Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Slow running computer [Solved]


  • This topic is locked This topic is locked

#1
VodkaMan

VodkaMan

    Member

  • Member
  • PipPip
  • 10 posts
Something is really slowing down my computer tried seeing what was taking a lot of memory but could not find the problem. I have included my otl scan results. Thanks for any help that you can give

OTL logfile created on: 11/10/2011 1:37:32 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Brad\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1021.76 Mb Total Physical Memory | 196.93 Mb Available Physical Memory | 19.27% Memory free
2.25 Gb Paging File | 0.92 Gb Available in Paging File | 41.06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.05 Gb Total Space | 78.85 Gb Free Space | 27.37% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.35 Gb Free Space | 63.52% Space Free | Partition Type: NTFS
Drive F: | 977.23 Mb Total Space | 197.22 Mb Free Space | 20.18% Space Free | Partition Type: FAT

Computer Name: BRAD-PC | User Name: Brad | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/10 01:16:50 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Brad\Desktop\OTL.exe
PRC - [2011/10/03 02:51:36 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/08/17 02:33:12 | 000,023,328 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jp2launcher.exe
PRC - [2011/08/17 02:33:11 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\java.exe
PRC - [2011/07/25 07:57:16 | 000,493,184 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
PRC - [2011/07/25 07:57:14 | 000,738,944 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
PRC - [2011/07/22 08:44:44 | 002,413,936 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
PRC - [2011/07/22 08:43:08 | 000,072,336 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
PRC - [2011/07/12 00:15:36 | 000,108,368 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN\MSNCoreFiles\msn.exe
PRC - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/03 17:10:09 | 006,277,280 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2011/10/03 02:51:35 | 001,833,944 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/08/17 02:33:12 | 000,112,416 | ---- | M] () -- C:\Program Files\Java\jre6\bin\jp2iexp.dll
MOD - [2011/08/17 02:33:12 | 000,008,192 | ---- | M] () -- C:\Program Files\Java\jre6\bin\jp2native.dll
MOD - [2011/07/22 08:42:50 | 000,074,896 | ---- | M] () -- C:\Program Files\CheckPoint\ZoneAlarm\fde\fde_api.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (stllssvr)
SRV - [2011/08/20 01:19:40 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/07/25 07:57:16 | 000,493,184 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV - [2011/07/22 08:44:44 | 002,413,936 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011/07/25 07:57:10 | 000,027,016 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2011/07/25 07:57:08 | 000,036,744 | ---- | M] (Check Point Software Technologies) [Kernel | On_Demand | Running] -- C:\Program Files\CheckPoint\ZAForceField\AK\icsak.sys -- (icsak)
DRV - [2011/06/15 03:23:56 | 000,060,156 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2011/05/07 16:51:26 | 000,451,160 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant)
DRV - [2010/10/14 16:08:38 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\kl1.sys -- (KL1)
DRV - [2010/10/14 16:08:38 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl2.sys -- (kl2)
DRV - [2010/09/21 15:51:56 | 000,318,040 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2007/08/13 16:13:38 | 007,568,832 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/05/01 07:26:26 | 000,131,368 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2007/05/01 07:26:26 | 000,102,696 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007/03/05 03:07:46 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2007/02/08 00:16:26 | 000,647,680 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2006/11/02 02:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 02:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2006/10/18 13:08:18 | 000,258,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2006/08/04 19:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=us&ibd=6070524
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\URLSearchHook: {a94e8dc9-07aa-45a7-8af2-a0375473a5cd} - No CLSID value found

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lf.startnow.c...ion=6.0-x86-SP2
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {a94e8dc9-07aa-45a7-8af2-a0375473a5cd} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========



FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\[email protected]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\[email protected]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\[email protected]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2011/09/13 01:59:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/03 02:51:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\FriendsChecker\DynConFf\

[2011/09/30 15:40:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Brad\AppData\Roaming\mozilla\Extensions
[2011/09/30 21:31:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Brad\AppData\Roaming\mozilla\firefox\profiles\03lyjglh.default\extensions
[2011/09/30 21:09:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Brad\AppData\Roaming\mozilla\firefox\profiles\tm9anwfc.default\extensions
[2011/09/18 02:51:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/07/04 02:01:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/10/03 02:51:36 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/09/02 18:25:59 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (no name) - {a94e8dc9-07aa-45a7-8af2-a0375473a5cd} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {a94e8dc9-07aa-45a7-8af2-a0375473a5cd} - No CLSID value found.
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: //@[email protected]/ ([]msn in Local intranet)
O15 - HKCU\..Trusted Domains: //@[email protected]/ ([]msn in Computer)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} http://floridakeysme...sCamControl.ocx (CamImage Class)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{221D388C-85C8-4B21-99B7-5294E08524FB}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Brad\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Brad\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{636457c7-09c5-11dc-89d5-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{636457c7-09c5-11dc-89d5-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Setup.exe
O33 - MountPoints2\{b4bb781d-a836-11e0-ba7c-001aa03d86ac}\Shell - "" = AutoRun
O33 - MountPoints2\{b4bb781d-a836-11e0-ba7c-001aa03d86ac}\Shell\AutoRun\command - "" = J:\setup.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/10 01:32:42 | 000,000,000 | ---D | C] -- C:\Users\Brad\Desktop\New Folder
[2011/11/10 01:16:22 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Brad\Desktop\OTL.exe
[2011/11/10 01:09:07 | 000,000,000 | ---D | C] -- C:\Program Files\CONEXANT
[2011/11/10 00:35:55 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/11/07 23:07:35 | 000,000,000 | ---D | C] -- C:\Users\Brad\Desktop\Mack
[2011/10/28 19:31:54 | 000,000,000 | ---D | C] -- C:\Users\Brad\Desktop\Boardwalk
[2011/10/14 21:02:25 | 000,189,976 | ---- | C] (MyFamily.com, Inc.) -- C:\Windows\System32\mfimgvwr.ocx
[2011/10/14 21:02:15 | 000,000,000 | ---D | C] -- C:\Program Files\MFInstall
[5 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/10 01:19:12 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/10 01:16:50 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Brad\Desktop\OTL.exe
[2011/11/10 01:14:41 | 000,608,406 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/11/10 01:14:41 | 000,105,908 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/11/10 01:09:41 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/10 01:08:12 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/10 01:08:11 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/10 01:08:04 | 000,279,264 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/11/10 01:07:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/10 01:07:27 | 1070,096,384 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/07 23:16:39 | 000,185,856 | ---- | M] () -- C:\Users\Brad\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/05 22:12:55 | 000,000,680 | ---- | M] () -- C:\Users\Brad\AppData\Local\d3d9caps.dat
[2011/11/01 22:46:18 | 000,001,057 | ---- | M] () -- C:\Users\Brad\AppData\Roaming\vso_ts_preview.xml
[5 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/27 23:14:27 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/10/27 23:14:27 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011/09/13 00:15:04 | 000,000,144 | ---- | C] () -- C:\Windows\System32\lkfl.dat
[2011/09/13 00:15:04 | 000,000,128 | ---- | C] () -- C:\Windows\System32\pdfl.dat
[2011/09/13 00:15:04 | 000,000,080 | ---- | C] () -- C:\Windows\System32\ibfl.dat
[2011/09/07 14:27:06 | 000,761,856 | ---- | C] () -- C:\Windows\System32\FreeImage3.dll
[2011/09/07 14:27:06 | 000,761,856 | ---- | C] () -- C:\Windows\System32\FreeImage.dll
[2011/09/07 14:27:06 | 000,098,304 | ---- | C] () -- C:\Windows\System32\DVM.dll
[2011/09/07 14:27:06 | 000,053,248 | ---- | C] () -- C:\Windows\System32\RegisterExe.exe
[2011/08/16 18:59:38 | 000,059,392 | R--- | C] () -- C:\Windows\System32\streamhlp.dll
[2011/08/08 13:53:52 | 000,000,000 | ---- | C] () -- C:\Users\Brad\AppData\Local\{3F348B3C-9D33-4938-91D4-12D70EE7A320}
[2011/07/12 15:10:02 | 000,000,552 | ---- | C] () -- C:\Users\Brad\AppData\Local\d3d8caps.dat
[2011/07/10 00:53:03 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011/07/04 22:40:29 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011/07/04 20:26:51 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/07/04 20:26:50 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/07/01 00:47:58 | 000,185,856 | ---- | C] () -- C:\Users\Brad\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/30 19:01:35 | 000,001,057 | ---- | C] () -- C:\Users\Brad\AppData\Roaming\vso_ts_preview.xml
[2011/06/29 23:42:58 | 000,000,680 | ---- | C] () -- C:\Users\Brad\AppData\Local\d3d9caps.dat
[2006/11/10 08:26:12 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,279,264 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,608,406 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,105,908 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2011/09/13 04:07:11 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\#ISW.FS#
[2011/08/20 02:09:53 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\Autodesk
[2011/08/23 02:21:39 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\calibre
[2011/09/13 00:18:56 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\CheckPoint
[2011/09/13 00:48:12 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\MailFrontier
[2011/08/31 01:18:25 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\PlayFirst
[2011/08/23 23:17:30 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\ProtectDISC
[2011/09/07 14:27:23 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\Softinterface, Inc
[2011/08/16 22:13:46 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\TrojanHunter
[2011/11/01 22:46:19 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\Vso
[2011/11/10 01:06:29 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 173 bytes -> C:\ProgramData\TEMP:9E00596C
@Alternate Data Stream - 159 bytes -> C:\ProgramData\TEMP:7631EA83

< End of report >




OTL Extras logfile created on: 11/10/2011 1:20:27 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Brad\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1021.76 Mb Total Physical Memory | 105.97 Mb Available Physical Memory | 10.37% Memory free
2.25 Gb Paging File | 1.06 Gb Available in Paging File | 47.07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.05 Gb Total Space | 78.80 Gb Free Space | 27.36% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.35 Gb Free Space | 63.52% Space Free | Partition Type: NTFS
Drive F: | 977.23 Mb Total Space | 197.22 Mb Free Space | 20.18% Space Free | Partition Type: FAT

Computer Name: BRAD-PC | User Name: Brad | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{139AF2F4-734E-4C18-B047-F8C3FBB61076}" = protocol=17 | dir=in | app=c:\program files\autodesk\backburner\manager.exe |
"{1CC4D702-5F31-4E8A-BC16-536ED4823F8F}" = protocol=17 | dir=in | app=c:\program files\autodesk\backburner\server.exe |
"{4DBFC75C-FC67-4F33-B3B0-5CEEF68F9018}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{5196C514-833E-4E66-90E6-4B84D33607DB}" = protocol=6 | dir=in | app=c:\program files\autodesk\backburner\server.exe |
"{C614CFF4-BE4E-4C69-AEB3-4361B7B5C688}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{CB1A5F71-85FE-42B7-A30C-5E33D58086D0}" = protocol=6 | dir=in | app=c:\program files\autodesk\backburner\manager.exe |
"{D6167063-78E0-43B2-BD52-B742EA7F3C2C}" = protocol=6 | dir=in | app=c:\program files\autodesk\backburner\monitor.exe |
"{D760150A-6058-481D-9637-40C06DCA8D9D}" = protocol=17 | dir=in | app=c:\program files\autodesk\backburner\monitor.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00C5E42C-5C3D-4712-91BA-691EBC23DD5C}" = Autodesk MatchMover 2012 32-bit
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java™ 6 Update 26
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C7A758F-E865-4748-B6C3-72B0F45BD7D5}" = Autodesk DirectConnect 2012 32-bit
"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2012.0.0
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BF62C05-3943-4ECB-B233-6E37E3FB5BCF}" = ZBrush 4
"{4EF42AFA-60CB-4745-84FF-C744FF7FAAC4}" = calibre
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{81C6F110-7958-4442-B308-C7C9CAEF8CCF}" = ZoneAlarm DataLock
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{917443c8-4fab-4c87-8ef3-ac150db4d42c}.sdb" = PC Tune-Up
"{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.0)
"{AF1B2B2E-03E3-458A-9DEB-32F8C7637374}" = ZoneAlarm Security
"{B27901FA-F157-4049-B1EC-BC43890A1DCC}" = [email protected] File Recovery
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BFE4A2B6-4894-436C-8847-70FF3F18D892}" = NVIDIA PhysX Plug-in for Autodesk Maya 2012 32 bit
"{C180FAEF-61D5-4A03-8328-A58D9CDD1C4C}" = ZoneAlarm Firewall
"{C73CA646-73B3-4AEF-A136-C37505745174}" = iTunes
"{CA4EECED-20F3-4C2B-8A93-F39CB2063E71}" = ZoneAlarm Antivirus
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC}" = iPod for Windows 2005-09-23
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.1.12.352
"{EF78070E-F96E-4398-B62F-EE7F793C364D}" = Autodesk Maya 2012 32-bit
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FEC02973-0781-49C7-9F04-28DA9BAF0372}" = Composite 2012
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Autodesk DirectConnect 2012 32-bit" = Autodesk DirectConnect 2012 32-bit
"Autodesk Maya 2012 32-bit" = Autodesk Maya 2012 32-bit
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 PCI V.92 Modem
"conduitEngine" = Conduit Engine
"Free File Opener_is1" = Free File Opener v2011.7.0.1
"GOM Player" = GOM Player
"InstallShield_{4BF62C05-3943-4ECB-B233-6E37E3FB5BCF}" = ZBrush 4
"InstallShield_{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC}" = iPod for Windows 2005-09-23
"Jfkreloaded1.1" = Jfkreloaded
"LinksLS99DeinstKey" = Links LS 1999
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 7.0.1 (x86 en-US)" = Mozilla Firefox 7.0.1 (x86 en-US)
"MSNINST" = MSN
"NVIDIA Drivers" = NVIDIA Drivers
"PC Tune-Up" = PC Tune-Up
"PowerISO" = PowerISO
"VLC media player" = VLC media player 1.1.10
"Winamp" = Winamp
"WinRAR archiver" = WinRAR 4.01 (32-bit)
"YTdetect" = Yahoo! Detect
"ZoneAlarm Extreme Security" = ZoneAlarm Extreme Security

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/30/2011 2:42:42 AM | Computer Name = Brad-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 10/30/2011 2:42:42 AM | Computer Name = Brad-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 10/30/2011 2:42:42 AM | Computer Name = Brad-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 10/30/2011 2:42:43 AM | Computer Name = Brad-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 10/30/2011 2:42:43 AM | Computer Name = Brad-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 10/30/2011 3:47:46 AM | Computer Name = Brad-PC | Source = Application Error | ID = 1000
Description = Faulting application msn.exe, version 10.20.91.1100, time stamp 0x4e1bccfb,
faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code
0xc0000005, fault offset 0x00000000, process id 0x864, application start time 0x01cc96c82454d1da.

Error - 10/30/2011 4:12:05 AM | Computer Name = Brad-PC | Source = EventSystem | ID = 4609
Description =

Error - 10/30/2011 8:07:45 PM | Computer Name = Brad-PC | Source = Windows Search Service | ID = 3024
Description =

Error - 11/2/2011 10:45:39 AM | Computer Name = Brad-PC | Source = Application Error | ID = 1000
Description = Faulting application AcroRd32.exe, version 10.1.0.534, time stamp
0x4ded15a3, faulting module AcroRd32.dll, version 10.1.0.534, time stamp 0x4ded2a01,
exception code 0xc0000005, fault offset 0x0005939b, process id 0x5c0, application
start time 0x01cc996ddb64fe85.

Error - 11/4/2011 5:10:04 PM | Computer Name = Brad-PC | Source = Windows Search Service | ID = 3013
Description =

[ System Events ]
Error - 11/9/2011 4:09:35 PM | Computer Name = Brad-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 11/9/2011 4:13:17 PM | Computer Name = Brad-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 11/9/2011 8:59:10 PM | Computer Name = Brad-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 11/10/2011 1:25:50 AM | Computer Name = Brad-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 11/10/2011 1:25:50 AM | Computer Name = Brad-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 11/10/2011 2:05:53 AM | Computer Name = Brad-PC | Source = DCOM | ID = 10010
Description =

Error - 11/10/2011 2:09:14 AM | Computer Name = Brad-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 11/10/2011 2:09:14 AM | Computer Name = Brad-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 11/10/2011 2:09:14 AM | Computer Name = Brad-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 11/10/2011 2:09:14 AM | Computer Name = Brad-PC | Source = Service Control Manager | ID = 7001
Description =


< End of report >

Edited by VodkaMan, 10 November 2011 - 12:51 AM.

  • 0

Advertisements


#2
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi and welcome to GeeksToGo! Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any queries or you are unsure about anything, just say and I'll help you out :)

It may well be worth you printing/saving the instructions throughout the fix, so you have them to hand just in case you are unable to access this site.

Please note:
  • Remember to post your logs, not attach them. So, any logs from any programs we run, should be just 'copied & pasted' into your reply.
  • Please only run the tools that I request. I know malware can be frustrating but running other tools in the meantime and between posts, only makes it harder for us to analyse and fix your PC in the long run.
  • Please subscribe to this topic if you have not already done so. Please check back just in case, as the email system can fail at times.
  • Just because your machine is running better does not mean it is completely cleaned. Please wait for the 'all clear' from me to say when we are done.
  • Please reply within 3 days to be fair to other people asking for help.
  • Please tell me if you have your original Windows CD/DVD available
  • When in doubt, please stop and ask first. There's no harm in asking questions!

If you have since resolved the original problem you were having, I would appreciate you letting me know. If not please perform the following steps below so I can have a look at the current condition of your machine.

  • Please download aswMBR.exe to your desktop.
  • Double click the aswMBR.exe to run it.

    Posted Image
  • When asked if you want to download Avast's virus definitions please select Yes.
  • Click the Scan button to start scan.

    Posted Image
  • On completion of the scan click Save log, save it to your desktop and post in your next reply.
  • Also on Desktop there should be a file called MBR.dat after that, zip it and then attach it here

How to add an attachment to a new topic or reply
  • 0

#3
VodkaMan

VodkaMan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Thank you for your help here is the DAT file zipped Attached File  MBR.zip   564bytes   31 downloads
  • 0

#4
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Please post aswMBR scan log for review.
  • 0

#5
VodkaMan

VodkaMan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Sorry about missing this
aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-11-16 14:26:22
-----------------------------
14:26:22.126 OS Version: Windows 6.0.6002 Service Pack 2
14:26:22.126 Number of processors: 2 586 0x6B01
14:26:22.126 ComputerName: BRAD-PC UserName: Brad
14:26:24.762 Initialize success
14:26:37.211 AVAST engine defs: 11111601
14:26:46.493 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000004e
14:26:46.493 Disk 0 Vendor: ST332062 3.AD Size: 305245MB BusType: 8
14:26:48.536 Disk 0 MBR read successfully
14:26:48.536 Disk 0 MBR scan
14:26:48.630 Disk 0 Windows VISTA default MBR code
14:26:48.661 Disk 0 scanning sectors +625139712
14:26:48.770 Disk 0 scanning C:\Windows\system32\drivers
14:27:29.377 Service scanning
14:27:35.212 Modules scanning
14:27:43.136 Disk 0 trace - called modules:
14:27:43.152 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor.sys
14:27:43.168 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85eab490]
14:27:43.168 3 CLASSPNP.SYS[829228b3] -> nt!IofCallDriver -> [0x84f08f08]
14:27:43.183 5 acpi.sys[828166bc] -> nt!IofCallDriver -> \Device\0000004e[0x84168890]
14:27:44.852 AVAST engine scan C:\Windows
14:27:53.292 AVAST engine scan C:\Windows\system32
14:33:35.119 AVAST engine scan C:\Windows\system32\drivers
14:34:16.865 AVAST engine scan C:\Users\Brad
14:36:22.377 Disk 0 MBR has been saved successfully to "C:\Users\Brad\Desktop\MBR.dat"
14:36:22.408 The log file has been saved successfully to "C:\Users\Brad\Desktop\aswMBR.txt"
  • 0

#6
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Posted Image Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware from Here and double click on mbam-setup.exe to install the application

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Click on Check for Updates button.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
  • 0

#7
VodkaMan

VodkaMan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
The scan came up no infections found here is the log. Again thanks for your help.
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8142

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

11/16/2011 4:37:01 PM
mbam-log-2011-11-16 (16-37-01).txt

Scan type: Quick scan
Objects scanned: 190325
Time elapsed: 19 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#8
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Please delete your copy of OTL.exe.

Posted Image OTL Custom Scan

  • Download OTL to your desktop.
  • Double click on the Posted Image icon to run it.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top, make sure Stadard output is selected.
  • Select Scan all users
  • Under the Extra Registry section, check Use SafeList
  • Check the boxes beside LOP Check and Purity Check.
  • Under the Custom Scans/Fixes box copy and paste this in:

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    %systemroot%\*. /mp /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    CREATERESTOREPOINT
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

  • 0

#9
VodkaMan

VodkaMan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Here it is and thanks again

OTL Extras logfile created on: 11/16/2011 6:40:22 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Brad\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1021.76 Mb Total Physical Memory | 523.97 Mb Available Physical Memory | 51.28% Memory free
2.25 Gb Paging File | 1.38 Gb Available in Paging File | 61.22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.05 Gb Total Space | 66.49 Gb Free Space | 23.08% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.35 Gb Free Space | 63.52% Space Free | Partition Type: NTFS
Drive F: | 977.23 Mb Total Space | 197.22 Mb Free Space | 20.18% Space Free | Partition Type: FAT

Computer Name: BRAD-PC | User Name: Brad | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1021426348-749747451-2687657341-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{139AF2F4-734E-4C18-B047-F8C3FBB61076}" = protocol=17 | dir=in | app=c:\program files\autodesk\backburner\manager.exe |
"{1CC4D702-5F31-4E8A-BC16-536ED4823F8F}" = protocol=17 | dir=in | app=c:\program files\autodesk\backburner\server.exe |
"{4DBFC75C-FC67-4F33-B3B0-5CEEF68F9018}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{5196C514-833E-4E66-90E6-4B84D33607DB}" = protocol=6 | dir=in | app=c:\program files\autodesk\backburner\server.exe |
"{C614CFF4-BE4E-4C69-AEB3-4361B7B5C688}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{CB1A5F71-85FE-42B7-A30C-5E33D58086D0}" = protocol=6 | dir=in | app=c:\program files\autodesk\backburner\manager.exe |
"{D6167063-78E0-43B2-BD52-B742EA7F3C2C}" = protocol=6 | dir=in | app=c:\program files\autodesk\backburner\monitor.exe |
"{D760150A-6058-481D-9637-40C06DCA8D9D}" = protocol=17 | dir=in | app=c:\program files\autodesk\backburner\monitor.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00C5E42C-5C3D-4712-91BA-691EBC23DD5C}" = Autodesk MatchMover 2012 32-bit
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java™ 6 Update 26
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C7A758F-E865-4748-B6C3-72B0F45BD7D5}" = Autodesk DirectConnect 2012 32-bit
"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2012.0.0
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BF62C05-3943-4ECB-B233-6E37E3FB5BCF}" = ZBrush 4
"{4EF42AFA-60CB-4745-84FF-C744FF7FAAC4}" = calibre
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{81C6F110-7958-4442-B308-C7C9CAEF8CCF}" = ZoneAlarm DataLock
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{917443c8-4fab-4c87-8ef3-ac150db4d42c}.sdb" = PC Tune-Up
"{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.0)
"{AF1B2B2E-03E3-458A-9DEB-32F8C7637374}" = ZoneAlarm Security
"{B27901FA-F157-4049-B1EC-BC43890A1DCC}" = [email protected] File Recovery
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BFE4A2B6-4894-436C-8847-70FF3F18D892}" = NVIDIA PhysX Plug-in for Autodesk Maya 2012 32 bit
"{C180FAEF-61D5-4A03-8328-A58D9CDD1C4C}" = ZoneAlarm Firewall
"{C73CA646-73B3-4AEF-A136-C37505745174}" = iTunes
"{CA4EECED-20F3-4C2B-8A93-F39CB2063E71}" = ZoneAlarm Antivirus
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC}" = iPod for Windows 2005-09-23
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.1.12.352
"{EF78070E-F96E-4398-B62F-EE7F793C364D}" = Autodesk Maya 2012 32-bit
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FEC02973-0781-49C7-9F04-28DA9BAF0372}" = Composite 2012
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Autodesk DirectConnect 2012 32-bit" = Autodesk DirectConnect 2012 32-bit
"Autodesk Maya 2012 32-bit" = Autodesk Maya 2012 32-bit
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 PCI V.92 Modem
"conduitEngine" = Conduit Engine
"ESET Online Scanner" = ESET Online Scanner v3
"Free File Opener_is1" = Free File Opener v2011.7.0.1
"GOM Player" = GOM Player
"InstallShield_{4BF62C05-3943-4ECB-B233-6E37E3FB5BCF}" = ZBrush 4
"InstallShield_{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC}" = iPod for Windows 2005-09-23
"Jfkreloaded1.1" = Jfkreloaded
"LinksLS99DeinstKey" = Links LS 1999
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 7.0.1 (x86 en-US)" = Mozilla Firefox 7.0.1 (x86 en-US)
"MSNINST" = MSN
"NVIDIA Drivers" = NVIDIA Drivers
"PC Tune-Up" = PC Tune-Up
"PowerISO" = PowerISO
"VLC media player" = VLC media player 1.1.10
"Winamp" = Winamp
"WinRAR archiver" = WinRAR 4.01 (32-bit)
"YTdetect" = Yahoo! Detect
"ZoneAlarm Extreme Security" = ZoneAlarm Extreme Security

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/30/2011 3:47:46 AM | Computer Name = Brad-PC | Source = Application Error | ID = 1000
Description = Faulting application msn.exe, version 10.20.91.1100, time stamp 0x4e1bccfb,
faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code
0xc0000005, fault offset 0x00000000, process id 0x864, application start time 0x01cc96c82454d1da.

Error - 10/30/2011 4:12:05 AM | Computer Name = Brad-PC | Source = EventSystem | ID = 4609
Description =

Error - 10/30/2011 8:07:45 PM | Computer Name = Brad-PC | Source = Windows Search Service | ID = 3024
Description =

Error - 11/2/2011 10:45:39 AM | Computer Name = Brad-PC | Source = Application Error | ID = 1000
Description = Faulting application AcroRd32.exe, version 10.1.0.534, time stamp
0x4ded15a3, faulting module AcroRd32.dll, version 10.1.0.534, time stamp 0x4ded2a01,
exception code 0xc0000005, fault offset 0x0005939b, process id 0x5c0, application
start time 0x01cc996ddb64fe85.

Error - 11/4/2011 5:10:04 PM | Computer Name = Brad-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 11/9/2011 4:07:08 PM | Computer Name = Brad-PC | Source = Application Hang | ID = 1002
Description = The program msn.exe version 10.20.91.1100 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: a94 Start Time: 01cc9f1a3930ecb5 Termination Time: 655

Error - 11/10/2011 1:25:50 AM | Computer Name = Brad-PC | Source = Microsoft-Windows-RestartManager | ID = 10007
Description =

Error - 11/10/2011 1:42:22 AM | Computer Name = Brad-PC | Source = VSS | ID = 8194
Description =

Error - 11/10/2011 1:42:54 AM | Computer Name = Brad-PC | Source = VSS | ID = 8194
Description =

Error - 11/10/2011 3:22:42 PM | Computer Name = Brad-PC | Source = Application Error | ID = 1000
Description = Faulting application ConvertXtoDvd.exe, version 4.1.12.352, time stamp
0x4d90539b, faulting module kernel32.dll, version 6.0.6002.18449, time stamp 0x4da47967,
exception code 0xc0000005, fault offset 0x00001c7e, process id 0xabc, application
start time 0x01cc9fddfa158c08.

[ System Events ]
Error - 11/16/2011 2:27:52 PM | Computer Name = Brad-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 11/16/2011 2:27:52 PM | Computer Name = Brad-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 11/16/2011 2:27:52 PM | Computer Name = Brad-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 11/16/2011 2:27:52 PM | Computer Name = Brad-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 11/16/2011 2:27:52 PM | Computer Name = Brad-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 11/16/2011 3:24:26 PM | Computer Name = Brad-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 2:21:03 PM on 11/16/2011 was unexpected.

Error - 11/16/2011 3:26:08 PM | Computer Name = Brad-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 11/16/2011 3:26:08 PM | Computer Name = Brad-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 11/16/2011 3:26:08 PM | Computer Name = Brad-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 11/16/2011 3:53:38 PM | Computer Name = Brad-PC | Source = Schannel | ID = 36874
Description = An SSL connection request was received from a remote client application,
but none of the cipher suites supported by the client application are supported
by the server. The SSL connection request has failed.


< End of report >
OTL logfile created on: 11/16/2011 6:40:22 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Brad\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1021.76 Mb Total Physical Memory | 523.97 Mb Available Physical Memory | 51.28% Memory free
2.25 Gb Paging File | 1.38 Gb Available in Paging File | 61.22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.05 Gb Total Space | 66.49 Gb Free Space | 23.08% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.35 Gb Free Space | 63.52% Space Free | Partition Type: NTFS
Drive F: | 977.23 Mb Total Space | 197.22 Mb Free Space | 20.18% Space Free | Partition Type: FAT

Computer Name: BRAD-PC | User Name: Brad | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/16 18:34:00 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Brad\Desktop\OTL.exe
PRC - [2011/07/25 07:57:16 | 000,493,184 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
PRC - [2011/07/25 07:57:14 | 000,738,944 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
PRC - [2011/07/22 08:44:44 | 002,413,936 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
PRC - [2011/07/22 08:43:08 | 000,072,336 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
PRC - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2011/07/22 08:42:50 | 000,074,896 | ---- | M] () -- C:\Program Files\CheckPoint\ZoneAlarm\fde\fde_api.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/08/20 01:19:40 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/07/25 07:57:16 | 000,493,184 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV - [2011/07/22 08:44:44 | 002,413,936 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011/07/25 07:57:10 | 000,027,016 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2011/07/25 07:57:08 | 000,036,744 | ---- | M] (Check Point Software Technologies) [Kernel | On_Demand | Running] -- C:\Program Files\CheckPoint\ZAForceField\AK\icsak.sys -- (icsak)
DRV - [2011/06/15 03:23:56 | 000,060,156 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2011/05/07 16:51:26 | 000,451,160 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant)
DRV - [2010/10/14 16:08:38 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\kl1.sys -- (KL1)
DRV - [2010/10/14 16:08:38 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl2.sys -- (kl2)
DRV - [2010/09/21 15:51:56 | 000,318,040 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2007/08/13 16:13:38 | 007,568,832 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/05/01 07:26:26 | 000,131,368 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2007/05/01 07:26:26 | 000,102,696 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007/03/05 03:07:46 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2007/02/08 00:16:26 | 000,647,680 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2006/11/02 02:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 02:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2006/10/18 13:08:18 | 000,258,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2006/08/04 19:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=us&ibd=6070524
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\URLSearchHook: {a94e8dc9-07aa-45a7-8af2-a0375473a5cd} - No CLSID value found


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1021426348-749747451-2687657341-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKU\S-1-5-21-1021426348-749747451-2687657341-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lf.startnow.c...ion=6.0-x86-SP2
IE - HKU\S-1-5-21-1021426348-749747451-2687657341-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = about:blank
IE - HKU\S-1-5-21-1021426348-749747451-2687657341-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1021426348-749747451-2687657341-1000\..\URLSearchHook: {a94e8dc9-07aa-45a7-8af2-a0375473a5cd} - No CLSID value found
IE - HKU\S-1-5-21-1021426348-749747451-2687657341-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========



FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\[email protected]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\[email protected]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\[email protected]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2011/09/13 01:59:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/03 02:51:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\FriendsChecker\DynConFf\

[2011/09/30 15:40:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Brad\AppData\Roaming\mozilla\Extensions
[2011/09/30 21:31:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Brad\AppData\Roaming\mozilla\firefox\profiles\03lyjglh.default\extensions
[2011/09/30 21:09:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Brad\AppData\Roaming\mozilla\firefox\profiles\tm9anwfc.default\extensions
[2011/09/18 02:51:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/07/04 02:01:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/10/03 02:51:36 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/09/02 18:25:59 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (no name) - {a94e8dc9-07aa-45a7-8af2-a0375473a5cd} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {a94e8dc9-07aa-45a7-8af2-a0375473a5cd} - No CLSID value found.
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} http://floridakeysme...sCamControl.ocx (CamImage Class)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{221D388C-85C8-4B21-99B7-5294E08524FB}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Brad\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Brad\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{636457c7-09c5-11dc-89d5-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{636457c7-09c5-11dc-89d5-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Setup.exe
O33 - MountPoints2\{b4bb781d-a836-11e0-ba7c-001aa03d86ac}\Shell - "" = AutoRun
O33 - MountPoints2\{b4bb781d-a836-11e0-ba7c-001aa03d86ac}\Shell\AutoRun\command - "" = J:\setup.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/11/16 18:33:58 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Brad\Desktop\OTL.exe
[2011/11/16 14:14:49 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Brad\Desktop\aswMBR.exe
[2011/11/12 04:21:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011/11/11 16:16:10 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Roaming\Malwarebytes
[2011/11/11 16:15:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/11 16:15:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/11/11 16:15:01 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/11/11 16:15:01 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/11/11 13:25:48 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/11/11 13:24:58 | 009,851,496 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Brad\Desktop\mbam-setup.exe
[2011/11/11 13:21:17 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Brad\Desktop\esetsmartinstaller_enu.exe
[2011/11/10 01:09:07 | 000,000,000 | ---D | C] -- C:\Program Files\CONEXANT
[2011/11/07 23:07:35 | 000,000,000 | ---D | C] -- C:\Users\Brad\Desktop\Mack
[2011/10/28 19:31:54 | 000,000,000 | ---D | C] -- C:\Users\Brad\Desktop\Boardwalk
[5 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/16 18:34:00 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Brad\Desktop\OTL.exe
[2011/11/16 18:33:11 | 000,196,608 | ---- | M] () -- C:\Users\Brad\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/16 18:24:34 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/16 18:24:34 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/16 18:19:01 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/16 14:36:22 | 000,000,512 | ---- | M] () -- C:\Users\Brad\Desktop\MBR.dat
[2011/11/16 14:24:47 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/16 14:24:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/16 14:24:21 | 1072,160,768 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/16 14:14:54 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Brad\Desktop\aswMBR.exe
[2011/11/16 02:49:57 | 000,608,406 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/11/16 02:49:57 | 000,105,908 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/11/15 23:22:04 | 000,000,680 | ---- | M] () -- C:\Users\Brad\AppData\Local\d3d9caps.dat
[2011/11/12 04:21:52 | 000,002,075 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011/11/11 16:15:06 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/11 13:25:22 | 009,851,496 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Brad\Desktop\mbam-setup.exe
[2011/11/11 13:21:24 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Brad\Desktop\esetsmartinstaller_enu.exe
[2011/11/10 19:44:50 | 000,001,057 | ---- | M] () -- C:\Users\Brad\AppData\Roaming\vso_ts_preview.xml
[2011/11/10 01:08:04 | 000,279,264 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[5 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/16 14:36:22 | 000,000,512 | ---- | C] () -- C:\Users\Brad\Desktop\MBR.dat
[2011/11/12 04:21:52 | 000,002,075 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011/11/11 16:15:06 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/27 23:14:27 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/10/27 23:14:27 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011/09/13 00:15:04 | 000,000,144 | ---- | C] () -- C:\Windows\System32\lkfl.dat
[2011/09/13 00:15:04 | 000,000,128 | ---- | C] () -- C:\Windows\System32\pdfl.dat
[2011/09/13 00:15:04 | 000,000,080 | ---- | C] () -- C:\Windows\System32\ibfl.dat
[2011/09/07 14:27:06 | 000,761,856 | ---- | C] () -- C:\Windows\System32\FreeImage3.dll
[2011/09/07 14:27:06 | 000,761,856 | ---- | C] () -- C:\Windows\System32\FreeImage.dll
[2011/09/07 14:27:06 | 000,098,304 | ---- | C] () -- C:\Windows\System32\DVM.dll
[2011/09/07 14:27:06 | 000,053,248 | ---- | C] () -- C:\Windows\System32\RegisterExe.exe
[2011/08/16 18:59:38 | 000,059,392 | R--- | C] () -- C:\Windows\System32\streamhlp.dll
[2011/08/08 13:53:52 | 000,000,000 | ---- | C] () -- C:\Users\Brad\AppData\Local\{3F348B3C-9D33-4938-91D4-12D70EE7A320}
[2011/07/12 15:10:02 | 000,000,552 | ---- | C] () -- C:\Users\Brad\AppData\Local\d3d8caps.dat
[2011/07/10 00:53:03 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011/07/04 22:40:29 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011/07/04 20:26:51 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/07/04 20:26:50 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/07/01 00:47:58 | 000,196,608 | ---- | C] () -- C:\Users\Brad\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/30 19:01:35 | 000,001,057 | ---- | C] () -- C:\Users\Brad\AppData\Roaming\vso_ts_preview.xml
[2011/06/29 23:42:58 | 000,000,680 | ---- | C] () -- C:\Users\Brad\AppData\Local\d3d9caps.dat
[2006/11/10 08:26:12 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,279,264 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,608,406 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,105,908 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2011/09/13 04:07:11 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\#ISW.FS#
[2011/08/20 02:09:53 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\Autodesk
[2011/08/23 02:21:39 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\calibre
[2011/09/13 00:18:56 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\CheckPoint
[2011/09/13 00:48:12 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\MailFrontier
[2011/08/31 01:18:25 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\PlayFirst
[2011/08/23 23:17:30 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\ProtectDISC
[2011/09/07 14:27:23 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\Softinterface, Inc
[2011/08/16 22:13:46 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\TrojanHunter
[2011/11/10 19:44:51 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\Vso
[2011/11/16 04:04:34 | 000,032,562 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2011/06/30 02:29:32 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2011/06/30 02:29:31 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2011/06/30 02:29:30 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2011/06/30 02:51:03 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2011/06/30 02:51:03 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2011/06/30 02:29:31 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/04/29 10:42:08 | 000,090,624 | ---- | M] () MD5=FBB39A4487E11F64DCFFD36AEC2D2216 -- C:\Program Files\CheckPoint\ZAForceField\Heuristics\explorer.exe
[2006/11/02 04:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/19 02:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: SVCHOST.EXE >
[2006/11/02 04:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
[2008/01/19 02:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/19 02:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2008/07/01 08:17:12 | 000,090,624 | ---- | M] () MD5=FBB39A4487E11F64DCFFD36AEC2D2216 -- C:\Program Files\CheckPoint\ZAForceField\Heuristics\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/19 02:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/19 02:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006/11/02 04:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 01:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 01:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006/11/02 04:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008/01/19 02:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
[2008/07/01 08:17:12 | 000,090,624 | ---- | M] () MD5=FBB39A4487E11F64DCFFD36AEC2D2216 -- C:\Program Files\CheckPoint\ZAForceField\Heuristics\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/10/03 02:51:34 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/10/03 02:51:34 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/10/03 02:51:34 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/10/03 02:51:36 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/10/03 02:51:36 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/10/03 02:51:36 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/07/05 14:43:51 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/07/05 14:43:51 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/07/05 14:43:51 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/07/05 14:43:52 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2011/07/05 14:43:52 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\MSN Explorer\shell\open\command\\: "C:\Program Files\MSN\MSNCoreFiles\MSN.EXE" [2011/07/12 00:15:36 | 000,108,368 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/10/03 02:51:34 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/10/03 02:51:34 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/10/03 02:51:34 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/10/03 02:51:36 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/10/03 02:51:36 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/10/03 02:51:36 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/07/05 14:43:51 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/07/05 14:43:51 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/07/05 14:43:51 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/07/05 14:43:52 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2011/07/05 14:43:52 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\MSN Explorer\shell\open\command\\: "C:\Program Files\MSN\MSNCoreFiles\MSN.EXE" [2011/07/12 00:15:36 | 000,108,368 | ---- | M] (Microsoft Corporation)

========== Alternate Data Streams ==========

@Alternate Data Stream - 173 bytes -> C:\ProgramData\TEMP:9E00596C
@Alternate Data Stream - 159 bytes -> C:\ProgramData\TEMP:7631EA83

< End of report >
  • 0

#10
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
We need to run an OTL Fix

Warning This fix is only relevant for this system and no other, using on another computer may cause problems.

  • Please double click on Posted Image on your Desktop (If running Vista or Windows 7, right click on it and select "Run as an Administrator")
  • Under the Custom Scans/Fixes box copy and paste this in (Please carefully select all text in code box beginning with : ):

    :OTL
    O2 - BHO: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
    O33 - MountPoints2\{636457c7-09c5-11dc-89d5-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Setup.exe
    O33 - MountPoints2\{b4bb781d-a836-11e0-ba7c-001aa03d86ac}\Shell\AutoRun\command - "" = J:\setup.exe -a
      	
    :Files
    ipconfig /flushdns /c
    xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
    xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
    xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
    xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C
    
    :Reg
    
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYJAVA]
    [emptyflash]
    [createrestorepoint]
    [reboot]
  • Make sure all other windows are closed and to let it run uninterrupted.
  • Click on Posted Image button.
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click on Posted Image button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

Advertisements


#11
VodkaMan

VodkaMan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Here is the log first and scan results second thanks

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{636457c7-09c5-11dc-89d5-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{636457c7-09c5-11dc-89d5-806e6f6e6963}\ not found.
File E:\Setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b4bb781d-a836-11e0-ba7c-001aa03d86ac}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b4bb781d-a836-11e0-ba7c-001aa03d86ac}\ not found.
File J:\setup.exe -a not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Brad\Desktop\cmd.bat deleted successfully.
C:\Users\Brad\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C >
0 File(s) copied
C:\Users\Brad\Desktop\cmd.bat deleted successfully.
C:\Users\Brad\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C >
0 File(s) copied
C:\Users\Brad\Desktop\cmd.bat deleted successfully.
C:\Users\Brad\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C >
0 File(s) copied
C:\Users\Brad\Desktop\cmd.bat deleted successfully.
C:\Users\Brad\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C >
0 File(s) copied
C:\Users\Brad\Desktop\cmd.bat deleted successfully.
C:\Users\Brad\Desktop\cmd.txt deleted successfully.
========== REGISTRY ==========
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Brad
->Temp folder emptied: 48778762 bytes
->Temporary Internet Files folder emptied: 14417369 bytes
->Java cache emptied: 171946759 bytes
->FireFox cache emptied: 38397707 bytes
->Flash cache emptied: 3125455 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56468 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 569512 bytes
Windows Temp folder emptied: 1003860 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 265.00 mb


[EMPTYJAVA]

User: All Users

User: Brad
->Java cache emptied: 0 bytes

User: Default

User: Default User

User: Public

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Brad
->Flash cache emptied: 0 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb



OTL by OldTimer - Version 3.2.31.0 log created on 11172011_150921

Files\Folders moved on Reboot...
C:\Users\Brad\AppData\Local\Temp\~DFD1CE.tmp moved successfully.
File move failed. C:\Windows\system32\drivers\SET1C0B.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\system32\drivers\SET68E3.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\system32\drivers\SET7081.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\system32\drivers\SET715.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\system32\drivers\SETB944.tmp scheduled to be moved on reboot.
C:\Windows\temp\ZLT039b3.TMP moved successfully.

Registry entries deleted on Reboot...


OTL logfile created on: 11/17/2011 3:28:54 PM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Brad\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1021.76 Mb Total Physical Memory | 272.57 Mb Available Physical Memory | 26.68% Memory free
2.25 Gb Paging File | 1.27 Gb Available in Paging File | 56.46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.05 Gb Total Space | 60.05 Gb Free Space | 20.85% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.35 Gb Free Space | 63.52% Space Free | Partition Type: NTFS
Drive F: | 977.23 Mb Total Space | 197.22 Mb Free Space | 20.18% Space Free | Partition Type: FAT

Computer Name: BRAD-PC | User Name: Brad | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/16 18:34:00 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Brad\Desktop\OTL.exe
PRC - [2011/10/03 02:51:36 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/07/25 07:57:16 | 000,493,184 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
PRC - [2011/07/25 07:57:14 | 000,738,944 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
PRC - [2011/07/22 08:44:44 | 002,413,936 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
PRC - [2011/07/22 08:43:08 | 000,072,336 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
PRC - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/03 17:10:09 | 006,277,280 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2011/10/03 02:51:35 | 001,833,944 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/07/22 08:42:50 | 000,074,896 | ---- | M] () -- C:\Program Files\CheckPoint\ZoneAlarm\fde\fde_api.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/08/20 01:19:40 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/07/25 07:57:16 | 000,493,184 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV - [2011/07/22 08:44:44 | 002,413,936 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011/07/25 07:57:10 | 000,027,016 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2011/07/25 07:57:08 | 000,036,744 | ---- | M] (Check Point Software Technologies) [Kernel | On_Demand | Running] -- C:\Program Files\CheckPoint\ZAForceField\AK\icsak.sys -- (icsak)
DRV - [2011/06/15 03:23:56 | 000,060,156 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2011/05/07 16:51:26 | 000,451,160 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant)
DRV - [2010/10/14 16:08:38 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\kl1.sys -- (KL1)
DRV - [2010/10/14 16:08:38 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl2.sys -- (kl2)
DRV - [2010/09/21 15:51:56 | 000,318,040 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2007/08/13 16:13:38 | 007,568,832 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/05/01 07:26:26 | 000,131,368 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2007/05/01 07:26:26 | 000,102,696 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007/03/05 03:07:46 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2007/02/08 00:16:26 | 000,647,680 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2006/11/02 02:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 02:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2006/10/18 13:08:18 | 000,258,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2006/08/04 19:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=us&ibd=6070524
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\URLSearchHook: {a94e8dc9-07aa-45a7-8af2-a0375473a5cd} - No CLSID value found

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lf.startnow.c...ion=6.0-x86-SP2
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {a94e8dc9-07aa-45a7-8af2-a0375473a5cd} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========



FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\[email protected]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\[email protected]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\[email protected]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2011/09/13 01:59:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/03 02:51:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\FriendsChecker\DynConFf\

[2011/09/30 15:40:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Brad\AppData\Roaming\mozilla\Extensions
[2011/09/30 21:31:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Brad\AppData\Roaming\mozilla\firefox\profiles\03lyjglh.default\extensions
[2011/09/30 21:09:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Brad\AppData\Roaming\mozilla\firefox\profiles\tm9anwfc.default\extensions
[2011/09/18 02:51:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/07/04 02:01:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/10/03 02:51:36 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/09/02 18:25:59 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/11/17 15:09:38 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (no name) - {a94e8dc9-07aa-45a7-8af2-a0375473a5cd} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {a94e8dc9-07aa-45a7-8af2-a0375473a5cd} - No CLSID value found.
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: //@[email protected]/ ([]msn in Local intranet)
O15 - HKCU\..Trusted Domains: //@[email protected]/ ([]msn in Computer)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} http://floridakeysme...sCamControl.ocx (CamImage Class)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{221D388C-85C8-4B21-99B7-5294E08524FB}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Brad\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Brad\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/17 15:09:21 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/11/16 18:33:58 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Brad\Desktop\OTL.exe
[2011/11/16 14:14:49 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Brad\Desktop\aswMBR.exe
[2011/11/12 04:21:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011/11/11 16:16:10 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Roaming\Malwarebytes
[2011/11/11 16:15:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/11 16:15:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/11/11 16:15:01 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/11/11 16:15:01 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/11/11 13:25:48 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/11/11 13:24:58 | 009,851,496 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Brad\Desktop\mbam-setup.exe
[2011/11/11 13:21:17 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Brad\Desktop\esetsmartinstaller_enu.exe
[2011/11/10 01:09:07 | 000,000,000 | ---D | C] -- C:\Program Files\CONEXANT
[2011/11/07 23:07:35 | 000,000,000 | ---D | C] -- C:\Users\Brad\Desktop\Mack
[2011/10/28 19:31:54 | 000,000,000 | ---D | C] -- C:\Users\Brad\Desktop\Boardwalk
[5 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/17 15:19:03 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/17 15:17:29 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/17 15:17:16 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/17 15:17:16 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/17 15:17:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/17 15:17:03 | 1072,160,768 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/17 15:09:38 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/11/16 18:34:00 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Brad\Desktop\OTL.exe
[2011/11/16 18:33:11 | 000,196,608 | ---- | M] () -- C:\Users\Brad\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/16 14:36:22 | 000,000,512 | ---- | M] () -- C:\Users\Brad\Desktop\MBR.dat
[2011/11/16 14:14:54 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Brad\Desktop\aswMBR.exe
[2011/11/16 08:50:10 | 3510,649,069 | ---- | M] () -- C:\Users\Brad\Desktop\kaka-bsltfft.720p.mkv
[2011/11/16 02:49:57 | 000,608,406 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/11/16 02:49:57 | 000,105,908 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/11/15 23:22:04 | 000,000,680 | ---- | M] () -- C:\Users\Brad\AppData\Local\d3d9caps.dat
[2011/11/12 04:21:52 | 000,002,075 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011/11/11 16:15:06 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/11 13:25:22 | 009,851,496 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Brad\Desktop\mbam-setup.exe
[2011/11/11 13:21:24 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Brad\Desktop\esetsmartinstaller_enu.exe
[2011/11/10 19:44:50 | 000,001,057 | ---- | M] () -- C:\Users\Brad\AppData\Roaming\vso_ts_preview.xml
[2011/11/10 01:08:04 | 000,279,264 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[5 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/17 02:35:58 | 3510,649,069 | ---- | C] () -- C:\Users\Brad\Desktop\kaka-bsltfft.720p.mkv
[2011/11/16 14:36:22 | 000,000,512 | ---- | C] () -- C:\Users\Brad\Desktop\MBR.dat
[2011/11/12 04:21:52 | 000,002,075 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011/11/11 16:15:06 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/27 23:14:27 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/10/27 23:14:27 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011/09/13 00:15:04 | 000,000,144 | ---- | C] () -- C:\Windows\System32\lkfl.dat
[2011/09/13 00:15:04 | 000,000,128 | ---- | C] () -- C:\Windows\System32\pdfl.dat
[2011/09/13 00:15:04 | 000,000,080 | ---- | C] () -- C:\Windows\System32\ibfl.dat
[2011/09/07 14:27:06 | 000,761,856 | ---- | C] () -- C:\Windows\System32\FreeImage3.dll
[2011/09/07 14:27:06 | 000,761,856 | ---- | C] () -- C:\Windows\System32\FreeImage.dll
[2011/09/07 14:27:06 | 000,098,304 | ---- | C] () -- C:\Windows\System32\DVM.dll
[2011/09/07 14:27:06 | 000,053,248 | ---- | C] () -- C:\Windows\System32\RegisterExe.exe
[2011/08/16 18:59:38 | 000,059,392 | R--- | C] () -- C:\Windows\System32\streamhlp.dll
[2011/08/08 13:53:52 | 000,000,000 | ---- | C] () -- C:\Users\Brad\AppData\Local\{3F348B3C-9D33-4938-91D4-12D70EE7A320}
[2011/07/12 15:10:02 | 000,000,552 | ---- | C] () -- C:\Users\Brad\AppData\Local\d3d8caps.dat
[2011/07/10 00:53:03 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011/07/04 22:40:29 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011/07/04 20:26:51 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/07/04 20:26:50 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/07/01 00:47:58 | 000,196,608 | ---- | C] () -- C:\Users\Brad\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/30 19:01:35 | 000,001,057 | ---- | C] () -- C:\Users\Brad\AppData\Roaming\vso_ts_preview.xml
[2011/06/29 23:42:58 | 000,000,680 | ---- | C] () -- C:\Users\Brad\AppData\Local\d3d9caps.dat
[2006/11/10 08:26:12 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,279,264 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,608,406 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,105,908 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2011/09/13 04:07:11 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\#ISW.FS#
[2011/08/20 02:09:53 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\Autodesk
[2011/08/23 02:21:39 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\calibre
[2011/09/13 00:18:56 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\CheckPoint
[2011/09/13 00:48:12 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\MailFrontier
[2011/08/31 01:18:25 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\PlayFirst
[2011/08/23 23:17:30 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\ProtectDISC
[2011/09/07 14:27:23 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\Softinterface, Inc
[2011/08/16 22:13:46 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\TrojanHunter
[2011/11/10 19:44:51 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\Vso
[2011/11/17 15:16:12 | 000,032,562 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 173 bytes -> C:\ProgramData\TEMP:9E00596C
@Alternate Data Stream - 159 bytes -> C:\ProgramData\TEMP:7631EA83

< End of report >
  • 0

#12
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Thank you. Any improvements in performance?
  • 0

#13
VodkaMan

VodkaMan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Yes it does seem to be moving a little faster thanks. I figure at 1 gig of ram that could be slowing me down also. May I ask what was wrong was it a key logger? Again I would like to thank you for the time you put in helping me it is appreciated.
  • 0

#14
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
I would say 1GB of RAM is minimum nowadays. Adding additional 1GB would be great.

I didn't find any keylogger so far. We removed some spy/adaware crappy programs and deleted temporary files.

We should proceed with general antimalware scan which can take quite a long time so please be patient.

Download Virus Removal Tool (VRT) from Here to your desktop
(You have to enter your e-mail address and click on Submit Form button. Please download latest English version of this tool)

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
(Please be patient as this scan can take a few hours)
Posted Image

Allow VRT to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post


Now the Analysis

Rerun VRT and select the Manual Disinfection tab and press Start Gathering System Information

Posted Image

On completion click the link to locate the zip file to upload and attach to your next post

Posted Image
  • 0

#15
VodkaMan

VodkaMan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
On the scan came up no infections here is the manual disinfection zip

Attached Files


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP