How is the computer behaving now, any problems ?
Malware removal help - W32.Blaster.Worm [Closed] [Solved]
#31
Posted 27 January 2012 - 12:35 PM
How is the computer behaving now, any problems ?
#32
Posted 27 January 2012 - 04:10 PM
Edited by LArnett, 27 January 2012 - 04:12 PM.
#33
Posted 27 January 2012 - 04:33 PM
Download the Eset removal tool to your desktop
Reboot to safe mode then run the tool
Download Avast from here Direct link to your desktop and install
I have previously given set up instructions here post 68
Let me know when you are done and happy and I will then remove my tools
#34
Posted 29 January 2012 - 12:43 PM
I already right clicked on the background and went to properties and selected restore to default and made sure all the icons were available but nothing. I also read that sometimes you need a restart but still nothing.
#35
Posted 29 January 2012 - 12:52 PM
Download RogueKiller to your desktop
- Quit all running programs
- run RogueKiller.exe
- When prompted, type 2 and press enter
- The RKreport[1].txt shall be generated next to the executable.
- Press a key to continue
- When prompted, type 6 and press enter
- The RKreport[2].txt shall be generated next to the executable.
- Press a key to continue
- When prompted, type 0 and press enter to quit
- If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
#36
Posted 29 January 2012 - 04:07 PM
Mary Kay
RogueKiller V6.2.4 [01/12/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Mary Kay [Admin rights]
Mode: Remove -- Date : 01/29/2012 16:04:12
¤¤¤ Bad processes: 0 ¤¤¤
¤¤¤ Registry Entries: 4 ¤¤¤
[SUSP PATH] HKCU\[...]\Run : Security Protection (C:\Documents and Settings\All Users\Application Data\defender.exe) -> DELETED
[PROXY IE] HKCU\[...]\Internet Settings : ProxyEnable (1) -> NOT REMOVED, USE PROXYFIX
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (hxxp127.0.0.1:5555) -> NOT REMOVED, USE PROXYFIX
[DNS] HKLM\[...]\ControlSet003\Parameters\Interfaces\{42AAA1A2-A41E-4C6B-BC89-B07492D6ECB3} : NameServer (93.188.162.149,93.188.160.29) -> NOT REMOVED, USE DNSFIX
¤¤¤ Particular Files / Folders: ¤¤¤
[FOLDER] plugs : c:\documents and settings\mary kay\application data\adobe\plugs --> REMOVED
[FILE] thr1.chm : c:\documents and settings\mary kay\application data\adobe\shed\thr1.chm --> REMOVED
[FOLDER] shed : c:\documents and settings\mary kay\application data\adobe\shed --> REMOVED
¤¤¤ Driver: [LOADED] ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: +++++
--- User ---
[MBR] 3dc4aaf7b36b9be8d1d1084187128be4
[BSP] b72667633f4c7c2babf1970635a88ab8 : MBR Code unknown
Partition table:
0 - [XXXXXX] FAT16 [HIDDEN!] Offset (sectors): 63 | Size: 32 Mo
1 - [ACTIVE] NTFS [VISIBLE] Offset (sectors): 64260 | Size: 36553 Mo
2 - [XXXXXX] FAT32 [HIDDEN!] Offset (sectors): 71457120 | Size: 3405 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: +++++
--- User ---
[MBR] 7958267ce3edacd504a037c60a44c77d
[BSP] 33a07a59d299ab4ea9f4ab0156f9d86f : Windows XP MBR Code
Partition table:
0 - [XXXXXX] FAT16 [VISIBLE] Offset (sectors): 32 | Size: 1006 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
Finished : << RKreport[1].txt >>
RKreport[1].txt
Mary Kay1
RogueKiller V6.2.4 [01/12/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Mary Kay [Admin rights]
Mode: Shortcuts HJfix -- Date : 01/29/2012 16:10:29
¤¤¤ Bad processes: 0 ¤¤¤
¤¤¤ Driver: [LOADED] ¤¤¤
¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 0 / Fail 0
Quick launch: Success 0 / Fail 0
Programs: Success 272 / Fail 0
Start menu: Success 0 / Fail 0
User folder: Success 66 / Fail 0
My documents: Success 4 / Fail 0
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 0 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 1544 / Fail 0
Backup: [NOT FOUND]
Drives:
[A:] \Device\Floppy0 -- 0x2 --> Skipped
[C:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[D:] \Device\CdRom0 -- 0x5 --> Skipped
[E:] \Device\Harddisk1\DP(1)0-0+5 -- 0x2 --> Restored
¤¤¤ Infection : ¤¤¤
Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt
user Ricky
RogueKiller V6.2.4 [01/12/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Ricky [Admin rights]
Mode: Remove -- Date : 01/29/2012 16:41:24
¤¤¤ Bad processes: 0 ¤¤¤
¤¤¤ Registry Entries: 1 ¤¤¤
[DNS] HKLM\[...]\ControlSet003\Parameters\Interfaces\{42AAA1A2-A41E-4C6B-BC89-B07492D6ECB3} : NameServer (93.188.162.149,93.188.160.29) -> NOT REMOVED, USE DNSFIX
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver: [LOADED] ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: +++++
--- User ---
[MBR] 3dc4aaf7b36b9be8d1d1084187128be4
[BSP] b72667633f4c7c2babf1970635a88ab8 : MBR Code unknown
Partition table:
0 - [XXXXXX] FAT16 [HIDDEN!] Offset (sectors): 63 | Size: 32 Mo
1 - [ACTIVE] NTFS [VISIBLE] Offset (sectors): 64260 | Size: 36553 Mo
2 - [XXXXXX] FAT32 [HIDDEN!] Offset (sectors): 71457120 | Size: 3405 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: +++++
--- User ---
[MBR] 7958267ce3edacd504a037c60a44c77d
[BSP] 33a07a59d299ab4ea9f4ab0156f9d86f : Windows XP MBR Code
Partition table:
0 - [XXXXXX] FAT16 [VISIBLE] Offset (sectors): 32 | Size: 1006 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
Finished : << RKreport[1].txt >>
RKreport[1].txt
User Ricky1
RogueKiller V6.2.4 [01/12/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Ricky [Admin rights]
Mode: Shortcuts HJfix -- Date : 01/29/2012 16:45:55
¤¤¤ Bad processes: 0 ¤¤¤
¤¤¤ Driver: [LOADED] ¤¤¤
¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 0 / Fail 0
Quick launch: Success 0 / Fail 0
Programs: Success 0 / Fail 0
Start menu: Success 0 / Fail 0
User folder: Success 8 / Fail 0
My documents: Success 0 / Fail 0
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 0 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 3 / Fail 0
Backup: [NOT FOUND]
Drives:
[A:] \Device\Floppy0 -- 0x2 --> Skipped
[C:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[D:] \Device\CdRom0 -- 0x5 --> Skipped
[E:] \Device\Harddisk1\DP(1)0-0+5 -- 0x2 --> Restored
¤¤¤ Infection : ¤¤¤
Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt
Attached Files
#37
Posted 29 January 2012 - 04:13 PM
What I will need now is an OTL run for each user... To make it easy we will do one at a time - your choice as to which is first
Just run a quick scan on each
#38
Posted 29 January 2012 - 10:01 PM
here are the results from the OTL ran on Mary Kay profile
OTL logfile created on: 1/29/2012 10:34:54 PM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Mary Kay\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
503.00 Mb Total Physical Memory | 272.28 Mb Available Physical Memory | 54.13% Memory free
4.37 Gb Paging File | 4.18 Gb Available in Paging File | 95.79% Paging File free
Paging file location(s): C:\pagefile.sys 4000 4025 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34.04 Gb Total Space | 5.22 Gb Free Space | 15.33% Space Free | Partition Type: NTFS
Drive E: | 959.22 Mb Total Space | 621.31 Mb Free Space | 64.77% Space Free | Partition Type: FAT
Computer Name: FAMILY | User Name: Mary Kay | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/01/11 11:17:58 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mary Kay\Desktop\OTL.exe
PRC - [2011/11/28 13:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/11/28 13:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
========== Modules (No Company Name) ==========
MOD - [2012/01/29 04:13:42 | 001,687,552 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12012900\algo.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/11/28 13:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009/09/11 07:24:32 | 000,735,960 | ---- | M] () [Auto | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
========== Driver Services (SafeList) ==========
DRV - [2012/01/26 21:05:35 | 000,011,264 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\uzixmtcw.sys -- (uzixmtcw)
DRV - [2012/01/21 20:48:23 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/11/28 12:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/11/28 12:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/11/28 12:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/11/28 12:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/11/28 12:52:02 | 000,111,320 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/11/28 12:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/11/28 12:48:49 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/09/11 07:26:26 | 000,096,408 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2009/09/11 07:23:50 | 000,108,792 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009/09/11 07:17:16 | 000,116,008 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2008/06/18 10:49:16 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2005/07/14 07:28:30 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2004/09/17 14:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2004/06/16 03:52:40 | 000,061,157 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53)
DRV - [2004/03/06 04:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52)
DRV - [2004/03/06 04:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51)
DRV - [2004/03/06 04:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt)
DRV - [2003/07/15 21:20:46 | 000,043,136 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2003/01/10 16:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2002/11/08 19:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/mywaybiz
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/mywaybiz
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2379642614-4113044259-601262879-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-2379642614-4113044259-601262879-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-2379642614-4113044259-601262879-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...q={searchTerms}
IE - HKU\S-1-5-21-2379642614-4113044259-601262879-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-2379642614-4113044259-601262879-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-2379642614-4113044259-601262879-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/npracplug;version=1.0.0.0: C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dll (RealNetworks)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\FireFox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/01/29 13:31:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/08/24 19:45:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/27 14:25:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2012/01/27 17:12:54 | 000,000,000 | ---D | M]
[2010/06/25 21:48:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mary Kay\Application Data\Mozilla\Extensions
[2011/08/26 18:32:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mary Kay\Application Data\Mozilla\Firefox\Profiles\ka9birrs.default\extensions
[2010/09/19 17:55:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Mary Kay\Application Data\Mozilla\Firefox\Profiles\ka9birrs.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/06/25 21:48:49 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Mary Kay\Application Data\Mozilla\Firefox\Profiles\ka9birrs.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/07/17 18:02:48 | 000,002,476 | ---- | M] () -- C:\Documents and Settings\Mary Kay\Application Data\Mozilla\Firefox\Profiles\ka9birrs.default\searchplugins\BearShareWebSearch.xml
[2012/01/28 12:40:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2007/12/17 19:24:03 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/07/30 02:53:04 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
O1 HOSTS File: ([2012/01/23 22:42:37 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - Software - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKU\S-1-5-21-2379642614-4113044259-601262879-1006\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-2379642614-4113044259-601262879-1006\..\Toolbar\ShellBrowser: (no name) - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - No CLSID value found.
O3 - HKU\S-1-5-21-2379642614-4113044259-601262879-1006\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\S-1-5-21-2379642614-4113044259-601262879-1006\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\S-1-5-21-2379642614-4113044259-601262879-1006\..\Toolbar\WebBrowser: (no name) - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - No CLSID value found.
O3 - HKU\S-1-5-21-2379642614-4113044259-601262879-1006\..\Toolbar\WebBrowser: (no name) - {7EFBC57C-CD57-481F-B794-648FCE9C9116} - No CLSID value found.
O3 - HKU\S-1-5-21-2379642614-4113044259-601262879-1006\..\Toolbar\WebBrowser: (no name) - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - No CLSID value found.
O3 - HKU\S-1-5-21-2379642614-4113044259-601262879-1006\..\Toolbar\WebBrowser: (no name) - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - No CLSID value found.
O3 - HKU\S-1-5-21-2379642614-4113044259-601262879-1006\..\Toolbar\WebBrowser: (no name) - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - No CLSID value found.
O3 - HKU\S-1-5-21-2379642614-4113044259-601262879-1006\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Blubster] C:\Program Files\Blubster\Blubster.exe SILENT File not found
O4 - HKU\S-1-5-21-2379642614-4113044259-601262879-1006..\Run: [slide.exe] c:\progra~1\slide\slide.exe File not found
O4 - Startup: C:\Documents and Settings\Ricky\Start Menu\Programs\Startup\Skype.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2379642614-4113044259-601262879-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2379642614-4113044259-601262879-1006\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-2379642614-4113044259-601262879-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {2DFF31F9-7893-4922-AF66-C9A1EB4EBB31} http://forms.real.co...ne_Inst_Win.cab (Reg Error: Key error.)
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} http://asp.mathxl.co...GenXInstall.cab (TTestGenXInstallObject)
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} http://disney.go.com...OnlineGames.cab (Disney Online Games ActiveX Control)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo.walgree...eensActivia.cab (Snapfish Activia)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} http://asp.mathxl.co...nstallAsst2.cab (Pearson Installation Assistant 2)
O16 - DPF: {B3E32D88-8E7F-468F-B0E2-3A300FD4A82C} http://myitlab.pears...ces/ax/stub.cab (Enlite 2.x Simulation Engine Installer)
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} http://ak.imgag.com/...tall/AxCtp2.cab (Create & Print ActiveX Plug-in)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} http://asp.mathxl.co.../MathPlayer.cab (Pearson MathXL Player)
O16 - DPF: ActiveGS.cab http://www.virtualapple.org/gs.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 74.128.17.114
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{42AAA1A2-A41E-4C6B-BC89-B07492D6ECB3}: DhcpNameServer = 192.168.1.1 74.128.17.114
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{42AAA1A2-A41E-4C6B-BC89-B07492D6ECB3}: NameServer = 93.188.162.149,93.188.160.29
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Mary Kay\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Mary Kay\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 13:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/10/28 13:21:56 | 000,000,794 | ---- | M] () - E:\Autorun.inf -- [ FAT ]
O32 - AutoRun File - [2007/03/12 23:50:16 | 000,362,264 | ---- | M] (Ceedo Technologies Ltd.) - E:\AutoDetect.exe -- [ FAT ]
O33 - MountPoints2\{4367ab0c-3768-11de-b5a4-00038a000015}\Shell\AutoRun\command - "" = E:\.\MigWiz\migsetup.exe
O33 - MountPoints2\{fa1badeb-206d-11dd-b56a-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{fa1badeb-206d-11dd-b56a-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{fa1badeb-206d-11dd-b56a-00038a000015}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2012/01/29 22:31:39 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mary Kay\Desktop\OTL.exe
[2012/01/29 13:32:17 | 000,020,568 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012/01/29 13:32:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2012/01/29 13:32:16 | 000,314,456 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012/01/29 13:32:11 | 000,034,392 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012/01/29 13:32:09 | 000,435,032 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012/01/29 13:32:09 | 000,052,952 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012/01/29 13:32:07 | 000,111,320 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012/01/29 13:32:07 | 000,105,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012/01/29 13:32:07 | 000,030,808 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012/01/29 13:31:43 | 000,041,184 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012/01/29 13:31:42 | 000,199,816 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2012/01/29 13:31:26 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/01/29 13:31:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/01/27 14:33:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2012/01/27 11:07:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2012/01/27 11:07:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2012/01/27 11:07:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2012/01/27 11:07:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2012/01/27 10:55:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2012/01/27 10:55:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\EHome
[2012/01/23 22:55:17 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/01/23 22:52:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012/01/22 01:10:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2012/01/21 23:49:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2012/01/21 23:28:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2012/01/21 23:22:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/01/21 20:52:32 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/01/21 20:52:32 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/01/21 20:52:32 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/01/21 20:52:32 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/01/21 17:33:53 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/01/21 17:30:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/01/20 11:23:05 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/01/16 18:31:12 | 000,000,000 | R-SD | C] -- C:\cmdcons
[2012/01/16 14:30:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/01/16 14:30:06 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/09 20:21:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2009/02/16 18:25:01 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/01/29 22:28:11 | 000,492,506 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/01/29 22:28:11 | 000,090,526 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/01/29 22:21:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/29 22:21:19 | 527,503,360 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/29 13:57:50 | 000,007,037 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Global.sw2
[2012/01/29 13:48:13 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/01/29 13:32:17 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2012/01/28 20:05:52 | 000,353,768 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/01/28 17:38:33 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/01/27 14:34:48 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2012/01/27 14:34:35 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/27 11:00:51 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2012/01/26 21:05:35 | 000,011,264 | ---- | M] () -- C:\WINDOWS\System32\drivers\uzixmtcw.sys
[2012/01/23 22:42:37 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/01/22 22:55:46 | 000,000,000 | ---- | M] () -- C:\WINDOWS\SwSys2.bmp
[2012/01/22 22:55:46 | 000,000,000 | ---- | M] () -- C:\WINDOWS\SwSys1.bmp
[2012/01/21 20:48:23 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/01/16 18:31:19 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/01/11 11:17:58 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mary Kay\Desktop\OTL.exe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/01/29 13:32:17 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2012/01/26 21:05:35 | 000,011,264 | ---- | C] () -- C:\WINDOWS\System32\drivers\uzixmtcw.sys
[2012/01/22 22:55:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SwSys2.bmp
[2012/01/22 22:55:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SwSys1.bmp
[2012/01/21 20:52:32 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/01/21 20:52:32 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/01/21 20:52:32 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/01/21 20:52:32 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/01/21 20:52:32 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/01/16 18:31:19 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/01/16 18:31:13 | 000,260,272 | R-S- | C] () -- C:\cmldr
[2012/01/11 09:14:37 | 527,503,360 | -HS- | C] () -- C:\hiberfil.sys
[2010/07/30 02:54:34 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/05/02 07:37:44 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2008/02/13 20:22:46 | 000,000,071 | ---- | C] () -- C:\WINDOWS\pex.INI
[2008/02/13 20:15:16 | 000,000,151 | ---- | C] () -- C:\WINDOWS\Ulead32.ini
[2007/07/11 02:05:37 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2007/07/07 07:39:56 | 000,000,002 | ---- | C] () -- C:\WINDOWS\System32\wcpicomsv.exe
[2006/11/08 19:07:43 | 000,000,028 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/10/26 18:19:20 | 000,000,004 | ---- | C] () -- C:\WINDOWS\uccspecb.sys
[2006/06/23 11:55:39 | 000,013,312 | ---- | C] () -- C:\Documents and Settings\Mary Kay\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/01/04 18:40:45 | 000,000,881 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2005/12/30 11:37:47 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2005/12/01 21:27:30 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Mary Kay\Application Data\PFP120JPR.{PB
[2005/12/01 21:27:30 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Mary Kay\Application Data\PFP120JCM.{PB
[2005/12/01 21:25:15 | 000,002,516 | --S- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2005/12/01 21:25:15 | 000,000,056 | R-S- | C] () -- C:\WINDOWS\System32\0A354710AB.sys
[2005/11/29 14:28:02 | 000,000,021 | ---- | C] () -- C:\WINDOWS\PI_setup.ini
[2005/11/29 14:24:14 | 000,096,768 | ---- | C] () -- C:\WINDOWS\SlantAdj.dll
[2005/11/29 14:24:14 | 000,003,136 | ---- | C] () -- C:\WINDOWS\Ade001.bin
[2005/11/29 14:24:14 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\epDPE.ini
[2005/11/29 14:21:20 | 000,000,182 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT4.DAT
[2005/11/29 14:20:05 | 000,000,196 | ---- | C] () -- C:\WINDOWS\EPSONCX6400.ini
[2005/07/14 07:44:16 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/07/14 07:29:20 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/07/14 07:27:05 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/07/14 06:58:00 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2005/07/14 06:57:20 | 000,000,375 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/01/28 08:08:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 13:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 13:07:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/10 13:02:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 13:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 12:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 12:57:15 | 000,353,768 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/10 12:51:21 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 12:51:20 | 000,492,506 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 12:51:20 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 12:51:20 | 000,090,526 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 12:51:20 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 12:51:18 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 12:51:17 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/10 12:51:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/10 12:51:12 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 12:51:11 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 12:51:05 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 12:50:56 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2002/03/13 16:46:46 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\zlib.dll
========== LOP Check ==========
[2009/12/25 19:49:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\201CC
[2012/01/29 13:31:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/01/21 23:22:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2009/11/20 16:08:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2012/01/21 23:29:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2008/05/04 11:01:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2008/12/03 13:26:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/12/25 20:02:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Kay\Application Data\Dealio
[2005/12/01 21:19:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Kay\Application Data\Earthlink
[2005/12/05 21:57:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Kay\Application Data\EarthLink Toolbar
[2006/09/13 13:48:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Kay\Application Data\EPSON
[2007/10/28 10:36:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Kay\Application Data\FUJIFILM
[2005/11/29 14:34:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Kay\Application Data\Leadertech
[2011/08/12 18:36:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Kay\Application Data\Search Settings
[2007/07/29 20:08:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Kay\Application Data\Slide
[2006/04/04 17:03:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Kay\Application Data\Smart Panel
[2006/10/21 16:11:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Kay\Application Data\SmartDraw
[2007/09/27 18:46:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Kay\Application Data\Snapfish
[2007/02/09 19:43:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Kay\Application Data\SpamBlocker
[2007/01/21 21:43:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Kay\Application Data\SpamBlockerUtility_Icons
[2008/05/31 12:00:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Kay\Application Data\TAIT3
[2008/02/13 20:19:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Kay\Application Data\Ulead Systems
[2007/04/18 07:09:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Kay\Application Data\Viewpoint
[2010/03/05 12:57:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ricky\Application Data\EPSON
[2010/10/28 21:59:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ricky\Application Data\FUJIFILM
[2005/11/29 20:08:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ricky\Application Data\Leadertech
[2010/07/14 01:33:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ricky\Application Data\Nyigyw
[2011/08/31 14:59:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ricky\Application Data\Search Settings
[2007/04/30 20:41:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ricky\Application Data\Smart Panel
[2012/01/20 10:58:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ricky\Application Data\Smilebox
[2007/08/09 16:47:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ricky\Application Data\Viewpoint
========== Purity Check ==========
< End of report >
Attached Files
#39
Posted 30 January 2012 - 12:36 PM
Right click the service and select stop service then run the OTL fix
Once this has run could you let me know how Mary is running
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
:OTL
IE - HKU\S-1-5-21-2379642614-4113044259-601262879-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-2379642614-4113044259-601262879-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-2379642614-4113044259-601262879-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555
O3 - HKU\S-1-5-21-2379642614-4113044259-601262879-1006\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-2379642614-4113044259-601262879-1006\..\Toolbar\ShellBrowser: (no name) - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - No CLSID value found.
O3 - HKU\S-1-5-21-2379642614-4113044259-601262879-1006\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\S-1-5-21-2379642614-4113044259-601262879-1006\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\S-1-5-21-2379642614-4113044259-601262879-1006\..\Toolbar\WebBrowser: (no name) - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - No CLSID value found.
O3 - HKU\S-1-5-21-2379642614-4113044259-601262879-1006\..\Toolbar\WebBrowser: (no name) - {7EFBC57C-CD57-481F-B794-648FCE9C9116} - No CLSID value found.
O3 - HKU\S-1-5-21-2379642614-4113044259-601262879-1006\..\Toolbar\WebBrowser: (no name) - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - No CLSID value found.
O3 - HKU\S-1-5-21-2379642614-4113044259-601262879-1006\..\Toolbar\WebBrowser: (no name) - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - No CLSID value found.
O3 - HKU\S-1-5-21-2379642614-4113044259-601262879-1006\..\Toolbar\WebBrowser: (no name) - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - No CLSID value found.
O3 - HKU\S-1-5-21-2379642614-4113044259-601262879-1006\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [Blubster] C:\Program Files\Blubster\Blubster.exe SILENT File not found
O4 - HKU\S-1-5-21-2379642614-4113044259-601262879-1006..\Run: [slide.exe] c:\progra~1\slide\slide.exe File not found
O16 - DPF: {2DFF31F9-7893-4922-AF66-C9A1EB4EBB31} http://forms.real.co...ne_Inst_Win.cab (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{42AAA1A2-A41E-4C6B-BC89-B07492D6ECB3}: NameServer = 93.188.162.149,93.188.160.29
:Files
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot] - Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
#40
Posted 30 January 2012 - 08:13 PM
OTL logfile created on: 1/30/2012 8:55:26 PM - Run 4
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Mary Kay\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
503.00 Mb Total Physical Memory | 282.97 Mb Available Physical Memory | 56.26% Memory free
4.37 Gb Paging File | 4.18 Gb Available in Paging File | 95.74% Paging File free
Paging file location(s): C:\pagefile.sys 4000 4025 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34.04 Gb Total Space | 5.49 Gb Free Space | 16.13% Space Free | Partition Type: NTFS
Computer Name: FAMILY | User Name: Mary Kay | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/01/11 11:17:58 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mary Kay\Desktop\OTL.exe
PRC - [2011/11/28 13:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/11/28 13:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
========== Modules (No Company Name) ==========
MOD - [2012/01/29 04:13:42 | 001,687,552 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12012900\algo.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/11/28 13:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009/09/11 07:24:32 | 000,735,960 | ---- | M] () [Auto | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
========== Driver Services (SafeList) ==========
DRV - [2012/01/26 21:05:35 | 000,011,264 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\uzixmtcw.sys -- (uzixmtcw)
DRV - [2012/01/21 20:48:23 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/11/28 12:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/11/28 12:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/11/28 12:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/11/28 12:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/11/28 12:52:02 | 000,111,320 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/11/28 12:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/11/28 12:48:49 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/09/11 07:26:26 | 000,096,408 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2009/09/11 07:23:50 | 000,108,792 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009/09/11 07:17:16 | 000,116,008 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2008/06/18 10:49:16 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2005/07/14 07:28:30 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2004/09/17 14:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2004/06/16 03:52:40 | 000,061,157 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53)
DRV - [2004/03/06 04:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52)
DRV - [2004/03/06 04:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51)
DRV - [2004/03/06 04:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt)
DRV - [2003/07/15 21:20:46 | 000,043,136 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2003/01/10 16:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2002/11/08 19:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/npracplug;version=1.0.0.0: C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dll (RealNetworks)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\FireFox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/01/29 13:31:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/08/24 19:45:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/27 14:25:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2012/01/27 17:12:54 | 000,000,000 | ---D | M]
[2010/06/25 21:48:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mary Kay\Application Data\Mozilla\Extensions
[2011/08/26 18:32:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mary Kay\Application Data\Mozilla\Firefox\Profiles\ka9birrs.default\extensions
[2010/09/19 17:55:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Mary Kay\Application Data\Mozilla\Firefox\Profiles\ka9birrs.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/06/25 21:48:49 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Mary Kay\Application Data\Mozilla\Firefox\Profiles\ka9birrs.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/07/17 18:02:48 | 000,002,476 | ---- | M] () -- C:\Documents and Settings\Mary Kay\Application Data\Mozilla\Firefox\Profiles\ka9birrs.default\searchplugins\BearShareWebSearch.xml
[2012/01/28 12:40:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2007/12/17 19:24:03 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/07/30 02:53:04 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
O1 HOSTS File: ([2012/01/30 19:46:40 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - Software - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} http://asp.mathxl.co...GenXInstall.cab (TTestGenXInstallObject)
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} http://disney.go.com...OnlineGames.cab (Disney Online Games ActiveX Control)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo.walgree...eensActivia.cab (Snapfish Activia)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} http://asp.mathxl.co...nstallAsst2.cab (Pearson Installation Assistant 2)
O16 - DPF: {B3E32D88-8E7F-468F-B0E2-3A300FD4A82C} http://myitlab.pears...ces/ax/stub.cab (Enlite 2.x Simulation Engine Installer)
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} http://ak.imgag.com/...tall/AxCtp2.cab (Create & Print ActiveX Plug-in)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} http://asp.mathxl.co.../MathPlayer.cab (Pearson MathXL Player)
O16 - DPF: ActiveGS.cab http://www.virtualapple.org/gs.cab (Reg Error: Key error.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Mary Kay\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Mary Kay\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 13:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{4367ab0c-3768-11de-b5a4-00038a000015}\Shell\AutoRun\command - "" = E:\.\MigWiz\migsetup.exe
O33 - MountPoints2\{fa1badeb-206d-11dd-b56a-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{fa1badeb-206d-11dd-b56a-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{fa1badeb-206d-11dd-b56a-00038a000015}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2012/01/29 22:31:39 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mary Kay\Desktop\OTL.exe
[2012/01/29 13:32:17 | 000,020,568 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012/01/29 13:32:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2012/01/29 13:32:16 | 000,314,456 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012/01/29 13:32:11 | 000,034,392 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012/01/29 13:32:09 | 000,435,032 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012/01/29 13:32:09 | 000,052,952 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012/01/29 13:32:07 | 000,111,320 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012/01/29 13:32:07 | 000,105,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012/01/29 13:32:07 | 000,030,808 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012/01/29 13:31:43 | 000,041,184 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012/01/29 13:31:42 | 000,199,816 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2012/01/29 13:31:26 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/01/29 13:31:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/01/27 14:33:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2012/01/27 11:07:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2012/01/27 11:07:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2012/01/27 11:07:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2012/01/27 11:07:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2012/01/27 10:55:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2012/01/27 10:55:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\EHome
[2012/01/23 22:55:17 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/01/23 22:52:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012/01/22 01:10:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2012/01/21 23:49:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2012/01/21 23:28:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2012/01/21 23:22:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/01/21 20:52:32 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/01/21 20:52:32 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/01/21 20:52:32 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/01/21 20:52:32 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/01/21 17:33:53 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/01/21 17:30:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/01/20 11:23:05 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/01/16 18:31:12 | 000,000,000 | R-SD | C] -- C:\cmdcons
[2012/01/16 14:30:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/01/16 14:30:06 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/09 20:21:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2009/02/16 18:25:01 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll
========== Files - Modified Within 30 Days ==========
[2012/01/30 20:53:37 | 000,492,506 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/01/30 20:53:37 | 000,090,526 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/01/30 20:26:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/30 20:26:24 | 527,503,360 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/30 19:46:40 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012/01/29 23:25:47 | 000,111,872 | ---- | M] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2012/01/29 13:57:50 | 000,007,037 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Global.sw2
[2012/01/29 13:48:13 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/01/29 13:32:17 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2012/01/28 20:05:52 | 000,353,768 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/01/28 17:38:33 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/01/27 14:34:48 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2012/01/27 14:34:35 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/27 11:00:51 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2012/01/26 21:05:35 | 000,011,264 | ---- | M] () -- C:\WINDOWS\System32\drivers\uzixmtcw.sys
[2012/01/22 22:55:46 | 000,000,000 | ---- | M] () -- C:\WINDOWS\SwSys2.bmp
[2012/01/22 22:55:46 | 000,000,000 | ---- | M] () -- C:\WINDOWS\SwSys1.bmp
[2012/01/21 20:48:23 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/01/16 18:31:19 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/01/11 11:17:58 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mary Kay\Desktop\OTL.exe
========== Files Created - No Company Name ==========
[2012/01/29 23:24:24 | 000,111,872 | ---- | C] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2012/01/29 13:32:17 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2012/01/26 21:05:35 | 000,011,264 | ---- | C] () -- C:\WINDOWS\System32\drivers\uzixmtcw.sys
[2012/01/22 22:55:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SwSys2.bmp
[2012/01/22 22:55:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SwSys1.bmp
[2012/01/21 20:52:32 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/01/21 20:52:32 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/01/21 20:52:32 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/01/21 20:52:32 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/01/21 20:52:32 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/01/16 18:31:19 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/01/16 18:31:13 | 000,260,272 | R-S- | C] () -- C:\cmldr
[2012/01/11 09:14:37 | 527,503,360 | -HS- | C] () -- C:\hiberfil.sys
[2010/07/30 02:54:34 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/05/02 07:37:44 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2008/02/13 20:22:46 | 000,000,071 | ---- | C] () -- C:\WINDOWS\pex.INI
[2008/02/13 20:15:16 | 000,000,151 | ---- | C] () -- C:\WINDOWS\Ulead32.ini
[2007/07/11 02:05:37 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2007/07/07 07:39:56 | 000,000,002 | ---- | C] () -- C:\WINDOWS\System32\wcpicomsv.exe
[2006/11/08 19:07:43 | 000,000,028 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/10/26 18:19:20 | 000,000,004 | ---- | C] () -- C:\WINDOWS\uccspecb.sys
[2006/06/23 11:55:39 | 000,013,312 | ---- | C] () -- C:\Documents and Settings\Mary Kay\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/01/04 18:40:45 | 000,000,881 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2005/12/30 11:37:47 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2005/12/01 21:27:30 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Mary Kay\Application Data\PFP120JPR.{PB
[2005/12/01 21:27:30 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Mary Kay\Application Data\PFP120JCM.{PB
[2005/12/01 21:25:15 | 000,002,516 | --S- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2005/12/01 21:25:15 | 000,000,056 | R-S- | C] () -- C:\WINDOWS\System32\0A354710AB.sys
[2005/11/29 14:28:02 | 000,000,021 | ---- | C] () -- C:\WINDOWS\PI_setup.ini
[2005/11/29 14:24:14 | 000,096,768 | ---- | C] () -- C:\WINDOWS\SlantAdj.dll
[2005/11/29 14:24:14 | 000,003,136 | ---- | C] () -- C:\WINDOWS\Ade001.bin
[2005/11/29 14:24:14 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\epDPE.ini
[2005/11/29 14:21:20 | 000,000,182 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT4.DAT
[2005/11/29 14:20:05 | 000,000,196 | ---- | C] () -- C:\WINDOWS\EPSONCX6400.ini
[2005/07/14 07:44:16 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/07/14 07:29:20 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/07/14 07:27:05 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/07/14 06:58:00 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2005/07/14 06:57:20 | 000,000,375 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/01/28 08:08:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 13:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 13:07:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/10 13:02:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 13:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 12:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 12:57:15 | 000,353,768 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/10 12:51:21 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 12:51:20 | 000,492,506 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 12:51:20 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 12:51:20 | 000,090,526 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 12:51:20 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 12:51:18 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 12:51:17 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/10 12:51:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/10 12:51:12 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 12:51:11 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 12:51:05 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 12:50:56 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2002/03/13 16:46:46 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\zlib.dll
========== LOP Check ==========
[2009/12/25 19:49:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\201CC
[2012/01/29 13:31:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/01/21 23:22:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2009/11/20 16:08:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2012/01/21 23:29:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2008/05/04 11:01:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2008/12/03 13:26:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/12/25 20:02:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Kay\Application Data\Dealio
[2005/12/01 21:19:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Kay\Application Data\Earthlink
[2005/12/05 21:57:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Kay\Application Data\EarthLink Toolbar
[2006/09/13 13:48:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Kay\Application Data\EPSON
[2007/10/28 10:36:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Kay\Application Data\FUJIFILM
[2005/11/29 14:34:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Kay\Application Data\Leadertech
[2011/08/12 18:36:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Kay\Application Data\Search Settings
[2007/07/29 20:08:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Kay\Application Data\Slide
[2006/04/04 17:03:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Kay\Application Data\Smart Panel
[2006/10/21 16:11:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Kay\Application Data\SmartDraw
[2007/09/27 18:46:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Kay\Application Data\Snapfish
[2007/02/09 19:43:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Kay\Application Data\SpamBlocker
[2007/01/21 21:43:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Kay\Application Data\SpamBlockerUtility_Icons
[2008/05/31 12:00:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Kay\Application Data\TAIT3
[2008/02/13 20:19:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Kay\Application Data\Ulead Systems
[2007/04/18 07:09:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Kay\Application Data\Viewpoint
========== Purity Check ==========
< End of report >
Attached Files
#41
Posted 31 January 2012 - 01:42 PM
First we will try RogueKiller to stop anything running that shouldn't be, then retry OTL. If need be RogueKiller can be run from a USB drive as long as Ricky is logged in
Download RogueKiller to your desktop
- Quit all running programs
- run RogueKiller.exe
- When prompted, type 2 and press enter
- The RKreport[1].txt shall be generated next to the executable.
- Press a key to continue
- When prompted, type 6 and press enter
- The RKreport[2].txt shall be generated next to the executable.
- Press a key to continue
- When prompted, type 0 and press enter to quit
- If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
#42
Posted 31 January 2012 - 02:01 PM
RogueKiller V6.2.4 [01/12/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Ricky [Admin rights]
Mode: Remove -- Date : 01/31/2012 14:52:50
¤¤¤ Bad processes: 0 ¤¤¤
¤¤¤ Registry Entries: 0 ¤¤¤
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver: [LOADED] ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
˙ž1
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: +++++
--- User ---
[MBR] 3dc4aaf7b36b9be8d1d1084187128be4
[BSP] b72667633f4c7c2babf1970635a88ab8 : MBR Code unknown
Partition table:
0 - [XXXXXX] FAT16 [HIDDEN!] Offset (sectors): 63 | Size: 32 Mo
1 - [ACTIVE] NTFS [VISIBLE] Offset (sectors): 64260 | Size: 36553 Mo
2 - [XXXXXX] FAT32 [HIDDEN!] Offset (sectors): 71457120 | Size: 3405 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: +++++
--- User ---
[MBR] 7958267ce3edacd504a037c60a44c77d
[BSP] 33a07a59d299ab4ea9f4ab0156f9d86f : Windows XP MBR Code
Partition table:
0 - [XXXXXX] FAT16 [VISIBLE] Offset (sectors): 32 | Size: 1006 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
Finished : << RKreport[1].txt >>
RKreport[1].txt
RogueKiller V6.2.4 [01/12/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Ricky [Admin rights]
Mode: Shortcuts HJfix -- Date : 01/31/2012 14:55:15
¤¤¤ Bad processes: 0 ¤¤¤
¤¤¤ Driver: [LOADED] ¤¤¤
¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 0 / Fail 0
Quick launch: Success 0 / Fail 0
Programs: Success 0 / Fail 0
Start menu: Success 0 / Fail 0
User folder: Success 13 / Fail 0
My documents: Success 0 / Fail 0
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 0 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 47 / Fail 0
Backup: [NOT FOUND]
Drives:
[A:] \Device\Floppy0 -- 0x2 --> Skipped
[C:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[D:] \Device\CdRom0 -- 0x5 --> Skipped
[E:] \Device\Harddisk1\DP(1)0-0+9 -- 0x2 --> Restored
¤¤¤ Infection : ¤¤¤
Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt
Attached Files
#43
Posted 31 January 2012 - 02:03 PM
#44
Posted 31 January 2012 - 02:15 PM
C:\Docuuments and settings\Ricky\Desktop\OTL.exe
Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item.
Can't delete the OTL file either.
Edited by LArnett, 31 January 2012 - 02:16 PM.
#45
Posted 31 January 2012 - 02:21 PM
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users