Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Stubborn Online Guard!

Started by hutina , Oct 10 2011 12:18 AM

This topic is locked

#1
hutina

Posted 10 October 2011 - 12:18 AM

Member

Member
47 posts

I am at a loss with what to do with this stubborn whatever it's called.
I first ran the removal guided provided on the site, I was able to go through with it up until the reboot section.
I tried to run it once more but the mbam just stopped working.

Then came the fun part...wasn't able to run in safe mode. cannot get otl to run tried all variations
including killr, exhelper, vipre they can start for about 5-10 seconds and would stop working.

Someone please help
Thanks

#2
maliprog

Posted 10 October 2011 - 12:32 AM

Trusted Helper

Malware Removal
6,172 posts

Hello hutina and welcome to G2G!

My nick is maliprog and I'll will be your technical support on this issue. Before we start please read my notes carefully:

NOTE:

Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
Absence of symptoms does not always mean the computer is clean
Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
Please DO NOT run any scans or fix on your own without my direction.
Please read all of my response through at least once before attempting to follow the procedures described.
If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply.
You must reply within 3 days or your topic will be closed

Step 1

We need to disable malware processes on your system first

Download TheKiller to your Desktop
Note that TheKiller is renamed as explorer.exe
Run it by double click (If running Vista or Windows 7, right click on it and select "Run as an Administrator")
Press OK button after program finish
Do not restart your system after this step

NOTE: If malware blocks TheKiller from running please try to run it several more times

Step 2

Download OTL to your Desktop

Double click on the icon to run it (If running Vista or Windows 7, right click on it and select "Run as an Administrator")
. Make sure all other windows are closed and to let it run uninterrupted.
Under the Custom Scan box paste this in

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them if you need to start a new topic.

Step 3

Please don't forget to include these items in your reply:

OTL log
OTL Extras log

It would be helpful if you could post each log in separate post

#3
hutina

Posted 10 October 2011 - 01:07 AM

Member

Topic Starter
Member
47 posts

Hi maliprog,
thank you
at last I was able to run OTL

here are the two logs
OTL logfile created on: 10/9/2011 11:55:59 PM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Tina\Desktop
An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.31 Gb Available Physical Memory | 77.06% Memory free
6.00 Gb Paging File | 5.48 Gb Available in Paging File | 91.46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.03 Gb Total Space | 151.13 Gb Free Space | 52.47% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.34 Gb Free Space | 53.44% Space Free | Partition Type: NTFS

Computer Name: TINA-PC | User Name: Tina | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/09 23:47:38 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Tina\Desktop\OTL.scr
PRC - [2011/09/30 16:19:04 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/02/25 22:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

========== Modules (No Company Name) ==========

MOD - [2011/10/07 15:35:13 | 000,589,824 | ---- | M] () -- C:\Program Files\CA\CA Internet Security Suite\log4cplusU.dll
MOD - [2011/09/30 16:19:03 | 001,833,944 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2010/02/10 19:10:10 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (BrowserSeek Service)
SRV - [2011/10/07 15:35:12 | 000,251,216 | ---- | M] (CA, Inc.) [On_Demand | Stopped] -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe -- (CaCCProvSP)
SRV - [2011/10/07 15:35:12 | 000,222,544 | ---- | M] (Computer Associates International, Inc.) [Auto | Stopped] -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe -- (CAISafe)
SRV - [2011/10/07 15:35:12 | 000,206,160 | ---- | M] (Computer Associates International, Inc.) [Auto | Stopped] -- C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe -- (ccSchedulerSVC)
SRV - [2011/10/07 15:35:11 | 000,206,152 | ---- | M] (CA) [Auto | Stopped] -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\CAAMSvc.exe -- (CAAMSvc)
SRV - [2011/09/21 01:27:04 | 000,366,408 | ---- | M] (Splashtop Inc.) [Auto | Stopped] -- C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe -- (SSUService)
SRV - [2011/06/07 18:35:12 | 001,775,432 | ---- | M] (Splashtop Inc.) [Auto | Stopped] -- C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe -- (SplashtopRemoteService)
SRV - [2011/04/04 12:42:28 | 000,662,096 | ---- | M] () [Auto | Stopped] -- C:\Program Files\CA\SharedComponents\TMEngine\UmxEngine.exe -- (UmxEngine)
SRV - [2011/03/21 11:17:56 | 000,068,928 | ---- | M] (Nalpeiron Ltd.) [Auto | Stopped] -- C:\Windows\System32\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2010/02/28 01:21:37 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/08/18 03:36:08 | 000,176,128 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/07/13 18:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 18:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 18:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/03/31 15:01:42 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe -- (AERTFilters)

========== Driver Services (SafeList) ==========

DRV - [2011/07/29 10:40:08 | 000,152,656 | ---- | M] (CA) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\KmxCF.sys -- (KmxCF)
DRV - [2011/07/29 10:39:28 | 000,331,344 | ---- | M] (CA) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\KmxCfg.sys -- (KmxCfg)
DRV - [2011/07/29 10:39:28 | 000,164,944 | ---- | M] (CA) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\KmxAMRT.sys -- (KmxAMRT)
DRV - [2011/07/29 10:39:28 | 000,083,536 | ---- | M] () [File_System | System | Stopped] -- C:\Windows\System32\drivers\KmxAgent.sys -- (KmxAgent)
DRV - [2011/07/29 10:39:28 | 000,082,000 | ---- | M] (CA) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\KmxSbx.sys -- (KmxSbx)
DRV - [2011/07/29 10:39:28 | 000,063,056 | ---- | M] (CA) [File_System | System | Stopped] -- C:\Windows\System32\drivers\KmxFile.sys -- (KmxFile)
DRV - [2011/07/28 11:17:30 | 000,107,088 | ---- | M] (CA) [Kernel | Boot | Stopped] -- C:\Windows\System32\DRIVERS\kmxfw.sys -- (KmxFw)
DRV - [2011/07/28 11:17:30 | 000,066,128 | ---- | M] (CA) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\KmxFilter.sys -- (KmxFilter)
DRV - [2011/07/22 09:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Users\Tina\AppData\Local\Temp\SAS_SelfExtract\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 14:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Users\Tina\AppData\Local\Temp\SAS_SelfExtract\saskutil.sys -- (SASKUTIL)
DRV - [2010/11/09 14:56:12 | 000,098,392 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2009/12/30 11:21:18 | 000,027,192 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/08/18 04:48:06 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/07/13 18:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/13 18:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 18:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/13 16:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 16:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 16:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/03/02 15:12:10 | 000,038,400 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\DGIVECP.SYS -- (DgiVecp)
DRV - [2009/03/02 15:12:10 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US,zh-CN;q=0.5
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3C F6 B3 86 C5 86 CC 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.2.7
FF - prefs.js..extensions.enabledItems: {C6128004-4838-4708-9A97-BB172D17767D}:1.6.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}:1.0
FF - prefs.js..keyword.URL: "http://www.browserse...skGG&keywords="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@rayv.com/rayvplugin: C:\Program Files\RayV\RayV\plugins\nprayvplugin.dll (RayV)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Tina\AppData\Roaming\Move Networks\plugins\npqmp071705000014.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Users\Tina\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1101262-0-npoctoshape.dll (Octoshape ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\CA\CA Internet Security Suite\RRR Anti-Phishing\Toolbar\Firefox [2011/10/08 10:02:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/30 16:19:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/09 23:31:26 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Tina\AppData\Roaming\Move Networks [2010/01/18 11:08:50 | 000,000,000 | ---D | M]

[2009/12/20 20:06:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tina\AppData\Roaming\Mozilla\Extensions
[2011/10/02 09:52:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\lzf6aeei.default\extensions
[2010/12/13 16:38:28 | 000,000,000 | ---D | M] (flashget3 Extension) -- C:\Users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\lzf6aeei.default\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}
[2011/10/09 20:28:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/10/09 20:28:01 | 000,000,000 | ---D | M] (BrowserSeek) -- C:\Program Files\Mozilla Firefox\extensions\{BDD34CBB-CC2C-4BDE-A25F-66D443E78F9C}
[2010/04/29 00:04:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/11/22 20:43:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LZF6AEEI.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
() (No name found) -- C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LZF6AEEI.DEFAULT\EXTENSIONS\{C6128004-4838-4708-9A97-BB172D17767D}.XPI
() (No name found) -- C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LZF6AEEI.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LZF6AEEI.DEFAULT\EXTENSIONS\[email protected]
[2011/09/30 16:19:04 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/09/15 05:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/09/16 15:39:37 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/10/09 01:03:31 | 000,000,882 | RH-- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 95.64.61.143 www.google.com
O1 - Hosts: 95.64.61.144 www.bing.com
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll File not found
O2 - BHO: (CA Anti-Phishing Toolbar Helper) - {45011CF5-E4A9-4F13-9093-F30A784EB9B2} - C:\Program Files\CA\CA Internet Security Suite\RRR Anti-Phishing\Toolbar\caIEToolbar.dll (CA, Inc.)
O2 - BHO: (FlashGetBHO) - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\Tina\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll (Trend Media Group)
O3 - HKLM\..\Toolbar: (CA Anti-Phishing Toolbar) - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - C:\Program Files\CA\CA Internet Security Suite\RRR Anti-Phishing\Toolbar\caIEToolbar.dll (CA, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (CA Anti-Phishing Toolbar) - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - C:\Program Files\CA\CA Internet Security Suite\RRR Anti-Phishing\Toolbar\caIEToolbar.dll (CA, Inc.)
O4 - HKLM..\Run: [cctray] C:\Program Files\CA\CA Internet Security Suite\casc.exe (CA, Inc.)
O4 - HKLM..\Run: [QCCellIBrzPNx1v8234A] C:\Windows\System32\C6EEK88fRZ9TXj.exe ()
O4 - HKLM..\Run: [volmgr] C:\Windows\system32\config\systemprofile\AppData\Local\volmgr.exe File not found
O4 - HKLM..\Run: [vQQQJ66dWK8RL8234A] C:\Windows\System32\T33ppmGG5.exe ()
O4 - Startup: C:\Users\Tina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\crss.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O8 - Extra context menu item: Download all by FlashGet3 - C:\Users\Tina\AppData\Roaming\FlashGetBHO\GetAllUrl.htm ()
O8 - Extra context menu item: Download by FlashGet3 - C:\Users\Tina\AppData\Roaming\FlashGetBHO\GetUrl.htm ()
O8 - Extra context menu item: 使用快车3下载 - C:\Users\Tina\AppData\Roaming\FlashGetBHO\GetUrl.htm ()
O8 - Extra context menu item: 使用快车3下载全部链接 - C:\Users\Tina\AppData\Roaming\FlashGetBHO\GetAllUrl.htm ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - %SystemRoot%\system32\pnrpnsp.dll File not found
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: pps.tv ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: ppstream.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: webscache.com ([]http in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} https://mybank.icbc....afeControls.cab (AxSubmitControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {EF0D1A14-1033-41A2-A589-240C01EDC078} http://download.ppli...pluginsetup.cab (PPLive Lite Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4F591307-4E32-498D-AD4C-D7BD8EE92AF9}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll File not found
O20 - AppInit_DLLs: (UmxSbxExw.dll) -C:\Windows\System32\UmxSbxExw.dll (CA)
O20 - HKLM Winlogon: Shell - (explorer.exe) -explorer.exe (maliprog @ Geekstogo)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 14:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2011/10/09 23:47:38 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Users\Tina\Desktop\OTL.scr
[2011/10/09 23:45:46 | 000,748,643 | ---- | C] (maliprog @ Geekstogo) -- C:\Users\Tina\Desktop\explorer.exe
[2011/10/09 23:36:37 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2011/10/09 23:36:37 | 000,027,984 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\sbbd.exe
[2011/10/09 23:36:30 | 000,000,000 | ---D | C] -- C:\VIPRERESCUE
[2011/10/09 23:09:02 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\SUPERAntiSpyware.com
[2011/10/09 23:09:02 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/10/09 22:52:58 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\tEL8RZhYkVlBz0c
[2011/10/09 22:52:56 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\kQH6sWK7fLgZjCk
[2011/10/09 22:52:56 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\hIVrzONtx0c2b3n
[2011/10/09 22:38:38 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Tina\Desktop\iexplore.exe
[2011/10/09 22:35:43 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\TVrzt0ucSiDpGa6
[2011/10/09 22:35:43 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\o7fEL9gTZjCkVlN
[2011/10/09 22:35:43 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\LK7fEL9gTqYwIrO
[2011/10/09 22:35:43 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Guard Online
[2011/10/09 21:21:16 | 000,000,000 | -H-D | C] -- C:\Windows\PIF
[2011/10/09 20:56:50 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/10/09 20:41:49 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Local\ElevatedDiagnostics
[2011/10/09 20:38:33 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\pRqhYXwkUe0A
[2011/10/09 20:38:32 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\qS1iD3on4m6LThC
[2011/10/09 20:38:32 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\Kb3G6Kf9TjCkVci
[2011/10/09 20:38:32 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\J6Kf9TjCkVciDna
[2011/10/09 20:38:31 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\dDmEhly3fUN2n6R
[2011/10/09 20:38:30 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\JEhly3fUN
[2011/10/09 20:38:29 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\dYBimLwBcDpEheN
[2011/10/09 20:27:29 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\bjUUCeelIBr
[2011/10/09 20:27:28 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\I555sQJJ6dKfZ9T
[2011/10/09 20:25:14 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011/10/09 20:13:37 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\szPNycA1uDoFpGs
[2011/10/09 20:13:37 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\CjUCelIBrPy
[2011/10/09 15:25:51 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\YmmmH66sWJ7fL
[2011/10/09 15:25:50 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\nD33oonG4
[2011/10/09 15:25:43 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\BoobbF33pmGaQ6d
[2011/10/07 15:35:36 | 000,128,336 | ---- | C] (Computer Associates International, Inc.) -- C:\Windows\System32\isafeif.dll
[2011/10/07 15:35:36 | 000,095,568 | ---- | C] (Computer Associates International, Inc.) -- C:\Windows\System32\vetredir.dll
[2011/09/13 20:57:01 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Local\VS Revo Group
[2011/09/13 20:56:55 | 000,027,192 | ---- | C] (VS Revo Group) -- C:\Windows\System32\drivers\revoflt.sys
[2011/09/13 20:56:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
[2011/09/13 20:56:53 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group

========== Files - Modified Within 30 Days ==========

[2011/10/09 23:49:28 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/10/09 23:49:28 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/10/09 23:47:38 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Tina\Desktop\OTL.scr
[2011/10/09 23:45:48 | 000,748,643 | ---- | M] (maliprog @ Geekstogo) -- C:\Users\Tina\Desktop\explorer.exe
[2011/10/09 23:43:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/09 23:43:31 | 001,863,784 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/10/09 23:43:24 | 2415,120,384 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/09 23:42:39 | 002,491,933 | ---- | M] () -- C:\Windows\System32\drivers\kmxcfg.u2k0
[2011/10/09 23:42:39 | 000,218,428 | ---- | M] () -- C:\Windows\System32\drivers\KmxAgent.asc
[2011/10/09 23:42:39 | 000,000,337 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k0
[2011/10/09 23:42:39 | 000,000,085 | ---- | M] () -- C:\Windows\System32\drivers\kmxcfg.u2k7
[2011/10/09 23:42:39 | 000,000,085 | ---- | M] () -- C:\Windows\System32\drivers\kmxcfg.u2k6
[2011/10/09 23:42:39 | 000,000,085 | ---- | M] () -- C:\Windows\System32\drivers\kmxcfg.u2k5
[2011/10/09 23:42:39 | 000,000,085 | ---- | M] () -- C:\Windows\System32\drivers\kmxcfg.u2k4
[2011/10/09 23:42:39 | 000,000,085 | ---- | M] () -- C:\Windows\System32\drivers\kmxcfg.u2k3
[2011/10/09 23:42:39 | 000,000,085 | ---- | M] () -- C:\Windows\System32\drivers\kmxcfg.u2k2
[2011/10/09 23:42:39 | 000,000,085 | ---- | M] () -- C:\Windows\System32\drivers\kmxcfg.u2k1
[2011/10/09 23:42:39 | 000,000,049 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k7
[2011/10/09 23:42:39 | 000,000,049 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k6
[2011/10/09 23:42:39 | 000,000,049 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k5
[2011/10/09 23:42:39 | 000,000,049 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k4
[2011/10/09 23:42:39 | 000,000,049 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k3
[2011/10/09 23:42:39 | 000,000,049 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k2
[2011/10/09 23:42:39 | 000,000,049 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k1
[2011/10/09 23:36:41 | 000,000,000 | ---- | M] () -- C:\Windows\System32\SBRC.dat
[2011/10/09 22:59:43 | 000,013,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/09 22:59:43 | 000,013,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/09 22:52:57 | 000,001,856 | ---- | M] () -- C:\Users\Tina\Desktop\Guard Online .lnk
[2011/10/09 22:52:38 | 000,000,000 | ---- | M] () -- C:\Windows\712404934
[2011/10/09 22:40:56 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/10/09 22:38:44 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Tina\Desktop\iexplore.exe
[2011/10/09 22:35:43 | 000,000,612 | ---- | M] () -- C:\Users\Tina\AppData\Roaming\ldr.ini
[2011/10/09 21:55:12 | 003,042,304 | ---- | M] () -- C:\Windows\System32\T33ppmGG5.exe
[2011/10/09 21:54:27 | 003,042,304 | ---- | M] () -- C:\Windows\System32\C6EEK88fRZ9TXj.exe
[2011/10/09 21:15:38 | 000,001,267 | ---- | M] () -- C:\Users\Tina\Desktop\Install Revo Uninstaller.lnk
[2011/10/09 15:25:44 | 000,069,120 | ---- | M] () -- C:\Users\Tina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\crss.exe
[2011/10/09 01:03:31 | 000,000,882 | RH-- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/10/07 15:35:12 | 000,128,336 | ---- | M] (Computer Associates International, Inc.) -- C:\Windows\System32\isafeif.dll
[2011/10/07 15:35:12 | 000,095,568 | ---- | M] (Computer Associates International, Inc.) -- C:\Windows\System32\vetredir.dll
[2011/09/30 16:19:14 | 000,002,000 | ---- | M] () -- C:\Users\Tina\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/09/13 20:56:55 | 000,001,232 | ---- | M] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2011/09/13 20:55:29 | 000,001,267 | ---- | M] () -- C:\Users\Tina\Desktop\Install Revo Uninstaller Pro.lnk

========== Files Created - No Company Name ==========

[2011/10/09 23:36:41 | 000,000,000 | ---- | C] () -- C:\Windows\System32\SBRC.dat
[2011/10/09 22:35:44 | 000,001,856 | ---- | C] () -- C:\Users\Tina\Desktop\Guard Online .lnk
[2011/10/09 22:35:43 | 000,000,612 | ---- | C] () -- C:\Users\Tina\AppData\Roaming\ldr.ini
[2011/10/09 21:55:12 | 003,042,304 | ---- | C] () -- C:\Windows\System32\T33ppmGG5.exe
[2011/10/09 21:54:27 | 003,042,304 | ---- | C] () -- C:\Windows\System32\C6EEK88fRZ9TXj.exe
[2011/10/09 15:25:44 | 000,069,120 | ---- | C] () -- C:\Users\Tina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\crss.exe
[2011/10/09 15:21:43 | 000,000,000 | ---- | C] () -- C:\Windows\712404934
[2011/10/09 00:17:49 | 000,000,337 | ---- | C] () -- C:\Windows\System32\drivers\kmxzone.u2k0
[2011/10/09 00:17:49 | 000,000,049 | ---- | C] () -- C:\Windows\System32\drivers\kmxzone.u2k7
[2011/10/09 00:17:49 | 000,000,049 | ---- | C] () -- C:\Windows\System32\drivers\kmxzone.u2k6
[2011/10/09 00:17:49 | 000,000,049 | ---- | C] () -- C:\Windows\System32\drivers\kmxzone.u2k5
[2011/10/09 00:17:49 | 000,000,049 | ---- | C] () -- C:\Windows\System32\drivers\kmxzone.u2k4
[2011/10/09 00:17:49 | 000,000,049 | ---- | C] () -- C:\Windows\System32\drivers\kmxzone.u2k3
[2011/10/09 00:17:49 | 000,000,049 | ---- | C] () -- C:\Windows\System32\drivers\kmxzone.u2k2
[2011/10/09 00:17:49 | 000,000,049 | ---- | C] () -- C:\Windows\System32\drivers\kmxzone.u2k1
[2011/10/08 10:03:25 | 000,001,267 | ---- | C] () -- C:\Users\Tina\Desktop\Install Revo Uninstaller.lnk
[2011/10/07 23:38:33 | 002,491,933 | ---- | C] () -- C:\Windows\System32\drivers\kmxcfg.u2k0
[2011/10/07 23:38:33 | 000,000,085 | ---- | C] () -- C:\Windows\System32\drivers\kmxcfg.u2k7
[2011/10/07 23:38:33 | 000,000,085 | ---- | C] () -- C:\Windows\System32\drivers\kmxcfg.u2k6
[2011/10/07 23:38:33 | 000,000,085 | ---- | C] () -- C:\Windows\System32\drivers\kmxcfg.u2k5
[2011/10/07 23:38:33 | 000,000,085 | ---- | C] () -- C:\Windows\System32\drivers\kmxcfg.u2k4
[2011/10/07 23:38:33 | 000,000,085 | ---- | C] () -- C:\Windows\System32\drivers\kmxcfg.u2k3
[2011/10/07 23:38:33 | 000,000,085 | ---- | C] () -- C:\Windows\System32\drivers\kmxcfg.u2k2
[2011/10/07 23:38:33 | 000,000,085 | ---- | C] () -- C:\Windows\System32\drivers\kmxcfg.u2k1
[2011/09/13 21:57:18 | 000,001,110 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/09/13 20:56:55 | 000,001,232 | ---- | C] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2011/09/13 20:55:29 | 000,001,267 | ---- | C] () -- C:\Users\Tina\Desktop\Install Revo Uninstaller Pro.lnk
[2011/07/29 10:39:28 | 000,083,536 | ---- | C] () -- C:\Windows\System32\drivers\KmxAgent.sys
[2011/07/25 11:47:28 | 000,000,075 | ---- | C] () -- C:\Windows\winDecrypt.INI
[2010/12/12 23:25:59 | 000,000,248 | ---- | C] () -- C:\Windows\System32\secustat.dat
[2010/12/12 23:25:41 | 000,000,305 | ---- | C] () -- C:\Windows\System32\secushr.dat
[2010/12/12 23:23:55 | 000,000,025 | ---- | C] () -- C:\Windows\libem.INI
[2009/12/29 23:07:20 | 000,007,618 | ---- | C] () -- C:\Users\Tina\AppData\Local\Resmon.ResmonCfg
[2009/12/22 21:27:50 | 000,022,723 | ---- | C] () -- C:\Windows\System32\SUGO3l3.dll
[2009/12/21 01:12:32 | 000,146,432 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL
[2009/12/21 01:12:32 | 000,072,704 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL
[2009/12/20 18:40:00 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/09/16 18:27:58 | 000,508,224 | ---- | C] () -- C:\Windows\System32\ICCProfiles.dll
[2009/07/13 21:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:33:53 | 001,863,784 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 19:05:48 | 000,615,810 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 19:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 19:05:48 | 000,106,190 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 19:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 19:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 19:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 17:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009/07/13 16:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 16:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/18 20:29:04 | 000,197,654 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2009/06/10 14:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009/02/18 18:55:22 | 000,294,912 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2009/02/03 21:52:04 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe
[2008/05/27 11:38:56 | 000,005,552 | R--- | C] () -- C:\Program Files\ReadMe.htm

========== LOP Check ==========

[2011/10/04 22:39:56 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\BITS
[2011/10/09 20:27:29 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\bjUUCeelIBr
[2011/10/09 15:25:43 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\BoobbF33pmGaQ6d
[2010/04/26 16:04:21 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\Canon
[2011/10/09 20:13:37 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\CjUCelIBrPy
[2011/10/09 20:38:31 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\dDmEhly3fUN2n6R
[2011/03/28 23:22:34 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\Design Science
[2011/09/13 21:50:08 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\Downloaded Installations
[2011/10/09 21:13:30 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\Dropbox
[2011/10/09 20:38:29 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\dYBimLwBcDpEheN
[2011/07/25 12:41:35 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\Eltima Software
[2010/12/12 23:23:50 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\FlashGet
[2010/12/12 23:23:36 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\FlashGetBHO
[2011/10/09 22:52:56 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\hIVrzONtx0c2b3n
[2011/10/09 20:27:28 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\I555sQJJ6dKfZ9T
[2011/10/09 20:38:32 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\J6Kf9TjCkVciDna
[2011/10/09 20:38:31 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\JEhly3fUN
[2011/10/09 20:38:32 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\Kb3G6Kf9TjCkVci
[2011/10/09 22:52:56 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\kQH6sWK7fLgZjCk
[2011/10/09 22:35:43 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\LK7fEL9gTqYwIrO
[2011/10/09 15:25:50 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\nD33oonG4
[2011/08/01 19:51:46 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\Nitro PDF
[2011/10/09 22:35:43 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\o7fEL9gTZjCkVlN
[2011/09/13 21:50:25 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\Octoshape
[2010/09/26 14:09:45 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\PPlive
[2011/09/13 21:50:26 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\PPStream
[2011/10/09 20:38:33 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\pRqhYXwkUe0A
[2011/10/09 20:38:32 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\qS1iD3on4m6LThC
[2011/02/21 10:28:11 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\RayV
[2011/10/09 20:13:37 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\szPNycA1uDoFpGs
[2011/10/09 22:52:58 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\tEL8RZhYkVlBz0c
[2011/10/09 22:35:43 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\TVrzt0ucSiDpGa6
[2011/10/09 15:25:51 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\YmmmH66sWJ7fL
[2011/10/09 23:33:06 | 000,032,592 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2011/10/09 23:45:48 | 000,748,643 | ---- | M] (maliprog @ Geekstogo) MD5=036621107C359B7FC3BE7C3757EE7F60 -- C:\Users\Tina\Desktop\explorer.exe
[2011/02/25 22:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009/07/13 18:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011/02/25 22:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009/10/30 22:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011/02/25 22:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\explorer.exe
[2011/02/25 22:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2008/10/28 23:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2011/01/16 16:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Tina\AppData\Local\Temp\RarSFX0\procs\explorer.exe
[2010/11/20 05:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2008/10/28 23:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows.old\Windows\explorer.exe
[2008/10/28 23:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 20:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009/08/02 22:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Tina\AppData\Local\Temp\RarSFX0\h\explorer.exe
[2009/08/02 22:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/30 23:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
[2008/10/27 19:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/20 19:34:05 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/01/20 19:33:13 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows.old\Windows\System32\svchost.exe
[2008/01/20 19:33:13 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/20 19:34:37 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows.old\Windows\System32\userinit.exe
[2008/01/20 19:34:37 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2010/11/20 05:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2011/10/09 23:03:58 | 001,008,092 | ---- | M] () MD5=645A8F39A10306D50382EB49A6C49AAB -- C:\Users\Tina\Downloads\uSeRiNiT.exe
[2009/07/13 18:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009/07/13 18:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Tina\AppData\Local\Temp\RarSFX0\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/10/27 23:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2009/10/27 23:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/27 22:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010/11/20 05:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009/07/13 18:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Tina\AppData\Local\Temp\RarSFX0\winlogon.exe
[2008/01/20 19:34:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows.old\Windows\System32\winlogon.exe
[2008/01/20 19:34:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/09/30 16:19:03 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/09/30 16:19:03 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/09/30 16:19:03 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/09/30 16:19:04 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/09/30 16:19:04 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/09/30 16:19:04 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2009/07/13 18:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2009/07/13 18:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2009/07/13 18:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/06/20 22:37:00 | 000,673,040 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2011/06/20 22:37:00 | 000,673,040 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/09/30 16:19:03 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/09/30 16:19:03 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/09/30 16:19:03 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/09/30 16:19:04 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/09/30 16:19:04 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/09/30 16:19:04 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2009/07/13 18:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2009/07/13 18:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2009/07/13 18:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/06/20 22:37:00 | 000,673,040 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2011/06/20 22:37:00 | 000,673,040 | ---- | M] (Microsoft Corporation)

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\$NtUninstallKB20410$] -> Error: Cannot create file handle -> Unknown point type

========== Alternate Data Streams ==========

@Alternate Data Stream - 784 bytes -> C:\Windows\712404934:965773781.exe
@Alternate Data Stream - 192 bytes -> C:\Windows:nlsPreferences
@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:37A3705D

< End of report >

Edited by hutina, 10 October 2011 - 01:18 AM.

#4
hutina

Posted 10 October 2011 - 01:19 AM

Member

Topic Starter
Member
47 posts

OTL Extras logfile created on: 10/9/2011 11:55:59 PM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Tina\Desktop
An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.31 Gb Available Physical Memory | 77.06% Memory free
6.00 Gb Paging File | 5.48 Gb Available in Paging File | 91.46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.03 Gb Total Space | 151.13 Gb Free Space | 52.47% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.34 Gb Free Space | 53.44% Space Free | Partition Type: NTFS

Computer Name: TINA-PC | User Name: Tina | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\CA Personal Firewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3 -- (Trend Media Corporation Limited)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2411" = CanoScan LiDE 70
"{1367D815-EC9F-4e2f-9FB9-E40A075AD19B}" = DNAMigrator
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 22
"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{38151262-FAF8-4778-9AAB-33E90B60D8E9}" = CA Anti-Virus Plus
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.3
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ULTIMATER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ULTIMATER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ULTIMATER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ULTIMATER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ULTIMATER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002E-0000-0000-0000000FF1CE}" = Microsoft Office Ultimate 2007
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{94A1911F-CD2F-4B9C-B171-2B43DCD213AA}" = Splashtop Remote
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
"{AC76BA86-7AD7-2447-0000-900000000003}" = Chinese Simplified Fonts Support For Adobe Reader 9
"{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"CAAPH2" = APH placeholder
"CanoScan Toolbox 5.0" = Canon CanoScan Toolbox 5.0
"DSMT6" = MathType 6
"eTrust Suite Personal" = CA Internet Security Suite
"FlashGet 3.5" = FlashGet 3.5
"InstallShield_{94A1911F-CD2F-4B9C-B171-2B43DCD213AA}" = Splashtop Remote
"KwSing" = 卸载酷我K歌
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 7.0.1 (x86 en-US)" = Mozilla Firefox 7.0.1 (x86 en-US)
"PDF Password Remover v3.1_is1" = PDF Password Remover v3.1
"PPLite" = PPLite 1.0.0.0016
"PPSGame" = PPS游戏 V1.0.1.322
"PPStream" = PPS影音 V2.7.0.1248 正式版
"RayV" = RayV
"Samsung ML-1710 Series" = Samsung ML-1710 Series
"ULTIMATER" = Microsoft Office Ultimate 2007
"WinRAR archiver" = WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"f031ef6ac137efc5" = Dell Driver Download Manager
"Move Media Player" = Move Media Player
"Octoshape Streaming Services" = Octoshape Streaming Services

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/9/2011 11:29:16 PM | Computer Name = Tina-PC | Source = Application Error | ID = 1000
Description = Faulting application name: WerFault.exe, version: 6.1.7600.16385,
time stamp: 0x4a5bc2d9 Faulting module name: KERNELBASE.dll, version: 6.1.7600.16850,
time stamp: 0x4e21132b Exception code: 0xe06d7363 Fault offset: 0x00009673 Faulting
process id: 0x1010 Faulting application start time: 0x01cc86fcbf9f22bd Faulting application
path: C:\Windows\system32\WerFault.exe Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report
Id: 075e5127-f2f0-11e0-a336-00219b22ecfc

Error - 10/9/2011 11:29:16 PM | Computer Name = Tina-PC | Source = Application Error | ID = 1000
Description = Faulting application name: RevoUninPro.exe, version: 2.5.3.0, time
stamp: 0x4dac7cc1 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x00000000 Faulting process id: 0xc80 Faulting application
start time: 0x01cc86fb85daa261 Faulting application path: C:\Program Files\VS Revo
Group\Revo Uninstaller Pro\RevoUninPro.exe Faulting module path: unknown Report Id:
078d7828-f2f0-11e0-a336-00219b22ecfc

Error - 10/9/2011 11:29:27 PM | Computer Name = Tina-PC | Source = Application Error | ID = 1000
Description = Faulting application name: casc.exe, version: 7.0.0.279, time stamp:
0x4e0e9b12 Faulting module name: KERNELBASE.dll, version: 6.1.7600.16850, time stamp:
0x4e21132b Exception code: 0xe06d7363 Fault offset: 0x00009673 Faulting process id:
0xae0 Faulting application start time: 0x01cc86fa9502ee35 Faulting application path:
C:\Program Files\CA\CA Internet Security Suite\casc.exe Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report
Id: 0dfa75fe-f2f0-11e0-a336-00219b22ecfc

Error - 10/9/2011 11:29:50 PM | Computer Name = Tina-PC | Source = Application Error | ID = 1000
Description = Faulting application name: firefox.exe, version: 7.0.1.4288, time
stamp: 0x4e83b93a Faulting module name: KERNELBASE.dll, version: 6.1.7600.16850,
time stamp: 0x4e21132b Exception code: 0xe06d7363 Fault offset: 0x00009673 Faulting
process id: 0x1258 Faulting application start time: 0x01cc86fcdc4080fe Faulting application
path: C:\Program Files\Mozilla Firefox\firefox.exe Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report
Id: 1c0c810c-f2f0-11e0-a336-00219b22ecfc

Error - 10/9/2011 11:30:16 PM | Computer Name = Tina-PC | Source = Application Error | ID = 1000
Description = Faulting application name: taskmgr.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc13c Faulting module name: KERNELBASE.dll, version: 6.1.7600.16850,
time stamp: 0x4e21132b Exception code: 0xe06d7363 Fault offset: 0x00009673 Faulting
process id: 0xe74 Faulting application start time: 0x01cc86fced6ccffe Faulting application
path: C:\Windows\system32\taskmgr.exe Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report
Id: 2b658fd4-f2f0-11e0-a336-00219b22ecfc

Error - 10/9/2011 11:31:23 PM | Computer Name = Tina-PC | Source = Application Error | ID = 1000
Description = Faulting application name: taskmgr.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc13c Faulting module name: KERNELBASE.dll, version: 6.1.7600.16850,
time stamp: 0x4e21132b Exception code: 0xe06d7363 Fault offset: 0x00009673 Faulting
process id: 0x5ec Faulting application start time: 0x01cc86fd15197631 Faulting application
path: C:\Windows\system32\taskmgr.exe Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report
Id: 5320755b-f2f0-11e0-a336-00219b22ecfc

Error - 10/9/2011 11:32:05 PM | Computer Name = Tina-PC | Source = Application Error | ID = 1000
Description = Faulting application name: firefox.exe, version: 7.0.1.4288, time
stamp: 0x4e83b93a Faulting module name: KERNELBASE.dll, version: 6.1.7600.16850,
time stamp: 0x4e21132b Exception code: 0xe06d7363 Fault offset: 0x00009673 Faulting
process id: 0xbf4 Faulting application start time: 0x01cc86fd2d8453c0 Faulting application
path: C:\Program Files\Mozilla Firefox\firefox.exe Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report
Id: 6c510c32-f2f0-11e0-a336-00219b22ecfc

Error - 10/9/2011 11:38:20 PM | Computer Name = Tina-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Explorer.EXE, version: 6.1.7600.16768,
time stamp: 0x4d6878c3 Faulting module name: browserseek.dll_unloaded, version: 0.0.0.0,
time stamp: 0x4e8758ee Exception code: 0xc0000005 Fault offset: 0x03f835ea Faulting
process id: 0xa74 Faulting application start time: 0x01cc86fe06175242 Faulting application
path: C:\Windows\Explorer.EXE Faulting module path: browserseek.dll Report Id: 4ba9934e-f2f1-11e0-bbe3-00219b22ecfc

Error - 10/10/2011 1:55:28 AM | Computer Name = Tina-PC | Source = VSS | ID = 8194
Description =

Error - 10/10/2011 2:49:43 AM | Computer Name = Tina-PC | Source = System Restore | ID = 8193
Description =

[ OSession Events ]
Error - 1/25/2011 10:40:32 PM | Computer Name = Tina-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 7
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 12/15/2010 8:00:19 PM | Computer Name = Tina-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter

Error - 12/15/2010 8:00:19 PM | Computer Name = Tina-PC | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 12/15/2010 8:00:24 PM | Computer Name = Tina-PC | Source = Service Control Manager | ID = 7000
Description = The DgiVecp service failed to start due to the following error: %%20

Error - 12/16/2010 8:49:06 PM | Computer Name = Tina-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter

Error - 12/16/2010 8:49:06 PM | Computer Name = Tina-PC | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 12/16/2010 8:49:07 PM | Computer Name = Tina-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 10:56:41 PM on ?12/?15/?2010 was unexpected.

Error - 12/16/2010 8:49:11 PM | Computer Name = Tina-PC | Source = Service Control Manager | ID = 7000
Description = The DgiVecp service failed to start due to the following error: %%20

Error - 12/17/2010 8:08:24 PM | Computer Name = Tina-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 11:15:58 PM on ?12/?16/?2010 was unexpected.

Error - 12/17/2010 8:08:23 PM | Computer Name = Tina-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter

Error - 12/17/2010 8:08:23 PM | Computer Name = Tina-PC | Source = atikmdag | ID = 43029
Description = Display is not active

< End of report >

Thanks again for taking the time to look through these logs

#5
maliprog

Posted 10 October 2011 - 01:33 AM

Trusted Helper

Malware Removal
6,172 posts

We have work do to. Please read my instructions carefully.

Step 1

NOTE: You have very nasty infection! I would strongly advice you to backup all your important data from your system before you begin with the fix.

This malware tends to disable you whole system and let you with nothing. Please backup your date.

After this please continue with steps below.

Step 2

Please close all running programs and Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:processes
killallprocesses

:OTL
O4 - HKLM..\Run: [QCCellIBrzPNx1v8234A] C:\Windows\System32\C6EEK88fRZ9TXj.exe ()
O4 - HKLM..\Run: [volmgr] C:\Windows\system32\config\systemprofile\AppData\Local\volmgr.exe File not found
O4 - HKLM..\Run: [vQQQJ66dWK8RL8234A] C:\Windows\System32\T33ppmGG5.exe ()
O4 - Startup: C:\Users\Tina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\crss.exe ()
[2011/10/09 22:52:58 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\tEL8RZhYkVlBz0c
[2011/10/09 22:52:56 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\kQH6sWK7fLgZjCk
[2011/10/09 22:52:56 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\hIVrzONtx0c2b3n
[2011/10/09 22:35:43 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\TVrzt0ucSiDpGa6
[2011/10/09 22:35:43 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\o7fEL9gTZjCkVlN
[2011/10/09 22:35:43 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\LK7fEL9gTqYwIrO
[2011/10/09 20:38:33 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\pRqhYXwkUe0A
[2011/10/09 20:38:32 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\qS1iD3on4m6LThC
[2011/10/09 20:38:32 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\Kb3G6Kf9TjCkVci
[2011/10/09 20:38:32 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\J6Kf9TjCkVciDna
[2011/10/09 20:38:31 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\dDmEhly3fUN2n6R
[2011/10/09 20:38:30 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\JEhly3fUN
[2011/10/09 20:38:29 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\dYBimLwBcDpEheN
[2011/10/09 20:27:29 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\bjUUCeelIBr
[2011/10/09 20:27:28 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\I555sQJJ6dKfZ9T
[2011/10/09 20:13:37 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\szPNycA1uDoFpGs
[2011/10/09 20:13:37 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\CjUCelIBrPy
[2011/10/09 15:25:51 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\YmmmH66sWJ7fL
[2011/10/09 15:25:50 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\nD33oonG4
[2011/10/09 15:25:43 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\BoobbF33pmGaQ6d
[2011/10/09 22:52:38 | 000,000,000 | ---- | M] () -- C:\Windows\712404934
[2011/10/09 21:55:12 | 003,042,304 | ---- | M] () -- C:\Windows\System32\T33ppmGG5.exe
[2011/10/09 21:54:27 | 003,042,304 | ---- | M] () -- C:\Windows\System32\C6EEK88fRZ9TXj.exe
[2011/10/09 15:25:44 | 000,069,120 | ---- | M] () -- C:\Users\Tina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\crss.exe
[2011/10/09 22:35:44 | 000,001,856 | ---- | C] () -- C:\Users\Tina\Desktop\Guard Online .lnk
[2011/10/09 21:55:12 | 003,042,304 | ---- | C] () -- C:\Windows\System32\T33ppmGG5.exe
[2011/10/09 21:54:27 | 003,042,304 | ---- | C] () -- C:\Windows\System32\C6EEK88fRZ9TXj.exe
[2011/10/09 15:25:44 | 000,069,120 | ---- | C] () -- C:\Users\Tina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\crss.exe
[2011/10/09 15:21:43 | 000,000,000 | ---- | C] () -- C:\Windows\712404934
[2011/10/09 20:27:29 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\bjUUCeelIBr
[2011/10/09 15:25:43 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\BoobbF33pmGaQ6d
[2011/10/09 20:13:37 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\CjUCelIBrPy
[2011/10/09 20:38:31 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\dDmEhly3fUN2n6R
[2011/10/09 20:38:29 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\dYBimLwBcDpEheN
[2011/10/09 22:52:56 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\hIVrzONtx0c2b3n
[2011/10/09 20:27:28 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\I555sQJJ6dKfZ9T
[2011/10/09 20:38:32 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\J6Kf9TjCkVciDna
[2011/10/09 20:38:31 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\JEhly3fUN
[2011/10/09 20:38:32 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\Kb3G6Kf9TjCkVci
[2011/10/09 22:52:56 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\kQH6sWK7fLgZjCk
[2011/10/09 22:35:43 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\LK7fEL9gTqYwIrO
[2011/10/09 15:25:50 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\nD33oonG4
[2011/10/09 22:35:43 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\o7fEL9gTZjCkVlN
[2011/10/09 20:38:33 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\pRqhYXwkUe0A
[2011/10/09 20:38:32 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\qS1iD3on4m6LThC
[2011/10/09 20:13:37 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\szPNycA1uDoFpGs
[2011/10/09 22:52:58 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\tEL8RZhYkVlBz0c
[2011/10/09 22:35:43 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\TVrzt0ucSiDpGa6
[2011/10/09 15:25:51 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\YmmmH66sWJ7fL

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

Step 3

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Double click on ComboFix.exe & follow the prompts.
Accept the disclaimer and allow to update if it asks
When finished, it shall produce a log for you.
Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

Step 4

Please don't forget to include these items in your reply:

OTL fix log
Combofix log

It would be helpful if you could post each log in separate post

#6
hutina

Posted 10 October 2011 - 06:06 PM

Member

Topic Starter
Member
47 posts

finished running OTL in safe mode and here's the log, not sure if I should proceed with the combo fix at this point.
seems like some files are regenerating with different names.
After the reboot, online guard is still running.
Question: should I reboot to safe mode?

========== PROCESSES ==========
All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\QCCellIBrzPNx1v8234A deleted successfully.
C:\Windows\System32\C6EEK88fRZ9TXj.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\volmgr deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\vQQQJ66dWK8RL8234A deleted successfully.
C:\Windows\System32\T33ppmGG5.exe moved successfully.
C:\Users\Tina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\crss.exe moved successfully.
C:\Users\Tina\AppData\Roaming\tEL8RZhYkVlBz0c folder moved successfully.
C:\Users\Tina\AppData\Roaming\kQH6sWK7fLgZjCk folder moved successfully.
C:\Users\Tina\AppData\Roaming\hIVrzONtx0c2b3n folder moved successfully.
C:\Users\Tina\AppData\Roaming\TVrzt0ucSiDpGa6 folder moved successfully.
C:\Users\Tina\AppData\Roaming\o7fEL9gTZjCkVlN folder moved successfully.
C:\Users\Tina\AppData\Roaming\LK7fEL9gTqYwIrO folder moved successfully.
C:\Users\Tina\AppData\Roaming\pRqhYXwkUe0A folder moved successfully.
C:\Users\Tina\AppData\Roaming\qS1iD3on4m6LThC folder moved successfully.
C:\Users\Tina\AppData\Roaming\Kb3G6Kf9TjCkVci folder moved successfully.
C:\Users\Tina\AppData\Roaming\J6Kf9TjCkVciDna folder moved successfully.
C:\Users\Tina\AppData\Roaming\dDmEhly3fUN2n6R folder moved successfully.
C:\Users\Tina\AppData\Roaming\JEhly3fUN folder moved successfully.
C:\Users\Tina\AppData\Roaming\dYBimLwBcDpEheN folder moved successfully.
C:\Users\Tina\AppData\Roaming\bjUUCeelIBr folder moved successfully.
C:\Users\Tina\AppData\Roaming\I555sQJJ6dKfZ9T folder moved successfully.
C:\Users\Tina\AppData\Roaming\szPNycA1uDoFpGs folder moved successfully.
C:\Users\Tina\AppData\Roaming\CjUCelIBrPy folder moved successfully.
C:\Users\Tina\AppData\Roaming\YmmmH66sWJ7fL folder moved successfully.
C:\Users\Tina\AppData\Roaming\nD33oonG4 folder moved successfully.
C:\Users\Tina\AppData\Roaming\BoobbF33pmGaQ6d folder moved successfully.
C:\Windows\712404934 moved successfully.
File C:\Windows\System32\T33ppmGG5.exe not found.
File C:\Windows\System32\C6EEK88fRZ9TXj.exe not found.
File C:\Users\Tina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\crss.exe not found.
C:\Users\Tina\Desktop\Guard Online .lnk moved successfully.
File C:\Windows\System32\T33ppmGG5.exe not found.
File C:\Windows\System32\C6EEK88fRZ9TXj.exe not found.
File C:\Users\Tina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\crss.exe not found.
File C:\Windows\712404934 not found.
Folder C:\Users\Tina\AppData\Roaming\bjUUCeelIBr\ not found.
Folder C:\Users\Tina\AppData\Roaming\BoobbF33pmGaQ6d\ not found.
Folder C:\Users\Tina\AppData\Roaming\CjUCelIBrPy\ not found.
Folder C:\Users\Tina\AppData\Roaming\dDmEhly3fUN2n6R\ not found.
Folder C:\Users\Tina\AppData\Roaming\dYBimLwBcDpEheN\ not found.
Folder C:\Users\Tina\AppData\Roaming\hIVrzONtx0c2b3n\ not found.
Folder C:\Users\Tina\AppData\Roaming\I555sQJJ6dKfZ9T\ not found.
Folder C:\Users\Tina\AppData\Roaming\J6Kf9TjCkVciDna\ not found.
Folder C:\Users\Tina\AppData\Roaming\JEhly3fUN\ not found.
Folder C:\Users\Tina\AppData\Roaming\Kb3G6Kf9TjCkVci\ not found.
Folder C:\Users\Tina\AppData\Roaming\kQH6sWK7fLgZjCk\ not found.
Folder C:\Users\Tina\AppData\Roaming\LK7fEL9gTqYwIrO\ not found.
Folder C:\Users\Tina\AppData\Roaming\nD33oonG4\ not found.
Folder C:\Users\Tina\AppData\Roaming\o7fEL9gTZjCkVlN\ not found.
Folder C:\Users\Tina\AppData\Roaming\pRqhYXwkUe0A\ not found.
Folder C:\Users\Tina\AppData\Roaming\qS1iD3on4m6LThC\ not found.
Folder C:\Users\Tina\AppData\Roaming\szPNycA1uDoFpGs\ not found.
Folder C:\Users\Tina\AppData\Roaming\tEL8RZhYkVlBz0c\ not found.
Folder C:\Users\Tina\AppData\Roaming\TVrzt0ucSiDpGa6\ not found.
Folder C:\Users\Tina\AppData\Roaming\YmmmH66sWJ7fL\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Tina\Desktop\cmd.bat deleted successfully.
C:\Users\Tina\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.29.1 log created on 10102011_170049

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Edited by hutina, 10 October 2011 - 06:42 PM.

#7
maliprog

Posted 10 October 2011 - 11:05 PM

Trusted Helper

Malware Removal
6,172 posts

Hi hutina,

First try to run Combofix in Normal mode. If you fail then restart in Safe mode and run it from there. Post log after the scan.

#8
hutina

Posted 10 October 2011 - 11:12 PM

Member

Topic Starter
Member
47 posts

ran ComboFix detected CA AntiVirus Program asked to uninstall program
after completing the uninstall should i re-run combofix

#9
maliprog

Posted 10 October 2011 - 11:16 PM

Trusted Helper

Malware Removal
6,172 posts

Some antivirus product interfere with Combofix and it can't do his job right. Please run Combofix again.

#10
hutina

Posted 10 October 2011 - 11:30 PM

Member

Topic Starter
Member
47 posts

wasn't able to uninstall CA Internet Security Suite
Any way to force un-installation?

#11
maliprog

Posted 10 October 2011 - 11:33 PM

Trusted Helper

Malware Removal
6,172 posts

Can you try to run Combofix from Safe mode. If it ask you to remove antivirus before scan just confirm to continue with the scan.

#12
hutina

Posted 10 October 2011 - 11:42 PM

Member

Topic Starter
Member
47 posts

sorry no luck
the scan starts and then comes the warning message in a popup
ComboFix cannot run when CA anti-virus in installed. it would be dangerous to continue.
please uninstall CA anti virus or use another tool.
And an ok box to click.

#13
maliprog

Posted 10 October 2011 - 11:47 PM

Trusted Helper

Malware Removal
6,172 posts

We can force uninstallation with This tool. Please read carefully and follow steps to remove CA.

#14
hutina

Posted 11 October 2011 - 12:08 AM

Member

Topic Starter
Member
47 posts

did the uninstall, program is deleted as least i don't see it under program files and the add/remove program under control panel is no longer showing the CA program
However combofix and still giving me the same message
attached a screen shot.

Attached Thumbnails

Edited by hutina, 11 October 2011 - 12:09 AM.

#15
maliprog

Posted 11 October 2011 - 12:11 AM

Trusted Helper

Malware Removal
6,172 posts

Try to restart your system then try to run Combofix again. If it fails then:

Run OTL.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open notepad window. OTL.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of this file, and post it with your next reply.