Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

w32 Worm issues


  • This topic is locked This topic is locked

#1
NotGoodatComputer

NotGoodatComputer

    New Member

  • Member
  • Pip
  • 3 posts
Hi. My sister and I are very bad at computer. My husband is very good at it. Unfortunately, he's not here. He did instruct us as far as we can go. I am currently on the infected computer, OTLPE did the scan with the scan.txt file from the USB drive. I have the file that comes afterward... that EVERYONE who has resolved it has asked for. I'm just going to post it here. I really hope that someone can help resolve this issue quickly because I'm trying very hard to fix Ellen's computer... and it hates me.


Here is the text that came with that OTL.txt file:





OTL logfile created on: 9/2/2011 10:14:34 AM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
64bit-Windows Vista ™ Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 8.0.6001.19120)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 88.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 410.49 Gb Total Space | 174.33 Gb Free Space | 42.47% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 7.30 Gb Free Space | 49.81% Space Free | Partition Type: NTFS
Drive E: | 983.72 Mb Total Space | 776.48 Mb Free Space | 78.93% Space Free | Partition Type: FAT
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/04/27 17:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011/04/27 17:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/12/15 00:43:20 | 000,515,560 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/03/30 00:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/04/27 15:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2010/09/28 16:44:52 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/07/24 20:50:51 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009/09/30 20:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\WpdUsb.sys -- (WpdUsb)
DRV:64bit: - [2009/07/09 03:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot] -- C:\Windows\System32\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2008/02/11 19:48:28 | 007,709,056 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2008/01/20 22:46:55 | 000,317,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\e1e6032e.sys -- (e1express) Intel®
DRV:64bit: - [2008/01/20 22:46:53 | 001,523,712 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\VSTDPV6.SYS -- (VST64_DPV)
DRV:64bit: - [2008/01/20 22:46:53 | 000,724,480 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\VSTCNXT6.SYS -- (winachsf)
DRV:64bit: - [2008/01/20 22:46:53 | 000,392,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\VSTBS26.SYS -- (VST64HWBS2)
DRV:64bit: - [2006/09/18 17:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- C:\Windows\System32\wbem\ntfs.mof -- (Ntfs)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Ellen_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\Ellen_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\Ellen_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CF 69 A9 3C 4D 67 CB 01 [binary data]
IE - HKU\Ellen_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Ellen_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Ellen_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local




FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=:
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2010/08/09 16:36:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\ShopperReports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions [2010/12/11 14:38:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\ClickPotatoLite\bin\10.0.628.0\firefox\extensions [2010/12/11 14:38:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 6.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/09/01 04:50:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 6.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/07/25 14:53:57 | 000,000,000 | ---D | M]

[2011/04/15 22:14:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/12/11 14:38:45 | 000,000,000 | ---D | M] (ResultBar) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{34EFA911-B536-4C08-BECE-CD5E55C875B0}
[2010/07/14 16:53:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/11 14:48:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/06/14 19:14:54 | 000,000,000 | ---D | M] (Starfield Zoom) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2011/09/01 04:50:48 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/02/21 06:22:32 | 000,712,704 | ---- | M] (BitComet) -- C:\Program Files (x86)\mozilla firefox\plugins\npBitCometAgent.dll
[2011/07/25 14:53:56 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll
[2010/01/06 00:27:44 | 000,060,928 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npContribute.dll
[2009/11/19 17:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2009/11/19 17:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
[2009/11/20 13:34:44 | 000,218,624 | ---- | M] (Starfield Technology, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwbe.dll
[2011/05/26 20:07:24 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2010/12/31 09:37:58 | 000,001,215 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Mp3Tube.xml

O1 HOSTS File: ([2010/07/18 12:13:05 | 000,001,798 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 adobe.activate.com
O1 - Hosts: 127.0.0.1 adobeereg.com
O1 - Hosts: 127.0.0.1 www.adobeereg.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 125.252.224.90
O1 - Hosts: 127.0.0.1 125.252.224.91
O1 - Hosts: 127.0.0.1 hl2rcv.adobe.com
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems Incorporated.)
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.4.6.22.dll (BitComet)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems Incorporated.)
O3 - HKU\Ellen_ON_C\..\Toolbar\WebBrowser: (no name) - {46897C77-E7A6-4C33-BFFB-E9C2E2718942} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\Ellen_ON_C..\Run: [Aim] C:\Program Files (x86)\AIM\aim.exe (AOL Inc.)
O4 - HKU\Ellen_ON_C..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\Ellen_ON_C..\Run: [EA Core] File not found
O4 - HKU\Ellen_ON_C..\Run: [Security Protection] C:\Users\Ellen\AppData\Roaming\defender.exe (Heaventools Software)
O4 - HKU\Ellen_ON_C..\Run: [WMPNSCFG] File not found
O4 - HKU\LocalService_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.4.6.22.dll (BitComet)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


Drivers32:64bit: aux - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midimapper - C:\Windows\System32\midimap.dll (Microsoft Corporation)
Drivers32:64bit: mixer - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: msacm.imaadpcm - C:\Windows\System32\imaadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: msacm.msadpcm - C:\Windows\System32\msadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msg711 - C:\Windows\System32\msg711.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msgsm610 - C:\Windows\System32\msgsm32.acm (Microsoft Corporation)
Drivers32:64bit: vidc.i420 - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.iyuv - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.mrle - C:\Windows\System32\msrle32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.msvc - C:\Windows\System32\msvidc32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.uyvy - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32:64bit: vidc.yuy2 - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32:64bit: vidc.yvu9 - C:\Windows\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32:64bit: vidc.yvyu - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32:64bit: wave - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wavemapper - C:\Windows\System32\msacm32.drv (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

========== Files/Folders - Created Within 30 Days ==========

[2011/09/02 01:41:12 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/09/01 23:22:32 | 000,858,624 | ---- | C] (Heaventools Software) -- C:\Users\Ellen\AppData\Roaming\defender.exe
[2011/08/29 17:57:15 | 000,000,000 | ---D | C] -- C:\Users\Ellen\AppData\Local\{E84BEB7A-E0CF-4F0F-8F59-7EE8D9FA357D}
[2011/08/28 10:17:18 | 000,000,000 | ---D | C] -- C:\Users\Ellen\AppData\Local\{ECE602BC-AD98-4459-B04D-C7F5B913ADB6}
[2011/08/28 10:17:07 | 000,000,000 | ---D | C] -- C:\Users\Ellen\AppData\Local\{159DBED8-2E43-42D3-832D-783BBE4FF9FD}
[2011/08/27 22:13:33 | 000,000,000 | ---D | C] -- C:\Users\Ellen\AppData\Local\{026944E2-64AE-4380-A749-E38880703412}
[2011/08/27 22:13:17 | 000,000,000 | ---D | C] -- C:\Users\Ellen\AppData\Local\{DDDF78E2-A901-4B4F-A74D-D97B8BD82951}
[2011/08/24 18:59:11 | 000,000,000 | ---D | C] -- C:\Users\Ellen\AppData\Local\{7C80BB5B-9BFE-48C4-A9BA-DD838AEA101E}
[2011/08/24 18:59:01 | 000,000,000 | ---D | C] -- C:\Users\Ellen\AppData\Local\{E532CCD7-12D9-42B6-BB98-6CE89234EA57}
[2011/08/24 16:07:14 | 000,000,000 | ---D | C] -- C:\Users\Ellen\AppData\Local\Build.A.Gadget
[2011/08/24 16:02:04 | 000,000,000 | ---D | C] -- C:\Users\Ellen\Desktop\Stuff That's Jon's
[2011/08/24 13:11:11 | 000,000,000 | ---D | C] -- C:\Users\Ellen\AppData\Local\{3C32C7CB-BDE6-410C-9596-3EF636267E9B}
[2011/08/24 13:10:58 | 000,000,000 | ---D | C] -- C:\Users\Ellen\AppData\Local\{76BC5BDE-6815-4431-B3DC-2D0CE4A3EA81}
[2011/08/20 17:43:14 | 000,000,000 | ---D | C] -- C:\Users\Ellen\AppData\Local\{71EA42B5-7DEC-44FB-9438-54FE8280C454}
[2011/08/20 17:43:00 | 000,000,000 | ---D | C] -- C:\Users\Ellen\AppData\Local\{4C88D849-9B5B-4900-97C8-F693C7431902}
[2011/08/19 12:29:44 | 000,000,000 | ---D | C] -- C:\Users\Ellen\AppData\Local\{79356D27-6C3A-4DAE-AB50-958A9ADF3F39}
[2011/08/19 12:29:34 | 000,000,000 | ---D | C] -- C:\Users\Ellen\AppData\Local\{508DAB8A-E398-4E84-BEAE-4C8AC97BE90A}
[2011/08/18 21:44:48 | 000,000,000 | ---D | C] -- C:\Users\Ellen\AppData\Local\{310EABB1-619C-4B71-8D06-50C36650924D}
[2011/08/18 21:44:38 | 000,000,000 | ---D | C] -- C:\Users\Ellen\AppData\Local\{0EC0ACC6-7D9A-477B-94CE-022769C1500A}
[2011/08/16 15:12:37 | 000,000,000 | ---D | C] -- C:\Users\Ellen\AppData\Local\{3AE65083-CE55-4F3C-8940-57055D723CDA}
[2011/08/16 15:12:27 | 000,000,000 | ---D | C] -- C:\Users\Ellen\AppData\Local\{21B01B43-3319-46CE-AFF8-35DAEC1ADD79}
[2011/08/15 22:41:36 | 000,000,000 | ---D | C] -- C:\Users\Ellen\Desktop\gLee
[2011/08/10 20:12:04 | 000,000,000 | ---D | C] -- C:\Users\Ellen\AppData\Local\{3AB15D42-76CB-4DD0-85AB-DDA8FC6DFB14}
[2011/08/10 20:11:47 | 000,000,000 | ---D | C] -- C:\Users\Ellen\AppData\Local\{44649A46-6440-434B-AF24-DAFFD31217CC}
[2011/08/10 03:23:22 | 000,000,000 | ---D | C] -- C:\Users\Ellen\AppData\Local\{BB4387D8-C50D-489D-8DE1-87AEF15039A7}
[2011/08/10 03:23:09 | 000,000,000 | ---D | C] -- C:\Users\Ellen\AppData\Local\{95679D6E-2B56-4848-8FB5-31C3338FB54E}
[2011/08/09 23:53:02 | 000,451,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2011/08/09 23:53:01 | 000,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xmllite.dll
[2011/08/09 23:52:54 | 004,699,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/08/09 23:52:49 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2011/08/09 23:52:48 | 000,710,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/08/09 23:52:48 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2011/08/09 23:52:48 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/08/09 23:52:48 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/08/09 23:52:47 | 001,538,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/08/09 23:52:47 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2011/08/09 23:52:47 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/08/09 23:52:47 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\occache.dll
[2011/08/09 23:52:47 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/08/09 23:52:47 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmled.dll
[2011/08/09 23:52:47 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/08/09 23:52:47 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/08/09 23:52:46 | 000,479,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/08/09 23:52:46 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011/08/09 23:52:46 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2011/08/09 23:52:46 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011/08/09 23:52:46 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/08/09 23:52:46 | 000,162,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/08/09 23:52:46 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2011/08/09 23:52:46 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/08/09 23:52:46 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2011/08/09 23:52:46 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/08/09 23:52:46 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2011/08/09 23:52:46 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/08/09 23:52:46 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/08/09 23:52:46 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2011/08/09 23:52:46 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011/08/09 23:52:46 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/08/09 23:52:45 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011/08/09 19:05:49 | 000,000,000 | ---D | C] -- C:\Users\Ellen\AppData\Local\{EF1A11C9-748D-4153-8D69-C18A6771D3FE}
[2011/08/09 19:05:37 | 000,000,000 | ---D | C] -- C:\Users\Ellen\AppData\Local\{CEFDC681-FA3B-4888-BA14-B7CDDB361262}
[2011/08/07 10:44:23 | 000,000,000 | ---D | C] -- C:\Users\Ellen\AppData\Local\{227BC5E3-C373-4811-9E55-21DCCA94FC8E}
[2011/08/07 10:44:12 | 000,000,000 | ---D | C] -- C:\Users\Ellen\AppData\Local\{5E7568C8-65C9-4D08-B4F9-E182ACB4EE2F}
[2011/08/04 21:51:41 | 000,000,000 | ---D | C] -- C:\Users\Ellen\AppData\Local\{650211A0-86CB-4E06-B2D7-A7E1E3192574}
[2011/08/04 09:51:18 | 000,000,000 | ---D | C] -- C:\Users\Ellen\AppData\Local\{8A2E9E6A-8F15-419F-9C51-4969068EC1D4}
[2011/08/03 13:07:24 | 000,000,000 | ---D | C] -- C:\Users\Ellen\AppData\Local\{66B5F827-B5A3-4E80-9C59-E4948291C2AF}

========== Files - Modified Within 30 Days ==========

[2011/09/01 23:49:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/09/01 23:49:02 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/09/01 23:49:02 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/09/01 23:22:32 | 000,858,624 | ---- | M] (Heaventools Software) -- C:\Users\Ellen\AppData\Roaming\defender.exe
[2011/09/01 23:22:32 | 000,000,688 | ---- | M] () -- C:\Users\Ellen\Desktop\Security Protection.lnk
[2011/09/01 14:25:40 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{6F36CDF8-4927-4104-866D-02659C9495E9}.job
[2011/09/01 13:56:10 | 000,601,688 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/09/01 13:56:10 | 000,104,088 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/08/24 15:59:38 | 000,002,772 | ---- | M] () -- C:\Users\Ellen\AppData\Roaming\wklnhst.dat
[2011/08/15 22:43:27 | 000,063,488 | ---- | M] () -- C:\Users\Ellen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Files Created - No Company Name ==========

[2011/09/01 23:22:32 | 000,000,688 | ---- | C] () -- C:\Users\Ellen\Desktop\Security Protection.lnk
[2011/08/24 16:03:13 | 000,000,418 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{6F36CDF8-4927-4104-866D-02659C9495E9}.job
[2011/01/25 22:28:00 | 000,715,468 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/07/18 12:05:52 | 000,002,772 | ---- | C] () -- C:\Users\Ellen\AppData\Roaming\wklnhst.dat
[2010/05/27 16:13:48 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2010/05/27 16:12:47 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2010/05/27 16:11:46 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2010/05/27 15:49:16 | 000,063,488 | ---- | C] () -- C:\Users\Ellen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/26 19:54:27 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2010/05/26 15:08:16 | 000,000,732 | ---- | C] () -- C:\Users\Ellen\AppData\Local\d3d9caps64.dat
[2008/02/11 19:46:56 | 002,215,364 | ---- | C] () -- C:\Windows\SysWow64\igklg400.bin
[2008/02/11 19:46:56 | 001,971,732 | ---- | C] () -- C:\Windows\SysWow64\igklg450.bin
[2008/02/11 19:46:56 | 000,029,932 | ---- | C] () -- C:\Windows\SysWow64\igmedcompkrn.bin
[2008/01/20 22:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006/11/02 11:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 11:02:31 | 000,197,632 | ---- | C] () -- C:\Windows\SysWow64\ir32_32.dll
[2006/11/02 08:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 08:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 08:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 05:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

========== LOP Check ==========

[2011/07/24 00:56:45 | 000,000,000 | ---D | M] -- C:\Users\Ellen\AppData\Roaming\acccore
[2010/07/21 22:44:14 | 000,000,000 | ---D | M] -- C:\Users\Ellen\AppData\Roaming\BitComet
[2011/07/03 22:10:32 | 000,000,000 | ---D | M] -- C:\Users\Ellen\AppData\Roaming\Canon
[2011/07/25 14:53:56 | 000,000,000 | ---D | M] -- C:\Users\Ellen\AppData\Roaming\Catalina Marketing Corp
[2010/12/11 14:38:24 | 000,000,000 | ---D | M] -- C:\Users\Ellen\AppData\Roaming\ClickPotatoLite
[2011/01/20 00:16:13 | 000,000,000 | ---D | M] -- C:\Users\Ellen\AppData\Roaming\com.adobe.example.harryPotterCalWidget.EF9FB7D33E9F43379C6B0344249042B627B3B1D9.1
[2010/07/24 22:14:14 | 000,000,000 | ---D | M] -- C:\Users\Ellen\AppData\Roaming\DAEMON Tools Lite
[2010/06/13 20:45:08 | 000,000,000 | ---D | M] -- C:\Users\Ellen\AppData\Roaming\Facebook
[2010/07/30 22:40:27 | 000,000,000 | ---D | M] -- C:\Users\Ellen\AppData\Roaming\GARMIN
[2011/08/16 14:36:27 | 000,000,000 | ---D | M] -- C:\Users\Ellen\AppData\Roaming\gtk-2.0
[2010/12/11 14:38:14 | 000,000,000 | ---D | M] -- C:\Users\Ellen\AppData\Roaming\ShopperReports3
[2010/07/18 15:20:11 | 000,000,000 | ---D | M] -- C:\Users\Ellen\AppData\Roaming\Template
[2010/12/11 14:38:25 | 000,000,000 | ---D | M] -- C:\ProgramData\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
[2011/07/24 00:56:28 | 000,000,000 | ---D | M] -- C:\ProgramData\AIM
[2006/11/02 11:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2010/05/26 15:12:45 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonBJ
[2011/07/03 22:10:32 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonIJScan
[2010/12/11 14:38:25 | 000,000,000 | ---D | M] -- C:\ProgramData\ClickPotatoLiteSA
[2010/07/24 20:50:24 | 000,000,000 | ---D | M] -- C:\ProgramData\DAEMON Tools Lite
[2006/11/02 11:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2006/11/02 11:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2010/11/28 14:01:37 | 000,000,000 | ---D | M] -- C:\ProgramData\Electronic Arts
[2006/11/02 11:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2010/10/20 23:18:03 | 000,000,000 | ---D | M] -- C:\ProgramData\Messenger Plus!
[2011/04/09 01:07:57 | 000,000,000 | ---D | M] -- C:\ProgramData\regid.1986-12.com.adobe
[2006/11/02 11:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2006/11/02 11:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2011/06/24 21:42:20 | 000,000,000 | ---D | M] -- C:\ProgramData\WindowsSearch
[2010/08/24 14:11:52 | 000,000,000 | ---D | M] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2011/09/01 23:49:03 | 000,032,576 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/09/01 14:25:40 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{6F36CDF8-4927-4104-866D-02659C9495E9}.job

========== Purity Check ==========



========== Custom Scans ==========



< MD5 for: EXPLORER.EXE >
[2008/10/29 02:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_b5f700fe698beb14\explorer.exe
[2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_b7eb106e66a7ac19\explorer.exe
[2008/10/29 02:15:50 | 003,087,360 | ---- | M] (Microsoft Corporation) MD5=50514057C28A74BAC2BD04B7B990D615 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_aba256ac352b2919\explorer.exe
[2008/10/29 23:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_b8583e9d7fda0512\explorer.exe
[2009/04/11 03:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\explorer.exe
[2009/04/11 03:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe
[2008/10/27 22:30:12 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=72B9990E45C25AA3C75C4FB50A9D6CE0 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_ac5266dd4e2b0a41\explorer.exe
[2008/10/29 02:49:22 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_ad96661c3246ea1e\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SysWOW64\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe
[2008/10/30 01:30:07 | 003,081,216 | ---- | M] (Microsoft Corporation) MD5=E404A65EF890140410E9F3D405841C95 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_ae03944b4b794317\explorer.exe
[2008/10/27 22:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_b6a7112f828bcc3c\explorer.exe
[2008/01/20 22:48:44 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe
[2008/01/20 22:49:23 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/01/20 22:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\SysWOW64\svchost.exe
[2008/01/20 22:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2008/01/20 22:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\System32\svchost.exe
[2008/01/20 22:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_11d9f524bdab2f1b\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/20 22:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
[2008/01/20 22:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008/01/20 22:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\System32\userinit.exe
[2008/01/20 22:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 03:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\System32\winlogon.exe
[2009/04/11 03:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2008/01/20 22:49:47 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/20 22:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< %SYSTEMDRIVE%\*.* >
[2009/04/11 02:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2010/05/26 21:59:27 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007/11/07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007/11/07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2007/11/07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[2007/11/07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007/11/07 08:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 08:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 08:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 08:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/07 08:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/07 08:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007/11/07 08:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2011/07/24 00:56:33 | 000,000,374 | -H-- | M] () -- C:\IPH.PH
[2011/08/29 17:56:06 | 302,268,415 | -HS- | M] () -- C:\pagefile.sys
[2007/11/07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007/11/07 08:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007/11/07 08:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI

< %systemroot%\*. /mp /s >

< CREATERESTOREPOINT >

< %systemroot%\System32\config\*.sav >
[2008/01/21 00:14:16 | 026,247,168 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/21 00:13:53 | 000,110,592 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/21 00:14:16 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 08:50:51 | 019,435,520 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 08:50:51 | 001,806,336 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-09-01 07:00:41

< End of report >



Please, someone help me.
-Kristen
  • 0

Advertisements


#2
NotGoodatComputer

NotGoodatComputer

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Please, someone? Anyone?
  • 0

#3
michaelg9

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Hi
:) . I'm Michael and I'm going to help you fix your computer :unsure:

Note: Before we start the process you should:
  • POST your logs, don't attach them, as it makes it harder to read. Also please don't edit any log in any case
  • Disable ANY programs that offer real-time protection features while executing my instructions. That includes your antivirus, antispyware, windows defender or any other program that offers protection. When you're clean or waiting for my next set of instructions, re-enable them .If you need any help disabling them, ask.
  • Topics that are idle for 4 days after I post instructions will be closed, unless I'm notified of the delay.
  • Last, as most of the tools we use here need administrative rights in order to function properly, I expect that you will be running them from an administrator account.

I can see some nasties there, but I need to know what's the problem first.
  • Is the rogue antivirus your problem?
  • You're using OTLPE, so I assume Windows has problems while booting. Is that right? If yes, what happens while booting?
  • Can you boot into safe mode? Instructions for this here
  • When did that happen? Do you remember anything strange happen before the computer started having problems?



Next:

Start OTLPE as you did previously from CD
Copy the attached Fix.txt to a USB

  • Insert your USB drive with fix.txt on it
    Attached File  fix.txt   7.74KB   93 downloads
  • Start OTLPE
  • Drag and drop fix.txt into the Custom scans and fixes box
  • If you cannot drag and drop for some reason. Then press the Run Fix button and a dialogue box will pop up asking for the location - select the file on your USB drive
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done to normal mode if possible
  • Then post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )


Next:

Uninstall (if present):


ShopperReports
ClickPotatoLite
Java 1.6.0_21
ResultBar




Next:

Download RogueKiller to your desktop

  • Quit all running programs
  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • When prompted, type 1 and validate
  • The RKreport.txt shall be generated next to the executable.
  • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
Please post the contents of the RKreport.txt in your next Reply.



Next:


Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

  • 0

#4
NotGoodatComputer

NotGoodatComputer

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Thank you so much for getting back to me. Please don't close the topic, it's going to be a little bit until I can get back to this. Hopefully this evening, but I am pretty computer illiterate, so I'll need to get my sister back over here to help.



* Is the rogue antivirus your problem?
* You're using OTLPE, so I assume Windows has problems while booting. Is that right? If yes, what happens while booting?
* Can you boot into safe mode? Instructions for this here
* When did that happen? Do you remember anything strange happen before the computer started having problems?


This is what happened. I was using the stumble bar (something I'll never do again), and suddenly my firebox window with four tabs open inside of it, closed and an antivirus that I'd never seen before popped up and started to try and scan my computer. I've had this problem before, maybe like a year ago.

The reason I'm using OTLPE is because my computer-literate, but hour away brother-in-law told me to do that. I have absolutely no idea what I'm doing, hence needing my sister to come back over.

I'm pretty sure I'd be able to get the computer into safe mode, but bro-in-law said not to.

Edited by NotGoodatComputer, 04 September 2011 - 04:17 PM.

  • 0

#5
michaelg9

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Ok, follow all the instructions in my above post. The rogue antivirus will go after the OTLPE fix, but don't stop there -- follow all the steps to check if any other infection is there
  • 0

#6
michaelg9

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Hello
Are you still here?
  • 0

#7
michaelg9

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP