Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojan.ADH.2 and Win32/Toolbar.Widgi application [Closed]


  • This topic is locked This topic is locked

#1
wreckingball

wreckingball

    New Member

  • Member
  • Pip
  • 2 posts
Constant problems. Mozilla Firefox takes forever to open gmail link. White boxes will cover browser. Desktop downloads are disappearing and not installing. Problem first began when I could no longer view any large picture in Facebook - just an empty frame with no image size or cache info. Norton 360 has been catching different Trojan.ADH.2 viruses. After using rkill -it stopped malware process Akamai\netsession. Combofix did seem to help a little - my facebook images are back, but everything seems super slow. Norton and Malwarebytes taking forever to scan and upload.
Below is my OTL log per your instructions: (I'll wait to you request other logs). Your help would be greatly appreciated. I run a small biz from my home and my computer is my life line....

OTL logfile created on: 3/8/2012 7:11:19 PM - Run 1
OTL by OldTimer - Version 3.2.35.1 Folder = C:\Documents and Settings\Charlene B\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.37 Mb Total Physical Memory | 319.22 Mb Available Physical Memory | 31.47% Memory free
2.38 Gb Paging File | 0.88 Gb Available in Paging File | 36.84% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 183.63 Gb Free Space | 78.85% Space Free | Partition Type: NTFS

Computer Name: CHARLENE-4DB961 | User Name: Charlene B | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Charlene B\Desktop\OTL.com (OldTimer Tools)
PRC - C:\Program Files\Norton PC Checkup\Engine\2.0.8.13\SymcPCCULaunchSvc.exe (Symantec Corporation)
PRC - C:\Program Files\Norton 360 Premier Edition\Engine\5.2.0.13\ccsvchst.exe (Symantec Corporation)
PRC - C:\Program Files\Norton PC Checkup\Engine\2.0.8.13\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe (Intel Corporation)


========== Modules (No Company Name) ==========

MOD - c:\Program Files\Common Files\Akamai\netsession_win_7de0ed9.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_14971d05\mscorlib.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_7a44a806\system.xml.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_3fef4eb2\system.dll ()
MOD - c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll ()
MOD - C:\WINDOWS\system32\quartz.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\WINDOWS\system32\sbe.dll ()
MOD - c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\system32\devenum.dll ()
MOD - C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll ()
MOD - C:\Program Files\Intel\Wireless\Bin\acAuth.dll ()
MOD - C:\WINDOWS\system32\bcm1xsup.dll ()
MOD - C:\Program Files\Adobe\Acrobat 5.0\Distillr\adistres.dll ()


========== Win32 Services (SafeList) ==========

SRV - (Toseliscuua) -- File not found
SRV - (HidServ) -- File not found
SRV - (Akamai) -- c:\program files\common files\akamai/netsession_win_7de0ed9.dll ()
SRV - (Norton PC Checkup Application Launcher) -- C:\Program Files\Norton PC Checkup\Engine\2.0.8.13\SymcPCCULaunchSvc.exe (Symantec Corporation)
SRV - (N360) -- C:\Program Files\Norton 360 Premier Edition\Engine\5.2.0.13\ccSvcHst.exe (Symantec Corporation)
SRV - (PCCUJobMgr) -- C:\Program Files\Norton PC Checkup\Engine\2.0.8.13\ccSvcHst.exe (Symantec Corporation)
SRV - (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (Symantec RemoteAssist) -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe (Symantec, Inc.)
SRV - (WLANKEEPER) Intel® -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (Intel Corporation)


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (UIUSys) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (mbr) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- File not found
DRV - (IDSxpx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20120307.002\IDSXpx86.sys (Symantec Corporation)
DRV - (mbamchameleon) -- C:\WINDOWS\system32\drivers\mbamchameleon.sys ()
DRV - (BHDrvx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20120302.001\BHDrvx86.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (NAVEX15) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120308.002\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120308.002\NAVENG.SYS (Symantec Corporation)
DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\N360\0502000.00D\SYMTDI.SYS (Symantec Corporation)
DRV - (SymIMMP) -- C:\WINDOWS\system32\drivers\SymIM.sys (Symantec Corporation)
DRV - (SymIM) -- C:\WINDOWS\system32\drivers\SymIM.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\WINDOWS\System32\Drivers\N360\0502000.00D\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\WINDOWS\system32\drivers\N360\0502000.00D\SRTSPX.SYS (Symantec Corporation)
DRV - (SymEFA) -- C:\WINDOWS\system32\drivers\N360\0502000.00D\SYMEFA.SYS (Symantec Corporation)
DRV - (SymDS) -- C:\WINDOWS\system32\drivers\N360\0502000.00D\SYMDS.SYS (Symantec Corporation)
DRV - (SymIRON) -- C:\WINDOWS\system32\drivers\N360\0502000.00D\Ironx86.SYS (Symantec Corporation)
DRV - (Tcpip6) -- C:\WINDOWS\system32\drivers\tcpip6.sys (Microsoft Corporation)
DRV - (NETw4x32) Intel® -- C:\WINDOWS\system32\drivers\NETw4x32.sys (Intel Corporation)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC)
DRV - (rimsptsk) -- C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC)
DRV - (rismxdp) -- C:\WINDOWS\system32\drivers\rixdptsk.sys (REDC)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (OMCI) -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS (Dell Computer Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1547161642-162531612-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1547161642-162531612-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1547161642-162531612-682003330-1003\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-1547161642-162531612-682003330-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKU\S-1-5-21-1547161642-162531612-682003330-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7GGLL_enUS381
IE - HKU\S-1-5-21-1547161642-162531612-682003330-1003\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/w...il&geo=US&ver=5
IE - HKU\S-1-5-21-1547161642-162531612-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1547161642-162531612-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFFPlgn\ [2012/01/31 15:19:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\coFFPlgn_2011_7_5_2 [2012/03/04 11:33:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/20 18:10:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2010/06/10 10:56:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Charlene B\Application Data\Mozilla\Extensions
[2011/05/31 09:51:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Charlene B\Application Data\Mozilla\Firefox\Profiles\tcbyytip.default\extensions
[2011/05/18 12:27:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Charlene B\Application Data\Mozilla\Firefox\Profiles\tcbyytip.default\extensions\nostmp
[2011/11/02 16:10:21 | 000,002,469 | ---- | M] () -- C:\Documents and Settings\Charlene B\Application Data\Mozilla\Firefox\Profiles\tcbyytip.default\searchplugins\safesearch.xml
[2012/02/23 16:24:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/02/23 16:24:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012/03/04 11:33:27 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\COFFPLGN_2011_7_5_2
[2012/01/31 15:19:25 | 000,000,000 | ---D | M] (Symantec Intrusion Prevention) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFFPLGN
[2012/02/20 18:10:17 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/02/20 18:10:14 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/20 18:10:14 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/03/01 01:39:53 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360 Premier Edition\Engine\5.2.0.13\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360 Premier Edition\Engine\5.2.0.13\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360 Premier Edition\Engine\5.2.0.13\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-1547161642-162531612-682003330-1003\..\Toolbar\ShellBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360 Premier Edition\Engine\5.2.0.13\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKU\S-1-5-21-1547161642-162531612-682003330-1003..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1547161642-162531612-682003330-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1547161642-162531612-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1547161642-162531612-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1547161642-162531612-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase6770.cab (Windows Live Safety Center Base Module)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.syma...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Charlene B\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Charlene B\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: AdobeAAMUpdater-1.0 - hkey= - key= - C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Akamai NetSession Interface - hkey= - key= - C:\Documents and Settings\Charlene B\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: nm - File not found
SafeBootNet: nm.sys - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {11BAFE65-F192-4F67-0D45-92BF392BA3E5} - Internet Explorer
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {29E7D24F-BF30-45E7-8A40-AD27AFD8F5C6} - Microsoft .NET Framework 1.0 Hotfix (KB979904)
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {407408d4-94ed-4d86-ab69-a7f649d112ee} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4F00D11B-8327-4C55-B7DA-B8D8C10F28A8} - Microsoft .NET Framework 1.0 Hotfix (KB2572066)
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E8EA5BD6-D931-4001-ABF6-81BAA500360A} - Microsoft .NET Framework 1.0 Hotfix (KB953295)
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EA29D410-CE41-4953-A862-2DE706A1DAD7} - Microsoft .NET Framework 1.0 Service Pack 3
ActiveX: {FDC11A6F-17D1-48f9-9EA3-9051954BAA24} - .NET Framework
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: KB910393 - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\EasyCDBlock.inf,PerUserInstall

Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.iyuv - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/03/08 14:22:14 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Charlene B\Recent
[2012/03/07 16:10:11 | 003,767,456 | ---- | C] (Adobe Systems, Inc.) -- C:\Documents and Settings\Charlene B\Desktop\install_flash_player_11_plugin_32bit.exe
[2012/03/05 12:41:32 | 000,584,704 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Charlene B\Desktop\OTL.com
[2012/03/04 13:10:43 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/03/02 15:05:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Charlene B\Desktop\backups
[2012/02/23 16:24:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/02/23 16:24:19 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012/02/23 16:24:19 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012/02/23 16:24:19 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012/02/20 18:43:11 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/02/16 13:39:18 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2012/02/16 13:39:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Charlene B\Start Menu\Programs\Revo Uninstaller
[2012/02/15 16:49:16 | 000,000,000 | ---D | C] -- C:\65101d2374dd356d7a09a15ecdbe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/08 18:37:01 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/08 15:37:06 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/08 02:00:01 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-CHARLENE-4DB961-Charlene B.job
[2012/03/08 02:00:00 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-CHARLENE-4DB961-Administrator.job
[2012/03/07 16:10:23 | 003,767,456 | ---- | M] (Adobe Systems, Inc.) -- C:\Documents and Settings\Charlene B\Desktop\install_flash_player_11_plugin_32bit.exe
[2012/03/07 16:09:25 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/03/05 12:41:33 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Charlene B\Desktop\OTL.com
[2012/03/04 11:31:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/03/02 15:29:26 | 000,024,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2012/03/01 01:39:53 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/03/01 00:46:29 | 000,031,472 | ---- | M] () -- C:\{A8ECC3E5-1F2E-4AC4-98A3-C4C14DFF38D1}
[2012/02/28 17:06:33 | 001,008,141 | ---- | M] () -- C:\Documents and Settings\Charlene B\Desktop\rkill.com
[2012/02/23 16:59:08 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012/02/23 16:23:57 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012/02/23 16:23:57 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012/02/23 16:23:56 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2012/02/23 16:23:56 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012/02/23 16:23:56 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2012/02/16 13:39:19 | 000,000,917 | ---- | M] () -- C:\Documents and Settings\Charlene B\Desktop\Revo Uninstaller.lnk
[2012/02/16 12:09:42 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/02/16 06:09:14 | 003,522,488 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/02/16 03:03:29 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/02/15 15:23:25 | 000,002,560 | ---- | M] () -- C:\{20FF242F-9D5F-4078-A44F-366DDB12F1A9}
[2012/02/15 15:21:19 | 000,063,272 | ---- | M] () -- C:\{5657AF21-5A10-4E60-847E-04B3F0334F04}
[2012/02/10 16:57:14 | 000,000,288 | ---- | M] () -- C:\{EEB95E0E-DA41-4AB0-95F7-6DC0479A8D7E}
[2012/02/07 23:50:58 | 000,002,472 | ---- | M] () -- C:\{C196746B-B5C1-4509-9F40-511A40164E77}
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/02 13:26:23 | 000,000,819 | ---- | C] () -- C:\Documents and Settings\Charlene B\My Documents\Norton Installation Files.lnk
[2012/03/01 00:46:29 | 000,031,472 | ---- | C] () -- C:\{A8ECC3E5-1F2E-4AC4-98A3-C4C14DFF38D1}
[2012/02/28 17:06:32 | 001,008,141 | ---- | C] () -- C:\Documents and Settings\Charlene B\Desktop\rkill.com
[2012/02/16 13:39:19 | 000,000,917 | ---- | C] () -- C:\Documents and Settings\Charlene B\Desktop\Revo Uninstaller.lnk
[2012/02/15 15:37:42 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/15 15:37:42 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2012/02/15 15:23:25 | 000,002,560 | ---- | C] () -- C:\{20FF242F-9D5F-4078-A44F-366DDB12F1A9}
[2012/02/15 15:21:19 | 000,063,272 | ---- | C] () -- C:\{5657AF21-5A10-4E60-847E-04B3F0334F04}
[2012/02/10 16:57:13 | 000,000,288 | ---- | C] () -- C:\{EEB95E0E-DA41-4AB0-95F7-6DC0479A8D7E}
[2012/02/07 23:50:58 | 000,002,472 | ---- | C] () -- C:\{C196746B-B5C1-4509-9F40-511A40164E77}
[2012/01/05 19:17:47 | 000,024,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2011/10/07 16:31:37 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\Charlene B\Local Settings\Application Data\fusioncache.dat
[2011/02/22 12:34:56 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/02/22 12:34:56 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/02/22 12:34:56 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/02/22 12:34:56 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/02/22 12:34:56 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/12/09 11:50:37 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4814.dll
[2010/10/21 10:23:06 | 000,008,704 | ---- | C] () -- C:\Documents and Settings\Charlene B\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/08 09:58:39 | 000,001,901 | ---- | C] () -- C:\WINDOWS\panose.bin
[2010/06/11 11:51:09 | 000,000,085 | ---- | C] () -- C:\WINDOWS\TTINSTAL.INI
[2010/06/10 10:56:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/06/04 10:48:46 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\adistres.dll
[2010/06/04 10:41:43 | 000,042,483 | ---- | C] () -- C:\WINDOWS\Icccodes.dat
[2010/06/04 10:41:43 | 000,039,095 | ---- | C] () -- C:\WINDOWS\Iccsigs.dat
[2010/06/04 10:41:43 | 000,000,156 | ---- | C] () -- C:\WINDOWS\Kpcms.ini
[2010/06/04 10:41:19 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2010/06/01 20:48:30 | 000,000,101 | ---- | C] () -- C:\WINDOWS\OPHC.ini
[2010/05/27 06:34:35 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2010/05/27 05:33:19 | 000,376,832 | ---- | C] () -- C:\WINDOWS\System32\AegisI5Installer.exe
[2010/05/26 11:48:49 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/05/26 11:11:32 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/05/26 11:01:10 | 000,000,613 | ---- | C] () -- C:\WINDOWS\fpexplor.INI
[2010/05/26 10:56:32 | 000,000,436 | ---- | C] () -- C:\WINDOWS\frontpg.ini
[2010/05/26 07:28:31 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2010/05/26 07:28:31 | 000,018,944 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2010/05/26 07:28:30 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2010/05/26 05:13:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/05/26 05:04:37 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/05/25 22:16:30 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/05/25 22:15:18 | 003,522,488 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== LOP Check ==========

[2011/01/05 13:59:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aaron\Application Data\AVG10
[2010/12/17 11:33:16 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/06/01 21:11:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GlobalSCAPE
[2010/12/22 16:11:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2011/03/17 10:10:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2010/05/27 06:26:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC-Doctor
[2010/05/27 06:26:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCDr
[2010/06/01 13:34:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2010/12/13 11:50:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2010/05/27 06:26:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2011/03/14 21:14:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/09/15 10:15:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Charlene B\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/10/19 14:18:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Charlene B\Application Data\Free Mp3 Wma Ogg Converter
[2010/05/26 11:48:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Charlene B\Application Data\GetRightToGo
[2010/06/01 21:10:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Charlene B\Application Data\GlobalSCAPE
[2011/01/10 11:41:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Charlene B\Application Data\Helios
[2010/06/04 10:48:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Charlene B\Application Data\InterTrust
[2010/12/22 14:11:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Charlene B\Application Data\SPE
[2010/12/23 02:10:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Charlene B\Application Data\Tific

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2011/01/05 16:20:36 | 000,000,325 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2012/03/04 12:08:34 | 000,010,372 | ---- | M] () -- C:\ComboFix.txt
[2010/05/26 05:08:51 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2012/02/23 16:13:14 | 000,042,351 | ---- | M] () -- C:\JavaRa.log
[2010/05/26 05:08:51 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/10 06:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010/05/26 13:16:05 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2012/03/08 19:00:36 | 1598,029,824 | -HS- | M] () -- C:\pagefile.sys
[2012/03/08 19:06:32 | 000,000,359 | ---- | M] () -- C:\rkill.log
[2011/09/11 12:16:00 | 000,041,888 | ---- | M] () -- C:\TDSSKiller.2.5.21.0_11.09.2011_13.15.18_log.txt
[2012/03/01 00:25:40 | 000,051,960 | ---- | M] () -- C:\TDSSKiller.2.6.5.0_01.03.2012_00.25.06_log.txt
[2012/02/02 19:27:38 | 000,051,956 | ---- | M] () -- C:\TDSSKiller.2.6.5.0_02.02.2012_19.24.49_log.txt
[2012/03/02 13:25:20 | 000,052,248 | ---- | M] () -- C:\TDSSKiller.2.6.5.0_02.03.2012_13.24.58_log.txt
[2012/03/02 14:36:54 | 000,052,244 | ---- | M] () -- C:\TDSSKiller.2.6.5.0_02.03.2012_14.34.57_log.txt
[2012/03/05 10:39:58 | 000,000,346 | ---- | M] () -- C:\TDSSKiller.2.6.5.0_05.03.2012_10.39.44_log.txt
[2011/10/06 17:19:14 | 000,100,320 | ---- | M] () -- C:\TDSSKiller.2.6.5.0_06.10.2011_18.16.41_log.txt
[2011/10/07 09:40:38 | 000,101,922 | ---- | M] () -- C:\TDSSKiller.2.6.5.0_07.10.2011_10.19.31_log.txt
[2011/10/09 12:03:20 | 000,051,072 | ---- | M] () -- C:\TDSSKiller.2.6.5.0_09.10.2011_13.02.37_log.txt
[2012/02/10 16:38:59 | 000,155,580 | ---- | M] () -- C:\TDSSKiller.2.6.5.0_10.02.2012_16.34.53_log.txt
[2011/11/11 13:55:44 | 000,051,084 | ---- | M] () -- C:\TDSSKiller.2.6.5.0_11.11.2011_13.55.15_log.txt
[2011/10/13 10:43:51 | 000,052,394 | ---- | M] () -- C:\TDSSKiller.2.6.5.0_13.10.2011_11.40.32_log.txt
[2011/10/13 14:55:53 | 000,051,072 | ---- | M] () -- C:\TDSSKiller.2.6.5.0_13.10.2011_15.55.18_log.txt
[2012/01/17 11:03:03 | 000,000,346 | ---- | M] () -- C:\TDSSKiller.2.6.5.0_17.01.2012_11.02.38_log.txt
[2011/10/17 09:42:54 | 000,051,072 | ---- | M] () -- C:\TDSSKiller.2.6.5.0_17.10.2011_10.42.22_log.txt
[2011/10/17 09:43:32 | 000,000,346 | ---- | M] () -- C:\TDSSKiller.2.6.5.0_17.10.2011_10.42.58_log.txt
[2011/10/19 16:50:14 | 000,101,922 | ---- | M] () -- C:\TDSSKiller.2.6.5.0_19.10.2011_17.47.52_log.txt
[2012/02/28 12:56:44 | 000,051,960 | ---- | M] () -- C:\TDSSKiller.2.6.5.0_28.02.2012_12.56.18_log.txt
[2012/02/11 18:02:52 | 000,105,964 | ---- | M] () -- C:\TDSSKiller.2.7.11.0_11.02.2012_17.59.12_log.txt
[2012/02/16 06:41:51 | 000,053,182 | ---- | M] () -- C:\TDSSKiller.2.7.11.0_16.02.2012_06.41.03_log.txt
[2012/02/28 16:48:12 | 000,055,076 | ---- | M] () -- C:\TDSSKiller.2.7.11.0_28.02.2012_14.52.21_log.txt
[2012/03/05 10:44:29 | 000,053,470 | ---- | M] () -- C:\TDSSKiller.2.7.19.0_05.03.2012_10.43.41_log.txt
[2011/01/27 20:25:08 | 000,000,288 | ---- | M] () -- C:\{1889C2E6-61E2-4310-B2DB-A558B22DDD5C}
[2012/02/15 15:23:25 | 000,002,560 | ---- | M] () -- C:\{20FF242F-9D5F-4078-A44F-366DDB12F1A9}
[2011/02/21 14:10:43 | 000,000,288 | ---- | M] () -- C:\{28FCBCDC-1AC4-4C5D-97F0-67B27A4F0E35}
[2011/05/18 12:02:48 | 000,030,672 | ---- | M] () -- C:\{3270E0C4-9AAE-4489-B31F-C63D6A3C0431}
[2012/02/15 15:21:19 | 000,063,272 | ---- | M] () -- C:\{5657AF21-5A10-4E60-847E-04B3F0334F04}
[2011/02/19 11:49:48 | 000,002,576 | ---- | M] () -- C:\{6D21656F-DA2A-4784-A62F-9100BCA98629}
[2011/01/24 13:21:10 | 000,000,288 | ---- | M] () -- C:\{8375E369-4F7A-40EB-BFC8-E494AC73985D}
[2011/01/26 14:00:55 | 000,000,288 | ---- | M] () -- C:\{9122F0DD-629A-4A40-86BB-C116F31498BF}
[2011/09/06 17:22:56 | 000,002,560 | ---- | M] () -- C:\{9A749200-6E7D-458F-A72D-1CB2F1F8EA92}
[2011/08/07 14:09:08 | 000,003,104 | ---- | M] () -- C:\{A0AC7F2A-FD5F-475C-95F1-6E6A8639B497}
[2012/03/01 00:46:29 | 000,031,472 | ---- | M] () -- C:\{A8ECC3E5-1F2E-4AC4-98A3-C4C14DFF38D1}
[2012/02/07 23:50:58 | 000,002,472 | ---- | M] () -- C:\{C196746B-B5C1-4509-9F40-511A40164E77}
[2011/03/21 16:38:51 | 000,000,296 | ---- | M] () -- C:\{E546C7C3-C130-49A0-BD46-52DEF80548C9}
[2011/07/25 17:14:50 | 000,000,288 | ---- | M] () -- C:\{E65FA9CE-EB3A-4952-864C-2E2B2BC58E4A}
[2012/02/10 16:57:14 | 000,000,288 | ---- | M] () -- C:\{EEB95E0E-DA41-4AB0-95F7-6DC0479A8D7E}
[2011/02/22 12:04:34 | 000,000,288 | ---- | M] () -- C:\{F328A39A-B6FE-433D-B0B9-019606CF4089}

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2010/05/25 22:14:33 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2010/05/25 22:14:32 | 000,659,456 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2010/05/25 22:14:32 | 000,892,928 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2012/03/02 15:29:26 | 000,024,064 | ---- | M] () -- C:\WINDOWS\system32\drivers\mbamchameleon.sys

< %appdata%\*.* >
[2010/05/25 22:16:04 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Charlene B\Application Data\desktop.ini

< %PROGRAMFILES%\*. >
[2011/06/28 15:25:10 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2010/08/16 17:32:36 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe Media Player
[2011/03/14 21:11:49 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2011/03/14 21:11:06 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2010/05/26 08:36:50 | 000,000,000 | ---D | M] -- C:\Program Files\Broadcom
[2012/02/23 16:59:02 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner
[2012/03/04 11:51:51 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2010/05/26 05:04:25 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2010/05/26 07:57:58 | 000,000,000 | ---D | M] -- C:\Program Files\CONEXANT
[2010/05/27 06:39:00 | 000,000,000 | ---D | M] -- C:\Program Files\Dell
[2010/05/27 06:26:01 | 000,000,000 | ---D | M] -- C:\Program Files\Dell Support Center
[2010/05/27 06:34:47 | 000,000,000 | ---D | M] -- C:\Program Files\DIFX
[2010/05/27 06:31:54 | 000,000,000 | ---D | M] -- C:\Program Files\Digital Line Detect
[2012/02/20 18:43:11 | 000,000,000 | ---D | M] -- C:\Program Files\ESET
[2010/10/19 14:17:52 | 000,000,000 | ---D | M] -- C:\Program Files\Free Mp3 Wma Ogg Converter
[2010/06/01 21:10:33 | 000,000,000 | ---D | M] -- C:\Program Files\GlobalSCAPE
[2012/02/16 13:47:39 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2010/06/01 21:10:33 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2010/05/27 05:31:52 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2012/02/16 03:02:33 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2010/12/22 16:11:14 | 000,000,000 | ---D | M] -- C:\Program Files\IObit
[2011/03/14 21:13:23 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2011/03/16 21:09:05 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2012/02/23 16:23:46 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2012/01/30 19:53:45 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/26 13:33:02 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2010/05/26 11:05:14 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2011/06/30 09:10:41 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2012/03/02 14:30:21 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2010/05/26 11:06:42 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2011/10/17 08:46:45 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2010/05/29 04:04:12 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2010/08/11 17:23:51 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2012/02/20 18:10:58 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2010/08/17 17:16:09 | 000,000,000 | ---D | M] -- C:\Program Files\MP3 to WAV Decoder
[2010/05/26 05:00:23 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2010/05/26 05:01:04 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2011/03/17 10:10:24 | 000,000,000 | ---D | M] -- C:\Program Files\Napster
[2010/05/26 13:21:06 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2011/10/31 11:44:50 | 000,000,000 | ---D | M] -- C:\Program Files\Norton 360 Premier Edition
[2010/12/23 02:09:28 | 000,000,000 | ---D | M] -- C:\Program Files\Norton PC Checkup
[2011/10/31 11:44:10 | 000,000,000 | ---D | M] -- C:\Program Files\NortonInstaller
[2010/05/26 05:04:10 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2010/12/14 16:18:08 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2010/12/15 15:53:26 | 000,000,000 | ---D | M] -- C:\Program Files\Panda Security
[2011/11/09 16:23:42 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2010/05/27 06:20:17 | 000,000,000 | ---D | M] -- C:\Program Files\SigmaTel
[2010/06/07 14:22:00 | 000,000,000 | ---D | M] -- C:\Program Files\Spybot - Search & Destroy
[2011/10/31 11:45:58 | 000,000,000 | ---D | M] -- C:\Program Files\Symantec
[2010/05/26 08:04:59 | 000,000,000 | ---D | M] -- C:\Program Files\Synaptics
[2011/01/10 11:41:32 | 000,000,000 | ---D | M] -- C:\Program Files\TextPad 5
[2010/05/26 07:10:54 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2012/02/16 13:39:18 | 000,000,000 | ---D | M] -- C:\Program Files\VS Revo Group
[2010/12/27 22:20:40 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live Safety Center
[2010/05/26 09:09:37 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2010/05/26 13:20:56 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2010/05/26 05:03:35 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Plus
[2010/05/26 11:47:45 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar
[2010/05/26 05:07:09 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2010/05/26 05:10:27 | 000,000,000 | ---D | M] -- C:\Program Files\xerox

< End of report >
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there sorry for the delay

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE - HKU\S-1-5-21-1547161642-162531612-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

THEN

Run OTL with the following script


  • Run OTL.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    consrv.dll
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    C:\Windows\assembly\tmp\U\*.* /s
    %Temp%\smtmp\1\*.*
    %Temp%\smtmp\2\*.*
    %Temp%\smtmp\3\*.*
    %Temp%\smtmp\4\*.*
    Drives
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

FINALLY

Download aswMBR.exe ( 4.1mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image
  • 0

#3
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP