Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Can you get rid of my Trojan Horses? 29Mar2012 - MF [Solved]


  • This topic is locked This topic is locked

#16
mrfecteau

mrfecteau

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Step 1 Output...

RogueKiller V7.3.2 [03/20/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Mark [Admin rights]
Mode: Remove -- Date: 04/05/2012 20:30:48

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 1 ¤¤¤
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
˙ž1

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST380817AS +++++
--- User ---
[MBR] f069fb97013b07005b44eaad2ce1f5b5
[BSP] f63e9d9658e9c1be61952d24249f8794 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76316 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: WD 1200BB External USB Device +++++
--- User ---
[MBR] 9f4041c9c71d2e55c9dc1d8d2a7e2e72
[BSP] d0ec2211ba2260ee6d54a28c5292c11f : Windows XP MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 63 | Size: 114470 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[7].txt >>
RKreport[5].txt ; RKreport[6].txt ; RKreport[7].txt
  • 0

Advertisements


#17
mrfecteau

mrfecteau

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Step 1 Shortcuts Fix Output...

RogueKiller V7.3.2 [03/20/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Mark [Admin rights]
Mode: Shortcuts HJfix -- Date: 04/05/2012 20:34:12

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 0 / Fail 0
Quick launch: Success 0 / Fail 0
Programs: Success 0 / Fail 0
Start menu: Success 0 / Fail 0
User folder: Success 15 / Fail 0
My documents: Success 0 / Fail 0
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 0 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 17 / Fail 0
Backup: [FOUND] Success 1 / Fail 220

Drives:
[A:] \Device\Floppy0 -- 0x2 --> Skipped
[C:] \Device\HarddiskVolume1 -- 0x3 --> Restored
[D:] \Device\CdRom0 -- 0x5 --> Skipped
[F:] \Device\CdRom1 -- 0x5 --> Skipped
[G:] \Device\HarddiskVolume2 -- 0x3 --> Restored

¤¤¤ Infection : Rogue.FakeHDD ¤¤¤

Finished : << RKreport[8].txt >>
RKreport[5].txt ; RKreport[6].txt ; RKreport[7].txt ; RKreport[8].txt
  • 0

#18
mrfecteau

mrfecteau

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
OTL Run Fix Output...

========== FILES ==========
< xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C >
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\desktop.ini
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Set Program Access and Defaults.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Windows Catalog.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Windows Update.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\Adobe Reader X.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\Apple Software Update.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\desktop.ini
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\Mozilla Thunderbird.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\MSN.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\Windows Messenger.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\Windows Movie Maker.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\7-Zip\7-Zip File Manager.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\7-Zip\7-Zip Help.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Calculator.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\Accessories\desktop.ini
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Paint.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Remote Desktop Connection.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Scanner and Camera Wizard.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\Accessories\WordPad.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Accessibility\Accessibility Wizard.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Accessibility\desktop.ini
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\desktop.ini
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\HyperTerminal.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\Network Connections.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\Network Setup Wizard.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\New Connection Wizard.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\Wireless Network Setup Wizard.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Entertainment\desktop.ini
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Entertainment\Sound Recorder.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Entertainment\Volume Control.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Activate Windows.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Character Map.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\desktop.ini
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Disk Cleanup.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Disk Defragmenter.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Files and Settings Transfer Wizard.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Scheduled Tasks.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\System Information.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\System Restore.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Component Services.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Computer Management.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Data Sources (ODBC).lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\desktop.ini
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Event Viewer.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Performance.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Services.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\Adobe\Photoshop 6.0\Adobe ImageReady 3.0.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\Adobe\Photoshop 6.0\Adobe Photoshop 6.0.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\ArcSoft ShowBiz\ShowBiz.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\ArcSoft ShowBiz\Web Services.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\Atari\Neverwinter Nights 2\ Neverwinter Nights 2 Toolset.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\Atari\Neverwinter Nights 2\ Neverwinter Nights 2.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\Atari\Neverwinter Nights 2\ Update Neverwinter Nights 2.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\Atari\Neverwinter Nights 2\Readme.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\Atari\Neverwinter Nights 2\Uninstall Neverwinter Nights 2.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\Atari\Neverwinter Nights 2\Web Links\Visit the Atari Support Home Page.url
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\Atari\Neverwinter Nights 2\Web Links\Visit the Atari Web Page.url
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\Atari\Neverwinter Nights 2\Web Links\Visit the Obsidian Web Page.url
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\Atari\Neverwinter Nights 2\Web Links\Visit the Official Neverwinter Nights 2 Forums.url
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\Atari\Neverwinter Nights 2\Web Links\Visit the Official Neverwinter Nights 2 Web Page.url
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\AVG 2012\AVG Tray Icon.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\AVG 2012\AVG User Interface.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\AVG 2012\Uninstall AVG.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\Belkin\Belkin Router Monitor.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\Bullzip\PDF Printer\Documentation.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\Bullzip\PDF Printer\Home Page.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\Bullzip\PDF Printer\Options.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\ConvertHelper\ConvertHelper.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\ConvertHelper\Uninstall.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\Cumulus\Cumulus help.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\Cumulus\Cumulus.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\Cumulus\Uninstall Cumulus.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\CyberLink DVD Suite\CyberLink DVD Suite.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\CyberLink DVD Suite\Online Registration.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\CyberLink DVD Suite\PowerProducer\Online Registration.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\CyberLink DVD Suite\PowerProducer\PowerProducer Online Help.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\CyberLink DVD Suite\PowerProducer\PowerProducer.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\CyberLink DVD Suite\PowerProducer\Readme.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\CyberLink DVD Suite\PowerProducer\System Diagnostic.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\CyberLink DVD Suite\PowerProducer\Uninstall PowerProducer.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\DivX\Check for DivX Updates.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\DivX\Remove the DivX Bundle.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\DivX\DivX Codec\Decoder Configuration Utility.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\DivX\DivX Codec\DivX EKG.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\DivX\DivX Codec\License.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\DivX\DivX Codec\ReadMe.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\DivX\DivX Codec\Register Products.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\DivX\DivX Codec\Remove the DivX Codec.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\DivX\DivX Codec\Links\Latest DivX Codec news.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\DivX\DivX Codec\Links\Learn about DivX Pro Codec.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\DivX\DivX Codec\Links\Why Buy DivX Pro.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\EA GAMES\Battlefield 2\EasyInfo.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\EA GAMES\Battlefield 2\Electronic Arts Product Support.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\EA GAMES\Battlefield 2\Launch BF2 Standalone Server.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\EA GAMES\Battlefield 2\Play Battlefield 2 Online with GameSpy Arcade.url
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\EA GAMES\Battlefield 2\Play Battlefield 2.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\EA GAMES\Battlefield 2\Play BF2 Online Now!.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\EA GAMES\Battlefield 2\Register this Product.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\EA GAMES\Battlefield 2\Uninstall Battlefield 2.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\EA GAMES\Battlefield 2\View the README file.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\EA GAMES\Battlefield 2\Visit the Battlefield 2 website.url
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\EA GAMES\Battlefield 2 Special Forces\EasyInfo.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\EA GAMES\Battlefield 2 Special Forces\Electronic Arts Product Support.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\EA GAMES\Battlefield 2 Special Forces\Launch BF2 Standalone Server.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\EA GAMES\Battlefield 2 Special Forces\Play Battlefield 2 Special Forces Online with GameSpy Arcade.url
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\EA GAMES\Battlefield 2 Special Forces\Play Battlefield 2 Special Forces.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\EA GAMES\Battlefield 2 Special Forces\Play BF2 SF Online Now!.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\EA GAMES\Battlefield 2 Special Forces\Register this Product.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\EA GAMES\Battlefield 2 Special Forces\Uninstall Battlefield 2 Special Forces.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\EA GAMES\Battlefield 2 Special Forces\View the README file.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\EA GAMES\Battlefield 2 Special Forces\Visit the Battlefield 2 website.url
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\Games\desktop.ini
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\Games\Freecell.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\Games\Hearts.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\Games\Internet Backgammon.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\Games\Internet Checkers.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\Games\Internet Hearts.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\Games\Internet Reversi.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\Games\Internet Spades.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\Games\Minesweeper.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\Games\Pinball.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\Games\Solitaire.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\Games\Spider Solitaire.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\H&R Block 2009\H&R Block 2009 .lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\H&R Block 2009\H&R Block 2009 ReadMe .lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\H&R Block 2009\H&R Block North Carolina 2009 ReadMe.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\H&R Block 2009\Install PDF Printer.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\H&R Block 2011\H&R Block 2011 .lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\H&R Block 2011\H&R Block 2011 ReadMe .lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\H&R Block 2011\H&R Block North Carolina 2011 ReadMe.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\H&R Block 2011\Install PDF Printer.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\iTunes\About iTunes.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\iTunes\iTunes.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Games\Age of Empires III\Age of Empires III on the Web.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Games\Age of Empires III\Age of Empires III.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Games\Age of Empires III\Ensemble Studios on the Web..lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Games\Age of Empires III\Microsoft Games Studios - Age of Empires III on the Web..lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Games\Age of Empires III\Read Me.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Games\Age of Empires III\Uninstall Age of Empires III.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Games\Age of Empires III\Diagnostics\Age of Empires III (no sound).lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Games\Age of Empires III\Diagnostics\Age of Empires III (no video).lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Games\Age of Empires III\History Channel Trailers\History Channel Trailers.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Excel 2007.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office OneNote 2007.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office PowerPoint 2007.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Word 2007.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Digital Certificate for VBA Projects.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Clip Organizer.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office 2007 Language Settings.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Diagnostics.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Picture Manager.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\MyDefrag v4.2.6\Forum.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\MyDefrag v4.2.6\Manual.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\MyDefrag v4.2.6\MyDefrag.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\MyDefrag v4.2.6\Uninstall.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\MyDefrag v4.2.6\Website.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\Notepad++\Notepad++.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\NVIDIA Corporation\NVIDIA PhysX Properties.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\Password Corral v4.0\On-line Help.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\Password Corral v4.0\Password Corral v4.0.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\Password Corral v4.0\Read Me.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\Password Corral v4.0\What's New.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\Picasa 3\Configure Picasa Photo Viewer.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\Picasa 3\Picasa 3.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\Picasa 3\Uninstall.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\QuickTime\About QuickTime.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\QuickTime\PictureViewer.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\QuickTime\QuickTime Player.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\QuickTime\Uninstall QuickTime.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\ScanSoft OmniPage Pro 11.0\OmniPage Pro 11.0.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\ScanSoft OmniPage Pro 11.0\Scanner Wizard.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\ScanSoft OmniPage Pro 11.0\Schedule OCR.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\Skype\Skype.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\Sonic\MyDVD\Create DVD.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\Sonic\MyDVD\Create VCD.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\Sonic\MyDVD\Start MyDVD.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\Sonic\MyDVD\Documentation\Help.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\Sonic\MyDVD\Documentation\Readme.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\Sonic\MyDVD\Documentation\Tutorial.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\Startup\desktop.ini
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\Ulead DVD MovieFactory SE\Readme.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\Ulead DVD MovieFactory SE\Ulead DVD MovieFactory SE.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\Ulead DVD MovieFactory SE\User Manual.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\Windows Media\Windows Media Encoder.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\Windows Media\Utilities\Windows Media Encoding Script.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\Windows Media\Utilities\Windows Media File Editor.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\Windows Media\Utilities\Windows Media Profile Editor.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\1\Programs\Windows Media\Utilities\Windows Media Stream Editor.lnk
191 File(s) copied
C:\Documents and Settings\Mark\Desktop\OTL\cmd.bat deleted successfully.
C:\Documents and Settings\Mark\Desktop\OTL\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C >
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\2\Age of Empires III.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\2\CyberLink DVD Suite.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\2\desktop.ini
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\2\Dropbox.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\2\Google Chrome.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\2\Internet Explorer.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\2\Microsoft Office Word 2007.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\2\Mozilla Thunderbird.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\2\Neverwinter Nights 2.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\2\Notepad++.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\2\Paint.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\2\Password Corral v4.0.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\2\Show Desktop.scf
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\2\ShowBiz.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\2\SMART_HDD.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\2\Start MyDVD.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\2\Ulead DVD MovieFactory SE.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\2\Windows Media Player.lnk
18 File(s) copied
C:\Documents and Settings\Mark\Desktop\OTL\cmd.bat deleted successfully.
C:\Documents and Settings\Mark\Desktop\OTL\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\Mark\Desktop\OTL\cmd.bat deleted successfully.
C:\Documents and Settings\Mark\Desktop\OTL\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C >
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\4\Adobe Reader X.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\4\Age of Empires III.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\4\AVG 2012.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\4\Battlefield 2 Special Forces.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\4\Battlefield 2.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\4\H&R Block 2009.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\4\H&R Block 2011.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\4\iTunes.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\4\Mozilla Thunderbird.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\4\Neverwinter Nights 2.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\4\Play BF2 Online Now!.lnk
C:\DOCUME~1\Mark\LOCALS~1\Temp\smtmp\4\Play BF2 SF Online Now!.lnk
12 File(s) copied
C:\Documents and Settings\Mark\Desktop\OTL\cmd.bat deleted successfully.
C:\Documents and Settings\Mark\Desktop\OTL\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.39.2 log created on 04052012_203814
  • 0

#19
mrfecteau

mrfecteau

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
OTL.txt Output...

OTL logfile created on: 4/5/2012 8:45:36 PM - Run 3
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\Mark\Desktop\OTL
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.34 Gb Available Physical Memory | 67.07% Memory free
3.85 Gb Paging File | 3.28 Gb Available in Paging File | 85.29% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 8.82 Gb Free Space | 11.83% Space Free | Partition Type: NTFS
Drive G: | 111.76 Gb Total Space | 38.98 Gb Free Space | 34.88% Space Free | Partition Type: FAT32

Computer Name: UPSTAIRS | User Name: Mark | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/30 13:02:18 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mark\Desktop\OTL\OTL.exe
PRC - [2012/03/08 10:09:49 | 000,250,528 | ---- | M] (Adobe Systems, Inc.) -- C:\WINDOWS\system32\Macromed\Flash\FlashUtil11g_ActiveX.exe
PRC - [2012/01/24 18:24:26 | 002,416,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2012/01/03 19:06:00 | 001,605,632 | ---- | M] (Don HO [email protected]) -- C:\Program Files\Notepad++\notepad++.exe
PRC - [2011/11/28 02:19:04 | 001,229,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/10/10 06:23:34 | 000,973,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
PRC - [2011/09/08 20:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/08/15 06:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2010/07/28 17:34:02 | 000,569,752 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
PRC - [2010/02/17 18:25:12 | 000,152,064 | ---- | M] () -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
PRC - [2010/02/09 15:55:52 | 000,049,152 | ---- | M] () -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/12/04 11:57:38 | 000,036,864 | ---- | M] () -- C:\WINDOWS\system32\acs.exe
PRC - [2006/07/21 16:14:36 | 000,086,016 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SoundMan.exe
PRC - [2006/05/04 16:26:36 | 002,808,832 | ---- | M] (RealTek Semicoductor Corp.) -- C:\WINDOWS\alcwzrd.exe
PRC - [2001/05/26 00:56:20 | 000,049,152 | ---- | M] (ScanSoft, Inc) -- C:\Program Files\ScanSoft\OmniPagePro11.0\opware32.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/21 16:46:28 | 001,673,728 | ---- | M] () -- C:\Program Files\Notepad++\plugins\NppFTP.dll
MOD - [2011/07/18 17:07:28 | 000,014,336 | ---- | M] () -- C:\Program Files\Notepad++\plugins\NppExport.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/02/17 18:25:12 | 000,152,064 | ---- | M] () -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
MOD - [2010/02/09 15:55:52 | 000,049,152 | ---- | M] () -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
MOD - [2008/07/15 22:28:44 | 000,065,536 | R--- | M] () -- C:\WINDOWS\system32\P17.dll
MOD - [2006/12/04 11:57:38 | 000,036,864 | ---- | M] () -- C:\WINDOWS\system32\acs.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2010/07/28 17:34:02 | 000,569,752 | ---- | M] (Affinegy, Inc.) [Auto | Running] -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe -- (AffinegyService)
SRV - [2010/02/17 18:25:12 | 000,152,064 | ---- | M] () [Auto | Running] -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe -- (Belkin Local Backup Service)
SRV - [2010/02/09 15:55:52 | 000,049,152 | ---- | M] () [Auto | Running] -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe -- (Belkin Network USB Helper)
SRV - [2006/12/04 11:57:38 | 000,036,864 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\AFGMp50.sys -- (AFGMp50)
DRV - [2011/10/07 06:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/10/04 06:21:42 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/09/13 06:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/08/08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/11 01:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 01:14:28 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 01:14:28 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV - [2011/07/11 01:14:26 | 000,134,608 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/12/07 15:12:24 | 000,025,088 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgandmodem.sys -- (ANDModem)
DRV - [2010/12/07 15:12:24 | 000,020,096 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgandgps.sys -- (AndGps)
DRV - [2010/12/07 15:12:22 | 000,020,736 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lganddiag.sys -- (AndDiag)
DRV - [2010/12/07 15:12:22 | 000,014,336 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgandbus.sys -- (Andbus)
DRV - [2010/06/23 18:12:50 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AFGSp50.sys -- (AFGSp50)
DRV - [2010/06/20 16:54:15 | 000,138,384 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PnkBstrK.sys -- (PnkBstrK)
DRV - [2009/06/22 16:50:00 | 000,246,936 | ---- | M] (silex technology, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sxuptp.sys -- (sxuptp)
DRV - [2009/01/23 10:49:08 | 000,037,664 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tbhsd.sys -- (tbhsd)
DRV - [2008/08/12 04:41:02 | 001,138,176 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\P17.sys -- (P17)
DRV - [2008/06/04 17:29:10 | 000,673,600 | R--- | M] (VIA - IC Ensemble, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Envy24HF.sys -- (Envy24HFS)
DRV - [2007/10/05 10:19:26 | 000,035,200 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SaiBus.sys -- (SaiNtBus)
DRV - [2007/10/05 10:19:26 | 000,014,080 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SaiMini.sys -- (SaiMini)
DRV - [2007/09/25 10:59:46 | 000,015,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\MediaCoder\SysInfo.sys -- (CrystalSysInfo)
DRV - [2007/05/01 16:37:40 | 000,132,232 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SaiH0464.sys -- (SaiH0464)
DRV - [2007/03/01 17:27:26 | 004,484,608 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/07/05 05:33:24 | 000,472,000 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WPN311.sys -- (AR5211)
DRV - [2005/01/10 06:15:30 | 000,106,496 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2005/01/10 06:15:24 | 000,138,752 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2003/03/21 13:34:08 | 000,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2002/04/11 07:20:16 | 000,011,264 | R--- | M] (Hitachi Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dz2kusb.sys -- (dz2kusb)
DRV - [2002/04/11 07:20:04 | 000,010,496 | R--- | M] (Hitachi Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dz2kscsi.sys -- (dz2kscsi)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://by156w.bay156...om/default.aspx [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/
IE - HKCU\..\SearchScopes,DefaultScope = {8867394B-40E1-4E9F-9D92-3A03D425B98C}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\..\SearchScopes\{77852BCC-2D3C-4852-A95B-B14014B28ED3}: "URL" = http://www.google.co...erms}&sa=Search
IE - HKCU\..\SearchScopes\{8867394B-40E1-4E9F-9D92-3A03D425B98C}: "URL" = http://www.google.co...age={startPage}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://my.yahoo.com/...0-00237de33944"
FF - prefs.js..extensions.enabledItems: {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}:3.2
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.1
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.1.0
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.0.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178
FF - prefs.js..extensions.enabledItems: {35379F86-8CCB-4724-AE33-4278DE266C70}:1.0.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Mark\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Mark\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Mark\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\electronicarts.com/GameFacePlugin: C:\Documents and Settings\Mark\Application Data\Electronic Arts\Game Face\npGameFacePlugin.dll (Electronic Arts)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/02/01 09:58:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/02 12:37:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/02/04 09:11:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/11/25 08:41:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\AVG\AVG2012\Thunderbird\ [2011/12/23 09:26:52 | 000,000,000 | ---D | M]

[2009/06/26 21:28:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mark\Application Data\Mozilla\Extensions
[2010/12/26 21:07:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mark\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2009/06/26 21:28:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mark\Application Data\Mozilla\Extensions\[email protected]
[2012/02/14 11:19:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\uvu7lknt.default\extensions
[2011/12/08 08:23:07 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\uvu7lknt.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2012/01/08 09:43:54 | 000,000,000 | ---D | M] (Flagfox) -- C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\uvu7lknt.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2011/12/02 23:45:58 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\uvu7lknt.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010/04/27 19:48:41 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\uvu7lknt.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/12/25 09:01:45 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\uvu7lknt.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/01/29 21:01:03 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\uvu7lknt.default\searchplugins\mozilla-add-ons.xml
[2012/01/08 09:43:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\DOCUMENTS AND SETTINGS\MARK\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UVU7LKNT.DEFAULT\EXTENSIONS\{CE6E6E3B-84DD-4CAC-9F63-8D2AE4F30A4B}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\MARK\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UVU7LKNT.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\MARK\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UVU7LKNT.DEFAULT\EXTENSIONS\[email protected]
[2012/02/01 09:58:30 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX4
[2010/04/16 22:58:05 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2012/02/02 12:37:01 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/03/22 14:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2011/10/01 20:08:38 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/10 15:37:47 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Mark\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Mark\Local Settings\Application Data\Google\Chrome\Application\17.0.963.83\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Mark\Local Settings\Application Data\Google\Chrome\Application\17.0.963.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Documents and Settings\Mark\Local Settings\Application Data\Google\Chrome\Application\17.0.963.83\pdf.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Documents and Settings\Mark\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Game Face Plugin (Enabled) = C:\Documents and Settings\Mark\Application Data\Electronic Arts\Game Face\npGameFacePlugin.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Mark\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Unity Player (Enabled) = C:\Documents and Settings\Mark\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Angry Birds = C:\Documents and Settings\Mark\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\
CHR - Extension: AVG Safe Search = C:\Documents and Settings\Mark\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\

O1 HOSTS File: ([2012/04/05 20:38:22 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {71AAABE5-1F0F-11D7-BD6F-004854603DCE} - No CLSID value found.
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\alcwzrd.exe (RealTek Semicoductor Corp.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [EnvyHFCPL] C:\Program Files\VIA\VIAudioi\EnvyADeck\EnMixCPL.exe 1 File not found
O4 - HKLM..\Run: [InstaLAN] C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\update.exe -silent File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPagePro11.0\opware32.exe (ScanSoft, Inc)
O4 - HKLM..\Run: [P17Helper] C:\WINDOWS\System32\P17.dll ()
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SoundMan.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" File not found
O4 - HKCU..\Run: [SetDefaultMIDI] C:\WINDOWS\MIDIDEF.EXE (Creative Technology Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_29.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.nvidia.co.../sysreqlab3.cab (System Requirements Lab Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} http://www.live365.c...ers/play365.cab (Live365Player Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F4835CCB-39E2-4A5B-94CD-8172E1136FBF}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Mark\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Mark\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/10/03 18:43:57 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2002/10/17 09:56:50 | 000,000,036 | R--- | M] () - G:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2002/10/28 13:03:12 | 000,000,000 | R--D | M] - G:\autorun -- [ FAT32 ]
O33 - MountPoints2\{220effba-6a7a-11de-9ab6-001111f16027}\Shell\AutoRun\command - "" = G:\rcaeasyrip_setup.exe
O33 - MountPoints2\{220effba-6a7a-11de-9ab6-001111f16027}\Shell\install\command - "" = G:\rcaeasyrip_setup.exe
O33 - MountPoints2\{220effba-6a7a-11de-9ab6-001111f16027}\Shell\usermanualEnglish\command - "" = G:\rcaeasyrip_setup.exe /pdf_English
O33 - MountPoints2\{220effba-6a7a-11de-9ab6-001111f16027}\Shell\usermanualFrench\command - "" = G:\rcaeasyrip_setup.exe /pdf_French
O33 - MountPoints2\{220effba-6a7a-11de-9ab6-001111f16027}\Shell\usermanualSpanish\command - "" = G:\rcaeasyrip_setup.exe /pdf_Spanish
O33 - MountPoints2\{4093d6be-5a36-11df-994c-001111f16027}\Shell\AutoRun\command - "" = H:\DPF_V211.exe
O33 - MountPoints2\{e422119a-e389-11de-98fd-001111f16027}\Shell - "" = AutoRun
O33 - MountPoints2\{e422119a-e389-11de-98fd-001111f16027}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e422119a-e389-11de-98fd-001111f16027}\Shell\AutoRun\command - "" = G:\DigitalPhotoViewer.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/04 07:30:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mark\Desktop\RK_Quarantine
[2012/04/04 06:53:00 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/03/30 13:02:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mark\Desktop\OTL
[2012/03/30 10:51:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/03/29 11:23:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mark\Application Data\Malwarebytes
[2012/03/29 11:23:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/03/29 11:23:24 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/03/29 11:23:24 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/03/29 11:22:39 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Mark\Desktop\mbam--setup-1.60.1.1000.exe
[2012/03/29 11:16:49 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Mark\Recent
[2012/03/29 08:03:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mark\Desktop\Golf 2012
[2012/03/26 11:29:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mark\Desktop\.picasaoriginals
[2012/03/08 10:02:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2012/03/08 10:01:11 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/03/08 10:01:06 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/05 20:40:43 | 000,197,792 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012/04/05 20:40:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/04/05 20:38:22 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012/04/05 19:58:00 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-115176313-725345543-1004UA.job
[2012/04/05 17:55:51 | 000,302,930 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2012/04/05 08:16:28 | 093,771,669 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012/04/04 12:58:00 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-115176313-725345543-1004Core.job
[2012/04/03 07:40:08 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/03/31 01:00:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\OptimizeDaily.job
[2012/03/30 18:29:09 | 000,001,003 | ---- | M] () -- C:\Documents and Settings\Mark\Desktop\Dropbox.lnk
[2012/03/30 15:52:23 | 000,110,173 | ---- | M] () -- C:\Documents and Settings\Mark\Desktop\Beats June 19, 2011 Adam Fecteau.JPG
[2012/03/29 11:22:51 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Mark\Desktop\mbam--setup-1.60.1.1000.exe
[2012/03/29 11:03:10 | 000,000,847 | ---- | M] () -- C:\Documents and Settings\Mark\Application Data\Microsoft\Internet Explorer\Quick Launch\SMART_HDD.lnk
[2012/03/27 13:01:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/03/26 11:29:36 | 000,911,217 | ---- | M] () -- C:\Documents and Settings\Mark\Desktop\Adria and Griffin.jpeg
[2012/03/19 20:03:44 | 000,155,831 | ---- | M] () -- C:\Documents and Settings\Mark\Desktop\YMCA Spring Volleyball Photo Day Sch - March 24.pdf
[2012/03/14 09:08:36 | 000,216,856 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/03/14 08:50:12 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/03/12 07:37:05 | 000,494,004 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/03/12 07:37:04 | 000,084,548 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/03/11 03:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\OptimizeWeekly.job
[2012/03/09 09:19:15 | 000,490,327 | ---- | M] () -- C:\Documents and Settings\Mark\Desktop\Dental Receipt 20120229 Mark Fecteau.pdf
[2012/03/08 10:02:16 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files Created - No Company Name ==========

[2049/12/31 17:00:00 | 000,623,844 | ---- | C] () -- C:\Documents and Settings\Mark\Desktop\BreakthroughDrills.pdf
[2049/12/31 17:00:00 | 000,491,449 | ---- | C] () -- C:\Documents and Settings\Mark\Desktop\BreakthroughPlays.pdf
[2012/04/05 20:38:21 | 000,000,847 | ---- | C] () -- C:\Documents and Settings\Mark\Application Data\Microsoft\Internet Explorer\Quick Launch\SMART_HDD.lnk
[2012/04/04 18:26:33 | 000,001,015 | ---- | C] () -- C:\Documents and Settings\Mark\Application Data\Microsoft\Internet Explorer\Quick Launch\Dropbox.lnk
[2012/04/04 18:26:33 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Mark\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2012/03/30 15:52:23 | 000,110,173 | ---- | C] () -- C:\Documents and Settings\Mark\Desktop\Beats June 19, 2011 Adam Fecteau.JPG
[2012/03/30 08:14:17 | 000,024,705 | ---- | C] () -- C:\Documents and Settings\Mark\Desktop\Copy of L05 78133(1).pdf
[2012/03/26 11:29:36 | 000,911,217 | ---- | C] () -- C:\Documents and Settings\Mark\Desktop\Adria and Griffin.jpeg
[2012/03/19 20:03:43 | 000,155,831 | ---- | C] () -- C:\Documents and Settings\Mark\Desktop\YMCA Spring Volleyball Photo Day Sch - March 24.pdf
[2012/03/09 09:19:15 | 000,490,327 | ---- | C] () -- C:\Documents and Settings\Mark\Desktop\Dental Receipt 20120229 Mark Fecteau.pdf
[2012/03/08 10:02:16 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2012/02/25 12:41:15 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2012/02/25 12:37:56 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2012/02/25 12:37:56 | 000,000,142 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2012/02/15 18:16:11 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/08/29 09:51:29 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2011/08/14 22:01:28 | 000,421,260 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1409082233-115176313-725345543-1004-0.dat
[2011/08/14 22:01:28 | 000,228,570 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/03/29 19:24:07 | 000,048,004 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/07/01 23:19:39 | 000,060,744 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/06/24 22:18:34 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\ezsidmv.dat

========== LOP Check ==========

[2010/10/17 21:14:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Affinegy
[2008/10/08 19:03:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Age of Empires 3
[2011/09/23 09:06:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2010/10/18 11:12:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/10/17 21:06:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Belkin
[2010/10/18 19:56:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/04/05 17:56:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2008/10/03 22:03:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2012/02/25 12:49:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2009/05/24 19:45:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RapidSolution
[2009/07/23 18:17:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Saitek
[2010/02/19 22:29:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2010/02/19 22:30:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2010/02/19 21:47:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanWizard
[2012/01/21 09:52:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TaxCut
[2009/05/24 17:18:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2011/03/29 19:16:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/09/23 08:51:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\AVG2012
[2011/11/30 12:14:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\Broad Intelligence
[2008/11/12 19:19:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\Bullzip
[2012/04/04 06:55:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\Dropbox
[2010/07/01 23:03:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\EA
[2011/12/29 22:52:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\Electronic Arts
[2009/12/05 09:20:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\flightgear.org
[2009/12/13 22:59:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\fltk.org
[2011/12/03 08:38:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\Garmin
[2011/01/03 10:00:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\GrabPro
[2011/09/12 14:16:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\ICAClient
[2008/12/01 20:56:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\Leadertech
[2009/10/24 13:09:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\LimeWire
[2012/01/30 11:40:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\Notepad++
[2009/01/10 21:48:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\OpenOffice.org
[2012/02/14 11:19:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\Orbit
[2012/02/25 12:41:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\pdf995
[2011/01/03 09:46:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\ProgSense
[2010/02/19 21:47:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\ScanSoft
[2011/04/13 18:39:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\SystemRequirementsLab
[2012/01/21 09:54:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\TaxCut
[2010/12/26 21:07:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\Thunderbird
[2009/05/07 18:54:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\Trellian
[2009/05/24 17:18:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\Ulead Systems
[2008/11/30 14:07:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\Video DVD Maker FREE
[2010/06/25 06:58:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\webex
[2012/03/31 01:00:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\OptimizeDaily.job
[2012/03/01 01:00:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\Tasks\OptimizeMonthly.job
[2012/03/11 03:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\OptimizeWeekly.job

========== Purity Check ==========



< End of report >
  • 0

#20
mrfecteau

mrfecteau

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Question...

I keep getting a Quick Launch shortcut created during this process called SMART_HDD; I have deleted it each time I noticed. It points to "C:\Documents and Settings\All Users\Application Data\gpKdkXGEfqtSyL.exe" (which does not exist). It's just a shortcut no biggie but just wondering why it keeps appearing in my Quick Launch folder?

Edited by mrfecteau, 05 April 2012 - 08:32 PM.

  • 0

#21
Crag_Hack

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,775 posts
It appears you were infected with a FakeHDD rogue (explanation here). That SmartHDD link is probably a remainder of the infection. You can get rid of no worries. I will get back to you with further instructions tomorrow.
  • 0

#22
Crag_Hack

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,775 posts
Also there is no need to run unhide.exe since we already restored all your shortcuts... :)
  • 0

#23
Crag_Hack

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,775 posts
Hi mrfecteau, everything looks very good now. Please try your computer for several hours and see if everything is symptom-free. Then report back to me.
  • 0

#24
mrfecteau

mrfecteau

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
OK thanks, will do...
  • 0

#25
mrfecteau

mrfecteau

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Things look good, any suggestions on preventing this? I have anti-virus running an updated. It seems to be an older TJ so why can't current AV stop it?
  • 0

Advertisements


#26
Crag_Hack

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,775 posts
Now that we're done scanning for and disinfecting malware it's time to clean up. Let me know if you have any questions. Please use your computer a couple hours at least and make sure there are no remaining symptoms. If there are no symptoms proceed with the following instructions. One final step to take in disinfecting your computer is to purge all system restore points. This ensures that you will not get reinfected by files hiding in the system restore points. To do this follow these instructions:

  • Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [ClearAllRestorePoints]
  • Then click the Run Fix button at the top
  • OTL may ask to reboot the machine. Please do so if asked.
  • Post the log it produces in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run. Make sure to grab the contents of this file before following the cleanup procedure described next.
You can now remove all the tools that were used to disinfect your computer by running OTL and clicking the CleanUp button.

Now that your computer is disinfected it is important to keep it that way. What follows are guidelines to keeping your computer malware-free.

You absolutely must have an antivirus program installed. This is important because the antivirus program runs in the background of the computer and prevents viruses from both infecting the computer and doing malicious things to the computer. This can prevent many infections in the first place. Just as a city without police would be chaotic so would a computer with an anti-virus program. I recommend the free programs Avira AntiVir Personal and avast! Free Anti-Virus or the paid programs Bit Defender Anti-Virus and Kaspersky Anti-Virus. Also make absolutely sure to only have one anti-virus installed as more than one can slow your computer, create software conflicts, and increase your vulnerability to viruses and malware.

It is also advised to have an anti-spyware program as well. I recommend the paid version of Malwarebytes' Anti-Malware. This program complementing your anti-virus can protect your computer from most infections out there. Make absolutely sure to only have one anti-spyware installed as more than one can slow your computer, create software conflicts, and increase your vulnerability to viruses and malware.

A program to complement your anti-virus and anti-spyware with passive protection is SpywareBlaster. SpywareBlaster is not a malware scanner or removal tool and uses no system resources except a little disk space. It does a great job of preventing malware from being installed in the first place! It blocks the popular spyware ActiveX controls, and also prevents the installation of any of them from malicious websites. You can download it here. To use it to protect your computer install it then do the following regularly at your concenience (once a week is adequate):
  • Run SpywareBlaster
  • Click Updates on the left of the screen
  • Click the 'Check for Updates' button and let the program update
  • Click 'Protection Status' on the left of the screen
  • Click 'Enable All Protection' on the bottom of the screen and SpywareBlaster will implement its protection
  • Exit the program
Another program to add additional protection is Spybot Search and Destroy. It works similar to SpywareBlaster by providing passive protection. You can download it here. To use it to protect your computer install it then do the following regularly at your concenience (once a week is adequate):
  • Run Spybot S&D
  • Click "Search for Updates"
  • Click "Continue"
  • Click "Download" - ignore if it says "please select some update files from the list first"
  • Click "OK" in update window if it prompts you
  • Click "Exit" in update window when update finishes or if Spybot said "please select some update files from the list first"
  • Go back to Spybot main window
  • Close Internet Explorer/Firefox/Chrome if they are open
  • Click "Immunize"
  • Wait for the progress meter to complete
  • Click the "Immunize" button with the plus sign next to it towards the top of the window
  • Wait for the progress meter to complete
  • Close the program
And one last program to add additional protection is Panda USB vaccine. This program disables the autorun rile on removable devices. You can vaccinate both a computer and a removable device. To download and run refer to here.

Another important thing to have installed is a firewall to secure communications to and from your computer. The firewall prevents inbound communications from the Internet to your computer that could be malicious in nature. Some firewalls also regulate outbound communications from your computer to the Internet that could be malicious as well. Inbound communications can take advantage of security holes in software running on your computer to gain control of your computer and infect you with malware. Outbound communications can be from malware on your computer to malicious websites on the Internet, containing information about your computer usage and even your passwords. For these reasons it is essential to the security of your computer to install a firewall. Make sure to only install one firewall as any more than that would prove to be redundant - one firewall is just as effective as multiple ones. Also more than one firewall could cause software conflicts. This applies to the Windows firewall as well - if you use a third-party firewall make sure to disable the Windows firewall. I recommend ZoneAlarm Free Firewall or Comodo Firewall as free solutions or Outpost Firewall Pro as a paid solution.

Besides these measures, an equally important step to take to protect your computer from malware is to update all programs regularly and do Windows Updates as well. Windows, Java, Adobe Flash, PDF readers, and other programs have security holes in them that leave your computer vulnerable to malicious code from hackers that could infect your computer with malware when taken advantage of. For this reason it is important to always update programs when prompted. Windows Updates is enabled by default in Windows and Java, Flash, and others have auto-update programs enabled by default as well. You will not have to worry about setting up the auto-update feature for these programs unless you altered the settings to begin with. Make sure as well to never update a program via e-mail - companies will never send e-mails to update their products. In order to help you update programs you might want to download and run FileHippo.com Update Checker from here. This program will tell you which programs need to be updated. Instructions for automating Windows Updates follow:

1. Right click My Computer and select properties
2. Select the automatic updates tab
3. Select the automatic option and configure appropriately

One last thing to consider is to exercise caution when browsing the web and viewing e-mails. Try to stay away from non-reputable websites including websites for software piracy and pornography. By staying away from these websites you decrease your chances of malware infection significantly. To help you exercise caution in your browsing habits you can download and install Web of Trust into your web browser here. This program will install in your browser and color code the website you are viewing to inform you if it is safe or not; green means safe, yellow means proceed with caution, and red means danger. Viewing e-mails should also be done with caution. If you don't recognize an email as one from a known or requested source then you will be safer to avoid opening it. File attachments should be opened only with extreme caution as they can contain files that exploit security holes on your computer and infect you with malware. Never open an attachment unless you are expecting it or you verify that the sender intended to send it to you. Also make sure to scan the attachment before opening it.

You might want to use an alternate browser than Internet Explorer. Firefox and Google Chrome are excellent candidates. They are more secure than Internet Explorer and are just as functional. You can download Google Chrome here and Firefox here.

Something just as important as preventing infection by malware is to backup your data. You can read about different methods here.

Some articles you might be interested in reading to reiterate points I have addressed in this post as well as make new points follow:
By following these steps you should ensure that you most likely will never get infected with malware again. Good luck and safe browsing!

-Josh
  • 0

#27
mrfecteau

mrfecteau

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Thanks, everything is still good. Some of the software I have; I'll look at the others. OTL output...

========== COMMANDS ==========
Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.39.2 log created on 04102012_075302

Edited by mrfecteau, 10 April 2012 - 05:57 AM.

  • 0

#28
Crag_Hack

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,775 posts
That's it! We are done. Let me know if you have any questions.
  • 0

#29
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP