Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

xp 2012 virus [Solved]

Started by lakep7 , Feb 07 2012 09:48 AM

  • This topic is locked This topic is locked

#16
blmadara
Posted 16 February 2012 - 06:01 PM

blmadara

    Trusted Helper

  • Malware Removal
  • 767 posts
Hi lakep7,

Your logs are looking good. Just a few more things to take care of.


Step One: OTL Fix
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Files
C:\WINDOWS\tasks\At*.job

:Commands
[emptytemp]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Step Two: Disk Management Information

For each listed drive (Volume) please tell me the values for File System, Status, and Capacity.


Step Three: Update Java

Please download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

Step Four: Update Internet Explorer

You don't have the current version of Internet Explorer. To update go to Start -> All Programs -> Windows Update. Choose the Express button.

Install all the high priority updates.


What I need in your next post:
1. The OTL log.
2. The Disk Management information.
  • 0

Advertisements

#17
lakep7
Posted 16 February 2012 - 06:54 PM

lakep7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
thanks again.

otl results:

OTL logfile created on: 2/16/2012 6:15:29 PM - Run 4
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\linda keplinger\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1021.85 Mb Total Physical Memory | 689.77 Mb Available Physical Memory | 67.50% Memory free
2.40 Gb Paging File | 2.19 Gb Available in Paging File | 91.37% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 446.04 Gb Free Space | 95.77% Space Free | Partition Type: NTFS

Computer Name: LINDA | User Name: linda keplinger | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/30 09:09:44 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\linda keplinger\Desktop\OTL malware removal.exe
PRC - [2011/11/28 12:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/11/28 12:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/08/18 05:32:52 | 000,077,824 | ---- | M] (Microsoft® Corporation) -- C:\Program Files\Microsoft Works\WkDStore.exe
PRC - [2005/08/18 05:13:48 | 000,122,880 | ---- | M] (Microsoft® Corporation) -- C:\Program Files\Microsoft Works\WksWP.exe
PRC - [2005/08/18 05:08:59 | 000,069,632 | ---- | M] (Microsoft® Corporation) -- C:\Program Files\Microsoft Works\wkgdcach.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/16 14:39:07 | 001,706,496 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12021601\algo.dll
MOD - [2011/11/03 09:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2011/02/04 17:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2008/04/13 18:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 18:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2012/02/07 13:10:08 | 002,152,152 | ---- | M] (Lavasoft Limited) [On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/11/28 12:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)


========== Driver Services (SafeList) ==========

DRV - [2012/02/10 13:12:04 | 000,101,720 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2011/12/23 07:12:12 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2011/11/28 11:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/11/28 11:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/11/28 11:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/11/28 11:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/11/28 11:52:02 | 000,111,320 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/11/28 11:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/11/28 11:48:49 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2006/03/20 16:06:04 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2004/08/03 16:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/11/17 15:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 15:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 15:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/01/31 15:24:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/14 22:07:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/02/04 07:31:31 | 000,000,000 | ---D | M]

[2011/12/29 20:38:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\linda keplinger\Application Data\Mozilla\Extensions
[2012/02/07 13:09:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\linda keplinger\Application Data\Mozilla\Firefox\Profiles\p73gpoxm.default\extensions
[2012/02/07 13:09:37 | 000,000,000 | ---D | M] (Ad-Aware Security Toolbar) -- C:\Documents and Settings\linda keplinger\Application Data\Mozilla\Firefox\Profiles\p73gpoxm.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
[2012/02/07 12:06:30 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\linda keplinger\Application Data\Mozilla\Firefox\Profiles\p73gpoxm.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012/02/14 16:31:02 | 000,002,306 | ---- | M] () -- C:\Documents and Settings\linda keplinger\Application Data\Mozilla\Firefox\Profiles\p73gpoxm.default\searchplugins\wot-safe-search.xml
[2012/02/14 22:07:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/02/14 22:07:18 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/10/06 19:18:35 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2010/10/06 19:18:37 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2012/02/14 22:07:13 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/14 22:07:13 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.75\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.75\gcswf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: avast! WebRep = C:\Documents and Settings\linda keplinger\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1374_0\

O1 HOSTS File: ([2012/02/15 21:35:04 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll ()
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll ()
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.177.176.38 71.92.29.130 24.217.201.67
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{80C29E42-F4C8-4A90-999E-C133909C9A64}: DhcpNameServer = 24.177.176.38 71.92.29.130 24.217.201.67
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\linda keplinger\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\linda keplinger\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/12/29 18:15:55 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/16 18:12:28 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/02/15 21:25:20 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/02/15 21:23:59 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/02/15 21:23:59 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/02/15 21:23:59 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/02/15 21:23:59 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/02/15 21:23:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/02/15 21:23:40 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/15 21:23:35 | 000,000,000 | R--D | C] -- C:\Documents and Settings\linda keplinger\Start Menu\Programs\Administrative Tools
[2012/02/15 06:35:40 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\linda keplinger\PrivacIE
[2012/02/14 18:45:48 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\linda keplinger\IETldCache
[2012/02/14 18:41:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2012/02/14 18:40:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2012/02/14 18:40:19 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2012/02/14 17:37:51 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/02/13 15:25:16 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/02/10 13:42:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\linda keplinger\Local Settings\Application Data\Temp
[2012/02/09 08:05:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2012/02/07 13:09:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\linda keplinger\Local Settings\Application Data\adaware
[2012/02/07 13:09:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection
[2012/02/07 13:09:39 | 000,000,000 | ---D | C] -- C:\Program Files\Toolbar Cleaner
[2012/02/07 13:09:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\linda keplinger\Application Data\adawaretb
[2012/02/07 13:09:33 | 000,000,000 | ---D | C] -- C:\Program Files\adawaretb
[2012/02/07 13:09:28 | 000,064,512 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2012/02/07 13:09:16 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2012/02/07 13:09:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Lavasoft
[2012/02/07 13:09:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2012/02/07 12:46:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SpywareBlaster
[2012/02/07 12:46:11 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2012/02/07 12:46:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2012/02/07 12:45:35 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2012/02/07 12:45:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2012/02/07 12:30:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\linda keplinger\Application Data\f-secure
[2012/02/07 12:30:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\F-Secure
[2012/02/07 09:00:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2012/02/07 07:18:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-us
[2012/02/07 07:18:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2012/02/07 07:18:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2012/02/07 07:18:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2012/02/07 07:18:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2012/02/07 07:13:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2012/02/07 07:10:26 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2012/02/04 07:32:39 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2012/02/04 07:32:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2012/02/04 07:31:53 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012/02/04 07:31:33 | 000,000,000 | ---D | C] -- C:\Program Files\HP Photo Creations
[2012/02/04 07:31:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP Photo Creations
[2012/02/04 07:31:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Coupons
[2012/02/04 07:31:30 | 000,000,000 | ---D | C] -- C:\Program Files\Coupons
[2012/02/04 07:31:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\linda keplinger\Application Data\HpUpdate
[2012/02/04 07:30:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HP
[2012/02/04 07:30:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2012/02/04 07:30:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP
[2012/02/04 07:29:58 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2012/02/04 07:29:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\linda keplinger\Local Settings\Application Data\HP
[2012/02/01 00:12:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2012/02/01 00:12:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\linda keplinger\Local Settings\Application Data\Adobe
[2012/02/01 00:11:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012/02/01 00:11:34 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012/02/01 00:11:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2012/01/31 15:41:16 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\linda keplinger\UserData
[2012/01/31 15:24:22 | 000,435,032 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012/01/31 15:24:22 | 000,314,456 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012/01/31 15:24:22 | 000,111,320 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012/01/31 15:24:22 | 000,105,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012/01/31 15:24:22 | 000,052,952 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012/01/31 15:24:22 | 000,034,392 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012/01/31 15:24:22 | 000,030,808 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012/01/31 15:24:22 | 000,020,568 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012/01/31 15:24:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Pro Antivirus
[2012/01/31 15:24:08 | 000,199,816 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2012/01/31 15:24:08 | 000,041,184 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr

========== Files - Modified Within 30 Days ==========

[2012/02/16 18:14:15 | 000,001,408 | ---- | M] () -- C:\Documents and Settings\linda keplinger\Application Data\wklnhst.dat
[2012/02/16 18:14:05 | 000,039,472 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012/02/16 18:13:35 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/16 18:13:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/02/16 18:08:35 | 000,011,264 | ---- | M] () -- C:\Documents and Settings\linda keplinger\My Documents\geeks 3.wps
[2012/02/16 18:07:58 | 000,092,160 | ---- | M] () -- C:\Documents and Settings\linda keplinger\My Documents\Geeks.wps
[2012/02/16 17:45:00 | 000,000,904 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/16 07:59:28 | 000,146,808 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/02/15 22:07:19 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/02/15 21:35:04 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/02/15 21:25:24 | 000,000,325 | RHS- | M] () -- C:\boot.ini
[2012/02/15 18:42:14 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2012/02/15 18:38:55 | 000,018,432 | ---- | M] () -- C:\Documents and Settings\linda keplinger\My Documents\Geeks2.wps
[2012/02/15 15:45:29 | 000,089,874 | ---- | M] () -- C:\Documents and Settings\linda keplinger\My Documents\Power of Attorney 3.pdf
[2012/02/15 15:28:44 | 000,088,257 | ---- | M] () -- C:\Documents and Settings\linda keplinger\My Documents\Power of Attorney 2.pdf
[2012/02/14 18:45:56 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\linda keplinger\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/02/14 18:32:11 | 000,000,511 | ---- | M] () -- C:\Documents and Settings\linda keplinger\Desktop\Shortcut to Downloads.lnk
[2012/02/14 17:19:52 | 000,000,781 | ---- | M] () -- C:\Documents and Settings\linda keplinger\Desktop\Shortcut to SecurityCheck.exe.lnk
[2012/02/14 16:36:53 | 000,057,856 | ---- | M] () -- C:\Documents and Settings\linda keplinger\My Documents\Recipes - Sweets.wps
[2012/02/14 13:09:53 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2012/02/14 13:09:53 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2012/02/13 16:04:57 | 000,000,756 | ---- | M] () -- C:\Documents and Settings\linda keplinger\Desktop\Shortcut to MBRCheck.exe.lnk
[2012/02/12 13:07:57 | 000,000,744 | ---- | M] () -- C:\Documents and Settings\linda keplinger\Desktop\Shortcut to aswMBR.lnk
[2012/02/10 16:50:16 | 000,063,744 | ---- | M] () -- C:\Documents and Settings\linda keplinger\My Documents\FREE-Power-of-Attorney-Form-Sample.pdf
[2012/02/10 16:44:50 | 000,015,872 | ---- | M] () -- C:\Documents and Settings\linda keplinger\My Documents\Power of Attorney Form 1.wps
[2012/02/10 16:37:18 | 000,111,513 | ---- | M] () -- C:\Documents and Settings\linda keplinger\My Documents\Power of Attorney Form.pdf
[2012/02/10 14:28:11 | 000,025,907 | ---- | M] () -- C:\Documents and Settings\linda keplinger\My Documents\Birth Certificate Form.pdf
[2012/02/10 13:47:12 | 000,239,494 | ---- | M] () -- C:\Documents and Settings\linda keplinger\My Documents\SS Form.pdf
[2012/02/10 13:12:04 | 000,101,720 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2012/02/09 08:06:00 | 000,000,209 | ---- | M] () -- C:\Boot.bak
[2012/02/07 15:46:40 | 000,000,136 | -H-- | M] () -- C:\aaw7boot.cmd
[2012/02/07 15:02:00 | 000,000,593 | ---- | M] () -- C:\Documents and Settings\linda keplinger\Desktop\Shortcut to VipreRescueScanner.lnk
[2012/02/07 14:26:21 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/07 13:09:30 | 000,000,797 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2012/02/07 12:46:20 | 000,000,754 | ---- | M] () -- C:\Documents and Settings\linda keplinger\Desktop\SpywareBlaster.lnk
[2012/02/07 12:46:05 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\linda keplinger\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/02/07 12:46:04 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\linda keplinger\Desktop\Spybot - Search & Destroy.lnk
[2012/02/07 12:23:18 | 000,187,144 | ---- | M] () -- C:\Documents and Settings\linda keplinger\Local Settings\Application Data\census.cache
[2012/02/07 12:23:12 | 000,154,250 | ---- | M] () -- C:\Documents and Settings\linda keplinger\Local Settings\Application Data\ars.cache
[2012/02/07 12:12:44 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\linda keplinger\Local Settings\Application Data\housecall.guid.cache
[2012/02/07 09:05:01 | 000,380,350 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/02/07 09:05:01 | 000,052,764 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/02/07 09:02:14 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2012/02/07 09:00:30 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/02/07 07:13:36 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2012/02/04 07:55:30 | 000,010,752 | ---- | M] () -- C:\Documents and Settings\linda keplinger\My Documents\Envelope 3x6 IAG.wps
[2012/02/04 07:31:34 | 000,000,772 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Photo Creations.lnk
[2012/02/04 07:30:59 | 000,001,981 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Deskjet 2050 J510 series.lnk
[2012/02/04 07:30:59 | 000,000,934 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Deskjet 2050 J510 series Scan.lnk
[2012/02/01 12:26:36 | 000,013,824 | ---- | M] () -- C:\Documents and Settings\linda keplinger\My Documents\Virus repair.wps
[2012/02/01 00:12:01 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2012/01/31 15:24:22 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/01/31 15:24:22 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Pro Antivirus.lnk
[2012/01/24 10:41:13 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk

========== Files Created - No Company Name ==========

[2012/02/16 18:08:35 | 000,011,264 | ---- | C] () -- C:\Documents and Settings\linda keplinger\My Documents\geeks 3.wps
[2012/02/15 21:25:24 | 000,000,209 | ---- | C] () -- C:\Boot.bak
[2012/02/15 21:25:23 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/02/15 21:23:59 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/02/15 21:23:59 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/02/15 21:23:59 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/02/15 21:23:59 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/02/15 21:23:59 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/02/15 18:38:54 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\linda keplinger\My Documents\Geeks2.wps
[2012/02/15 15:45:29 | 000,089,874 | ---- | C] () -- C:\Documents and Settings\linda keplinger\My Documents\Power of Attorney 3.pdf
[2012/02/15 15:28:44 | 000,088,257 | ---- | C] () -- C:\Documents and Settings\linda keplinger\My Documents\Power of Attorney 2.pdf
[2012/02/15 06:37:15 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/15 06:37:15 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2012/02/14 18:32:11 | 000,000,511 | ---- | C] () -- C:\Documents and Settings\linda keplinger\Desktop\Shortcut to Downloads.lnk
[2012/02/14 17:19:52 | 000,000,781 | ---- | C] () -- C:\Documents and Settings\linda keplinger\Desktop\Shortcut to SecurityCheck.exe.lnk
[2012/02/13 16:04:57 | 000,000,756 | ---- | C] () -- C:\Documents and Settings\linda keplinger\Desktop\Shortcut to MBRCheck.exe.lnk
[2012/02/12 13:07:57 | 000,000,744 | ---- | C] () -- C:\Documents and Settings\linda keplinger\Desktop\Shortcut to aswMBR.lnk
[2012/02/12 12:44:18 | 000,092,160 | ---- | C] () -- C:\Documents and Settings\linda keplinger\My Documents\Geeks.wps
[2012/02/11 12:32:03 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2012/02/11 12:32:03 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2012/02/10 16:50:16 | 000,063,744 | ---- | C] () -- C:\Documents and Settings\linda keplinger\My Documents\FREE-Power-of-Attorney-Form-Sample.pdf
[2012/02/10 16:44:50 | 000,015,872 | ---- | C] () -- C:\Documents and Settings\linda keplinger\My Documents\Power of Attorney Form 1.wps
[2012/02/10 15:08:39 | 000,111,513 | ---- | C] () -- C:\Documents and Settings\linda keplinger\My Documents\Power of Attorney Form.pdf
[2012/02/10 14:28:11 | 000,025,907 | ---- | C] () -- C:\Documents and Settings\linda keplinger\My Documents\Birth Certificate Form.pdf
[2012/02/10 13:47:12 | 000,239,494 | ---- | C] () -- C:\Documents and Settings\linda keplinger\My Documents\SS Form.pdf
[2012/02/07 15:46:40 | 000,000,136 | -H-- | C] () -- C:\aaw7boot.cmd
[2012/02/07 15:02:00 | 000,000,593 | ---- | C] () -- C:\Documents and Settings\linda keplinger\Desktop\Shortcut to VipreRescueScanner.lnk
[2012/02/07 13:09:39 | 000,000,486 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2012/02/07 13:09:30 | 000,000,797 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2012/02/07 12:46:20 | 000,000,754 | ---- | C] () -- C:\Documents and Settings\linda keplinger\Desktop\SpywareBlaster.lnk
[2012/02/07 12:46:05 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\linda keplinger\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/02/07 12:46:04 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\linda keplinger\Desktop\Spybot - Search & Destroy.lnk
[2012/02/07 12:23:18 | 000,187,144 | ---- | C] () -- C:\Documents and Settings\linda keplinger\Local Settings\Application Data\census.cache
[2012/02/07 12:23:12 | 000,154,250 | ---- | C] () -- C:\Documents and Settings\linda keplinger\Local Settings\Application Data\ars.cache
[2012/02/07 12:12:44 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\linda keplinger\Local Settings\Application Data\housecall.guid.cache
[2012/02/07 09:01:08 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\linda keplinger\Start Menu\Programs\Internet Explorer.lnk
[2012/02/07 09:01:07 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\linda keplinger\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/02/04 07:31:34 | 000,000,772 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Photo Creations.lnk
[2012/02/04 07:30:59 | 000,001,981 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Deskjet 2050 J510 series.lnk
[2012/02/04 07:30:59 | 000,000,934 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Deskjet 2050 J510 series Scan.lnk
[2012/02/04 07:24:19 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\linda keplinger\My Documents\Envelope 3x6 IAG.wps
[2012/02/01 12:26:36 | 000,013,824 | ---- | C] () -- C:\Documents and Settings\linda keplinger\My Documents\Virus repair.wps
[2012/02/01 00:14:27 | 000,057,856 | ---- | C] () -- C:\Documents and Settings\linda keplinger\My Documents\Recipes - Sweets.wps
[2012/02/01 00:12:01 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2012/02/01 00:12:01 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2012/01/31 15:24:22 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Pro Antivirus.lnk
[2012/01/01 15:52:39 | 000,001,408 | ---- | C] () -- C:\Documents and Settings\linda keplinger\Application Data\wklnhst.dat
[2011/12/31 18:15:29 | 000,002,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\pciinfo.sys
[2011/12/31 18:12:46 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2011/12/30 10:17:22 | 000,000,059 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2011/12/30 10:12:32 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/29 19:17:41 | 000,000,138 | ---- | C] () -- C:\Documents and Settings\linda keplinger\Local Settings\Application Data\fusioncache.dat
[2011/12/29 18:18:11 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/12/29 18:12:58 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/12/29 11:18:25 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/12/29 11:15:38 | 000,146,808 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/01/17 08:20:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/05 14:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/03/22 16:38:24 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/22 16:38:24 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 05:00:00 | 000,380,350 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 05:00:00 | 000,052,764 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 05:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 05:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/10 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2012/02/08 11:49:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection
[2012/01/31 15:23:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/12/29 19:17:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream
[2012/02/07 12:30:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\F-Secure
[2012/02/10 22:29:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\linda keplinger\Application Data\adawaretb
[2012/02/07 12:30:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\linda keplinger\Application Data\f-secure
[2012/01/01 15:52:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\linda keplinger\Application Data\Template
[2012/02/15 18:42:14 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========



< End of report >


disk mgmt:
Volume - C:
File System - NTFS
Status - Healthy
Capacity - 465.75 GB


i really appreciate all your help.
  • 0

#18
blmadara
Posted 18 February 2012 - 02:17 PM

blmadara

    Trusted Helper

  • Malware Removal
  • 767 posts
Hi lakep7,

Congratulations, your logs appear clean! Now we have some cleanup to do.

Step One: Clean up with ComboFix

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK: ComboFix /Uninstall


Step Two: Clean up with OTL

Run OTL.
  • Open OTL to run it.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

Note: If any logs/tools remain on your desktop > right click and delete them.

Preventative Programs

Anti Spyware

I recommend updating and scanning with MalwareBytes Anti-Malware once a week to rid your system of spyware.


Personal Firewalls

It is very important that you use a firewall on your computer in addition to an anti-virus program. For a tutorial on using and understanding firewalls, please go here. Please download and install one of the following free firewalls if you do not already have one installed.

Anti Virus Programs

One antivirus is a must have! Never install more than one antivirus program because these programs will conflict with one another, slow your computer down and lower your overall protection. I recommend Microsoft Security Essentials.

Temp File Cleaner

Finally, it is a good idea to clear out all your temp files every now and then. This will help keep your computer from slowing down and it can also assist in getting rid of files that may contain malicious code that could re-infect your computer.
  • TFC is a great tool to clean temporary files.


Update Windows

It is important to keep your operating system updated. To enable Automatic Updates so that updates are downloaded and installed automatically, click on your version of Windows below:



Finally, to learn more about how to protect yourself while on the internet read How did I get infected in the first place?



I will keep this thread open for a few days, so if you have any further problems post another reply here.
  • 0

#19
lakep7
Posted 18 February 2012 - 05:51 PM

lakep7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
thanks again for all your time and help. i really appreciate it.
  • 0

#20
blmadara
Posted 20 February 2012 - 04:49 PM

blmadara

    Trusted Helper

  • Malware Removal
  • 767 posts
You're welcome!! :thumbsup:
  • 0

#21
Essexboy
Posted 21 February 2012 - 02:52 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP