Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Antivirus 2012 removal help needed [Closed]


  • This topic is locked This topic is locked

#1
anon1248

anon1248

    Member

  • Member
  • PipPip
  • 18 posts
this is the infomation about my virus http://www.geekstogo...83#entry2115183
p.s they told me to go to this forum and follow instrustions





OTL logfile created on: 3/4/2012 3:30:32 PM - Run 1
OTL by OldTimer - Version 3.2.35.1 Folder = C:\Users\Mark\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.93 Gb Total Physical Memory | 1.80 Gb Available Physical Memory | 61.30% Memory free
5.86 Gb Paging File | 4.62 Gb Available in Paging File | 78.86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 220.08 Gb Total Space | 172.67 Gb Free Space | 78.46% Space Free | Partition Type: NTFS
Drive D: | 12.61 Gb Total Space | 2.11 Gb Free Space | 16.71% Space Free | Partition Type: NTFS

Computer Name: MARK-PC | User Name: Mark | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/04 15:24:54 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\Mark\Downloads\OTL.exe
PRC - [2012/02/25 10:35:12 | 000,250,016 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11f_ActiveX.exe
PRC - [2011/11/30 02:17:50 | 000,138,248 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.5.1.2\ccSvcHst.exe
PRC - [2011/03/28 11:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe


========== Modules (No Company Name) ==========

MOD - [2009/06/17 19:40:16 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2009/06/17 19:40:16 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
MOD - [2009/06/17 19:40:16 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/03/23 14:53:06 | 000,247,808 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/07/14 01:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/03/02 18:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe -- (AESTFilters)
SRV - [2011/11/30 02:17:50 | 000,138,248 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\19.5.1.2\ccSvcHst.exe -- (NIS)
SRV - [2011/10/12 17:06:48 | 004,700,824 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2011/04/01 11:14:30 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/03/28 11:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/22 18:02:20 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/02/22 19:00:00 | 000,129,584 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\SysWOW64\ezsvc7.dll -- (ezSharedSvc)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/02/25 08:56:57 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/11/24 02:23:47 | 001,092,728 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1305010.002\SymEFA64.sys -- (SymEFA)
DRV:64bit: - [2011/11/24 01:50:27 | 000,738,936 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1305010.002\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2011/11/24 01:50:27 | 000,037,496 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1305010.002\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2011/11/17 03:37:59 | 000,405,624 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1305010.002\symnets.sys -- (SymNetS)
DRV:64bit: - [2011/11/17 03:17:49 | 000,190,072 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1305010.002\Ironx64.sys -- (SymIRON)
DRV:64bit: - [2011/11/04 23:59:30 | 000,167,048 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1305010.002\ccSetx64.sys -- (ccSet_NIS)
DRV:64bit: - [2011/08/16 06:51:40 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1305010.002\SymDS64.sys -- (SymDS)
DRV:64bit: - [2011/05/13 15:37:54 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2011/03/11 06:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 06:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/11 19:16:38 | 010,628,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/11/20 13:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 11:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 09:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/05/27 22:32:56 | 000,320,560 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/03/23 14:53:06 | 000,505,344 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010/03/02 16:45:24 | 001,594,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/07/14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 01:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/24 19:00:18 | 000,216,576 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/06/10 21:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 21:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 21:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 21:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/06/10 20:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 20:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel®
DRV:64bit: - [2009/06/10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/26 12:13:10 | 000,138,752 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV:64bit: - [2009/04/29 15:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2009/03/01 23:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV - [2012/03/04 12:35:51 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\VirusDefs\20120303.009\ex64.sys -- (NAVEX15)
DRV - [2012/03/04 12:35:51 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\VirusDefs\20120303.009\eng64.sys -- (NAVENG)
DRV - [2012/03/01 17:50:52 | 000,138,360 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/02/27 16:39:04 | 000,482,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/02/24 16:26:06 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\IPSDefs\20120229.002\IDSviA64.sys -- (IDSVia64)
DRV - [2011/11/29 04:48:55 | 001,157,240 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\BASHDefs\20120215.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2009/07/14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...resario&pf=cnnb
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...resario&pf=cnnb
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {C1D5EC18-B665-4AA3-ADFD-9E466629E6D1}
IE:64bit: - HKLM\..\SearchScopes\{AC3F49B1-2912-4F76-81AB-624EA7E8F491}: "URL" = http://uk.kelkoopart...tnerId=96913936
IE:64bit: - HKLM\..\SearchScopes\{C1D5EC18-B665-4AA3-ADFD-9E466629E6D1}: "URL" = http://slirsredirect...hpcnnbie7-en-gb
IE:64bit: - HKLM\..\SearchScopes\{F9FC1670-8AD8-4BDC-8E58-56EB224739CA}: "URL" = http://uk.search.yah...p06&type=ie2008
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...resario&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...resario&pf=cnnb
IE - HKLM\..\SearchScopes,DefaultScope = {C1D5EC18-B665-4AA3-ADFD-9E466629E6D1}
IE - HKLM\..\SearchScopes\{AC3F49B1-2912-4F76-81AB-624EA7E8F491}: "URL" = http://uk.kelkoopart...tnerId=96913936
IE - HKLM\..\SearchScopes\{C1D5EC18-B665-4AA3-ADFD-9E466629E6D1}: "URL" = http://slirsredirect...hpcnnbie7-en-gb
IE - HKLM\..\SearchScopes\{F9FC1670-8AD8-4BDC-8E58-56EB224739CA}: "URL" = http://uk.search.yah...p06&type=ie2008

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.msn.com/?ocid=ie9fr
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\..\SearchScopes,DefaultScope = {B5CA72A8-FE4F-4D69-8330-F55B358A1664}
IE - HKCU\..\SearchScopes\{AC3F49B1-2912-4F76-81AB-624EA7E8F491}: "URL" = http://uk.kelkoopart...tnerId=96913936
IE - HKCU\..\SearchScopes\{B5CA72A8-FE4F-4D69-8330-F55B358A1664}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{C1D5EC18-B665-4AA3-ADFD-9E466629E6D1}: "URL" = http://slirsredirect...hpcnnbie7-en-gb
IE - HKCU\..\SearchScopes\{F9FC1670-8AD8-4BDC-8E58-56EB224739CA}: "URL" = http://uk.search.yah...p06&type=ie2008
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\IPSFFPlgn\ [2012/02/25 09:09:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\coFFPlgn\ [2012/03/04 13:58:05 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2009/06/10 21:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.1.2\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.1.2\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AOL Toolbar BHO) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.1.2\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O8:64bit: - Extra context menu item: &AOL Toolbar Search - C:\ProgramData\AOL\ieToolbar\resources\en-GB\local\search.html ()
O8 - Extra context menu item: &AOL Toolbar Search - C:\ProgramData\AOL\ieToolbar\resources\en-GB\local\search.html ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: pixlr.com ([]https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3C990A9B-BB12-424C-B447-CC5ADF365E53}: DhcpNameServer = 194.168.4.100 194.168.8.100
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/27 18:19:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2012/02/27 18:19:21 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\Google
[2012/02/27 18:17:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google SketchUp 8
[2012/02/27 18:16:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2012/02/26 19:50:10 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\Apple Computer
[2012/02/26 19:41:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/02/26 19:41:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2012/02/26 19:41:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2012/02/26 18:48:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2012/02/26 18:47:58 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\Apple
[2012/02/26 18:47:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2012/02/26 18:47:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2012/02/26 15:28:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAXON
[2012/02/26 15:13:55 | 000,000,000 | ---D | C] -- C:\Program Files\MAXON
[2012/02/26 15:13:09 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\MAXON
[2012/02/26 15:09:26 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\WinRAR
[2012/02/26 15:09:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012/02/26 15:09:15 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012/02/26 15:08:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinRAR
[2012/02/26 13:05:31 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\%LOCALAPPDATA%
[2012/02/26 09:55:01 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\CrashDumps
[2012/02/25 10:34:36 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012/02/25 10:07:26 | 000,000,000 | ---D | C] -- C:\Intel
[2012/02/25 09:42:22 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2012/02/25 09:42:04 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2012/02/25 09:32:42 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\nn-NO
[2012/02/25 09:32:41 | 000,439,808 | ---- | C] (Atheros) -- C:\Windows\SysNative\athihvs.dll
[2012/02/25 09:32:41 | 000,060,416 | ---- | C] (Atheros) -- C:\Windows\SysNative\athihvui.dll
[2012/02/25 09:31:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco
[2012/02/25 09:30:32 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\InstallShield
[2012/02/25 09:17:10 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\HP Support Assistant
[2012/02/25 08:59:03 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2012/02/25 08:51:20 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
[2012/02/24 21:54:39 | 000,116,224 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\SysNative\fms.dll
[2012/02/24 21:54:02 | 000,093,696 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\SysWow64\fms.dll
[2012/02/24 21:46:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/02/24 18:22:45 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\.minecraft
[2012/02/24 18:21:31 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{9B0D9B12-6B1C-4E6F-BEA8-E5AFAF3CE37D}
[2012/02/24 18:21:18 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{8858F735-C023-4C0D-9A01-058862DEF540}
[2012/02/24 16:37:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2012/02/24 16:22:06 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2012/02/24 16:22:05 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2012/02/22 19:59:13 | 000,000,000 | ---D | C] -- C:\Users\Mark\Documents\VideoPad Projects
[2012/02/22 18:02:58 | 000,000,000 | ---D | C] -- C:\ProgramData\NCH Software
[2012/02/22 18:02:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Video Related Programs
[2012/02/22 18:02:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
[2012/02/22 18:02:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NCH Software
[2012/02/22 18:02:26 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\NCH Software
[2012/02/22 17:43:49 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{B078C127-ADFD-48F6-AD4F-199AD6128E19}
[2012/02/22 17:43:35 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{B8531E79-1C31-4DB8-B3AC-EE73571675CA}
[2012/02/22 17:03:37 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\Symantec
[2012/02/21 16:24:19 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{00AADF3E-F3E4-41D6-8436-BA12E6E7AAA6}
[2012/02/21 16:23:44 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{C29D40F8-DA5A-4417-A226-052F8731AFDC}
[2012/02/20 20:58:19 | 000,000,000 | ---D | C] -- C:\Users\Mark\Documents\My Received Files
[2012/02/20 20:51:40 | 000,000,000 | ---D | C] -- C:\Users\Mark\Desktop\Movies
[2012/02/20 20:51:04 | 000,000,000 | ---D | C] -- C:\Users\Mark\Desktop\Projects
[2012/02/20 18:12:03 | 000,000,000 | ---D | C] -- C:\Users\Mark\Documents\AVS4YOU
[2012/02/20 18:04:14 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\AVS4YOU
[2012/02/20 18:01:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVSMedia
[2012/02/20 18:00:34 | 000,000,000 | ---D | C] -- C:\ProgramData\AVS4YOU
[2012/02/20 18:00:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVS4YOU
[2012/02/20 17:26:17 | 000,000,000 | ---D | C] -- C:\a7c0992421a612fe4ae3a7fb07e57095
[2012/02/20 17:25:04 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
[2012/02/20 17:23:00 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\Diagnostics
[2012/02/20 16:20:21 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{9A37CD0F-A094-494F-8153-D1C8B8D71DB2}
[2012/02/20 16:20:06 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{6AC7A74F-C4BB-4DAD-8879-4C4ADFDA4EF2}
[2012/02/20 16:19:50 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{AFA0DC9F-2A43-4741-A52B-ABEE0D5CCF0C}
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/04 14:20:50 | 000,000,292 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2012/03/04 13:44:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/04 11:47:04 | 2361,593,856 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/01 17:31:46 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/01 17:31:26 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/27 21:08:58 | 000,474,287 | ---- | M] () -- C:\Users\Mark\Documents\My neighbour hood.skp
[2012/02/27 21:08:22 | 000,474,287 | ---- | M] () -- C:\Users\Mark\Documents\My neighbour hood.skb
[2012/02/27 18:17:32 | 000,002,025 | ---- | M] () -- C:\Users\Public\Desktop\Google SketchUp 8.lnk
[2012/02/27 18:16:13 | 000,000,330 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForMark.job
[2012/02/26 19:48:36 | 000,354,568 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/02/26 19:41:46 | 000,001,845 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/02/26 15:29:01 | 000,001,018 | ---- | M] () -- C:\Users\Mark\Desktop\CINEMA 4D Demo.lnk
[2012/02/26 15:29:00 | 000,001,053 | ---- | M] () -- C:\Users\Mark\Desktop\CINEMA 4D Demo 64 Bit.lnk
[2012/02/26 15:09:56 | 000,732,070 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/02/26 15:09:56 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/02/26 15:09:56 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/02/25 17:44:55 | 000,004,782 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1305010.002\VT20111023.022
[2012/02/25 13:27:03 | 001,745,302 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1305010.002\Cat.DB
[2012/02/25 10:09:33 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2012/02/25 09:06:42 | 000,002,492 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2012/02/25 08:59:00 | 000,001,998 | ---- | M] () -- C:\Users\Public\Desktop\Norton Online Backup.lnk
[2012/02/25 08:56:57 | 000,175,736 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2012/02/25 08:56:57 | 000,007,488 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2012/02/25 08:56:57 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2012/02/24 16:29:42 | 000,001,750 | ---- | M] () -- C:\Users\Public\Desktop\Browser Choice.lnk
[2012/02/22 18:14:41 | 000,001,106 | ---- | M] () -- C:\Users\Public\Desktop\Prism Video File Converter.lnk
[2012/02/22 18:02:34 | 000,001,134 | ---- | M] () -- C:\Users\Public\Desktop\VideoPad Video Editor.lnk
[2012/02/22 17:03:24 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012/02/20 16:18:36 | 000,000,056 | -H-- | M] () -- C:\Windows\SysWow64\ezsidmv.dat
[2012/02/07 07:06:08 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1305010.002\isolate.ini
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/27 18:49:28 | 000,474,287 | ---- | C] () -- C:\Users\Mark\Documents\My neighbour hood.skb
[2012/02/27 18:46:56 | 000,474,287 | ---- | C] () -- C:\Users\Mark\Documents\My neighbour hood.skp
[2012/02/27 18:17:31 | 000,002,025 | ---- | C] () -- C:\Users\Public\Desktop\Google SketchUp 8.lnk
[2012/02/26 19:41:46 | 000,001,845 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/02/26 18:47:52 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012/02/26 15:29:00 | 000,001,053 | ---- | C] () -- C:\Users\Mark\Desktop\CINEMA 4D Demo 64 Bit.lnk
[2012/02/26 15:29:00 | 000,001,018 | ---- | C] () -- C:\Users\Mark\Desktop\CINEMA 4D Demo.lnk
[2012/02/25 10:09:33 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2012/02/25 08:59:00 | 000,001,998 | ---- | C] () -- C:\Users\Public\Desktop\Norton Online Backup.lnk
[2012/02/24 21:56:10 | 000,347,904 | ---- | C] () -- C:\Windows\SysNative\systemsf.ebd
[2012/02/24 21:53:34 | 000,010,429 | ---- | C] () -- C:\Windows\SysNative\ScavengeSpace.xml
[2012/02/24 21:53:15 | 000,105,559 | ---- | C] () -- C:\Windows\SysWow64\RacRules.xml
[2012/02/24 21:53:15 | 000,105,559 | ---- | C] () -- C:\Windows\SysNative\RacRules.xml
[2012/02/24 21:52:50 | 000,001,041 | ---- | C] () -- C:\Windows\SysWow64\tcpbidi.xml
[2012/02/24 16:29:42 | 000,001,750 | ---- | C] () -- C:\Users\Public\Desktop\Browser Choice.lnk
[2012/02/22 18:14:41 | 000,001,118 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Prism Video File Converter.lnk
[2012/02/22 18:14:41 | 000,001,106 | ---- | C] () -- C:\Users\Public\Desktop\Prism Video File Converter.lnk
[2012/02/22 18:02:34 | 000,001,146 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoPad Video Editor.lnk
[2012/02/22 18:02:34 | 000,001,134 | ---- | C] () -- C:\Users\Public\Desktop\VideoPad Video Editor.lnk
[2012/02/22 17:04:47 | 003,007,800 | ---- | C] () -- C:\Users\Mark\Desktop\PlantsVsZombies.exe
[2012/02/22 17:03:24 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012/02/20 16:18:36 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2012/01/28 19:27:46 | 000,000,292 | ---- | C] () -- C:\ProgramData\hpqp.ini
[2011/02/11 19:15:08 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2011/02/11 19:15:08 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2011/02/11 19:15:08 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin

========== LOP Check ==========

[2012/02/27 16:20:24 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\.minecraft
[2012/02/26 15:29:07 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\MAXON
[2012/03/04 13:17:20 | 000,013,056 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

Advertisements


#2
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello Mark81220 and welcome to my office here at G2G! :)

My nick is maliprog and I'll be your technical support on this issue. Before we start please read my notes carefully:

NOTE:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply.
  • You must reply within 3 days or your topic will be closed

Sorry for delay... Let's start.

Step 1

Download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Check the boxes beside:

    • Verify Driver Digital Signature
    • Detect TDLFS file system

  • then click OK.
  • Click the Start Scan button to start the scan.
  • If a suspicious object is detected, the default action will be Skip
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected for malicious objects

    Posted Image
  • Click Continue then Reboot now to finish the cleaning process.
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Step 2

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

Step 3

Please don't forget to include these items in your reply:

  • TDSSKiller log
  • Combofix log
It would be helpful if you could post each log in separate post
  • 0

#3
anon1248

anon1248

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
ok i'll try this
  • 0

#4
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP