Here is Rkreport 1
RogueKiller V6.2.0 [12/12/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback:
http://www.geekstogo...13-roguekiller/Blog:
http://tigzyrk.blogspot.comOperating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User: Lil Miss Cris [Admin rights]
Mode: Remove -- Date : 12/20/2011 15:23:06
¤¤¤ Bad processes: 0 ¤¤¤
¤¤¤ Registry Entries: 5 ¤¤¤
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver: [LOADED] ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
::1 localhost
¤¤¤ MBR Check: ¤¤¤
--- User ---
[MBR] cf81fe8ff14eabb551a0619e2ab407e9
[BSP] 6dcd7dfb57a43d79b9bad5cc99f31bd2 : MBR Code unknown
Partition table:
0 - [ACTIVE] NTFS [VISIBLE] Offset (sectors): 63 | Size: 11753 Mo
1 - [XXXXXX] UNKNW [VISIBLE] Offset (sectors): 22956885 | Size: 308308 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
Finished : << RKreport[1].txt >>
RKreport[1].txt
Rkreport 2:
RogueKiller V6.2.0 [12/12/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback:
http://www.geekstogo...13-roguekiller/Blog:
http://tigzyrk.blogspot.comOperating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User: Lil Miss Cris [Admin rights]
Mode: Shortcuts HJfix -- Date : 12/20/2011 15:24:52
¤¤¤ Bad processes: 0 ¤¤¤
¤¤¤ Driver: [LOADED] ¤¤¤
¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 46 / Fail 0
Quick launch: Success 8 / Fail 0
Programs: Success 8 / Fail 0
Start menu: Success 32 / Fail 0
User folder: Success 5867 / Fail 0
My documents: Success 45 / Fail 0
My favorites: Success 4 / Fail 0
My pictures: Success 19 / Fail 0
My music: Success 1074 / Fail 0
My videos: Success 2 / Fail 0
Local drives: Success 28287 / Fail 0
Backup: [FOUND] Success 23 / Fail 1
Drives:
[C:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[D:] \Device\HarddiskVolume1 -- 0x3 --> Restored
[E:] \Device\HarddiskVolume3 -- 0x3 --> Restored
[F:] \Device\CdRom0 -- 0x5 --> Skipped
[G:] \Device\HarddiskVolume5 -- 0x2 --> Restored
[H:] \Device\HarddiskVolume9 -- 0x2 --> Restored
[J:] \Device\HarddiskVolume4 -- 0x3 --> Restored
[K:] \Device\HarddiskVolume6 -- 0x2 --> Restored
[L:] \Device\HarddiskVolume7 -- 0x2 --> Restored
[N:] \Device\HarddiskVolume8 -- 0x2 --> Restored
¤¤¤ Infection : Rogue.FakeHDD ¤¤¤
Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt
OTL log from today:
OTL logfile created on: 12/20/2011 3:49:41 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = c:\Users\Lil Miss Cris\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.87 Gb Total Physical Memory | 1.83 Gb Available Physical Memory | 63.68% Memory free
5.95 Gb Paging File | 5.03 Gb Available in Paging File | 84.59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 48.83 Gb Total Space | 12.67 Gb Free Space | 25.95% Space Free | Partition Type: NTFS
Drive D: | 10.95 Gb Total Space | 5.20 Gb Free Space | 47.54% Space Free | Partition Type: NTFS
Drive E: | 238.31 Gb Total Space | 237.86 Gb Free Space | 99.81% Space Free | Partition Type: NTFS
Drive H: | 3.74 Gb Total Space | 3.72 Gb Free Space | 99.56% Space Free | Partition Type: FAT32
Drive J: | 698.64 Gb Total Space | 626.44 Gb Free Space | 89.67% Space Free | Partition Type: NTFS
Computer Name: STUDIOMIXER | User Name: Lil Miss Cris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ========== PRC - [2011/12/16 18:47:23 | 000,584,192 | ---- | M] (OldTimer Tools) -- c:\Users\Lil Miss Cris\Downloads\OTL.exe
PRC - [2011/12/07 03:16:29 | 001,047,096 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2009/09/23 16:45:50 | 001,287,176 | ---- | M] (Panda Security) -- C:\Program Files\Panda USB Vaccine\USBVaccine.exe
PRC - [2009/04/10 22:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/20 18:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/04/13 07:49:00 | 000,101,528 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
PRC - [2007/04/03 17:50:00 | 001,603,152 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2007/03/12 12:49:46 | 001,209,904 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2007/03/12 12:49:26 | 000,153,136 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2007/02/04 12:02:14 | 000,079,400 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
========== Modules (No Company Name) ========== MOD - [2011/12/07 03:16:28 | 000,411,192 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\16.0.912.63\ppgooglenaclpluginchrome.dll
MOD - [2011/12/07 03:16:27 | 003,767,864 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\16.0.912.63\pdf.dll
MOD - [2011/12/07 03:14:56 | 000,122,952 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\16.0.912.63\avutil-51.dll
MOD - [2011/12/07 03:14:55 | 000,222,280 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\16.0.912.63\avformat-53.dll
MOD - [2011/12/07 03:14:53 | 001,746,504 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\16.0.912.63\avcodec-53.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
========== Win32 Services (SafeList) ========== SRV - [2009/08/24 03:36:45 | 000,377,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2008/01/20 18:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/04/13 07:49:00 | 000,101,528 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
========== Driver Services (SafeList) ========== DRV - [2009/04/10 20:45:24 | 000,113,664 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST) RMCAST (Pgm)
DRV - [2009/04/10 20:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2008/01/20 18:23:02 | 004,422,560 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/02/08 05:45:14 | 000,029,184 | ---- | M] (Thesycon GmbH, Germany) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dsiarhwprog.sys -- (dsiarhwprog)
DRV - [2006/11/01 23:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm60x32.sys -- (NVENETFD)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2413653160-3667274055-3905884914-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache =
http://www.msn.com/?ocid=iehpIE - HKU\S-1-5-21-2413653160-3667274055-3905884914-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-2413653160-3667274055-3905884914-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A8 6A 92 EF 65 B2 CC 01 [binary data]
IE - HKU\S-1-5-21-2413653160-3667274055-3905884914-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2413653160-3667274055-3905884914-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2413653160-3667274055-3905884914-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ========== FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.2.20100127023632
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.3.0.7280
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: J:\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: J:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: J:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/10 20:03:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/08/07 15:59:46 | 000,000,000 | ---D | M]
[2009/12/25 01:13:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lil Miss Cris\AppData\Roaming\Mozilla\Extensions
[2011/07/23 14:30:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lil Miss Cris\AppData\Roaming\Mozilla\Firefox\Profiles\hda294n5.default\extensions
[2011/01/02 14:02:32 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Lil Miss Cris\AppData\Roaming\Mozilla\Firefox\Profiles\hda294n5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/11/10 20:04:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/05/29 11:01:13 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011/11/10 20:03:59 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/09/17 12:05:54 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/10 20:03:59 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
========== Chrome ========== CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Acrobat 6.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Veetle TV Player (Enabled) = J:\Program Files\Veetle\Player\npvlc.dll
CHR - plugin: Veetle TV Core (Enabled) = J:\Program Files\Veetle\plugins\npVeetle.dll
CHR - plugin: iTunes Application Detector (Enabled) = J:\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Lil Miss Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.2_0\
CHR - Extension: Google Search = C:\Users\Lil Miss Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: Gmail = C:\Users\Lil Miss Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.4_0\
O1 HOSTS File: ([2011/12/20 15:29:29 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [WD Button Manager] WDBtnMgr.exe (Western Digital Technologies, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2413653160-3667274055-3905884914-1001..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7E5FA66A-61AA-4F80-A05B-F1F94AC5CCCB}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img16.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img16.jpg
O29 - HKLM SecurityProviders - (credssp.dll) -credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 13:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2004/04/30 16:01:00 | 000,000,053 | --S- | M] () - D:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2011/12/20 15:18:42 | 000,000,016 | -H-- | M] () - H:\AUTORUN.INF -- [ FAT32 ]
O32 - AutoRun File - [2007/05/31 14:17:24 | 000,000,118 | ---- | M] () - J:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{0806cf72-219e-11e0-b571-001e901d1ea9}\Shell\AutoRun\command - "" = H:\setupSNK.exe
O33 - MountPoints2\{20684e39-4d9f-11e0-8623-001e901d1ea9}\Shell - "" = AutoRun
O33 - MountPoints2\{20684e39-4d9f-11e0-8623-001e901d1ea9}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- [2007/10/23 09:45:40 | 001,336,632 | R--- | M] ()
O33 - MountPoints2\{455c5315-b567-11e0-8c14-001e901d1ea9}\Shell - "" = AutoRun
O33 - MountPoints2\{455c5315-b567-11e0-8c14-001e901d1ea9}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- [2007/10/23 09:45:40 | 001,336,632 | R--- | M] ()
O33 - MountPoints2\{59b730f3-c8ce-11df-8259-001e901d1ea9}\Shell - "" = AutoRun
O33 - MountPoints2\{59b730f3-c8ce-11df-8259-001e901d1ea9}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- [2007/10/23 09:45:40 | 001,336,632 | R--- | M] ()
O33 - MountPoints2\{a084ff92-5e61-11e0-91ce-001e901d1ea9}\Shell - "" = AutoRun
O33 - MountPoints2\{a084ff92-5e61-11e0-91ce-001e901d1ea9}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- [2007/10/23 09:45:40 | 001,336,632 | R--- | M] ()
O33 - MountPoints2\L\Shell\AutoRun\command - "" = .\Encryption Tool\MaxtorEncryption.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ========== [2011/12/20 15:29:29 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/12/20 15:23:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011/12/20 15:23:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/12/20 15:22:24 | 000,000,000 | ---D | C] -- C:\Users\Lil Miss Cris\Desktop\RK_Quarantine
[2011/12/20 15:16:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security
[2011/12/20 15:15:49 | 000,000,000 | ---D | C] -- C:\Program Files\Panda USB Vaccine
[2011/12/20 15:15:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
[2011/12/20 15:14:29 | 000,848,856 | ---- | C] (Panda Security ) -- C:\Users\Lil Miss Cris\Desktop\USBVaccineSetup.exe
[2011/12/20 11:35:16 | 000,029,184 | ---- | C] (Thesycon GmbH, Germany) -- C:\Windows\System32\drivers\dsiarhwprog.sys
[2011/12/20 11:31:10 | 000,000,000 | ---D | C] -- C:\Users\Lil Miss Cris\Documents\Datel
[2011/12/16 17:00:23 | 000,000,000 | ---D | C] -- C:\Users\Lil Miss Cris\AppData\Roaming\Malwarebytes
[2011/12/16 17:00:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/16 17:00:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/12/16 17:00:12 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/12/16 17:00:12 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
========== Files - Modified Within 30 Days ========== [2011/12/20 15:50:00 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{52BAFC85-B3A5-4F27-849C-72DB237A68CA}.job
[2011/12/20 15:50:00 | 000,000,414 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{A8A0AF40-97F1-4991-8E48-D5E60E12942B}.job
[2011/12/20 15:44:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/20 15:36:25 | 000,604,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/12/20 15:36:25 | 000,103,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/20 15:32:01 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/20 15:30:51 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2011/12/20 15:30:42 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/20 15:30:42 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/20 15:30:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/20 15:30:35 | 3085,426,688 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/20 15:29:29 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/12/17 18:53:51 | 000,000,512 | ---- | M] () -- C:\Users\Lil Miss Cris\Desktop\MBR.dat
[2011/12/16 17:00:15 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/15 18:03:25 | 000,318,624 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/12/14 00:14:28 | 000,000,625 | ---- | M] () -- C:\Users\Lil Miss Cris\Application Data\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk
[2011/12/04 02:01:42 | 000,000,000 | ---- | M] () -- C:\Users\Lil Miss Cris\AppData\Local\{102DD751-A98C-4407-88AC-2E5F7DF905EE}
========== Files Created - No Company Name ========== [2011/12/20 15:23:17 | 000,002,519 | ---- | C] () -- C:\Users\Public\Desktop\Nero StartSmart.lnk
[2011/12/20 15:23:17 | 000,002,419 | ---- | C] () -- C:\Users\Public\Desktop\Nero Home.lnk
[2011/12/20 15:23:17 | 000,002,114 | ---- | C] () -- C:\Users\Public\Desktop\MP470 series On-screen Manual.lnk
[2011/12/20 15:23:17 | 000,001,971 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/12/20 15:23:17 | 000,001,955 | ---- | C] () -- C:\Users\Lil Miss Cris\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/12/20 15:23:17 | 000,001,898 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Acrobat 6.0 Professional.lnk
[2011/12/20 15:23:17 | 000,001,878 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/12/20 15:23:17 | 000,001,876 | ---- | C] () -- C:\Users\Public\Desktop\MP Navigator EX 1.0.lnk
[2011/12/20 15:23:17 | 000,001,874 | ---- | C] () -- C:\Users\Public\Desktop\Easy-PhotoPrint EX.lnk
[2011/12/20 15:23:17 | 000,001,843 | ---- | C] () -- C:\Users\Public\Desktop\Canon MP470 series User Registration.LNK
[2011/12/20 15:23:17 | 000,001,820 | ---- | C] () -- C:\Users\Public\Desktop\Canon Solution Menu.lnk
[2011/12/20 15:23:17 | 000,001,784 | ---- | C] () -- C:\Users\Public\Desktop\My Printer.lnk
[2011/12/20 15:23:17 | 000,001,726 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/12/20 15:23:17 | 000,001,406 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/12/20 15:23:17 | 000,000,943 | ---- | C] () -- C:\Users\Lil Miss Cris\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/12/20 15:23:17 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/20 15:23:17 | 000,000,870 | ---- | C] () -- C:\Users\Lil Miss Cris\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/12/20 15:23:17 | 000,000,846 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/12/20 15:23:17 | 000,000,595 | ---- | C] () -- C:\Users\Lil Miss Cris\Application Data\Microsoft\Internet Explorer\Quick Launch\MP3 Rocket 6.0.6.lnk
[2011/12/20 15:23:17 | 000,000,258 | ---- | C] () -- C:\Users\Lil Miss Cris\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2011/12/20 15:23:17 | 000,000,240 | ---- | C] () -- C:\Users\Lil Miss Cris\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2011/12/17 18:53:51 | 000,000,512 | ---- | C] () -- C:\Users\Lil Miss Cris\Desktop\MBR.dat
[2011/12/16 19:58:53 | 3085,426,688 | -HS- | C] () -- C:\hiberfil.sys
[2011/12/14 00:28:53 | 000,000,625 | ---- | C] () -- C:\Users\Lil Miss Cris\Application Data\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk
[2011/12/06 18:30:32 | 000,065,536 | ---- | C] () -- C:\Windows\System32\Ikeext.etl
[2011/12/04 02:01:17 | 000,000,000 | ---- | C] () -- C:\Users\Lil Miss Cris\AppData\Local\{102DD751-A98C-4407-88AC-2E5F7DF905EE}
[2011/04/17 09:14:42 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/12/26 13:23:36 | 000,000,059 | -H-- | C] () -- C:\Windows\popcinfo.dat
[2010/09/27 17:05:59 | 000,002,573 | ---- | C] () -- C:\Windows\Wavemix.ini
[2010/09/27 17:05:59 | 000,000,011 | ---- | C] () -- C:\Windows\Typeinst.ini
[2010/02/14 09:20:49 | 000,029,184 | -H-- | C] () -- C:\Users\Lil Miss Cris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/31 13:17:23 | 000,000,412 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2009/09/10 22:51:39 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/10 22:51:39 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2008/09/28 20:05:33 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/09/28 16:11:11 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2006/11/02 04:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 04:47:37 | 000,318,624 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 04:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:33:01 | 000,604,264 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 02:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 02:33:01 | 000,103,964 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 02:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 02:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 00:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 00:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/01 23:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/01 23:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
========== LOP Check ========== [2010/01/31 13:19:34 | 000,000,000 | ---D | M] -- C:\Users\Lil Miss Cris\AppData\Roaming\Canon
[2010/12/27 22:16:23 | 000,000,000 | ---D | M] -- C:\Users\Lil Miss Cris\AppData\Roaming\iWin
[2011/10/22 10:26:01 | 000,000,000 | ---D | M] -- C:\Users\Lil Miss Cris\AppData\Roaming\MP3Rocket
[2010/12/26 13:42:12 | 000,000,000 | ---D | M] -- C:\Users\Lil Miss Cris\AppData\Roaming\PlayFirst
[2010/01/31 13:17:14 | 000,000,000 | ---D | M] -- C:\Users\Lil Miss Cris\AppData\Roaming\ScanSoft
[2011/12/20 15:29:47 | 000,032,542 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/12/20 15:50:00 | 000,000,424 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{52BAFC85-B3A5-4F27-849C-72DB237A68CA}.job
[2011/12/20 15:50:00 | 000,000,414 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{A8A0AF40-97F1-4991-8E48-D5E60E12942B}.job
========== Purity Check ========== < End of report >
and the last log (OTL Fix), after applying the fix and rebooting no log appeared. I searched for it but could not find one. I did find this other log with today's date in a folder named files moved:
========== OTL ==========
Prefs.js: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 removed from extensions.enabledItems
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{706cec47-12f6-11e0-9af8-001e901d1ea9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{706cec47-12f6-11e0-9af8-001e901d1ea9}\ not found.
File M:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\update.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{706cec47-12f6-11e0-9af8-001e901d1ea9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{706cec47-12f6-11e0-9af8-001e901d1ea9}\ not found.
File M:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\update.exe not found.
C:\Users\Lil Miss Cris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Fix folder moved successfully.
C:\Users\Lil Miss Cris\Application Data\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk moved successfully.
C:\ProgramData\~Ckb8xpN5bkZOGw moved successfully.
C:\ProgramData\~Ckb8xpN5bkZOGwr moved successfully.
C:\ProgramData\Ckb8xpN5bkZOGw moved successfully.
C:\Users\Lil Miss Cris\Desktop\System Fix.lnk moved successfully.
C:\Users\Lil Miss Cris\AppData\Local\BIT5C05.tmp deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
c:\Users\Lil Miss Cris\Downloads\cmd.bat deleted successfully.
c:\Users\Lil Miss Cris\Downloads\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C >0 File(s) copied
c:\Users\Lil Miss Cris\Downloads\cmd.bat deleted successfully.
c:\Users\Lil Miss Cris\Downloads\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C >C:\Users\LILMIS~1\AppData\Local\Temp\smtmp\2\desktop.ini
C:\Users\LILMIS~1\AppData\Local\Temp\smtmp\2\Google Chrome.lnk
C:\Users\LILMIS~1\AppData\Local\Temp\smtmp\2\Launch Internet Explorer Browser.lnk
C:\Users\LILMIS~1\AppData\Local\Temp\smtmp\2\Mozilla Firefox.lnk
C:\Users\LILMIS~1\AppData\Local\Temp\smtmp\2\MP3 Rocket 6.0.6.lnk
C:\Users\LILMIS~1\AppData\Local\Temp\smtmp\2\Shows Desktop.lnk
C:\Users\LILMIS~1\AppData\Local\Temp\smtmp\2\System Fix.lnk
C:\Users\LILMIS~1\AppData\Local\Temp\smtmp\2\Window Switcher.lnk
8 File(s) copied
c:\Users\Lil Miss Cris\Downloads\cmd.bat deleted successfully.
c:\Users\Lil Miss Cris\Downloads\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C >0 File(s) copied
c:\Users\Lil Miss Cris\Downloads\cmd.bat deleted successfully.
c:\Users\Lil Miss Cris\Downloads\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C >0 File(s) copied
c:\Users\Lil Miss Cris\Downloads\cmd.bat deleted successfully.
c:\Users\Lil Miss Cris\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYFLASH]
User: All Users
User: Default
->Flash cache emptied: 56502 bytes
User: Default User
->Flash cache emptied: 0 bytes
User: Lil Miss Cris
->Flash cache emptied: 115328 bytes
User: Public
Total Flash Files Cleaned = 0.00 mb
OTL by OldTimer - Version 3.2.31.0 log created on 12202011_152929
Let me know if I did something wrong, or if I need to rerun the fix. Thanks.