26 14:42:15 | 000,000,000 | R--D | C] -- C:\Users\Teresa\Contacts
[2011/06/26 14:42:14 | 000,000,000 | ---D | C] -- C:\Users\Teresa\AppData\Local\VirtualStore
[2011/06/26 14:42:07 | 000,000,000 | -HSD | C] -- C:\Users\Teresa\AppData\Local\Temporary Internet Files
[2011/06/26 14:42:07 | 000,000,000 | -HSD | C] -- C:\Users\Teresa\Templates
[2011/06/26 14:42:07 | 000,000,000 | -HSD | C] -- C:\Users\Teresa\Start Menu
[2011/06/26 14:42:07 | 000,000,000 | -HSD | C] -- C:\Users\Teresa\SendTo
[2011/06/26 14:42:07 | 000,000,000 | -HSD | C] -- C:\Users\Teresa\Recent
[2011/06/26 14:42:07 | 000,000,000 | -HSD | C] -- C:\Users\Teresa\PrintHood
[2011/06/26 14:42:07 | 000,000,000 | -HSD | C] -- C:\Users\Teresa\NetHood
[2011/06/26 14:42:07 | 000,000,000 | -HSD | C] -- C:\Users\Teresa\Local Settings
[2011/06/26 14:42:07 | 000,000,000 | -HSD | C] -- C:\Users\Teresa\AppData\Local\History
[2011/06/26 14:42:07 | 000,000,000 | -HSD | C] -- C:\Users\Teresa\Cookies
[2011/06/26 14:42:07 | 000,000,000 | -HSD | C] -- C:\Users\Teresa\Application Data
[2011/06/26 14:42:07 | 000,000,000 | -HSD | C] -- C:\Users\Teresa\AppData\Local\Application Data
[2011/06/26 14:42:06 | 000,000,000 | -HSD | C] -- C:\Users\Teresa\My Documents
[2011/06/26 14:42:03 | 000,000,000 | --SD | C] -- C:\Users\Teresa\AppData\Roaming\Microsoft
[2011/06/26 14:42:03 | 000,000,000 | R--D | C] -- C:\Users\Teresa\Videos
[2011/06/26 14:42:03 | 000,000,000 | R--D | C] -- C:\Users\Teresa\Saved Games
[2011/06/26 14:42:03 | 000,000,000 | R--D | C] -- C:\Users\Teresa\Pictures
[2011/06/26 14:42:03 | 000,000,000 | R--D | C] -- C:\Users\Teresa\Music
[2011/06/26 14:42:03 | 000,000,000 | R--D | C] -- C:\Users\Teresa\Links
[2011/06/26 14:42:03 | 000,000,000 | R--D | C] -- C:\Users\Teresa\Favorites
[2011/06/26 14:42:03 | 000,000,000 | R--D | C] -- C:\Users\Teresa\Downloads
[2011/06/26 14:42:03 | 000,000,000 | R--D | C] -- C:\Users\Teresa\My Documents
[2011/06/26 14:42:03 | 000,000,000 | R--D | C] -- C:\Users\Teresa\Desktop
[2011/06/26 14:42:03 | 000,000,000 | -H-D | C] -- C:\Users\Teresa\AppData
[2011/06/26 14:42:03 | 000,000,000 | ---D | C] -- C:\Users\Teresa\AppData\Local\Temp
[2011/06/26 14:42:03 | 000,000,000 | ---D | C] -- C:\Users\Teresa\AppData\Local\Microsoft
[2011/06/26 14:42:03 | 000,000,000 | ---D | C] -- C:\Users\Teresa\AppData\Roaming\Media Center Programs
[2011/06/26 14:42:03 | 000,000,000 | ---D | C] -- C:\Users\Teresa\Desktop\Documents
[2011/06/26 14:41:57 | 000,000,000 | -HSD | C] -- C:\Recovery
[2011/06/26 14:11:32 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2011/06/26 14:09:20 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2011/06/26 14:08:33 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2011/06/17 20:22:18 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2011/06/17 20:22:18 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2011/04/12 01:28:24 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Journal
[2011/04/12 01:28:10 | 000,000,000 | ---D | C] -- C:\Windows\ShellNew
[2011/04/12 01:28:10 | 000,000,000 | ---D | C] -- C:\Windows\ehome
[2011/04/12 01:17:52 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\winrm
[2011/04/12 01:17:52 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\winrm
[2011/04/12 01:17:52 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\WCN
[2011/04/12 01:17:52 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\UMDF
[2011/04/12 01:17:52 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\sysprep
[2011/04/12 01:17:52 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\slmgr
[2011/04/12 01:17:52 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\slmgr
[2011/04/12 01:17:52 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Printing_Admin_Scripts
[2011/04/12 01:17:52 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\UMDF\en-US
[2011/04/12 01:17:52 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\en-US
[2011/04/12 01:17:52 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\en
[2011/04/12 01:17:52 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\en
[2011/04/12 01:17:52 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\0409
[2011/04/12 01:17:52 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0409
[2011/04/12 01:17:51 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\WCN
[2011/04/12 01:17:51 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Printing_Admin_Scripts
[2011/04/12 01:17:51 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\en-US
[2011/04/12 01:17:23 | 000,010,240 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\en-US\BrSerId.sys.mui
[2011/04/12 01:17:23 | 000,010,240 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\en-US\BrSerIb.sys.mui
[2011/04/12 01:17:22 | 000,003,584 | ---- | C] (SCM Microsystems, Inc.) -- C:\Windows\SysNative\drivers\en-US\pscr.sys.mui
[2011/04/12 01:17:22 | 000,002,560 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\en-US\BrParwdm.sys.mui

========== Files - Modified Within 90 Days ==========

[2011/06/30 10:22:06 | 000,786,432 | -HS- | M] () -- C:\Users\Teresa\ntuser.dat
[2011/06/30 10:01:51 | 000,729,688 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/06/30 10:01:51 | 000,626,278 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/06/30 10:01:51 | 000,107,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/06/30 09:57:40 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2011/06/30 09:57:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/30 09:57:25 | 2384,744,448 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/30 09:56:51 | 000,020,640 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/30 09:56:51 | 000,020,640 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/30 09:56:43 | 001,217,413 | -H-- | M] () -- C:\Users\Teresa\AppData\Local\IconCache.db
[2011/06/30 09:35:53 | 000,274,320 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/06/30 09:32:37 | 000,057,560 | ---- | M] () -- C:\Users\Teresa\AppData\Local\GDIPFONTCACHEV1.DAT
[2011/06/30 09:32:36 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/06/30 09:32:28 | 000,731,106 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/06/30 09:24:22 | 000,524,288 | -HS- | M] () -- C:\Users\Teresa\ntuser.dat{b716549e-a2c7-11e0-bb62-f04da2817db5}.TMContainer00000000000000000002.regtrans-ms
[2011/06/30 09:24:22 | 000,524,288 | -HS- | M] () -- C:\Users\Teresa\ntuser.dat{b716549e-a2c7-11e0-bb62-f04da2817db5}.TMContainer00000000000000000001.regtrans-ms
[2011/06/30 09:24:22 | 000,065,536 | -HS- | M] () -- C:\Users\Teresa\ntuser.dat{b716549e-a2c7-11e0-bb62-f04da2817db5}.TM.blf
[2011/06/30 08:09:19 | 000,001,441 | ---- | M] () -- C:\Users\Teresa\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/06/28 19:21:35 | 000,524,288 | -HS- | M] () -- C:\Users\Teresa\ntuser.dat{986e5bb2-a111-11e0-9955-f04da2817db5}.TMContainer00000000000000000002.regtrans-ms
[2011/06/28 19:21:35 | 000,524,288 | -HS- | M] () -- C:\Users\Teresa\ntuser.dat{986e5bb2-a111-11e0-9955-f04da2817db5}.TMContainer00000000000000000001.regtrans-ms
[2011/06/28 19:21:35 | 000,065,536 | -HS- | M] () -- C:\Users\Teresa\ntuser.dat{986e5bb2-a111-11e0-9955-f04da2817db5}.TM.blf
[2011/06/26 15:07:50 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2011/06/26 15:04:24 | 000,524,288 | -HS- | M] () -- C:\Users\Teresa\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2011/06/26 15:04:24 | 000,524,288 | -HS- | M] () -- C:\Users\Teresa\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2011/06/26 15:04:24 | 000,065,536 | -HS- | M] () -- C:\Users\Teresa\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2011/06/26 14:42:07 | 000,000,020 | -HS- | M] () -- C:\Users\Teresa\ntuser.ini
[2011/06/26 14:12:13 | 000,115,640 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2011/06/26 14:12:13 | 000,115,640 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2011/06/26 14:10:38 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2011/06/17 20:15:13 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2011/06/17 20:15:12 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2011/04/12 01:17:23 | 000,010,240 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\en-US\BrSerId.sys.mui
[2011/04/12 01:17:23 | 000,010,240 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\en-US\BrSerIb.sys.mui
[2011/04/12 01:17:22 | 000,003,584 | ---- | M] (SCM Microsystems, Inc.) -- C:\Windows\SysNative\drivers\en-US\pscr.sys.mui
[2011/04/12 01:17:22 | 000,002,560 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\en-US\BrParwdm.sys.mui

========== Files Created - No Company Name ==========

[2011/06/30 09:32:36 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/06/30 09:32:28 | 000,731,106 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/06/30 08:09:19 | 000,001,441 | ---- | C] () -- C:\Users\Teresa\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/06/30 08:03:41 | 000,524,288 | -HS- | C] () -- C:\Users\Teresa\ntuser.dat{b716549e-a2c7-11e0-bb62-f04da2817db5}.TMContainer00000000000000000002.regtrans-ms
[2011/06/30 08:03:41 | 000,524,288 | -HS- | C] () -- C:\Users\Teresa\ntuser.dat{b716549e-a2c7-11e0-bb62-f04da2817db5}.TMContainer00000000000000000001.regtrans-ms
[2011/06/30 08:03:41 | 000,065,536 | -HS- | C] () -- C:\Users\Teresa\ntuser.dat{b716549e-a2c7-11e0-bb62-f04da2817db5}.TM.blf
[2011/06/28 15:10:44 | 000,524,288 | -HS- | C] () -- C:\Users\Teresa\ntuser.dat{986e5bb2-a111-11e0-9955-f04da2817db5}.TMContainer00000000000000000002.regtrans-ms
[2011/06/28 15:10:44 | 000,524,288 | -HS- | C] () -- C:\Users\Teresa\ntuser.dat{986e5bb2-a111-11e0-9955-f04da2817db5}.TMContainer00000000000000000001.regtrans-ms
[2011/06/28 15:10:44 | 000,065,536 | -HS- | C] () -- C:\Users\Teresa\ntuser.dat{986e5bb2-a111-11e0-9955-f04da2817db5}.TM.blf
[2011/06/26 17:03:05 | 000,000,044 | ---- | C] () -- C:\Users\Teresa\HOMEGROUPPASS_TG.txt
[2011/06/26 15:52:23 | 000,000,377 | ---- | C] () -- C:\Users\Teresa\Win7HomePremium_KEY.txt
[2011/06/26 15:07:50 | 000,008,192 | RHS- | C] () -- C:\BOOTSECT.BAK
[2011/06/26 15:07:48 | 000,383,786 | RHS- | C] () -- C:\bootmgr
[2011/06/26 14:42:07 | 000,000,020 | -HS- | C] () -- C:\Users\Teresa\ntuser.ini
[2011/06/26 14:42:03 | 000,786,432 | -HS- | C] () -- C:\Users\Teresa\ntuser.dat
[2011/06/26 14:42:03 | 000,524,288 | -HS- | C] () -- C:\Users\Teresa\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2011/06/26 14:42:03 | 000,524,288 | -HS- | C] () -- C:\Users\Teresa\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2011/06/26 14:42:03 | 000,262,144 | ---- | C] () -- C:\Users\Teresa\ntuser.dat.LOG1
[2011/06/26 14:42:03 | 000,065,536 | -HS- | C] () -- C:\Users\Teresa\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2011/06/26 14:42:03 | 000,000,290 | ---- | C] () -- C:\Users\Teresa\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2011/06/26 14:42:03 | 000,000,272 | ---- | C] () -- C:\Users\Teresa\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2011/06/26 14:42:03 | 000,000,000 | ---- | C] () -- C:\Users\Teresa\ntuser.dat.LOG2
[2011/06/26 14:10:38 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2011/06/26 14:08:33 | 2384,744,448 | -HS- | C] () -- C:\hiberfil.sys
[2011/06/17 20:15:13 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2011/06/17 20:15:12 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2011/04/12 01:29:01 | 000,048,265 | ---- | C] () -- C:\Windows\HomePremium.xml
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2011/06/26 15:59:12 | 000,000,000 | ---D | M] -- C:\Users\Teresa\AppData\Roaming\PCDr
[2011/06/26 15:59:14 | 000,000,000 | ---D | M] -- C:\Users\Teresa\AppData\Roaming\Sammsoft
[2011/06/26 15:59:25 | 000,000,000 | ---D | M] -- C:\Users\Teresa\AppData\Roaming\SoftGrid Client
[2011/06/20 20:08:29 | 000,000,000 | ---D | M] -- C:\Users\Teresa\AppData\Roaming\TP
[2011/06/29 22:08:22 | 000,000,000 | ---D | M] -- C:\Users\Teresa\AppData\Roaming\uTorrent
[2011/06/26 15:59:25 | 000,000,000 | ---D | M] -- C:\Users\Teresa\AppData\Roaming\WildTangent
[2011/06/26 15:59:25 | 000,000,000 | ---D | M] -- C:\Users\Teresa\AppData\Roaming\Windows Live Writer
[2009/07/13 22:08:49 | 000,003,628 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========


< End of report >



OTL Extras Log:


OTL Extras logfile created on: 6/30/2011 10:20:34 AM - Run 1
OTL by OldTimer - Version 3.2.7.1 Folder = F:\GoFlex\Utilities\OTL
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 68.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298.09 Gb Total Space | 258.79 Gb Free Space | 86.82% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 465.76 Gb Total Space | 368.95 Gb Free Space | 79.21% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TERESA-PC
Current User Name: Teresa
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{E77543EE-6FB5-4FF6-AB70-635392C8C756}" = Microsoft Security Client
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/28/2011 10:35:47 PM | Computer Name = Teresa-PC | Source = MsiInstaller | ID = 11935
Description =

Error - 6/29/2011 10:34:09 PM | Computer Name = Teresa-PC | Source = WinMgmt | ID = 10
Description =

Error - 6/29/2011 10:43:03 PM | Computer Name = Teresa-PC | Source = MsiInstaller | ID = 11935
Description =

Error - 6/29/2011 10:48:57 PM | Computer Name = Teresa-PC | Source = WinMgmt | ID = 10
Description =

Error - 6/29/2011 11:21:06 PM | Computer Name = Teresa-PC | Source = WinMgmt | ID = 10
Description =

Error - 6/29/2011 11:59:24 PM | Computer Name = Teresa-PC | Source = MsiInstaller | ID = 10005
Description =

Error - 6/30/2011 9:11:08 AM | Computer Name = Teresa-PC | Source = WinMgmt | ID = 10
Description =

Error - 6/30/2011 12:26:56 PM | Computer Name = Teresa-PC | Source = WinMgmt | ID = 10
Description =

Error - 6/30/2011 12:37:16 PM | Computer Name = Teresa-PC | Source = WinMgmt | ID = 10
Description =

Error - 6/30/2011 12:59:13 PM | Computer Name = Teresa-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 6/30/2011 12:06:11 AM | Computer Name = Teresa-PC | Source = Service Control Manager | ID = 7000
Description = The Office Source Engine service failed to start due to the following
error: %%2

Error - 6/30/2011 12:21:40 PM | Computer Name = Teresa-PC | Source = DCOM | ID = 10010
Description =

Error - 6/30/2011 12:21:45 PM | Computer Name = Teresa-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80080005: Update for Windows 7 for x64-based Systems (KB2552343).

Error - 6/30/2011 12:33:06 PM | Computer Name = Teresa-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 0.0.0.0 Update Source: %%859 Update Stage: %%854

Source
Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current
Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80240016 Error description:
An unexpected problem occurred while checking for updates. For information on installing
or troubleshooting updates, see Help and Support.

Error - 6/30/2011 12:33:06 PM | Computer Name = Teresa-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 0.0.0.0 Update Source: %%859 Update Stage: %%854

Source
Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current
Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80240016 Error description:
An unexpected problem occurred while checking for updates. For information on installing
or troubleshooting updates, see Help and Support.

Error - 6/30/2011 12:33:06 PM | Computer Name = Teresa-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 0.0.0.0 Update Source: %%859 Update Stage: %%853

Source
Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current
Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80240016 Error description:
An unexpected problem occurred while checking for updates. For information on installing
or troubleshooting updates, see Help and Support.

Error - 6/30/2011 12:33:48 PM | Computer Name = Teresa-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 0.0.0.0 Update Source: %%859 Update Stage: %%854

Source
Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current
Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80240016 Error description:
An unexpected problem occurred while checking for updates. For information on installing
or troubleshooting updates, see Help and Support.

Error - 6/30/2011 12:33:48 PM | Computer Name = Teresa-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 0.0.0.0 Update Source: %%859 Update Stage: %%854

Source
Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current
Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80240016 Error description:
An unexpected problem occurred while checking for updates. For information on installing
or troubleshooting updates, see Help and Support.

Error - 6/30/2011 12:33:48 PM | Computer Name = Teresa-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 0.0.0.0 Update Source: %%859 Update Stage: %%853

Source
Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current
Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80240016 Error description:
An unexpected problem occurred while checking for updates. For information on installing
or troubleshooting updates, see Help and Support.

Error - 6/30/2011 12:41:30 PM | Computer Name = Teresa-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR2.


< End of report >





Side-Note: MBAM cannot update on this machine, provides:
PROGRAM_ERROR_UPDATING(11001, 0, Host not found)
Database is 32 days old, would this be preventing the cleaning process from detecting this Redirect issue?


Any and all help greatly appreciated. Thanks for your time

Edited by cramit02, 30 June 2011 - 09:44 AM.

  • 0

Advertisements

#2
Render
Posted 01 July 2011 - 05:39 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi, cramit02! Welcome to GeeksToGo! My nick name is Render and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any queries or you are unsure about anything, just say and I'll help you out :)

It may well be worth you printing/saving the instructions throughout the fix, so you have them to hand just in case you are unable to access this site.

Please note:
  • Remember to post your logs, not attach them. So, any logs from any programs we run, should be just 'copied & pasted' into your reply.
  • Please only run the tools that I request. I know malware can be frustrating but running other tools in the meantime and between posts, only makes it harder for us to analyse and fix your PC in the long run.
  • Please subscribe to this topic if you have not already done so. Please check back just in case, as the email system can fail at times.
  • Just because your machine is running better does not mean it is completely cleaned. Please wait for the 'all clear' from me to say when we are done.
  • Please reply within 3 days to be fair to other people asking for help.
  • When in doubt, please stop and ask first. There's no harm in asking questions!

If you have since resolved the original problem you were having, I would appreciate you letting me know. If not please perform the following steps below so I can have a look at the current condition of your machine.

  • Please download aswMBR.exe to your desktop.
  • Double click the aswMBR.exe to run it.

    Posted Image
  • When asked if you want to download Avast's virus definitions please select No.
  • At AV engine: option please select (none).
  • Click the Scan button to start scan.

    Posted Image
  • On completion of the scan click Save log, save it to your desktop and post in your next reply.

  • 0

#3
Render
Posted 15 July 2011 - 06:51 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP