Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

System Fix Virus


  • Please log in to reply

#1
Lorenzo Baltazar Perez

Lorenzo Baltazar Perez

    Member

  • Member
  • PipPip
  • 56 posts
Hello and thank you in advance.

My sisters PC is infected with the System Fix Virus which wipes you start menu clean and turns your desktop black with nothing but My Computer icon and Recycle Bin left. It also pops up about 30 windows of errors that read "Failed to write all the components to the file \system32\ XXXXX The file is corrupted or unreachable. Below is the initial OTL log.


OTL Extras logfile created on: 12/16/2011 6:47:40 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Lil Miss Cris\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 2.31 Gb Available Physical Memory | 80.25% Memory free
5.95 Gb Paging File | 5.55 Gb Available in Paging File | 93.33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 48.83 Gb Total Space | 13.98 Gb Free Space | 28.63% Space Free | Partition Type: NTFS
Drive D: | 10.95 Gb Total Space | 5.20 Gb Free Space | 47.54% Space Free | Partition Type: NTFS
Drive E: | 238.31 Gb Total Space | 237.86 Gb Free Space | 99.81% Space Free | Partition Type: NTFS
Drive H: | 3.74 Gb Total Space | 3.72 Gb Free Space | 99.61% Space Free | Partition Type: FAT32
Drive J: | 698.64 Gb Total Space | 626.44 Gb Free Space | 89.67% Space Free | Partition Type: NTFS

Computer Name: STUDIOMIXER | User Name: Lil Miss Cris | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{19A2549D-40E8-4970-932E-756EEC33C58B}" = lport=10243 | protocol=6 | dir=in | app=system |
"{4805EB00-5895-4B8A-9406-EE0870DF3AFC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4B160B6B-9D4F-4701-8E2C-E725B0F1114D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{50C640FA-10BF-40C6-855F-BFD089A5CB5C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{58D2EB1F-0CF2-437E-BA0E-B2FD4239A3C4}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5EC8A473-122A-499F-9B26-14A8427FB53B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5F25B37C-C38E-4139-82CB-5B8AD8F8C54B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{638F0373-667B-45DF-9CF0-A618DD7311CE}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CFB9FDA0-B42E-438C-9DDD-FF24AABA0409}" = rport=10243 | protocol=6 | dir=out | app=system |
"{D1C0D664-F6E4-4096-A495-C62FE00ECF79}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{DCB16093-3EB9-4888-A459-10ACC77DBF78}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E1AA21D9-7103-4673-8CFA-18A3F6E4FCF6}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{E6559049-8C90-4B31-BE4C-62E8AA0232B7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F26994F4-5A3F-426F-9383-94B9E68F444E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F2BB95E5-54F3-472F-8FA5-1335B0F44BDE}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{F5925924-DFC5-4EED-AFFE-54F6C35D3630}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{FA1997DF-880E-4FA2-85E8-D713BF40F229}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04BD7B93-94D5-4010-B280-7B7B1C90ADF9}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{05FF4692-1CB4-4F77-BB33-D2C1F9DE6C7C}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{09D81E40-EAA4-4AF9-AB9E-F87001007BF0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0ECCACD3-79FB-416F-8E45-DE5D01C132F2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{14CDC57D-0F26-46E6-AD5A-7D3D899F0637}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2973FBAB-E38B-4215-9B1F-D7B63C9D3009}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4C87CA03-BD06-44D7-916F-83E12CC67068}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{54F6DA31-FDF1-4327-B65E-0E8A73843626}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{67F1C394-85F9-4490-9D98-84674FE77022}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6D94F3C4-265D-446C-9BA6-372BE830E1BB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{6DB032E7-6E0E-41FE-9FB0-CECE0C65AC31}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7086AAA1-62C6-45C8-84CF-7059B7CA03D1}" = dir=in | app=j:\itunes\itunes.exe |
"{7F7961E1-EA2B-48EF-A35F-2555A14FAA1B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{8CADEB7B-5831-4C43-B24C-90093E4A97F4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{95A0B000-1EA0-448E-A2EC-20C665484CFE}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{A83D80EA-B8AC-4B98-A9CF-45B785A7B3CF}" = protocol=6 | dir=in | app=j:\program files\veetle\player\veetlenet.exe |
"{BC6BEF04-765D-4504-BC0D-2AF1C4B67213}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C543FB69-EE2A-4CDD-BD7D-9434C8178A5E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D125D4DC-FF63-48A4-BB61-4EBEE189DA19}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DC0B69EE-AC04-419B-95BE-ABFF0DA50CD0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E5C5D2CC-173E-4771-8702-ECF47AD4343D}" = protocol=6 | dir=out | app=system |
"{E9542A44-9FF3-47A8-AC8E-1BBD3CD5BFC8}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F521AD47-22E1-4F1E-AA19-590E81838DFA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{1A631EB2-1959-41E1-BCFD-C843F7AB9186}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{8DB110A3-550D-4A3E-80B3-8CF0479E3619}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{A5E74C5B-D5C8-4528-BE13-3A69A6AA9AE0}C:\program files\bitlord\bitlord.exe" = protocol=6 | dir=in | app=c:\program files\bitlord\bitlord.exe |
"TCP Query User{B6A91314-EDA6-4A51-9CC3-1EA3B08E8B97}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{EB07F6E8-EAF5-499E-A225-A7D19B4180FC}C:\program files\nero\nero 7\nero home\nerohome.exe" = protocol=6 | dir=in | app=c:\program files\nero\nero 7\nero home\nerohome.exe |
"UDP Query User{926269AF-DCF3-479D-9348-F747A5130267}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{95A1B4EB-D74D-4688-8F1F-AD0F729C8B79}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{CE744050-9F57-43B6-A8FD-D59FF4B16D3B}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{DC406414-8B00-4B2F-B692-EF0FA12274CF}C:\program files\nero\nero 7\nero home\nerohome.exe" = protocol=17 | dir=in | app=c:\program files\nero\nero 7\nero home\nerohome.exe |
"UDP Query User{FCAA1E18-6391-40EA-BA82-156240B91B02}C:\program files\bitlord\bitlord.exe" = protocol=17 | dir=in | app=c:\program files\bitlord\bitlord.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP470_series" = Canon MP470 series
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java™ 6 Update 26
"{29ED20C9-5E15-4969-9279-25BF3727A3DA}" = iTunes
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{43FFE159-3199-4188-A1CD-629166AD1033}" = Nero 7 Ultra Edition
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{53CDAAAB-6D41-4A36-BAA4-90261DE31B13}" = NetZero For Cosmi
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B0DA03A-8334-4127-B788-CC44F2F462DB}" = Jewel Quest
"{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}" = Apple Mobile Device Support
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-1033-0000-7760-000000000001}" = Adobe Acrobat 6.0 Professional
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DEE88727-779B-47A9-ACEF-F87CA5F92A65}" = ScanSoft OmniPage SE 4
"{E064390A-2F64-4195-9A55-30D4B20B865A}" = WDCSAM Driver
"{E89B484C-B913-49A0-959B-89E836001658}" = GEAR 32bit Driver Installer
"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
"{F9F6CF4F-4CA5-498C-AE20-99A0C2B60918}" = Jewel Quest - Sleepless Star
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AviSynth" = AviSynth 2.5
"Canon MP470 series User Registration" = Canon MP470 series User Registration
"CANONIJPLM100" = PIXMA Extended Survey Program
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Google Chrome" = Google Chrome
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MixMeister Fusion 7.2.2_is1" = MixMeister Fusion 7.2.2
"Mozilla Firefox 8.0 (x86 en-US)" = Mozilla Firefox 8.0 (x86 en-US)
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"MP3 Rocket" = MP3 Rocket
"Seven Seas Deluxe 1.13" = Seven Seas Deluxe 1.13
"TipTop Deluxe 1.1" = TipTop Deluxe 1.1
"Veetle TV" = Veetle TV
"WinRAR archiver" = WinRAR archiver

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/16/2011 8:39:04 PM | Computer Name = Studiomixer | Source = RasClient | ID = 20227
Description =

Error - 12/16/2011 8:40:36 PM | Computer Name = Studiomixer | Source = RasClient | ID = 20227
Description =

Error - 12/16/2011 9:44:50 PM | Computer Name = Studiomixer | Source = WinMgmt | ID = 10
Description =

Error - 12/16/2011 9:47:00 PM | Computer Name = Studiomixer | Source = RasClient | ID = 20227
Description =

Error - 12/16/2011 9:51:02 PM | Computer Name = Studiomixer | Source = EventSystem | ID = 4609
Description =

Error - 12/16/2011 9:51:11 PM | Computer Name = Studiomixer | Source = WinMgmt | ID = 10
Description =

Error - 12/16/2011 10:32:22 PM | Computer Name = Studiomixer | Source = EventSystem | ID = 4609
Description =

Error - 12/16/2011 10:32:32 PM | Computer Name = Studiomixer | Source = WinMgmt | ID = 10
Description =

Error - 12/16/2011 10:34:37 PM | Computer Name = Studiomixer | Source = EventSystem | ID = 4609
Description =

Error - 12/16/2011 10:36:15 PM | Computer Name = Studiomixer | Source = EventSystem | ID = 4609
Description =

[ System Events ]
Error - 12/16/2011 9:51:02 PM | Computer Name = Studiomixer | Source = DCOM | ID = 10005
Description =

Error - 12/16/2011 9:51:06 PM | Computer Name = Studiomixer | Source = DCOM | ID = 10005
Description =

Error - 12/16/2011 9:51:11 PM | Computer Name = Studiomixer | Source = Service Control Manager | ID = 7001
Description =

Error - 12/16/2011 9:51:11 PM | Computer Name = Studiomixer | Source = Service Control Manager | ID = 7026
Description =

Error - 12/16/2011 10:32:16 PM | Computer Name = Studiomixer | Source = DCOM | ID = 10005
Description =

Error - 12/16/2011 10:32:22 PM | Computer Name = Studiomixer | Source = DCOM | ID = 10005
Description =

Error - 12/16/2011 10:32:26 PM | Computer Name = Studiomixer | Source = DCOM | ID = 10005
Description =

Error - 12/16/2011 10:32:33 PM | Computer Name = Studiomixer | Source = Service Control Manager | ID = 7001
Description =

Error - 12/16/2011 10:32:33 PM | Computer Name = Studiomixer | Source = Service Control Manager | ID = 7026
Description =

Error - 12/16/2011 10:33:07 PM | Computer Name = Studiomixer | Source = DCOM | ID = 10005
Description =


< End of report >
  • 0

Advertisements


#2
Lorenzo Baltazar Perez

Lorenzo Baltazar Perez

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
This was run in safe mode with networking. If I need to run it in a normal mode please let me know and I will post a new log. Thank You.
  • 0

#3
Nedklaw

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hello, Lorenzo Baltazar Perez! :wave:

:welcome: I'm Nedklaw and I'll be glad to help you with your malware issues. :)

I am currently still in training and my posts have to be approved by an expert so please expect a delay between my posts.

These instructions are specifically designed for Lorenzo Baltazar Perez only. No one else should follow these instructions because it can cause serious damage to your computer.

Before we start to clean your computer of malware, please read through the following points to help me and you, and prevent damage to your computer:
  • Please completely read through all of the instructions given to you before attempting to follow them. Reading too lightly will cause you to miss important steps, which could have DESTRUCTIVE effects. If you can't perform a certain step or you are unsure about what to do, let me know!
  • Don't be afraid to ask questions! If you are unsure about anything, ask me! No question is considered stupid here!
  • Be patient with me, logs can take some time to research and my life can mean that I'm busy.
  • Please copy and paste all logs into your reply. Do not attach logs to a post unless I tell you to or if they don't fit in the post.
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • NEVER fix anything in OTL or other programs on your own! This can be very dangerous and cause harm to your system.
  • Refrain from running any other tools apart from the ones I tell you to.
Note: You should save or print out my instructions for easy reference, as part of the fix may be in Safe Mode and you won't be able to access GeeksToGo.


Step 1

Could you also post OTL.txt which should be in the same location as Extras.txt.


Step 2

Download aswMBR.exe (1.8mb) to your desktop.

Double click aswMBR.exe to run it.

Click the "Scan" button to start the scan.

Posted Image

On completion of the scan click save log, save it to your desktop and post it in your next reply.

Posted Image

Step 3

  • Click on the Start button and then choose Control Panel.
  • Click on the System and Security link.

    Note: If you're viewing the Large icons or Small icons view of Control Panel, you won't see this link so just click on the Administrative Tools icon and skip to Step 4.
  • In the System and Security window, click on the Administrative Tools heading located near the bottom of the window.
  • In the Administrative Tools window, double-click on the Computer Management icon.
  • When Computer Management opens, click on Disk Management on the left side of the window, located under Storage.

    After a brief loading period, Disk Management should now appear on the right side of the Computer Management window.

    Note: If you don't see Disk Management listed, you may need to click on the |> icon to the left of the Storage icon.
Take a screen Shot of the Disk Management Window and attach the screen shot to your reply.


Things I want to see in your next reply

  • OTL.txt
  • aswMBR.txt
  • A screenshot of the Disk Management Window

  • 0

#4
Lorenzo Baltazar Perez

Lorenzo Baltazar Perez

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
Here is the OTL Log


OTL logfile created on: 12/16/2011 6:47:40 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Lil Miss Cris\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 2.31 Gb Available Physical Memory | 80.25% Memory free
5.95 Gb Paging File | 5.55 Gb Available in Paging File | 93.33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 48.83 Gb Total Space | 13.98 Gb Free Space | 28.63% Space Free | Partition Type: NTFS
Drive D: | 10.95 Gb Total Space | 5.20 Gb Free Space | 47.54% Space Free | Partition Type: NTFS
Drive E: | 238.31 Gb Total Space | 237.86 Gb Free Space | 99.81% Space Free | Partition Type: NTFS
Drive H: | 3.74 Gb Total Space | 3.72 Gb Free Space | 99.61% Space Free | Partition Type: FAT32
Drive J: | 698.64 Gb Total Space | 626.44 Gb Free Space | 89.67% Space Free | Partition Type: NTFS

Computer Name: STUDIOMIXER | User Name: Lil Miss Cris | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/16 18:47:23 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Lil Miss Cris\Downloads\OTL.exe
PRC - [2011/12/07 03:16:29 | 001,047,096 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2009/04/10 22:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/20 18:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe


========== Modules (No Company Name) ==========

MOD - [2011/12/07 03:16:28 | 000,411,192 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\16.0.912.63\ppgooglenaclpluginchrome.dll
MOD - [2011/12/07 03:16:27 | 003,767,864 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\16.0.912.63\pdf.dll
MOD - [2011/12/07 03:14:56 | 000,122,952 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\16.0.912.63\avutil-51.dll
MOD - [2011/12/07 03:14:55 | 000,222,280 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\16.0.912.63\avformat-53.dll
MOD - [2011/12/07 03:14:53 | 001,746,504 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\16.0.912.63\avcodec-53.dll
MOD - [2011/12/06 23:22:33 | 008,593,056 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\16.0.912.63\gcswf32.dll


========== Win32 Services (SafeList) ==========

SRV - [2008/01/20 18:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/04/13 07:49:00 | 000,101,528 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)


========== Driver Services (SafeList) ==========

DRV - [2009/04/10 20:45:24 | 000,113,664 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST) RMCAST (Pgm)
DRV - [2009/04/10 20:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2008/01/20 18:23:02 | 004,422,560 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2006/11/01 23:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm60x32.sys -- (NVENETFD)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A8 6A 92 EF 65 B2 CC 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.2.20100127023632
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.3.0.7280

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: J:\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: J:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: J:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/10 20:03:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/08/07 15:59:46 | 000,000,000 | ---D | M]

[2009/12/25 01:13:40 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Lil Miss Cris\AppData\Roaming\Mozilla\Extensions
[2011/07/23 14:30:07 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Lil Miss Cris\AppData\Roaming\Mozilla\Firefox\Profiles\hda294n5.default\extensions
[2011/01/02 14:02:32 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Lil Miss Cris\AppData\Roaming\Mozilla\Firefox\Profiles\hda294n5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/11/10 20:04:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/05/29 11:01:13 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011/11/10 20:03:59 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/09/17 12:05:54 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/10 20:03:59 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Acrobat 6.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Veetle TV Player (Enabled) = J:\Program Files\Veetle\Player\npvlc.dll
CHR - plugin: Veetle TV Core (Enabled) = J:\Program Files\Veetle\plugins\npVeetle.dll
CHR - plugin: iTunes Application Detector (Enabled) = J:\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Lil Miss Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google Search = C:\Users\Lil Miss Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Gmail = C:\Users\Lil Miss Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

O1 HOSTS File: ([2006/09/18 13:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [WD Button Manager] C:\Windows\System32\WDBtnMgr.exe (Western Digital Technologies, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKLM..\RunOnce: [GrpConv] C:\Windows\System32\grpconv.exe (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7E5FA66A-61AA-4F80-A05B-F1F94AC5CCCB}: DhcpNameServer = 10.1.10.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img16.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img16.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 13:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2004/04/30 16:01:00 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2007/05/31 14:17:24 | 000,000,118 | -H-- | M] () - J:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{0806cf72-219e-11e0-b571-001e901d1ea9}\Shell\AutoRun\command - "" = H:\setupSNK.exe
O33 - MountPoints2\{20684e39-4d9f-11e0-8623-001e901d1ea9}\Shell - "" = AutoRun
O33 - MountPoints2\{20684e39-4d9f-11e0-8623-001e901d1ea9}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- [2007/10/23 09:45:40 | 001,336,632 | R--- | M] ()
O33 - MountPoints2\{455c5315-b567-11e0-8c14-001e901d1ea9}\Shell - "" = AutoRun
O33 - MountPoints2\{455c5315-b567-11e0-8c14-001e901d1ea9}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- [2007/10/23 09:45:40 | 001,336,632 | R--- | M] ()
O33 - MountPoints2\{59b730f3-c8ce-11df-8259-001e901d1ea9}\Shell - "" = AutoRun
O33 - MountPoints2\{59b730f3-c8ce-11df-8259-001e901d1ea9}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- [2007/10/23 09:45:40 | 001,336,632 | R--- | M] ()
O33 - MountPoints2\{706cec47-12f6-11e0-9af8-001e901d1ea9}\Shell\AutoRun\command - "" = M:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\update.exe
O33 - MountPoints2\{706cec47-12f6-11e0-9af8-001e901d1ea9}\Shell\open\command - "" = M:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\update.exe
O33 - MountPoints2\{a084ff92-5e61-11e0-91ce-001e901d1ea9}\Shell - "" = AutoRun
O33 - MountPoints2\{a084ff92-5e61-11e0-91ce-001e901d1ea9}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- [2007/10/23 09:45:40 | 001,336,632 | R--- | M] ()
O33 - MountPoints2\L\Shell\AutoRun\command - "" = .\Encryption Tool\MaxtorEncryption.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/16 17:00:23 | 000,000,000 | -H-D | C] -- C:\Users\Lil Miss Cris\AppData\Roaming\Malwarebytes
[2011/12/16 17:00:15 | 000,000,000 | -H-D | C] -- C:\ProgramData\Malwarebytes
[2011/12/16 17:00:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/16 17:00:12 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/12/16 17:00:12 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/12/14 00:14:28 | 000,000,000 | -H-D | C] -- C:\Users\Lil Miss Cris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Fix
[1 C:\Users\Lil Miss Cris\AppData\Local\*.tmp files -> C:\Users\Lil Miss Cris\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/16 18:36:18 | 000,603,516 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/12/16 18:36:18 | 000,103,586 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/16 18:32:08 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2011/12/16 18:31:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/16 17:45:00 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{52BAFC85-B3A5-4F27-849C-72DB237A68CA}.job
[2011/12/16 17:45:00 | 000,000,414 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{A8A0AF40-97F1-4991-8E48-D5E60E12942B}.job
[2011/12/16 17:44:37 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/16 17:44:29 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/16 17:44:29 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/16 16:44:10 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/15 18:03:25 | 000,318,624 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/12/14 00:28:53 | 000,000,625 | -H-- | M] () -- C:\Users\Lil Miss Cris\Application Data\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk
[2011/12/14 00:24:52 | 000,000,304 | -H-- | M] () -- C:\ProgramData\~Ckb8xpN5bkZOGw
[2011/12/14 00:24:52 | 000,000,216 | -H-- | M] () -- C:\ProgramData\~Ckb8xpN5bkZOGwr
[2011/12/14 00:17:33 | 000,000,448 | -H-- | M] () -- C:\ProgramData\Ckb8xpN5bkZOGw
[2011/12/14 00:14:28 | 000,000,601 | -H-- | M] () -- C:\Users\Lil Miss Cris\Desktop\System Fix.lnk
[2011/12/04 02:01:42 | 000,000,000 | -H-- | M] () -- C:\Users\Lil Miss Cris\AppData\Local\{102DD751-A98C-4407-88AC-2E5F7DF905EE}
[1 C:\Users\Lil Miss Cris\AppData\Local\*.tmp files -> C:\Users\Lil Miss Cris\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/14 00:28:53 | 000,000,625 | -H-- | C] () -- C:\Users\Lil Miss Cris\Application Data\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk
[2011/12/14 00:24:52 | 000,000,216 | -H-- | C] () -- C:\ProgramData\~Ckb8xpN5bkZOGwr
[2011/12/14 00:21:40 | 000,000,304 | -H-- | C] () -- C:\ProgramData\~Ckb8xpN5bkZOGw
[2011/12/14 00:14:28 | 000,000,601 | -H-- | C] () -- C:\Users\Lil Miss Cris\Desktop\System Fix.lnk
[2011/12/14 00:14:17 | 000,000,448 | -H-- | C] () -- C:\ProgramData\Ckb8xpN5bkZOGw
[2011/12/06 18:30:32 | 000,065,536 | ---- | C] () -- C:\Windows\System32\Ikeext.etl
[2011/12/04 02:01:17 | 000,000,000 | -H-- | C] () -- C:\Users\Lil Miss Cris\AppData\Local\{102DD751-A98C-4407-88AC-2E5F7DF905EE}
[2011/04/17 09:14:42 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/12/26 13:23:36 | 000,000,059 | -H-- | C] () -- C:\Windows\popcinfo.dat
[2010/09/27 17:05:59 | 000,002,573 | ---- | C] () -- C:\Windows\Wavemix.ini
[2010/09/27 17:05:59 | 000,000,011 | ---- | C] () -- C:\Windows\Typeinst.ini
[2010/02/14 09:20:49 | 000,029,184 | -H-- | C] () -- C:\Users\Lil Miss Cris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/31 13:17:23 | 000,000,412 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2009/09/10 22:51:39 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/10 22:51:39 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2008/09/28 20:05:33 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/09/28 16:11:11 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2006/11/02 04:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 04:47:37 | 000,318,624 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 04:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:33:01 | 000,603,516 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 02:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 02:33:01 | 000,103,586 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 02:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 02:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 00:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 00:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/01 23:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/01 23:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI

========== LOP Check ==========

[2010/01/31 13:19:34 | 000,000,000 | -H-D | M] -- C:\Users\Lil Miss Cris\AppData\Roaming\Canon
[2010/12/27 22:16:23 | 000,000,000 | -H-D | M] -- C:\Users\Lil Miss Cris\AppData\Roaming\iWin
[2011/10/22 10:26:01 | 000,000,000 | -H-D | M] -- C:\Users\Lil Miss Cris\AppData\Roaming\MP3Rocket
[2010/12/26 13:42:12 | 000,000,000 | -H-D | M] -- C:\Users\Lil Miss Cris\AppData\Roaming\PlayFirst
[2010/01/31 13:17:14 | 000,000,000 | -H-D | M] -- C:\Users\Lil Miss Cris\AppData\Roaming\ScanSoft
[2011/12/16 17:49:13 | 000,032,542 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/12/16 17:45:00 | 000,000,424 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{52BAFC85-B3A5-4F27-849C-72DB237A68CA}.job
[2011/12/16 17:45:00 | 000,000,414 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{A8A0AF40-97F1-4991-8E48-D5E60E12942B}.job

========== Purity Check ==========



< End of report >

the MBR Log

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-12-17 18:45:04
-----------------------------
18:45:04.787 OS Version: Windows 6.0.6002 Service Pack 2
18:45:04.787 Number of processors: 3 586 0x202
18:45:04.789 ComputerName: STUDIOMIXER UserName:
18:45:34.281 Initialize success
18:52:01.821 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000004c
18:52:01.821 Disk 0 Vendor: WDC_WD32 01.0 Size: 305245MB BusType: 8
18:52:03.849 Disk 0 MBR read successfully
18:52:03.849 Disk 0 MBR scan
18:52:03.849 Disk 0 Windows VISTA default MBR code
18:52:03.865 Disk 0 scanning sectors +625121280
18:52:03.943 Disk 0 scanning C:\Windows\system32\drivers
18:52:08.311 Service scanning
18:52:09.543 Modules scanning
18:52:12.382 Disk 0 trace - called modules:
18:52:12.398 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor.sys
18:52:12.398 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86897ac8]
18:52:12.398 3 CLASSPNP.SYS[8a79e8b3] -> nt!IofCallDriver -> [0x85a888e0]
18:52:12.414 5 acpi.sys[8060d6bc] -> nt!IofCallDriver -> \Device\0000004c[0x85b49ad0]
18:52:12.414 Scan finished successfully
18:53:51.312 Disk 0 MBR has been saved successfully to "C:\Users\Lil Miss Cris\Desktop\MBR.dat"
18:53:51.328 The log file has been saved successfully to "C:\Users\Lil Miss Cris\Desktop\aswMBR.txt"


and screen shot has been attached. Thank you. Let me know if you need anything else.

Attached Thumbnails

  • screen.jpg

  • 0

#5
Nedklaw

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hi. :)


Step 1

  • Please download Panda USB Vaccine (you must provide valid e-mail and they will send you download link to this e-mail address) to your desktop.
  • Install and run the program.
    • Double-click on the file USBVaccine.zip located on your desktop.
    • A file viewer will open. Double-click on the file USBVaccineSetup.exe. Please select Yes if you are asked if you want to allow the program to make changes to the computer.
    • Follow the steps on screen to install the program on your computer.
  • Plug in your USB drive and click on Vaccinate USB and Vaccinate Computer.

Step 2

Download RogueKiller to your desktop.

  • Quit all running programs.
  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe.
  • When prompted, type 2 and validate.
  • The Rkreport(1).txt shall be generated next to the executable.
  • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe.
Please post the contents of Rkreport(1).txt in your next reply.


Step 3

Quit all running programs and run RogueKiller once again.

  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe.
  • When prompted, type 6 and validate.
  • The Rkreport(2).txt shall be generated next to the executable.
  • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe.
Please post the contents of Rkreport(2).txt in your next reply.


Step 4

Run OTL.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    :OTL 
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O33 - MountPoints2\{706cec47-12f6-11e0-9af8-001e901d1ea9}\Shell\AutoRun\command - "" = M:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\update.exe
    O33 - MountPoints2\{706cec47-12f6-11e0-9af8-001e901d1ea9}\Shell\open\command - "" = M:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\update.exe
    [2011/12/14 00:14:28 | 000,000,000 | -H-D | C] -- C:\Users\Lil Miss Cris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Fix
    [2011/12/14 00:28:53 | 000,000,625 | -H-- | M] () -- C:\Users\Lil Miss Cris\Application Data\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk
    [2011/12/14 00:24:52 | 000,000,304 | -H-- | M] () -- C:\ProgramData\~Ckb8xpN5bkZOGw
    [2011/12/14 00:24:52 | 000,000,216 | -H-- | M] () -- C:\ProgramData\~Ckb8xpN5bkZOGwr
    [2011/12/14 00:17:33 | 000,000,448 | -H-- | M] () -- C:\ProgramData\Ckb8xpN5bkZOGw
    [2011/12/14 00:14:28 | 000,000,601 | -H-- | M] () -- C:\Users\Lil Miss Cris\Desktop\System Fix.lnk
    [1 C:\Users\Lil Miss Cris\AppData\Local\*.tmp files -> C:\Users\Lil Miss Cris\AppData\Local\*.tmp -> ] 
    
    :Files
    ipconfig /flushdns /c
    xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
    xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
    xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
    xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C
    
    :Commands 
    [purity] 
    [resethosts]  
    [EMPTYFLASH]
    [CREATERESTOREPOINT] 
    [Reboot]

  • Then click the Run Fix button at the top.
  • Let the program run unhindered, reboot the PC when it is done.
  • Post the log that appears upon reboot in your next reply.
  • Open OTL again and select the "Scan All Users" box.
  • Click the Quick Scan button. Post the log it produces in your next reply.

Things I want to see in your next reply

  • Rkreport(1).txt
  • Rkreport(2).txt
  • OTL Fix Log
  • OTL.txt

  • 0

#6
Lorenzo Baltazar Perez

Lorenzo Baltazar Perez

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
Here is Rkreport 1


RogueKiller V6.2.0 [12/12/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User: Lil Miss Cris [Admin rights]
Mode: Remove -- Date : 12/20/2011 15:23:06

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 5 ¤¤¤
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
::1 localhost


¤¤¤ MBR Check: ¤¤¤
--- User ---
[MBR] cf81fe8ff14eabb551a0619e2ab407e9
[BSP] 6dcd7dfb57a43d79b9bad5cc99f31bd2 : MBR Code unknown
Partition table:
0 - [ACTIVE] NTFS [VISIBLE] Offset (sectors): 63 | Size: 11753 Mo
1 - [XXXXXX] UNKNW [VISIBLE] Offset (sectors): 22956885 | Size: 308308 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1].txt >>
RKreport[1].txt


Rkreport 2:


RogueKiller V6.2.0 [12/12/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User: Lil Miss Cris [Admin rights]
Mode: Shortcuts HJfix -- Date : 12/20/2011 15:24:52

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 46 / Fail 0
Quick launch: Success 8 / Fail 0
Programs: Success 8 / Fail 0
Start menu: Success 32 / Fail 0
User folder: Success 5867 / Fail 0
My documents: Success 45 / Fail 0
My favorites: Success 4 / Fail 0
My pictures: Success 19 / Fail 0
My music: Success 1074 / Fail 0
My videos: Success 2 / Fail 0
Local drives: Success 28287 / Fail 0
Backup: [FOUND] Success 23 / Fail 1

Drives:
[C:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[D:] \Device\HarddiskVolume1 -- 0x3 --> Restored
[E:] \Device\HarddiskVolume3 -- 0x3 --> Restored
[F:] \Device\CdRom0 -- 0x5 --> Skipped
[G:] \Device\HarddiskVolume5 -- 0x2 --> Restored
[H:] \Device\HarddiskVolume9 -- 0x2 --> Restored
[J:] \Device\HarddiskVolume4 -- 0x3 --> Restored
[K:] \Device\HarddiskVolume6 -- 0x2 --> Restored
[L:] \Device\HarddiskVolume7 -- 0x2 --> Restored
[N:] \Device\HarddiskVolume8 -- 0x2 --> Restored

¤¤¤ Infection : Rogue.FakeHDD ¤¤¤

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt


OTL log from today:


OTL logfile created on: 12/20/2011 3:49:41 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = c:\Users\Lil Miss Cris\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.83 Gb Available Physical Memory | 63.68% Memory free
5.95 Gb Paging File | 5.03 Gb Available in Paging File | 84.59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 48.83 Gb Total Space | 12.67 Gb Free Space | 25.95% Space Free | Partition Type: NTFS
Drive D: | 10.95 Gb Total Space | 5.20 Gb Free Space | 47.54% Space Free | Partition Type: NTFS
Drive E: | 238.31 Gb Total Space | 237.86 Gb Free Space | 99.81% Space Free | Partition Type: NTFS
Drive H: | 3.74 Gb Total Space | 3.72 Gb Free Space | 99.56% Space Free | Partition Type: FAT32
Drive J: | 698.64 Gb Total Space | 626.44 Gb Free Space | 89.67% Space Free | Partition Type: NTFS

Computer Name: STUDIOMIXER | User Name: Lil Miss Cris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/16 18:47:23 | 000,584,192 | ---- | M] (OldTimer Tools) -- c:\Users\Lil Miss Cris\Downloads\OTL.exe
PRC - [2011/12/07 03:16:29 | 001,047,096 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2009/09/23 16:45:50 | 001,287,176 | ---- | M] (Panda Security) -- C:\Program Files\Panda USB Vaccine\USBVaccine.exe
PRC - [2009/04/10 22:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/20 18:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/04/13 07:49:00 | 000,101,528 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
PRC - [2007/04/03 17:50:00 | 001,603,152 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2007/03/12 12:49:46 | 001,209,904 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2007/03/12 12:49:26 | 000,153,136 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2007/02/04 12:02:14 | 000,079,400 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe


========== Modules (No Company Name) ==========

MOD - [2011/12/07 03:16:28 | 000,411,192 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\16.0.912.63\ppgooglenaclpluginchrome.dll
MOD - [2011/12/07 03:16:27 | 003,767,864 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\16.0.912.63\pdf.dll
MOD - [2011/12/07 03:14:56 | 000,122,952 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\16.0.912.63\avutil-51.dll
MOD - [2011/12/07 03:14:55 | 000,222,280 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\16.0.912.63\avformat-53.dll
MOD - [2011/12/07 03:14:53 | 001,746,504 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\16.0.912.63\avcodec-53.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/08/24 03:36:45 | 000,377,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2008/01/20 18:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/04/13 07:49:00 | 000,101,528 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)


========== Driver Services (SafeList) ==========

DRV - [2009/04/10 20:45:24 | 000,113,664 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST) RMCAST (Pgm)
DRV - [2009/04/10 20:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2008/01/20 18:23:02 | 004,422,560 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/02/08 05:45:14 | 000,029,184 | ---- | M] (Thesycon GmbH, Germany) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dsiarhwprog.sys -- (dsiarhwprog)
DRV - [2006/11/01 23:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm60x32.sys -- (NVENETFD)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2413653160-3667274055-3905884914-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2413653160-3667274055-3905884914-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-2413653160-3667274055-3905884914-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A8 6A 92 EF 65 B2 CC 01 [binary data]
IE - HKU\S-1-5-21-2413653160-3667274055-3905884914-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2413653160-3667274055-3905884914-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2413653160-3667274055-3905884914-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.2.20100127023632
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.3.0.7280

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: J:\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: J:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: J:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/10 20:03:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/08/07 15:59:46 | 000,000,000 | ---D | M]

[2009/12/25 01:13:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lil Miss Cris\AppData\Roaming\Mozilla\Extensions
[2011/07/23 14:30:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lil Miss Cris\AppData\Roaming\Mozilla\Firefox\Profiles\hda294n5.default\extensions
[2011/01/02 14:02:32 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Lil Miss Cris\AppData\Roaming\Mozilla\Firefox\Profiles\hda294n5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/11/10 20:04:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/05/29 11:01:13 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011/11/10 20:03:59 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/09/17 12:05:54 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/10 20:03:59 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Acrobat 6.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Veetle TV Player (Enabled) = J:\Program Files\Veetle\Player\npvlc.dll
CHR - plugin: Veetle TV Core (Enabled) = J:\Program Files\Veetle\plugins\npVeetle.dll
CHR - plugin: iTunes Application Detector (Enabled) = J:\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Lil Miss Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.2_0\
CHR - Extension: Google Search = C:\Users\Lil Miss Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: Gmail = C:\Users\Lil Miss Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.4_0\

O1 HOSTS File: ([2011/12/20 15:29:29 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [WD Button Manager] WDBtnMgr.exe (Western Digital Technologies, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2413653160-3667274055-3905884914-1001..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7E5FA66A-61AA-4F80-A05B-F1F94AC5CCCB}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img16.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img16.jpg
O29 - HKLM SecurityProviders - (credssp.dll) -credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 13:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2004/04/30 16:01:00 | 000,000,053 | --S- | M] () - D:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2011/12/20 15:18:42 | 000,000,016 | -H-- | M] () - H:\AUTORUN.INF -- [ FAT32 ]
O32 - AutoRun File - [2007/05/31 14:17:24 | 000,000,118 | ---- | M] () - J:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{0806cf72-219e-11e0-b571-001e901d1ea9}\Shell\AutoRun\command - "" = H:\setupSNK.exe
O33 - MountPoints2\{20684e39-4d9f-11e0-8623-001e901d1ea9}\Shell - "" = AutoRun
O33 - MountPoints2\{20684e39-4d9f-11e0-8623-001e901d1ea9}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- [2007/10/23 09:45:40 | 001,336,632 | R--- | M] ()
O33 - MountPoints2\{455c5315-b567-11e0-8c14-001e901d1ea9}\Shell - "" = AutoRun
O33 - MountPoints2\{455c5315-b567-11e0-8c14-001e901d1ea9}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- [2007/10/23 09:45:40 | 001,336,632 | R--- | M] ()
O33 - MountPoints2\{59b730f3-c8ce-11df-8259-001e901d1ea9}\Shell - "" = AutoRun
O33 - MountPoints2\{59b730f3-c8ce-11df-8259-001e901d1ea9}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- [2007/10/23 09:45:40 | 001,336,632 | R--- | M] ()
O33 - MountPoints2\{a084ff92-5e61-11e0-91ce-001e901d1ea9}\Shell - "" = AutoRun
O33 - MountPoints2\{a084ff92-5e61-11e0-91ce-001e901d1ea9}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- [2007/10/23 09:45:40 | 001,336,632 | R--- | M] ()
O33 - MountPoints2\L\Shell\AutoRun\command - "" = .\Encryption Tool\MaxtorEncryption.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/20 15:29:29 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/12/20 15:23:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011/12/20 15:23:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/12/20 15:22:24 | 000,000,000 | ---D | C] -- C:\Users\Lil Miss Cris\Desktop\RK_Quarantine
[2011/12/20 15:16:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security
[2011/12/20 15:15:49 | 000,000,000 | ---D | C] -- C:\Program Files\Panda USB Vaccine
[2011/12/20 15:15:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
[2011/12/20 15:14:29 | 000,848,856 | ---- | C] (Panda Security ) -- C:\Users\Lil Miss Cris\Desktop\USBVaccineSetup.exe
[2011/12/20 11:35:16 | 000,029,184 | ---- | C] (Thesycon GmbH, Germany) -- C:\Windows\System32\drivers\dsiarhwprog.sys
[2011/12/20 11:31:10 | 000,000,000 | ---D | C] -- C:\Users\Lil Miss Cris\Documents\Datel
[2011/12/16 17:00:23 | 000,000,000 | ---D | C] -- C:\Users\Lil Miss Cris\AppData\Roaming\Malwarebytes
[2011/12/16 17:00:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/16 17:00:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/12/16 17:00:12 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/12/16 17:00:12 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

========== Files - Modified Within 30 Days ==========

[2011/12/20 15:50:00 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{52BAFC85-B3A5-4F27-849C-72DB237A68CA}.job
[2011/12/20 15:50:00 | 000,000,414 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{A8A0AF40-97F1-4991-8E48-D5E60E12942B}.job
[2011/12/20 15:44:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/20 15:36:25 | 000,604,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/12/20 15:36:25 | 000,103,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/20 15:32:01 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/20 15:30:51 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2011/12/20 15:30:42 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/20 15:30:42 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/20 15:30:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/20 15:30:35 | 3085,426,688 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/20 15:29:29 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/12/17 18:53:51 | 000,000,512 | ---- | M] () -- C:\Users\Lil Miss Cris\Desktop\MBR.dat
[2011/12/16 17:00:15 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/15 18:03:25 | 000,318,624 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/12/14 00:14:28 | 000,000,625 | ---- | M] () -- C:\Users\Lil Miss Cris\Application Data\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk
[2011/12/04 02:01:42 | 000,000,000 | ---- | M] () -- C:\Users\Lil Miss Cris\AppData\Local\{102DD751-A98C-4407-88AC-2E5F7DF905EE}

========== Files Created - No Company Name ==========

[2011/12/20 15:23:17 | 000,002,519 | ---- | C] () -- C:\Users\Public\Desktop\Nero StartSmart.lnk
[2011/12/20 15:23:17 | 000,002,419 | ---- | C] () -- C:\Users\Public\Desktop\Nero Home.lnk
[2011/12/20 15:23:17 | 000,002,114 | ---- | C] () -- C:\Users\Public\Desktop\MP470 series On-screen Manual.lnk
[2011/12/20 15:23:17 | 000,001,971 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/12/20 15:23:17 | 000,001,955 | ---- | C] () -- C:\Users\Lil Miss Cris\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/12/20 15:23:17 | 000,001,898 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Acrobat 6.0 Professional.lnk
[2011/12/20 15:23:17 | 000,001,878 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/12/20 15:23:17 | 000,001,876 | ---- | C] () -- C:\Users\Public\Desktop\MP Navigator EX 1.0.lnk
[2011/12/20 15:23:17 | 000,001,874 | ---- | C] () -- C:\Users\Public\Desktop\Easy-PhotoPrint EX.lnk
[2011/12/20 15:23:17 | 000,001,843 | ---- | C] () -- C:\Users\Public\Desktop\Canon MP470 series User Registration.LNK
[2011/12/20 15:23:17 | 000,001,820 | ---- | C] () -- C:\Users\Public\Desktop\Canon Solution Menu.lnk
[2011/12/20 15:23:17 | 000,001,784 | ---- | C] () -- C:\Users\Public\Desktop\My Printer.lnk
[2011/12/20 15:23:17 | 000,001,726 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/12/20 15:23:17 | 000,001,406 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/12/20 15:23:17 | 000,000,943 | ---- | C] () -- C:\Users\Lil Miss Cris\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/12/20 15:23:17 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/20 15:23:17 | 000,000,870 | ---- | C] () -- C:\Users\Lil Miss Cris\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/12/20 15:23:17 | 000,000,846 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/12/20 15:23:17 | 000,000,595 | ---- | C] () -- C:\Users\Lil Miss Cris\Application Data\Microsoft\Internet Explorer\Quick Launch\MP3 Rocket 6.0.6.lnk
[2011/12/20 15:23:17 | 000,000,258 | ---- | C] () -- C:\Users\Lil Miss Cris\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2011/12/20 15:23:17 | 000,000,240 | ---- | C] () -- C:\Users\Lil Miss Cris\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2011/12/17 18:53:51 | 000,000,512 | ---- | C] () -- C:\Users\Lil Miss Cris\Desktop\MBR.dat
[2011/12/16 19:58:53 | 3085,426,688 | -HS- | C] () -- C:\hiberfil.sys
[2011/12/14 00:28:53 | 000,000,625 | ---- | C] () -- C:\Users\Lil Miss Cris\Application Data\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk
[2011/12/06 18:30:32 | 000,065,536 | ---- | C] () -- C:\Windows\System32\Ikeext.etl
[2011/12/04 02:01:17 | 000,000,000 | ---- | C] () -- C:\Users\Lil Miss Cris\AppData\Local\{102DD751-A98C-4407-88AC-2E5F7DF905EE}
[2011/04/17 09:14:42 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/12/26 13:23:36 | 000,000,059 | -H-- | C] () -- C:\Windows\popcinfo.dat
[2010/09/27 17:05:59 | 000,002,573 | ---- | C] () -- C:\Windows\Wavemix.ini
[2010/09/27 17:05:59 | 000,000,011 | ---- | C] () -- C:\Windows\Typeinst.ini
[2010/02/14 09:20:49 | 000,029,184 | -H-- | C] () -- C:\Users\Lil Miss Cris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/31 13:17:23 | 000,000,412 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2009/09/10 22:51:39 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/10 22:51:39 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2008/09/28 20:05:33 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/09/28 16:11:11 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2006/11/02 04:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 04:47:37 | 000,318,624 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 04:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:33:01 | 000,604,264 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 02:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 02:33:01 | 000,103,964 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 02:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 02:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 00:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 00:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/01 23:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/01 23:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI

========== LOP Check ==========

[2010/01/31 13:19:34 | 000,000,000 | ---D | M] -- C:\Users\Lil Miss Cris\AppData\Roaming\Canon
[2010/12/27 22:16:23 | 000,000,000 | ---D | M] -- C:\Users\Lil Miss Cris\AppData\Roaming\iWin
[2011/10/22 10:26:01 | 000,000,000 | ---D | M] -- C:\Users\Lil Miss Cris\AppData\Roaming\MP3Rocket
[2010/12/26 13:42:12 | 000,000,000 | ---D | M] -- C:\Users\Lil Miss Cris\AppData\Roaming\PlayFirst
[2010/01/31 13:17:14 | 000,000,000 | ---D | M] -- C:\Users\Lil Miss Cris\AppData\Roaming\ScanSoft
[2011/12/20 15:29:47 | 000,032,542 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/12/20 15:50:00 | 000,000,424 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{52BAFC85-B3A5-4F27-849C-72DB237A68CA}.job
[2011/12/20 15:50:00 | 000,000,414 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{A8A0AF40-97F1-4991-8E48-D5E60E12942B}.job

========== Purity Check ==========



< End of report >
and the last log (OTL Fix), after applying the fix and rebooting no log appeared. I searched for it but could not find one. I did find this other log with today's date in a folder named files moved:


========== OTL ==========
Prefs.js: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 removed from extensions.enabledItems
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{706cec47-12f6-11e0-9af8-001e901d1ea9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{706cec47-12f6-11e0-9af8-001e901d1ea9}\ not found.
File M:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\update.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{706cec47-12f6-11e0-9af8-001e901d1ea9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{706cec47-12f6-11e0-9af8-001e901d1ea9}\ not found.
File M:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\update.exe not found.
C:\Users\Lil Miss Cris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Fix folder moved successfully.
C:\Users\Lil Miss Cris\Application Data\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk moved successfully.
C:\ProgramData\~Ckb8xpN5bkZOGw moved successfully.
C:\ProgramData\~Ckb8xpN5bkZOGwr moved successfully.
C:\ProgramData\Ckb8xpN5bkZOGw moved successfully.
C:\Users\Lil Miss Cris\Desktop\System Fix.lnk moved successfully.
C:\Users\Lil Miss Cris\AppData\Local\BIT5C05.tmp deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
c:\Users\Lil Miss Cris\Downloads\cmd.bat deleted successfully.
c:\Users\Lil Miss Cris\Downloads\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C >
0 File(s) copied
c:\Users\Lil Miss Cris\Downloads\cmd.bat deleted successfully.
c:\Users\Lil Miss Cris\Downloads\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C >
C:\Users\LILMIS~1\AppData\Local\Temp\smtmp\2\desktop.ini
C:\Users\LILMIS~1\AppData\Local\Temp\smtmp\2\Google Chrome.lnk
C:\Users\LILMIS~1\AppData\Local\Temp\smtmp\2\Launch Internet Explorer Browser.lnk
C:\Users\LILMIS~1\AppData\Local\Temp\smtmp\2\Mozilla Firefox.lnk
C:\Users\LILMIS~1\AppData\Local\Temp\smtmp\2\MP3 Rocket 6.0.6.lnk
C:\Users\LILMIS~1\AppData\Local\Temp\smtmp\2\Shows Desktop.lnk
C:\Users\LILMIS~1\AppData\Local\Temp\smtmp\2\System Fix.lnk
C:\Users\LILMIS~1\AppData\Local\Temp\smtmp\2\Window Switcher.lnk
8 File(s) copied
c:\Users\Lil Miss Cris\Downloads\cmd.bat deleted successfully.
c:\Users\Lil Miss Cris\Downloads\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C >
0 File(s) copied
c:\Users\Lil Miss Cris\Downloads\cmd.bat deleted successfully.
c:\Users\Lil Miss Cris\Downloads\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C >
0 File(s) copied
c:\Users\Lil Miss Cris\Downloads\cmd.bat deleted successfully.
c:\Users\Lil Miss Cris\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 56502 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Lil Miss Cris
->Flash cache emptied: 115328 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb



OTL by OldTimer - Version 3.2.31.0 log created on 12202011_152929

Let me know if I did something wrong, or if I need to rerun the fix. Thanks.
  • 0

#7
Nedklaw

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hi. :)
How is your system running? Are you experiencing any problems?


Step 1

Run OTL.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    :OTL 
    [2011/12/14 00:28:53 | 000,000,625 | ---- | C] () -- C:\Users\Lil Miss Cris\Application Data\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk 
    
    :Files
    ipconfig /flushdns /c
    
    :Commands 
    [purity] 
    [resethosts] 
    [EMPTYFLASH]
    [CREATERESTOREPOINT] 
    [Reboot]

  • Then click the Run Fix button at the top.
  • Let the program run unhindered, reboot the PC when it is done.
  • Post the log that appears upon reboot in your next reply.
  • Open OTL again and select the "Scan All Users" box.
  • Click the Quick Scan button. Post the log it produces in your next reply.

Step 2

Posted Image
  • Run Malwarebytes' Anti-Malware.
  • Update Malwarebytes' Anti-Malware.
  • Once the program has updated, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to restart. (See Extra Note).
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


Step 3

Please run a free online scan with the ESET Online Scanner.
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start.
  • When asked, allow the ActiveX control to install.
  • Click Start.
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked.
  • Click Scan. (This scan can take several hours, so please be patient).
  • Once the scan is completed, you may close the window.
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Things I want to see in your next reply

  • Answers to my questions
  • OTL Fix Log
  • OTL.txt
  • MBAM Log
  • log.txt

  • 0

#8
Lorenzo Baltazar Perez

Lorenzo Baltazar Perez

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
Systems seems to be back to normal for the most part. The desktop icons are back and I can connect to the internet. My desktop background is still black (not sure if that can be restored or if I will have to set it myself), and my start menu is still empty.

Fix Log (I think):


========== OTL ==========
C:\Users\Lil Miss Cris\Application Data\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
c:\Users\Lil Miss Cris\Downloads\cmd.bat deleted successfully.
c:\Users\Lil Miss Cris\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Lil Miss Cris
->Flash cache emptied: 564 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb



OTL by OldTimer - Version 3.2.31.0 log created on 12222011_165329


OTL Log:


OTL logfile created on: 12/22/2011 5:12:00 PM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = c:\Users\Lil Miss Cris\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.85 Gb Available Physical Memory | 64.40% Memory free
5.97 Gb Paging File | 5.10 Gb Available in Paging File | 85.37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 48.83 Gb Total Space | 12.54 Gb Free Space | 25.67% Space Free | Partition Type: NTFS
Drive D: | 10.95 Gb Total Space | 5.20 Gb Free Space | 47.54% Space Free | Partition Type: NTFS
Drive E: | 238.31 Gb Total Space | 237.86 Gb Free Space | 99.81% Space Free | Partition Type: NTFS
Drive J: | 698.64 Gb Total Space | 626.44 Gb Free Space | 89.67% Space Free | Partition Type: NTFS

Computer Name: STUDIOMIXER | User Name: Lil Miss Cris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/16 18:47:23 | 000,584,192 | ---- | M] (OldTimer Tools) -- c:\Users\Lil Miss Cris\Downloads\OTL.exe
PRC - [2009/09/23 16:45:50 | 001,287,176 | ---- | M] (Panda Security) -- C:\Program Files\Panda USB Vaccine\USBVaccine.exe
PRC - [2009/04/10 22:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/20 18:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/04/13 07:49:00 | 000,101,528 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
PRC - [2007/03/12 12:49:46 | 001,209,904 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2007/03/12 12:49:26 | 000,153,136 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2007/02/04 12:02:14 | 000,079,400 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe


========== Modules (No Company Name) ==========

MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/08/24 03:36:45 | 000,377,344 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2008/01/20 18:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/04/13 07:49:00 | 000,101,528 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)


========== Driver Services (SafeList) ==========

DRV - [2009/04/10 20:45:24 | 000,113,664 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST) RMCAST (Pgm)
DRV - [2009/04/10 20:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2008/01/20 18:23:02 | 004,422,560 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/02/08 05:45:14 | 000,029,184 | ---- | M] (Thesycon GmbH, Germany) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dsiarhwprog.sys -- (dsiarhwprog)
DRV - [2006/11/01 23:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm60x32.sys -- (NVENETFD)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2413653160-3667274055-3905884914-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2413653160-3667274055-3905884914-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-2413653160-3667274055-3905884914-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A8 6A 92 EF 65 B2 CC 01 [binary data]
IE - HKU\S-1-5-21-2413653160-3667274055-3905884914-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2413653160-3667274055-3905884914-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2413653160-3667274055-3905884914-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.com"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: J:\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: J:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: J:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/10 20:03:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/08/07 15:59:46 | 000,000,000 | ---D | M]

[2009/12/25 01:13:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lil Miss Cris\AppData\Roaming\Mozilla\Extensions
[2011/07/23 14:30:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lil Miss Cris\AppData\Roaming\Mozilla\Firefox\Profiles\hda294n5.default\extensions
[2011/01/02 14:02:32 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Lil Miss Cris\AppData\Roaming\Mozilla\Firefox\Profiles\hda294n5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/11/10 20:04:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/05/29 11:01:13 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011/11/10 20:03:59 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/09/17 12:05:54 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/10 20:03:59 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Acrobat 6.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Veetle TV Player (Enabled) = J:\Program Files\Veetle\Player\npvlc.dll
CHR - plugin: Veetle TV Core (Enabled) = J:\Program Files\Veetle\plugins\npVeetle.dll
CHR - plugin: iTunes Application Detector (Enabled) = J:\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Lil Miss Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.2_0\
CHR - Extension: Google Search = C:\Users\Lil Miss Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: Gmail = C:\Users\Lil Miss Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.4_0\

O1 HOSTS File: ([2011/12/22 16:53:29 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [WD Button Manager] WDBtnMgr.exe (Western Digital Technologies, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2413653160-3667274055-3905884914-1001..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7E5FA66A-61AA-4F80-A05B-F1F94AC5CCCB}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img16.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img16.jpg
O29 - HKLM SecurityProviders - (credssp.dll) -credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 13:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2004/04/30 16:01:00 | 000,000,053 | --S- | M] () - D:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2007/05/31 14:17:24 | 000,000,118 | ---- | M] () - J:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{0806cf72-219e-11e0-b571-001e901d1ea9}\Shell\AutoRun\command - "" = H:\setupSNK.exe
O33 - MountPoints2\{20684e39-4d9f-11e0-8623-001e901d1ea9}\Shell - "" = AutoRun
O33 - MountPoints2\{20684e39-4d9f-11e0-8623-001e901d1ea9}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{455c5315-b567-11e0-8c14-001e901d1ea9}\Shell - "" = AutoRun
O33 - MountPoints2\{455c5315-b567-11e0-8c14-001e901d1ea9}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{59b730f3-c8ce-11df-8259-001e901d1ea9}\Shell - "" = AutoRun
O33 - MountPoints2\{59b730f3-c8ce-11df-8259-001e901d1ea9}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{a084ff92-5e61-11e0-91ce-001e901d1ea9}\Shell - "" = AutoRun
O33 - MountPoints2\{a084ff92-5e61-11e0-91ce-001e901d1ea9}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\L\Shell\AutoRun\command - "" = .\Encryption Tool\MaxtorEncryption.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/20 15:29:29 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/12/20 15:23:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011/12/20 15:23:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/12/20 15:22:24 | 000,000,000 | ---D | C] -- C:\Users\Lil Miss Cris\Desktop\RK_Quarantine
[2011/12/20 15:16:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security
[2011/12/20 15:15:49 | 000,000,000 | ---D | C] -- C:\Program Files\Panda USB Vaccine
[2011/12/20 15:15:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
[2011/12/20 15:14:29 | 000,848,856 | ---- | C] (Panda Security ) -- C:\Users\Lil Miss Cris\Desktop\USBVaccineSetup.exe
[2011/12/20 11:35:16 | 000,029,184 | ---- | C] (Thesycon GmbH, Germany) -- C:\Windows\System32\drivers\dsiarhwprog.sys
[2011/12/20 11:31:10 | 000,000,000 | ---D | C] -- C:\Users\Lil Miss Cris\Documents\Datel
[2011/12/16 17:00:23 | 000,000,000 | ---D | C] -- C:\Users\Lil Miss Cris\AppData\Roaming\Malwarebytes
[2011/12/16 17:00:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/16 17:00:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/12/16 17:00:12 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/12/16 17:00:12 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

========== Files - Modified Within 30 Days ==========

[2011/12/22 17:10:00 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{52BAFC85-B3A5-4F27-849C-72DB237A68CA}.job
[2011/12/22 17:10:00 | 000,000,414 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{A8A0AF40-97F1-4991-8E48-D5E60E12942B}.job
[2011/12/22 17:00:07 | 000,604,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/12/22 17:00:07 | 000,103,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/22 16:54:49 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/22 16:54:42 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2011/12/22 16:54:33 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/22 16:54:33 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/22 16:54:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/22 16:54:16 | 3085,426,688 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/22 16:53:29 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/12/20 22:44:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/17 18:53:51 | 000,000,512 | ---- | M] () -- C:\Users\Lil Miss Cris\Desktop\MBR.dat
[2011/12/16 17:00:15 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/15 18:03:25 | 000,318,624 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/12/04 02:01:42 | 000,000,000 | ---- | M] () -- C:\Users\Lil Miss Cris\AppData\Local\{102DD751-A98C-4407-88AC-2E5F7DF905EE}

========== Files Created - No Company Name ==========

[2011/12/20 15:23:17 | 000,002,519 | ---- | C] () -- C:\Users\Public\Desktop\Nero StartSmart.lnk
[2011/12/20 15:23:17 | 000,002,419 | ---- | C] () -- C:\Users\Public\Desktop\Nero Home.lnk
[2011/12/20 15:23:17 | 000,002,114 | ---- | C] () -- C:\Users\Public\Desktop\MP470 series On-screen Manual.lnk
[2011/12/20 15:23:17 | 000,001,971 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/12/20 15:23:17 | 000,001,955 | ---- | C] () -- C:\Users\Lil Miss Cris\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/12/20 15:23:17 | 000,001,898 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Acrobat 6.0 Professional.lnk
[2011/12/20 15:23:17 | 000,001,878 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/12/20 15:23:17 | 000,001,876 | ---- | C] () -- C:\Users\Public\Desktop\MP Navigator EX 1.0.lnk
[2011/12/20 15:23:17 | 000,001,874 | ---- | C] () -- C:\Users\Public\Desktop\Easy-PhotoPrint EX.lnk
[2011/12/20 15:23:17 | 000,001,843 | ---- | C] () -- C:\Users\Public\Desktop\Canon MP470 series User Registration.LNK
[2011/12/20 15:23:17 | 000,001,820 | ---- | C] () -- C:\Users\Public\Desktop\Canon Solution Menu.lnk
[2011/12/20 15:23:17 | 000,001,784 | ---- | C] () -- C:\Users\Public\Desktop\My Printer.lnk
[2011/12/20 15:23:17 | 000,001,726 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/12/20 15:23:17 | 000,001,406 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/12/20 15:23:17 | 000,000,943 | ---- | C] () -- C:\Users\Lil Miss Cris\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/12/20 15:23:17 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/20 15:23:17 | 000,000,870 | ---- | C] () -- C:\Users\Lil Miss Cris\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/12/20 15:23:17 | 000,000,846 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/12/20 15:23:17 | 000,000,595 | ---- | C] () -- C:\Users\Lil Miss Cris\Application Data\Microsoft\Internet Explorer\Quick Launch\MP3 Rocket 6.0.6.lnk
[2011/12/20 15:23:17 | 000,000,258 | ---- | C] () -- C:\Users\Lil Miss Cris\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2011/12/20 15:23:17 | 000,000,240 | ---- | C] () -- C:\Users\Lil Miss Cris\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2011/12/17 18:53:51 | 000,000,512 | ---- | C] () -- C:\Users\Lil Miss Cris\Desktop\MBR.dat
[2011/12/16 19:58:53 | 3085,426,688 | -HS- | C] () -- C:\hiberfil.sys
[2011/12/06 18:30:32 | 000,065,536 | ---- | C] () -- C:\Windows\System32\Ikeext.etl
[2011/12/04 02:01:17 | 000,000,000 | ---- | C] () -- C:\Users\Lil Miss Cris\AppData\Local\{102DD751-A98C-4407-88AC-2E5F7DF905EE}
[2011/04/17 09:14:42 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/12/26 13:23:36 | 000,000,059 | -H-- | C] () -- C:\Windows\popcinfo.dat
[2010/09/27 17:05:59 | 000,002,573 | ---- | C] () -- C:\Windows\Wavemix.ini
[2010/09/27 17:05:59 | 000,000,011 | ---- | C] () -- C:\Windows\Typeinst.ini
[2010/02/14 09:20:49 | 000,029,184 | -H-- | C] () -- C:\Users\Lil Miss Cris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/31 13:17:23 | 000,000,412 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2009/09/10 22:51:39 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/10 22:51:39 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2008/09/28 20:05:33 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/09/28 16:11:11 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2006/11/02 04:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 04:47:37 | 000,318,624 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 04:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:33:01 | 000,604,264 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 02:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 02:33:01 | 000,103,964 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 02:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 02:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 00:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 00:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/01 23:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/01 23:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI

========== LOP Check ==========

[2010/01/31 13:19:34 | 000,000,000 | ---D | M] -- C:\Users\Lil Miss Cris\AppData\Roaming\Canon
[2010/12/27 22:16:23 | 000,000,000 | ---D | M] -- C:\Users\Lil Miss Cris\AppData\Roaming\iWin
[2011/10/22 10:26:01 | 000,000,000 | ---D | M] -- C:\Users\Lil Miss Cris\AppData\Roaming\MP3Rocket
[2010/12/26 13:42:12 | 000,000,000 | ---D | M] -- C:\Users\Lil Miss Cris\AppData\Roaming\PlayFirst
[2010/01/31 13:17:14 | 000,000,000 | ---D | M] -- C:\Users\Lil Miss Cris\AppData\Roaming\ScanSoft
[2011/12/22 16:53:41 | 000,032,542 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/12/22 17:10:00 | 000,000,424 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{52BAFC85-B3A5-4F27-849C-72DB237A68CA}.job
[2011/12/22 17:10:00 | 000,000,414 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{A8A0AF40-97F1-4991-8E48-D5E60E12942B}.job

========== Purity Check ==========



< End of report >


MBAM Log:


Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 911122301

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

12/22/2011 5:20:19 PM
mbam-log-2011-12-22 (17-20-19).txt

Scan type: Quick scan
Objects scanned: 165233
Time elapsed: 2 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


ESET Log:


ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK

(that was all that was in the ESET Log).

Hopefully this is what you need. Thanks.
  • 0

#9
Nedklaw

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hi. :)


Step 1

Restore Accessories Program Files Menu

Please download this tool here.

You will need to unzip the tool first.

Once you've unzipped the tool, please double-click on it to run it.

Ensure that the following check boxes are checked (as seen in this image below):

Posted Image

Once they are, click on the Restore button.


Restore Admin Tools Program Files Menu

Please download this tool here.

You will need to unzip the tool first.

Once you've unzipped the tool, please double-click on it to run it.

Click on the Restore Administrative Tools Items button.

As seen in this image below:

Posted Image


This next one will produce the necessary shortcut links which you can cut and paste into the Start Menu folder:

  • Download the repair.vbs file to your desktop.
  • Extract the repair.vbs file to your desktop.
  • Run the repair.vbs.
  • It will ask for a folder name call it recovery.
  • The tool will let you know when it is finished.
  • On the desktop will be a recovery folder.
  • Open the folder.
  • Cut and paste the links that you want to C:\Documents and Settings\your name\Start Menu.
Posted Image
Posted Image

Step 2

It was most likely the malware that made your desktop background become black. Try resetting it to your desired background now your system is free of malware.


Have your problems been fixed?


Things I want to see in your next reply

  • Answer to my question

  • 0

#10
Lorenzo Baltazar Perez

Lorenzo Baltazar Perez

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
The restore Accessories and restore Admin Tools programs ran successfully (at least it said it did). The repair.vbs link did not work. It gave an error ([#10170] We could not find the attachment you were attempting to view). Anything else you can do would be grateful.
  • 0

#11
Nedklaw

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hi. :)
I have replaced the old download link with a new one. The repair.vbs file should now be in a list of files.


This next one will produce the necessary shortcut links which you can cut and paste into the Start Menu folder:

  • Download the repair.vbs file to your desktop.
  • Extract the repair.vbs file to your desktop.
  • Run the repair.vbs.
  • It will ask for a folder name call it recovery.
  • The tool will let you know when it is finished.
  • On the desktop will be a recovery folder.
  • Open the folder.
  • Cut and paste the links that you want to C:\Documents and Settings\your name\Start Menu.
Posted Image
Posted Image
  • 0

#12
Lorenzo Baltazar Perez

Lorenzo Baltazar Perez

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
Thank you for all your help. Do I keep all the programs you had me use or should I uninstall and delete them? Thanks.
  • 0

#13
Nedklaw

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hello! :wave:
There are instructions in my speech below on how to uninstall/delete the programs we have used.

Congratultions your logs look clean! :thumbsup: :yeah: :woot:
Please follow the steps below to make your computer more secure.


First, re-enable any anti-virus/anti-malware programs we have disabled during the removal process!


Installing an Antivirus Program

It is very important your computer has an antivirus program on it. Antivirus programs help prevent, detect and remove malware such as viruses, trojans, worms etc. Files and emails will be scanned as you use them, download them or open them. If a virus is found in one of them, the antivirus program will stop you running the file, email, program etc and therefore stops you from infecting yourself.
It is very important you update your antivirus program so it knows about new viruses, trojans, worms etc. If your computer is infected with a new infection your antivirus (not updated) won't think it's bad, it won't alert you when you run it and therefore, you get infected!

Here are some links to some free antivirus programs:

Note: Only run one antivirus program on your computer at any one time!


Installing a Firewall

You have no firewall installed on your computer.

A firewall is necessary on your computer because it can stop attackers from compromising your system and taking over it. It acts as a barrier between the internet and your computer. Hackers discover new security holes in a software or operating system long before the software company does and therefore many people get hacked before a security patch is released. By using a firewall, the majority of these security holes will not be accessible as the firewall will block the attempt.

Here are some links to some free firewalls:

Note: A firewall does not completely protect you against viruses so it is recommended you also have an antivirus program running on your computer as well. Do not run more than 1 firewall on your computer at one time.


Cleanup

Run OTL.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    :Commands 
    [purity] 
    [resethosts] 
    [emptytemp] 
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS] 
    [Reboot]
  • Then click the Run Fix button at the top.
  • Let the program run unhindered, reboot the PC when it is done.

  • Open OTL to run it. (Vista users, right click on OTL and "Run as administrator").
  • Close all other programs apart from OTL as this step will require a reboot.
  • On the OTL main screen, press the CLEANUP button.
  • Say Yes to the prompt and then allow the program to reboot your computer
Note: If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.


Updates

Windows Update - This site is a Microsoft site that will scan your computer for any patches or updates that are missing from your computer. You should check this website regularly to keep windows up to date. This will ensure your computer has all of the latest security updates installed on your computer and is secure from any known security holes. Windows Updates are constantly being revised to combat the newest hacks and threats.
It is best if you have these set to download automatically.

How to turn on Automatic Updates:

  • Click on Start.
  • Right-click My Computer.
  • Select Properties.
  • Click on the Automatic Updates Tab.
  • Place a checkmark in the circle next to Automatic (recommended) near the green shield.
  • Click Apply > OK.

Posted Image
Adobe Reader - Your version of Adobe Reader is outdated. It's important to keep Adobe Reader updated because many security problems are fixed with updates.

How to check for Adobe Reader updates:

  • Open Adobe Reader.
  • On the menu bar click on Help then Check For Updates.
  • The program will then tell you if updates are available.

Make sure you have the latest Adobe Flash Player (11.1.102.55) and Adobe Shockwave Player (11.6.3.633) so you can view all of the latest content on websites.


Make Internet Explorer more secure

  • Click Start > Run.
  • Type Inetcpl.cpl & click OK.
  • Click on the Security tab.
  • Click Reset all zones to default level.
  • Make sure the Internet Zone is selected & Click Custom level.
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

Recommended Programs

Make sure you update your security programs regularly so they know about new infections so they can protect your computer against them.
Here are a list of programs/tools that I like to recommend to users to reduce the risk of infection in the future:



Anti-Spyware Programs

MBAM - MalwareBytes Anti Malware is an excellent tool program to detect and get rid of malware. This program should be updated and run often.

SpywareBlaster - Prevents spyware from installing on your system and stops you from getting infected It protects against bad ActiveX and immunizes your PC against them.

SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place. It offers realtime protection from spyware installation attempts.
Note: Make sure you are only running one real-time anti-spyware protection program (eg: TeaTimer, Windows Defender) or there will be a conflict.


Alternate Browsers

Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up blocker (as an added benefit!) that I have ever seen. Hijackers like to attack Internet Explorer more than FireFox. If you are interested, Firefox may be downloaded from here.

Add-ons

NoScript - Blocks ads and other potential website attacks.

AdBlockPlus - Adblock Plus gets rid of ads and banners on the internet.

DrWeb Anti-Virus Link Checker - Allows you to check any file you are about to download, any page you are about to visit with online version of Dr.Web anti-virus.

Other browsers include:

Google Chrome
Safari
Opera


Other Programs

WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
Green to go.
Yellow for caution.
Red to stop.
WOT has an addon available for both Firefox and IE.


ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.


IE-SpyAd - Puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all. It prevents Cookies etc from downloading, from these websites, onto your computer.


MVPS Hosts File replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.


FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.


Google Toolbar - Get the free google toolbar to help stop pop ups.


Finally...

Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

To learn more about how to protect yourself while on the internet read this article by Tony Klein: So how did I get infected in the first place?

Please respond one last time so we can consider the thread resolved and close it, thank-you.
Good luck and stay safe!!! :thumbsup:
  • 0

#14
Lorenzo Baltazar Perez

Lorenzo Baltazar Perez

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
Thank you once again. The system seems to be back to normal. i have added ESET Smart Security to the PC. It adds Anti-Virus and a Firewall. I have also installed Spayware Blaster. I have instructed my sister to keep away from Internet Explorer and to use Chrome or Firefox. A backup has been created as well as a weekly backup schedule. All OS updates have been installed. Thank you for all your help. We can consider this issue closed.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP