Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Google redirect, popups, windows security wont start. OTL log inside [

Started by tjdrake719 , Dec 10 2011 11:18 PM

  • This topic is locked This topic is locked

#1
tjdrake719
Posted 10 December 2011 - 11:18 PM

tjdrake719

    New Member

  • Member
  • Pip
  • 5 posts
The first is when I try to start Windows Security Center from the Action Center I get a popup that says "the windows security center service can't be started". I have attempted to start it from the Services which works but then turn off within 1 minute. I have run a Full Scan using Malwarebytes' Anti-Malware which also detected threats and were removed. I have run both scans in regular windows start and safe mode. My search engine results keep getting redirected and I keep getting pop ups. I also ran tdsskiller and it came up clean.

Below is my OTL log, thank you for your time and help.

OTL logfile created on: 12/10/2011 10:37:48 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Admin\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 4.29 Gb Available Physical Memory | 71.57% Memory free
12.00 Gb Paging File | 9.95 Gb Available in Paging File | 82.98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 556.83 Gb Free Space | 59.78% Space Free | Partition Type: NTFS

Computer Name: ADMIN-PC | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/10 22:12:45 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
PRC - [2011/11/10 11:07:12 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/08/28 20:39:02 | 000,139,264 | ---- | M] (SOURCENEXT) -- C:\Windows\SysWOW64\bgsvcgen.exe
PRC - [2011/08/10 02:20:38 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2011/05/25 13:07:14 | 024,176,560 | ---- | M] (Dropbox, Inc.) -- C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011/03/31 22:11:52 | 000,428,640 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/03/01 22:14:08 | 000,190,808 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2011/03/01 22:13:44 | 000,203,096 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
PRC - [2011/02/22 13:57:34 | 000,378,128 | ---- | M] (PC Tools) -- C:\Program Files (x86)\ThreatFire\TFTray.exe
PRC - [2011/02/22 13:57:30 | 000,070,928 | ---- | M] (PC Tools) -- C:\Program Files (x86)\ThreatFire\TFService.exe
PRC - [2010/05/07 17:47:32 | 000,114,008 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
PRC - [2010/05/07 17:43:52 | 000,651,096 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2009/07/24 18:38:50 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2009/02/23 10:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe


========== Modules (No Company Name) ==========

MOD - [2011/12/10 21:43:31 | 000,095,744 | ---- | M] () -- C:\ProgramData\MouseNotifierVerifier.dll
MOD - [2011/12/08 19:55:55 | 014,410,024 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2011/12/08 19:55:55 | 000,914,216 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-52.dll
MOD - [2011/12/08 19:55:55 | 000,194,344 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2011/12/08 19:55:55 | 000,155,432 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-52.dll
MOD - [2011/12/08 19:55:55 | 000,091,432 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-50.dll
MOD - [2011/11/10 11:07:12 | 001,989,592 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/05/07 12:28:43 | 006,053,536 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011/03/01 22:13:44 | 000,203,096 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
MOD - [2010/11/12 08:23:44 | 000,330,584 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
MOD - [2010/05/07 17:43:52 | 000,651,096 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
MOD - [2010/05/07 17:37:40 | 000,126,808 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2010/05/07 17:37:40 | 000,027,480 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2010/05/07 17:36:54 | 000,340,824 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2010/05/07 17:35:56 | 007,954,776 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2010/05/07 17:35:44 | 002,143,576 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTCore4.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/10/12 16:19:48 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2011/10/12 13:09:44 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/05/07 17:45:16 | 000,197,976 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
SRV:64bit: - [2007/11/15 09:17:04 | 000,160,272 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2011/11/12 20:24:34 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/08/28 20:39:02 | 000,139,264 | ---- | M] (SOURCENEXT) [Auto | Running] -- C:\Windows\SysWOW64\bgsvcgen.exe -- (bgsvcgen)
SRV - [2011/06/14 10:36:41 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2011/06/13 02:27:14 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2011/03/31 22:11:52 | 000,428,640 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011/02/22 13:57:30 | 000,070,928 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\ThreatFire\TFService.exe -- (ThreatFire)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/07/24 18:38:50 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/02/23 10:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/10/12 13:56:18 | 010,207,232 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2011/10/12 13:56:18 | 010,207,232 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/10/12 12:30:42 | 000,317,952 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/08/28 20:39:02 | 000,038,944 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\cdrbsdrv.sys -- (cdrbsdrv)
DRV:64bit: - [2011/06/24 06:31:02 | 000,055,424 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01)
DRV:64bit: - [2011/06/06 15:07:00 | 000,231,440 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/05/24 16:40:10 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2011/05/07 15:50:31 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/03/31 22:07:54 | 004,184,672 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) Logitech HD Webcam C310(UVC)
DRV:64bit: - [2011/03/31 22:06:22 | 000,341,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2011/03/21 12:22:06 | 000,452,200 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/22 13:57:58 | 000,074,824 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TfSysMon.sys -- (TfSysMon)
DRV:64bit: - [2011/02/22 13:57:56 | 000,041,888 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\TfNetMon.sys -- (TfNetMon)
DRV:64bit: - [2011/02/22 13:57:54 | 000,065,072 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TfFsMon.sys -- (TfFsMon)
DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:25:46 | 000,840,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\blackbox.dll -- (BlackBox)
DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/05/07 17:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2010/05/07 17:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2010/02/18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/06 01:34:52 | 000,639,512 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\t3.sys -- (t3)
DRV:64bit: - [2007/09/21 02:13:22 | 000,040,464 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:64bit: - [2007/09/21 02:13:08 | 000,056,336 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2007/09/21 02:13:02 | 000,054,288 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2011/12/10 21:54:17 | 000,035,712 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\BlackBox.sys -- (BlackBox)
DRV - [2011/08/28 19:35:10 | 000,033,408 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\Windows\SysWow64\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.hotspotshield.com/g/?c=h
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DC 35 65 A6 EC 0C CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://games.espn.go...&seasonId=2009"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:0.7.10
FF - prefs.js..extensions.enabledItems: {71328583-3CA7-4809-B4BA-570A85818FBB}:0.6.3
FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.87
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.3.0.1
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe30}:0.7.5
FF - prefs.js..extensions.enabledItems: [email protected]:1.1.0.24

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011/06/06 18:31:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/10 11:07:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/09/26 12:54:18 | 000,000,000 | ---D | M]

[2011/06/06 19:50:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\Mozilla\Extensions
[2011/12/10 21:43:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7c0833sp.default\extensions
[2011/06/06 19:52:00 | 000,000,000 | ---D | M] (Session Manager) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7c0833sp.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}
[2011/06/06 19:52:00 | 000,000,000 | ---D | M] (FlashGot) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7c0833sp.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2011/06/06 19:52:00 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7c0833sp.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2011/06/06 19:52:00 | 000,000,000 | ---D | M] (CacheViewer) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7c0833sp.default\extensions\{71328583-3CA7-4809-B4BA-570A85818FBB}
[2011/12/10 21:43:32 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7c0833sp.default\extensions\{b9fa8f36-4f06-4e4b-ac05-afe999c6985b}
[2011/06/06 19:52:00 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7c0833sp.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/06/06 19:52:03 | 000,000,000 | ---D | M] (Cache Status) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7c0833sp.default\extensions\[email protected]
[2011/06/06 19:52:02 | 000,000,000 | ---D | M] ("YoYo Games InstantPlay") -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7c0833sp.default\extensions\[email protected]
[2011/12/10 21:43:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\igdeurg5.default\extensions
[2011/06/06 19:55:56 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\igdeurg5.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2011/06/06 19:55:56 | 000,000,000 | ---D | M] (CacheViewer) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\igdeurg5.default\extensions\{71328583-3CA7-4809-B4BA-570A85818FBB}
[2011/12/10 21:43:32 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\igdeurg5.default\extensions\{b9fa8f36-4f06-4e4b-ac05-afe999c6985b}
[2011/11/13 17:18:34 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\igdeurg5.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/06/06 19:55:55 | 000,000,000 | ---D | M] (Cache Status) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\igdeurg5.default\extensions\[email protected]
[2011/09/05 23:39:20 | 000,000,000 | ---D | M] ("NetVideoHunter") -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\igdeurg5.default\extensions\[email protected]
[2011/06/06 19:55:56 | 000,000,000 | ---D | M] ("YoYo Games InstantPlay") -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\igdeurg5.default\extensions\[email protected]
[2011/11/18 13:22:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/09/02 19:27:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
[2011/06/06 19:22:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\Access Privileges Test
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\TRAVIS DRAKE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7C0833SP.DEFAULT\EXTENSIONS\{1280606B-2510-4FE0-97EF-9B5A22EAFE30}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\TRAVIS DRAKE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7C0833SP.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\TRAVIS DRAKE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7C0833SP.DEFAULT\EXTENSIONS\{59C81DF5-4B7A-477B-912D-4E0FDF64E5F2}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\TRAVIS DRAKE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7C0833SP.DEFAULT\EXTENSIONS\{71328583-3CA7-4809-B4BA-570A85818FBB}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\TRAVIS DRAKE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7C0833SP.DEFAULT\EXTENSIONS\{E4A8A97B-F2ED-450B-B12D-EE082BA24781}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\TRAVIS DRAKE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7C0833SP.DEFAULT\EXTENSIONS\[email protected]
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\TRAVIS DRAKE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7C0833SP.DEFAULT\EXTENSIONS\[email protected]
File not found (No name found) -- C:\PROGRAM FILES\ADOBE\ACROBAT 10.0\ACROBAT\BROWSER\WCFIREFOXEXTN
File not found (No name found) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/11/10 11:07:12 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/09/02 19:27:32 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 01:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/11/10 11:07:12 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/08/17 18:18:40 | 000,000,854 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2:64bit: - BHO: (no name) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - No CLSID value found.
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [ThreatFire] C:\Program Files (x86)\ThreatFire\TFTray.exe (PC Tools)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [MouseNotifierVerifier] C:\ProgramData\MouseNotifierVerifier.dll ()
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1979 ([http] in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creat...13/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creat...15117/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7C5F6B1A-9618-4651-A4E4-70D0E3588393}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{2aaa164f-78df-11e0-b9d2-002564eb6359}\Shell - "" = AutoRun
O33 - MountPoints2\{2aaa164f-78df-11e0-b9d2-002564eb6359}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O33 - MountPoints2\{2aaa1672-78df-11e0-b9d2-002564eb6359}\Shell - "" = AutoRun
O33 - MountPoints2\{2aaa1672-78df-11e0-b9d2-002564eb6359}\Shell\AutoRun\command - "" = J:\setup.exe
O33 - MountPoints2\{dcfd731b-8a68-11e0-b9dd-002564eb6359}\Shell - "" = AutoRun
O33 - MountPoints2\{dcfd731b-8a68-11e0-b9dd-002564eb6359}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O33 - MountPoints2\K\Shell - "" = AutoRun
O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/10 22:36:25 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Admin\Desktop\aswMBR.exe
[2011/12/10 22:15:20 | 003,243,768 | ---- | C] (Javacool Software LLC ) -- C:\Users\Admin\Desktop\spywareblastersetup45.exe
[2011/12/10 22:14:30 | 022,668,080 | ---- | C] (Emsi Software GmbH ) -- C:\Users\Admin\Desktop\OnlineArmorSetup.exe
[2011/12/10 22:12:44 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
[2011/12/02 12:58:35 | 002,315,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tquery.dll
[2011/12/02 12:58:35 | 002,223,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssrch.dll
[2011/12/02 12:58:35 | 001,549,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tquery.dll
[2011/12/02 12:58:35 | 001,401,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssrch.dll
[2011/12/02 12:58:35 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssph.dll
[2011/12/02 12:58:35 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchProtocolHost.exe
[2011/12/02 12:58:34 | 000,778,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssvp.dll
[2011/12/02 12:58:34 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssvp.dll
[2011/12/02 12:58:34 | 000,491,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssph.dll
[2011/12/02 12:58:34 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssphtb.dll
[2011/12/02 12:58:34 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchFilterHost.exe
[2011/12/02 12:58:34 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscntrs.dll
[2011/12/02 12:58:34 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msscntrs.dll
[2011/12/02 12:58:33 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xmllite.dll
[2011/12/02 12:58:19 | 002,565,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\esent.dll
[2011/12/02 12:58:19 | 001,699,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\esent.dll
[2011/12/02 12:58:19 | 000,189,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys
[2011/12/02 12:58:19 | 000,107,904 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdsata.sys
[2011/12/02 12:58:19 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fsutil.exe
[2011/12/02 12:58:19 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fsutil.exe
[2011/12/02 12:58:19 | 000,027,008 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdxata.sys
[2011/12/02 12:57:31 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2011/12/02 12:57:31 | 000,007,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[2011/12/02 12:45:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ThreatFire
[2011/12/02 12:45:22 | 000,074,824 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\TfSysMon.sys
[2011/12/02 12:45:22 | 000,065,072 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\TfFsMon.sys
[2011/12/02 12:45:22 | 000,041,888 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\TfNetMon.sys
[2011/12/02 12:45:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ThreatFire
[2011/12/02 12:45:21 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011/11/28 00:15:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\King Arthur's Gold
[2011/11/28 00:15:42 | 000,000,000 | ---D | C] -- C:\KAG
[2011/11/26 15:57:47 | 000,000,000 | ---D | C] -- C:\Users\Admin\Documents\Nemesys
[2011/11/26 15:19:21 | 000,000,000 | ---D | C] -- C:\Users\Admin\Documents\Gaslamp Games
[2011/11/18 13:33:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
[2011/11/18 13:33:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony
[2011/11/15 11:39:52 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Chromium
[2011/11/14 16:09:44 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\AMD
[2011/11/14 16:09:39 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2011/11/14 16:09:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2011/11/14 16:09:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
[2011/11/14 16:09:25 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD
[2011/11/14 16:09:23 | 000,046,136 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdiox64.sys
[2011/11/14 16:07:35 | 000,000,000 | ---D | C] -- C:\ATI
[2011/11/13 21:47:09 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Scoregasm
[2011/11/13 14:41:54 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Jasper's Journeys
[2011/11/13 14:41:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Jasper's Journeys
[2011/11/12 15:06:04 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\Read
[2011/11/11 19:25:55 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Nicalis
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/10 22:36:33 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Admin\Desktop\aswMBR.exe
[2011/12/10 22:15:29 | 022,668,080 | ---- | M] (Emsi Software GmbH ) -- C:\Users\Admin\Desktop\OnlineArmorSetup.exe
[2011/12/10 22:15:23 | 003,243,768 | ---- | M] (Javacool Software LLC ) -- C:\Users\Admin\Desktop\spywareblastersetup45.exe
[2011/12/10 22:12:45 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
[2011/12/10 22:07:33 | 000,014,416 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/10 22:07:33 | 000,014,416 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/10 22:06:06 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/12/10 22:06:06 | 000,623,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/12/10 22:06:06 | 000,106,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/12/10 22:00:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/10 21:59:56 | 536,174,591 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/10 21:54:17 | 000,035,712 | ---- | M] () -- C:\Windows\SysWow64\drivers\BlackBox.sys
[2011/12/10 21:43:31 | 000,095,744 | ---- | M] () -- C:\ProgramData\MouseNotifierVerifier.dll
[2011/12/02 13:02:21 | 000,387,776 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/11/28 18:46:41 | 000,011,810 | ---- | M] () -- C:\Users\Admin\Desktop\GS6_Drake, Travis Jordan.pdf
[2011/11/26 19:08:06 | 002,592,916 | ---- | M] () -- C:\Users\Admin\Desktop\Colquitt et al (2001).pdf
[2011/11/26 14:23:43 | 000,097,318 | ---- | M] () -- C:\Users\Admin\Desktop\tumblr_lush46z2Hn1qminlvo1_500.jpg
[2011/11/18 13:36:31 | 000,002,612 | ---- | M] () -- C:\Users\Admin\Documents\Register Vegas Pro.htm
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/10 22:37:04 | 000,000,512 | ---- | C] () -- C:\Users\Admin\Desktop\MBR.dat
[2011/12/10 21:51:03 | 000,035,712 | ---- | C] () -- C:\Windows\SysWow64\drivers\BlackBox.sys
[2011/12/10 21:43:31 | 000,095,744 | ---- | C] () -- C:\ProgramData\MouseNotifierVerifier.dll
[2011/11/28 18:46:41 | 000,011,810 | ---- | C] () -- C:\Users\Admin\Desktop\GS6_Drake, Travis Jordan.pdf
[2011/11/26 19:08:06 | 002,592,916 | ---- | C] () -- C:\Users\Admin\Desktop\Colquitt et al (2001).pdf
[2011/11/26 14:23:42 | 000,097,318 | ---- | C] () -- C:\Users\Admin\Desktop\tumblr_lush46z2Hn1qminlvo1_500.jpg
[2011/10/12 16:16:30 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll
[2011/09/26 12:54:48 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/08/03 10:24:05 | 000,000,760 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\setup_ldm.iss
[2011/08/01 17:46:02 | 000,000,000 | ---- | C] () -- C:\Windows\CorelDrw.INI
[2011/08/01 17:44:05 | 000,000,041 | ---- | C] () -- C:\Windows\CorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.ini
[2011/08/01 17:44:05 | 000,000,041 | ---- | C] () -- C:\Windows\CorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.ini
[2011/08/01 17:44:05 | 000,000,039 | ---- | C] () -- C:\Windows\CorelPP.iniCorelPP.iniCorelPP.ini
[2011/08/01 17:44:05 | 000,000,038 | ---- | C] () -- C:\Windows\CorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.ini
[2011/08/01 17:44:05 | 000,000,038 | ---- | C] () -- C:\Windows\CorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.ini
[2011/08/01 17:44:05 | 000,000,037 | ---- | C] () -- C:\Windows\CorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.ini
[2011/08/01 17:44:05 | 000,000,035 | ---- | C] () -- C:\Windows\CorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.ini
[2011/08/01 17:44:05 | 000,000,033 | ---- | C] () -- C:\Windows\CorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.ini
[2011/08/01 17:44:05 | 000,000,032 | ---- | C] () -- C:\Windows\CorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.ini
[2011/08/01 17:44:05 | 000,000,030 | ---- | C] () -- C:\Windows\CorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.ini
[2011/08/01 17:44:05 | 000,000,030 | ---- | C] () -- C:\Windows\CorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.ini
[2011/08/01 17:44:05 | 000,000,030 | ---- | C] () -- C:\Windows\CorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.ini
[2011/08/01 17:44:05 | 000,000,030 | ---- | C] () -- C:\Windows\CorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.ini
[2011/08/01 17:44:05 | 000,000,030 | ---- | C] () -- C:\Windows\CorelPP.iniCorelPP.ini
[2011/08/01 17:44:05 | 000,000,029 | ---- | C] () -- C:\Windows\CorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.ini
[2011/08/01 17:44:05 | 000,000,029 | ---- | C] () -- C:\Windows\CorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.ini
[2011/08/01 17:44:05 | 000,000,028 | ---- | C] () -- C:\Windows\CorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.ini
[2011/08/01 17:44:05 | 000,000,027 | ---- | C] () -- C:\Windows\CorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.ini
[2011/08/01 17:44:05 | 000,000,024 | ---- | C] () -- C:\Windows\CorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.ini
[2011/08/01 17:44:05 | 000,000,024 | ---- | C] () -- C:\Windows\CorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.iniCorelPP.ini
[2011/08/01 17:44:05 | 000,000,023 | ---- | C] () -- C:\Windows\CorelPP.ini
[2011/06/15 18:04:38 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2011/06/12 09:40:13 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2011/06/12 09:40:13 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2011/06/06 18:54:12 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2011/05/07 15:55:42 | 000,083,366 | ---- | C] () -- C:\Windows\War3Unin.dat
[2011/04/29 14:34:11 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/03/31 22:07:02 | 010,877,272 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2011/03/31 22:07:02 | 000,102,744 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011/03/31 22:06:56 | 000,331,608 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2011/03/17 16:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2009/08/26 04:29:28 | 000,150,016 | ---- | C] () -- C:\Windows\SysWow64\OemSpiE.dll
[2009/07/13 22:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 19:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 19:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 17:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 14:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/01/14 01:47:24 | 000,001,436 | ---- | C] () -- C:\Windows\CfgHPSp.ini
[2009/01/14 01:47:24 | 000,001,434 | ---- | C] () -- C:\Windows\Cfg05Sp.ini
[2009/01/14 01:47:24 | 000,001,434 | ---- | C] () -- C:\Windows\Cfg04Sp.ini
[2009/01/14 01:47:24 | 000,001,091 | ---- | C] () -- C:\Windows\Cfg03Sp.ini
[2009/01/14 01:47:24 | 000,001,091 | ---- | C] () -- C:\Windows\Cfg02Sp.ini
[2009/01/14 01:47:24 | 000,001,000 | ---- | C] () -- C:\Windows\Cfg01Sp.ini
[2009/01/14 01:47:24 | 000,000,932 | ---- | C] () -- C:\Windows\CfgHPHp.ini
[2009/01/14 01:47:24 | 000,000,932 | ---- | C] () -- C:\Windows\CfgHPDO.ini
[2009/01/14 01:47:24 | 000,000,932 | ---- | C] () -- C:\Windows\Cfg05DO.ini
[2009/01/14 01:47:24 | 000,000,932 | ---- | C] () -- C:\Windows\Cfg04DO.ini
[2009/01/14 01:47:24 | 000,000,930 | ---- | C] () -- C:\Windows\Cfg05Hp.ini
[2009/01/14 01:47:24 | 000,000,930 | ---- | C] () -- C:\Windows\Cfg04Hp.ini
[2009/01/14 01:47:24 | 000,000,818 | ---- | C] () -- C:\Windows\Cfg01APR.ini
[2009/01/14 01:47:24 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg03Hp.ini
[2009/01/14 01:47:24 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg03DO.ini
[2009/01/14 01:47:24 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg02Hp.ini
[2009/01/14 01:47:24 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg02DO.ini
[2009/01/14 01:47:24 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg01Hp.ini
[2009/01/14 01:47:24 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg01DO.ini
[2009/01/14 01:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\CfgHPRMi.ini
[2009/01/14 01:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\CfgHPRLI.ini
[2009/01/14 01:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\CfgHPFMi.ini
[2009/01/14 01:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\CfgHPDI.ini
[2009/01/14 01:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg05RMi.ini
[2009/01/14 01:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg05RLI.ini
[2009/01/14 01:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg05FMi.ini
[2009/01/14 01:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg05DI.ini
[2009/01/14 01:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg04RMi.ini
[2009/01/14 01:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg04RLI.ini
[2009/01/14 01:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg04FMi.ini
[2009/01/14 01:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg04DI.ini
[2009/01/14 01:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg03RMi.ini
[2009/01/14 01:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg03RLI.ini
[2009/01/14 01:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg03FMi.ini
[2009/01/14 01:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg03DI.ini
[2009/01/14 01:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg02RMi.ini
[2009/01/14 01:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg02RLI.ini
[2009/01/14 01:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg02FMi.ini
[2009/01/14 01:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg02DI.ini
[2009/01/14 01:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg01Mic.ini
[2009/01/14 01:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg01LI.ini
[2009/01/14 01:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg01DI.ini
[2004/04/05 12:36:48 | 000,679,936 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2004/02/10 18:15:36 | 000,344,064 | ---- | C] () -- C:\Windows\SysWow64\xvid.dll

< End of report >

OTL Extras logfile created on: 12/10/2011 10:15:50 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Admin\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 4.22 Gb Available Physical Memory | 70.38% Memory free
12.00 Gb Paging File | 9.90 Gb Available in Paging File | 82.51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 556.83 Gb Free Space | 59.78% Space Free | Partition Type: NTFS

Computer Name: ADMIN-PC | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0031FC73-643E-19DB-0A34-F7FF70B2F1E7}" = ccc-utility64
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp version 1.0
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{391ED0B2-B886-A6D0-B1A6-C25A7FE5B452}" = ATI AVIVO64 Codecs
"{4F8A27CA-6788-7965-3259-5C3B9C37FCD8}" = ATI Problem Report Wizard
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{6681A016-C62A-DD7B-7F56-25B1A55CE12A}" = AMD Media Foundation Decoders
"{66C10F29-31F0-4A9B-B2CF-465F488AE086}" = CorelDRAW Graphics Suite X5 - Windows Shell Extension 64 Bit
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{72DECC0F-58E0-0618-C857-43B4D3DB7B75}" = AMD Catalyst Install Manager
"{83ED5086-5D6B-698F-5CD4-2F631DA8FD69}" = AMD Drag and Drop Transcoding
"{B328C018-B179-9A7C-C049-FC079607B10E}" = AMD Fuel
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Unlocker" = Unlocker 1.9.1-x64

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{51DD370C-6690-424E-9674-5F14468B323F}" = Corel Graphics - Windows Shell Extension
"_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW® Graphics Suite X5
"_{D0291D38-D7AE-47B6-AD64-4FAB908FDB9F}" = CorelDRAW Graphics Suite X5 - Extra Content
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{07BFA98D-6DB0-6D9C-95D5-7EF347AF587B}" = HydraVision
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{13557DA4-3AB0-DB9B-B746-1BE901DEC60D}" = AMD VISION Engine Control Center
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{24D9A3E0-D086-4B62-AF93-63CF6B05CB48}" = CorelDRAW Graphics Suite X5 - Custom Data
"{260ED378-2B8C-4831-ADAE-D0712D119AC5}" = CorelDRAW Graphics Suite X5 - VSTA
"{26945917-E053-45F6-AF98-309730CFC318}" = Visual Basic for Applications ® Core
"{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java™ 6 Update 27
"{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime
"{2F29D6D2-824E-4FEF-8AED-7013F39F642A}" = OpenOffice.org 2.3
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3472C84E-2FD0-439F-B27F-C290C1E4CD8B}" = CorelDRAW Graphics Suite X5 - Filters
"{34962E5E-FAC1-D8DF-7070-AA2B58971E31}" = Catalyst Control Center Graphics Previews Common
"{368FCA18-C510-4F87-B60E-192B9BDBAE3D}" = CorelDRAW Graphics Suite X5
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51DD370C-6690-424E-9674-5F14468B323F}" = Corel Graphics - Windows Shell Extension
"{54B8F4A1-02B0-4D32-8F37-925526C0EEC6}" = CorelDRAW Graphics Suite X5 - Connect
"{57400C1E-BC51-4ECE-AD2A-A6096204DDEC}" = CorelDRAW Graphics Suite X5 - VBA
"{59123CCF-FED2-46FF-9293-D1DC80042219}" = CorelDRAW Graphics Suite X5 - Redist
"{62978C1C-FE2E-4A4E-851D-3EB406C9EBC2}" = CorelDRAW Graphics Suite X5 - Draw
"{68EE5C41-2F79-4F36-BE85-22A814F55AF7}" = CorelDRAW Graphics Suite X5 - ES
"{6D592E30-11EC-11E0-859C-0013D3D69929}" = Vegas Pro 10.0
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{7032B400-11EC-11E0-A9BF-0013D3D69929}" = MSVCRT Redists
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{8F18CFF8-8259-4148-AD00-2EE572754E92}" = CorelDRAW Graphics Suite X5 - FR
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9244E956-5939-4B88-930C-0699D4AB2B95}" = CorelDRAW Graphics Suite X5 - WT
"{983F7145-CABF-4EDD-9F3D-E06B2F024BD3}" = CorelDRAW Graphics Suite X5 - FontNav
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A1B04B6B-25BB-48AD-8BD9-D31A86E89F3E}" = CorelDRAW Graphics Suite X5 - PHOTO-PAINT
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{BFE9A442-5D4B-4372-B994-FB4BCEA78662}" = CorelDRAW Graphics Suite X5 - NL
"{CA3861BA-1D96-4D66-B577-318E1602C4F3}" = CorelDRAW Graphics Suite X5 - Common
"{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW Graphics Suite X5 - Setup Files
"{D0291D38-D7AE-47B6-AD64-4FAB908FDB9F}" = CorelDRAW Graphics Suite X5 - Extra Content
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D596EEA2-C6C8-45D3-89DF-FA2DBE99F829}" = Visual Basic for Applications ® Core - English
"{D642FF8D-438D-4545-A1D5-2EDB4BCAE3BA}" = CorelDRAW Graphics Suite X5 - Photozoom Plugin
"{D7D38949-8251-4F07-BC2C-AA767308010B}" = TMPGEnc Authoring Works 4
"{DAABB60F-D2CB-ADC0-6FA7-8B2BB0A78CDA}" = Catalyst Control Center InstallProxy
"{DC43FBD3-3E5D-419D-A981-519F1A3E6F53}" = CorelDRAW Graphics Suite X5 - IT
"{DCF22E37-A8B6-4F78-9D61-3BCB5ED38A50}" = CorelDRAW Graphics Suite X5 - DE
"{DE6CBC04-8673-4DBA-BA81-07F1639CEB5F}" = CorelDRAW Graphics Suite X5 - IPM
"{E34C6AA4-AE8E-4677-912A-92FC2E039DD9}" = CorelDRAW Graphics Suite X5 - EN
"{EDB98D5A-A6FB-425C-BFB7-51A0924B762D}" = CorelDRAW Graphics Suite X5 - Capture
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{EFABB945-0D32-C208-897A-F611F63A19D4}" = CCC Help English
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{FAF34181-8A35-4182-B297-EB7E0F5B7A5A}" = XSplit
"{FD8AE9E2-B61E-4826-9CE7-937E1E9A9EEC}" = CorelDRAW Graphics Suite X5 - BR
"{FD9C31B6-F572-414D-81E3-89368C97A125}_is1" = CamStudio OSS Desktop Recorder
"{FE4B83DE-85CF-4DE5-90CE-A2735A0E1F21}" = CorelDRAW Graphics Suite X5 - VideoBrowser
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"3554AA4B-9B0B-451a-A269-2B5F53982209_is1" = ThreatFire
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ALchemy" = Creative ALchemy
"Amor AVI DivX MPEG to VCD SVCD DVD Creator & Burner_is1" = Amor AVI DivX MPEG to VCD SVCD DVD Creator & Burner 3.1.0.1
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
"AudioCS" = Creative Audio Control Panel
"Bid-O-Matic v2.14.8" = Bid-O-Matic v2.14.8
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition
"DAEMON Tools Lite" = DAEMON Tools Lite
"Diagnostics 4_5" = Creative Diagnostics
"Fraps" = Fraps (remove only)
"hon" = Heroes of Newerth
"Host OpenAL" = Host OpenAL
"King Arthur's Gold (Alpha)_is1" = KAG 0.90A
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Mozilla Firefox 8.0 (x86 en-US)" = Mozilla Firefox 8.0 (x86 en-US)
"Octodad" = Octodad
"OpenAL" = OpenAL
"Steam App 102200" = Runespell: Overture
"Steam App 107100" = Bastion
"Steam App 107210" = Space Pirates and Zombies Demo
"Steam App 107300" = Breath of Death VII
"Steam App 107310" = Cthulhu Saves the World
"Steam App 109700" = Achron
"Steam App 110400" = inMomentum
"Steam App 111800" = Blocks That Matter
"Steam App 113200" = The Binding Of Isaac
"Steam App 1500" = Darwinia
"Steam App 1510" = Uplink
"Steam App 1520" = DEFCON
"Steam App 1530" = Multiwinia
"Steam App 17460" = Mass Effect
"Steam App 200910" = Sequence
"Steam App 201570" = Really Big Sky
"Steam App 202410" = Scoregasm
"Steam App 20900" = The Witcher: Enhanced Edition
"Steam App 22120" = Penumbra: Black Plague
"Steam App 22140" = Penumbra: Requiem
"Steam App 22180" = Penumbra: Overture
"Steam App 22230" = Rock of Ages
"Steam App 22380" = Fallout: New Vegas
"Steam App 22480" = GECK - New Vegas Edition
"Steam App 24420" = Aquaria
"Steam App 26900" = Crayon Physics Deluxe
"Steam App 29800" = Caster
"Steam App 33180" = Zombie Shooter 2
"Steam App 34330" = Total War: SHOGUN 2
"Steam App 3900" = Sid Meier's Civilization IV
"Steam App 3990" = Sid Meier's Civilization IV: Warlords
"Steam App 40930" = The Misadventures of P.B. Winterbottom
"Steam App 41000" = Serious Sam HD: The First Encounter
"Steam App 41010" = Serious Sam HD: The Second Encounter
"Steam App 41210" = Eufloria
"Steam App 45450" = Fortix 2
"Steam App 48950" = Greed Corp
"Steam App 50000" = Nimbus
"Steam App 570" = Dota 2
"Steam App 57300" = Amnesia: The Dark Descent
"Steam App 65800" = Dungeon Defenders
"Steam App 70120" = Hacker Evolution Duality
"Steam App 70400" = Recettear: An Item Shop's Tale
"Steam App 7670" = BioShock
"Steam App 80200" = Fate of the World
"Steam App 80310" = Gemini Rue
"Steam App 8800" = Sid Meier's Civilization IV: Beyond the Sword
"Steam App 8930" = Sid Meier's Civilization V
"Steam App 91600" = Sanctum
"Steam App 98600" = Demolition, Inc.
"Steam App 98800" = Dungeons of Dredmor
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.11
"Warcraft III" = Warcraft III
"WaveStudio 7" = Creative WaveStudio 7
"WinRAR archiver" = WinRAR 4.01 (32-bit)
"XNote Stopwatch" = XNote Stopwatch
"YTdetect" = Yahoo! Detect

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Warcraft III" = Warcraft III: All Products

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >









EDIT: also, here is this log:

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-12-11 00:14:24
-----------------------------
00:14:24.938 OS Version: Windows x64 6.1.7601 Service Pack 1
00:14:24.938 Number of processors: 4 586 0x402
00:14:24.939 ComputerName: ADMIN-PC UserName: Admin
00:14:26.334 Initialize success
00:14:55.044 AVAST engine defs: 11121001
00:15:00.355 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
00:15:00.360 Disk 0 Vendor: ST31000528AS CC45 Size: 953869MB BusType: 3
00:15:00.388 Disk 0 MBR read successfully
00:15:00.393 Disk 0 MBR scan
00:15:00.403 Disk 0 Windows 7 default MBR code
00:15:00.410 Service scanning
00:15:01.688 Modules scanning
00:15:01.696 Disk 0 trace - called modules:
00:15:01.706 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
00:15:01.715 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800627e060]
00:15:01.724 3 CLASSPNP.SYS[fffff8800160143f] -> nt!IofCallDriver -> [0xfffffa80052e0520]
00:15:01.734 5 ACPI.sys[fffff88000ebe7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80052e2060]
00:15:05.510 AVAST engine scan C:\Windows
00:15:08.049 AVAST engine scan C:\Windows\system32
00:16:57.827 AVAST engine scan C:\Windows\system32\drivers
00:17:09.971 AVAST engine scan C:\Users\Admin
00:17:56.759 File: C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\703ca81f-5dd20d93 **INFECTED** Win32:FakeAlert-BNM [Trj]
00:17:57.806 File: C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\13152fba-60e1cad3 **INFECTED** Win32:Kryptik-FYL [Trj]
00:20:38.111 AVAST engine scan C:\ProgramData
00:21:02.798 Scan finished successfully
00:22:43.173 Disk 0 MBR has been saved successfully to "C:\Users\Admin\Desktop\MBR.dat"
00:22:43.177 The log file has been saved successfully to "C:\Users\Admin\Desktop\aswMBR.txt"

Edited by tjdrake719, 11 December 2011 - 01:23 AM.

  • 0

Advertisements

#2
Essexboy
Posted 11 December 2011 - 07:36 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there lets look a tad deeper for you

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Files
    ipconfig /flushdns /c
    C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\703ca81f-5dd20d93
    C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\13152fba-60e1cad3

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Please download MBRCheck.exe to your Desktop. Run the application.

If no infection is found, it will produce a report on the desktop. Post that report in your next reply.

If an infection is found, you will be presented with the following dialog:

Enter 'Y' and hit ENTER for more options, or 'N' to exit:



Type N and press Enter. A report will be produced on the desktop. Post that report in your next reply.

AND FINALLY

Do the following:
  • Click on the Start button and then choose Control Panel.
  • Click on the System and Security link.

    Note: If you're viewing the Large icons or Small icons view of Control Panel, you won't see this link so just click on the Administrative Tools icon and skip to Step 4.
  • In the System and Security window, click on the Administrative Tools heading located near the bottom of the window.
  • In the Administrative Tools window, double-click on the Computer Management icon.
  • When Computer Management opens, click on Disk Management on the left side of the window, located under Storage.

    After a brief loading period, Disk Management should now appear on the right side of the Computer Management window.

    Note: If you don't see Disk Management listed, you may need to click on the |> icon to the left of the Storage icon.
Take a screen Shot of the Disk Management Window and attach the screen shot to your reply.
  • 0

#3
tjdrake719
Posted 11 December 2011 - 12:53 PM

tjdrake719

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
There you go. System still showing symptoms. Also, thank you for taking my case so quickly, it is much appreciated.

Attached Thumbnails

  • DiskManagement.jpg

Attached Files


Edited by tjdrake719, 11 December 2011 - 01:23 PM.

  • 0

#4
Essexboy
Posted 11 December 2011 - 02:49 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK the really bad one is ruled out for now

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#5
tjdrake719
Posted 11 December 2011 - 04:10 PM

tjdrake719

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Attached is the combofix log.


Redirect of websearches and popups seem to be gone/fixed.

When I try to start the windows defender as recommended by windows, I get this error message: "The specified service does not exist as an installed service. (Error Code: 0x80070424)

Attached Files


  • 0

#6
Essexboy
Posted 11 December 2011 - 04:14 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
I may have a fix for that :cool: On completion of these runs can you let me know what problems remain

Download the attached zip fileto your desktop

Extract the .reg file also to the desktop
Right click windef.reg
Select merge
Accept the warnings
Reboot and then try defender

THEN

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
  • 0

#7
tjdrake719
Posted 11 December 2011 - 04:25 PM

tjdrake719

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
That reg fix took care of windows defender, thanks.

Here is the mbam log:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8353

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

12/11/2011 3:23:05 PM
mbam-log-2011-12-11 (15-23-05).txt

Scan type: Quick scan
Objects scanned: 172727
Time elapsed: 1 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#8
Essexboy
Posted 11 December 2011 - 04:34 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Any problems remaining ?
  • 0

#9
tjdrake719
Posted 11 December 2011 - 04:48 PM

tjdrake719

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
None that I know of, it appears to be symptom free. Thanks for your expertise and help.
  • 0

#10
Essexboy
Posted 11 December 2011 - 04:53 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [emptytemp]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Remove ComboFix

  • Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
  • In the Run box, type in ComboFix /Uninstall (Notice the space between the "x" and "/") then click OK

    Posted Image
  • Follow the prompts on the screen
  • A message should appear confirming that ComboFix was uninstalled

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

Posted Image
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click Do I have Java
  • It will check your current version and then offer to update to the latest version

SPRING CLEAN

To manually create a new Restore Point
  • Go to Control Panel and select System
  • Select System
  • On the left select System Protection and accept the warning if you get one
  • Select System Protection Tab
  • Select Create at the bottom
  • Type in a name i.e. Clean
  • Select Create

Now we can purge the infected ones
  • GoStart > All programs > Accessories > system tools
  • Right click Disc cleanup and select run as administrator
  • Select Your main drive and accept the warning if you get one
  • For a few moments the system will make some calculations
  • Select the More Options tab
  • In the System Restore and Shadow Backups select Clean up
  • Select Delete on the pop up
  • Select OK
  • Select Delete

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
Posted Image
Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?

Keep safe :wave:
  • 0

#11
Essexboy
Posted 15 December 2011 - 02:21 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP