[SadieS]

New member, thanks in advance for any help!

So, I'm pretty much locked out of my computer. I can get in in safe mode. I did manage to get an MB run but it's not getting everything, still pretty much locked out. The warning screens are gone at least.

Here are the OTL logs:

OTL logfile created on: 4/2/2012 3:51:47 PM - Run 2
OTL by OldTimer - Version 3.2.39.2 Folder = H:\
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.50 Gb Total Physical Memory | 2.07 Gb Available Physical Memory | 82.65% Memory free
3.85 Gb Paging File | 3.59 Gb Available in Paging File | 93.16% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.55 Gb Total Space | 38.85 Gb Free Space | 52.11% Space Free | Partition Type: NTFS
Drive D: | 233.76 Gb Total Space | 150.44 Gb Free Space | 64.36% Space Free | Partition Type: NTFS
Drive E: | 465.76 Gb Total Space | 462.48 Gb Free Space | 99.30% Space Free | Partition Type: NTFS
Drive H: | 3.65 Gb Total Space | 1.37 Gb Free Space | 37.42% Space Free | Partition Type: FAT32

Computer Name: HAL | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/02 16:23:20 | 000,593,920 | ---- | M] (OldTimer Tools) -- H:\OTL.exe
PRC - [2011/08/22 05:39:44 | 002,995,568 | -H-- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToMyPC\g2tray.exe
PRC - [2011/08/22 05:39:42 | 000,946,032 | -H-- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToMyPC\g2svc.exe
PRC - [2011/08/22 05:39:36 | 002,120,048 | -H-- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToMyPC\g2pre.exe
PRC - [2011/08/22 05:39:28 | 001,686,384 | -H-- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToMyPC\g2comm.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | -H-- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | -H-- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/05/18 15:13:58 | 000,935,208 | -H-- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2008/05/19 14:13:20 | 000,057,344 | -H-- | M] (Nalpeiron Ltd.) -- C:\WINDOWS\system32\ASTSRV.EXE
PRC - [2008/04/14 06:42:20 | 001,033,728 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/30 09:38:51 | 000,230,320 | -H-- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark 4200 Series\LXBMmon.exe
PRC - [2007/01/30 09:37:40 | 000,537,520 | -H-- | M] ( ) -- C:\WINDOWS\system32\lxbmcoms.exe


========== Modules (No Company Name) ==========

MOD - [2011/03/27 14:11:04 | 000,094,208 | -H-- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2009/11/03 16:51:42 | 000,067,872 | -H-- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2007/01/08 06:32:22 | 000,036,864 | -H-- | M] () -- C:\WINDOWS\system32\LXBRPMON.DLL


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/01/13 14:53:18 | 000,652,360 | -H-- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/08/22 05:39:42 | 000,946,032 | -H-- | M] (Citrix Online, a division of Citrix Systems, Inc.) [Auto | Running] -- C:\Program Files\Citrix\GoToMyPC\g2svc.exe -- (GoToMyPC)
SRV - [2011/04/27 15:39:26 | 000,011,736 | -H-- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/09/14 18:35:20 | 001,168,744 | -H-- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files\LogMeIn Rescue Calling Card\CallingCard_srv.exe -- (LMIRescue_1a355e02-7b52-4b7d-bc4b-12aaa5b9b823) LogMeIn Rescue (1a355e02-7b52-4b7d-bc4b-12aaa5b9b823)
SRV - [2010/05/18 15:13:58 | 000,935,208 | -H-- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/11/16 14:24:28 | 000,655,624 | -H-- | M] (Acresso Software Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/05/19 14:13:20 | 000,057,344 | -H-- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\WINDOWS\system32\ASTSRV.EXE -- (ASTSRV)
SRV - [2007/01/30 09:37:40 | 000,537,520 | -H-- | M] ( ) [Auto | Running] -- C:\WINDOWS\system32\lxbmcoms.exe -- (lxbm_device)
SRV - [2003/11/03 17:43:02 | 000,106,496 | -H-- | M] (Intel Corp.) [Disabled | Stopped] -- C:\Program Files\Intel\Intel® Active Monitor\imonNT.exe -- (imonNT) Intel®
SRV - [2002/09/20 16:50:10 | 000,045,056 | -H-- | M] (Analog Devices, Inc.) [Disabled | Stopped] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (abzpkd2i)
DRV - [2012/04/02 15:44:33 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{153FBB89-9ADB-4883-BC68-35AF0B9470A2}\MpKsl8cdb5c65.sys -- (MpKsl8cdb5c65)
DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/08/01 16:56:42 | 000,045,288 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV - [2010/11/09 14:56:12 | 000,098,392 | -H-- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2010/05/10 12:41:30 | 000,067,656 | -H-- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\WINDOWS\Temp\SAS_SelfExtract\saskutil.sys -- (SASKUTIL)
DRV - [2010/02/17 12:25:48 | 000,012,872 | -H-- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\WINDOWS\Temp\SAS_SelfExtract\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/11/29 20:23:00 | 000,691,696 | -H-- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2008/04/14 01:15:34 | 000,011,520 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\scsiscan.sys -- (scsiscan)
DRV - [2008/02/27 13:49:00 | 000,003,840 | -H-- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\BANTExt.sys -- (BANTExt)
DRV - [2003/11/21 17:15:14 | 000,029,156 | -H-- | M] (Apple Computer, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\DVDAccss.sys -- (DVDAccss)
DRV - [2003/11/03 17:39:44 | 000,007,424 | -H-- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\SIODRV.SYS -- (SIODRV)
DRV - [2003/10/14 14:10:02 | 000,036,484 | -H-- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SMBios.sys -- (SMBios) Intel ®
DRV - [2003/05/08 23:00:56 | 000,033,248 | -H-- | M] (Sonic Focus, Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sf.sys -- (sf)
DRV - [2002/10/23 10:05:06 | 000,021,963 | -H-- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smb.sys -- (smbusp) Intel®
DRV - [2002/09/20 12:53:34 | 000,235,100 | -H-- | M] (Analog Devices Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MidiSyn.sys -- (MidiSyn)
DRV - [2002/02/11 15:15:50 | 000,014,572 | -H-- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PFC.SYS -- (pfc)
DRV - [2001/11/30 19:08:10 | 000,015,360 | -H-- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2001/08/17 07:28:12 | 000,488,383 | -H-- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_V124.sys -- (V124)
DRV - [2001/08/17 07:28:12 | 000,050,751 | -H-- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_TONE.sys -- (Tones)
DRV - [2001/08/17 07:28:10 | 000,542,879 | -H-- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_MSFT.sys -- (hsf_msft)
DRV - [2001/08/17 07:28:10 | 000,057,471 | -H-- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_SAMP.sys -- (Rksample)
DRV - [2001/08/17 07:28:08 | 000,391,199 | -H-- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_K56K.sys -- (K56)
DRV - [2001/08/17 07:28:06 | 000,289,887 | -H-- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FALL.sys -- (Fallback)
DRV - [2001/08/17 07:28:06 | 000,199,711 | -H-- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FAXX.sys -- (SoftFax)
DRV - [2001/08/17 07:28:06 | 000,115,807 | -H-- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FSKS.sys -- (Fsks)
DRV - [2001/08/17 07:28:04 | 000,067,167 | -H-- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_BSC2.sys -- (basic2)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...er=6&ar=msnhome
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "YouTube"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.willfishforwork.com"
FF - prefs.js..extensions.enabledItems: {DCBD1271-D228-4082-9FBC-36D9B7660B03}:1.1.8
FF - prefs.js..extensions.enabledItems: {6AC85730-7D0F-4de0-B3FA-21142DD85326}:2.0.2
FF - prefs.js..extensions.enabledItems: {723AAF16-AF1F-4404-A5D7-0BFE39766605}:0.3.3
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.8.0552
FF - prefs.js..extensions.enabledItems: [email protected]:1.4.5
FF - prefs.js..extensions.enabledItems: {6e84150a-d526-41f1-a480-a67d3fed910d}:1.4.5
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: [email protected]:3.5.2.106
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.7
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/11/20 04:00:21 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010/03/29 21:38:33 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/17 22:02:43 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/04 23:04:50 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/12/19 09:16:19 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2009/11/16 13:53:12 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Extensions
[2009/11/16 13:53:12 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/11/25 20:32:43 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\14t9d5ra.default\extensions
[2009/11/20 19:15:36 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\14t9d5ra.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/11/20 19:15:22 | 000,000,000 | -H-D | M] (ColorZilla) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\14t9d5ra.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2009/11/20 19:15:22 | 000,000,000 | -H-D | M] (IE View) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\14t9d5ra.default\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}
[2009/11/20 19:15:22 | 000,000,000 | -H-D | M] (Copy Plain Text) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\14t9d5ra.default\extensions\{723AAF16-AF1F-4404-A5D7-0BFE39766605}
[2009/11/20 19:15:23 | 000,000,000 | -H-D | M] (FireFTP) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\14t9d5ra.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}(2)
[2009/11/20 19:15:23 | 000,000,000 | -H-D | M] () -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\14t9d5ra.default\extensions\{DCBD1271-D228-4082-9FBC-36D9B7660B03}
[2009/11/20 19:15:23 | 000,000,000 | -H-D | M] (CoLT) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\14t9d5ra.default\extensions\{e6c4c3ef-3d4d-42d6-8283-8da73c53a283}(2)
[2009/11/20 19:15:20 | 000,000,000 | -H-D | M] ("DAEMON Tools Toolbar") -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\14t9d5ra.default\extensions\[email protected]
[2009/11/20 19:15:21 | 000,000,000 | -H-D | M] (Firebug) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\14t9d5ra.default\extensions\[email protected]
[2009/11/20 19:15:22 | 000,000,000 | -H-D | M] (Nero Toolbar) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\14t9d5ra.default\extensions\[email protected]
[2009/07/08 19:44:54 | 000,000,523 | -H-- | M] () -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\14t9d5ra.default\searchplugins\daemon-search.xml
[2009/06/04 18:30:34 | 000,000,931 | -H-- | M] () -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\14t9d5ra.default\searchplugins\dictionary.xml
[2009/06/04 18:32:30 | 000,004,140 | -H-- | M] () -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\14t9d5ra.default\searchplugins\youtube.xml
[2011/11/08 21:01:05 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/03/17 22:02:43 | 000,000,000 | -H-D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/03/29 21:38:33 | 000,000,000 | -H-D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2012/03/17 22:02:42 | 000,097,208 | -H-- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/07/17 05:00:04 | 000,423,656 | -H-- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/03/12 12:28:40 | 000,103,864 | -H-- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2011/12/04 23:04:49 | 000,159,744 | -H-- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2011/12/04 23:04:49 | 000,159,744 | -H-- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2011/12/04 23:04:49 | 000,159,744 | -H-- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2011/12/04 23:04:49 | 000,159,744 | -H-- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2011/12/04 23:04:50 | 000,159,744 | -H-- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2011/12/04 23:04:50 | 000,159,744 | -H-- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2011/12/04 23:04:50 | 000,159,744 | -H-- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2012/02/21 23:45:05 | 000,001,394 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2010/09/09 23:48:17 | 000,002,193 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2012/02/21 23:45:05 | 000,002,252 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010/09/09 23:48:17 | 000,001,534 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2012/02/21 23:45:05 | 000,001,131 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2012/02/21 23:45:05 | 000,002,364 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2012/02/21 23:45:05 | 000,002,040 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2012/02/21 23:45:05 | 000,001,178 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2012/02/21 23:45:05 | 000,001,096 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2011/05/24 07:40:20 | 000,000,890 | -H-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 174.132.195.9 eye-ficard.com
O1 - Hosts: 174.132.195.9 www.eye-ficard.com
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Lexmark 4200 Series Fax Server] C:\Program Files\Lexmark 4200 Series\fm3032.exe ()
O4 - HKLM..\Run: [lxbmmon.exe] C:\Program Files\Lexmark 4200 Series\lxbmmon.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden File not found
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\MSMSGS.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Admin\Start Menu\Programs\Startup\PowerReg SchedulerV2.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCMD = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCMD = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 File not found
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1258305062921 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1258358238859 (MUWebControl Class)
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} file://C:\TempEI4\EI40_\msxml4.cab (XML DOM Document 4.0)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4BD48767-24A8-4AC8-ADFF-9C6F4DBC37B5}: DhcpNameServer = 10.0.0.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - (%SystemRoot%\System32\dimsntfy.dll) - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\GoToMyPC: DllName - (C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll) - C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/11/14 22:36:22 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/04/14 22:54:30 | 000,000,166 | ---- | M] () - H:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/02 12:15:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/04/02 10:22:33 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Admin\Recent
[2012/04/02 07:40:43 | 009,502,424 | -H-- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Admin\Desktop\mbam--setup-1.60.1.1000.exe
[2012/04/01 20:22:23 | 000,098,392 | -H-- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2012/04/01 20:22:23 | 000,027,984 | -H-- | C] (Sunbelt Software) -- C:\WINDOWS\System32\sbbd.exe
[2012/04/01 20:21:29 | 000,000,000 | -H-D | C] -- C:\VIPRERESCUE
[2012/04/01 16:45:40 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Admin\Start Menu\Programs\SMART HDD
[2012/03/30 00:03:53 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PageOneTraffic
[2012/03/30 00:02:17 | 000,000,000 | -H-D | C] -- C:\PageOne Curator
[2012/03/24 20:50:18 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Azon Keyword Generator
[2012/03/24 20:46:52 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Azon Top 100 Analyzer
[9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/02 15:49:20 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/04/02 15:44:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/04/02 14:23:00 | 000,000,978 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-602162358-1897051121-1801674531-1004UA.job
[2012/04/02 10:23:00 | 000,000,926 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-602162358-1897051121-1801674531-1004Core.job
[2012/04/02 07:40:52 | 009,502,424 | -H-- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Admin\Desktop\mbam--setup-1.60.1.1000.exe
[2012/04/02 07:36:36 | 000,000,184 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\-Sd4NhFCI0pZefWr
[2012/04/02 07:36:36 | 000,000,000 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\-Sd4NhFCI0pZefW
[2012/04/02 07:36:34 | 000,000,847 | -H-- | M] () -- C:\Documents and Settings\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\SMART_HDD.lnk
[2012/04/02 07:36:29 | 000,000,256 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\Sd4NhFCI0pZefW
[2012/04/01 16:45:40 | 000,000,829 | -H-- | M] () -- C:\Documents and Settings\Admin\Desktop\SMART_HDD.lnk
[2012/04/01 12:09:32 | 000,000,208 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\-b3JY6YxdHArZyzr
[2012/04/01 12:09:32 | 000,000,000 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\-b3JY6YxdHArZyz
[2012/04/01 12:09:29 | 000,000,256 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\b3JY6YxdHArZyz
[2012/03/30 22:06:57 | 000,013,646 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/03/30 00:03:53 | 000,000,575 | -H-- | M] () -- C:\Documents and Settings\All Users\Desktop\PageOneCurator.lnk
[2012/03/29 22:38:19 | 000,000,488 | -H-- | M] () -- C:\WINDOWS\Lexstat.ini
[2012/03/28 11:08:01 | 000,000,284 | -H-- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/03/24 20:50:18 | 000,000,832 | -H-- | M] () -- C:\Documents and Settings\All Users\Desktop\Azon Keyword Generator.lnk
[2012/03/24 20:46:52 | 000,000,752 | -H-- | M] () -- C:\Documents and Settings\All Users\Desktop\Azon Top 100 Analyzer.lnk
[2012/03/15 03:23:26 | 002,020,512 | -H-- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/03/15 03:01:47 | 000,001,374 | -H-- | M] () -- C:\WINDOWS\imsins.BAK
[2012/03/12 08:24:01 | 000,494,288 | -H-- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/03/12 08:24:01 | 000,084,706 | -H-- | M] () -- C:\WINDOWS\System32\perfc009.dat
[9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/02 07:36:36 | 000,000,184 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\-Sd4NhFCI0pZefWr
[2012/04/02 07:36:36 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\-Sd4NhFCI0pZefW
[2012/04/02 07:36:34 | 000,000,847 | -H-- | C] () -- C:\Documents and Settings\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\SMART_HDD.lnk
[2012/04/01 16:45:40 | 000,000,829 | -H-- | C] () -- C:\Documents and Settings\Admin\Desktop\SMART_HDD.lnk
[2012/04/01 16:45:27 | 000,000,256 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\Sd4NhFCI0pZefW
[2012/04/01 12:09:32 | 000,000,208 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\-b3JY6YxdHArZyzr
[2012/04/01 12:09:32 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\-b3JY6YxdHArZyz
[2012/04/01 12:09:26 | 000,000,256 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\b3JY6YxdHArZyz
[2012/03/30 00:03:53 | 000,000,575 | -H-- | C] () -- C:\Documents and Settings\All Users\Desktop\PageOneCurator.lnk
[2012/03/24 20:50:18 | 000,000,832 | -H-- | C] () -- C:\Documents and Settings\All Users\Desktop\Azon Keyword Generator.lnk
[2012/03/24 20:46:52 | 000,000,752 | -H-- | C] () -- C:\Documents and Settings\All Users\Desktop\Azon Top 100 Analyzer.lnk
[2012/02/14 13:44:49 | 000,003,072 | -H-- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/12/04 22:50:53 | 000,645,632 | -H-- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/12/04 22:50:53 | 000,240,640 | -H-- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/09/17 22:15:20 | 000,344,064 | -H-- | C] () -- C:\WINDOWS\System32\lxbmcoin.dll
[2010/09/17 22:15:19 | 000,040,960 | -H-- | C] () -- C:\WINDOWS\System32\lxbmvs.dll
[2010/09/17 22:14:53 | 000,061,440 | -H-- | C] () -- C:\WINDOWS\System32\lxbmcnv4.dll
[2010/09/17 22:14:07 | 000,323,584 | -H-- | C] ( ) -- C:\WINDOWS\System32\LXBMhcp.dll
[2010/09/17 22:14:07 | 000,274,432 | -H-- | C] () -- C:\WINDOWS\System32\LXBMinst.dll
[2010/09/17 22:14:06 | 000,413,696 | -H-- | C] ( ) -- C:\WINDOWS\System32\lxbminpa.dll
[2010/09/17 22:14:06 | 000,397,312 | -H-- | C] ( ) -- C:\WINDOWS\System32\lxbmiesc.dll
[2010/09/17 22:14:05 | 000,413,696 | -H-- | C] () -- C:\WINDOWS\System32\lxbmutil.dll
[2010/09/17 22:14:04 | 001,224,704 | -H-- | C] ( ) -- C:\WINDOWS\System32\lxbmserv.dll
[2010/09/17 22:14:04 | 000,991,232 | -H-- | C] ( ) -- C:\WINDOWS\System32\lxbmusb1.dll
[2010/09/17 22:14:03 | 000,163,840 | -H-- | C] ( ) -- C:\WINDOWS\System32\lxbmprox.dll
[2010/09/17 22:14:02 | 000,643,072 | -H-- | C] ( ) -- C:\WINDOWS\System32\lxbmpmui.dll
[2010/09/17 22:14:02 | 000,094,208 | -H-- | C] ( ) -- C:\WINDOWS\System32\lxbmpplc.dll
[2010/09/17 22:14:01 | 000,585,728 | -H-- | C] ( ) -- C:\WINDOWS\System32\lxbmlmpm.dll
[2010/09/17 22:13:59 | 000,385,968 | -H-- | C] ( ) -- C:\WINDOWS\System32\lxbmih.exe
[2010/09/17 22:13:58 | 000,696,320 | -H-- | C] ( ) -- C:\WINDOWS\System32\lxbmhbn3.dll
[2010/09/17 22:13:56 | 000,537,520 | -H-- | C] ( ) -- C:\WINDOWS\System32\lxbmcoms.exe
[2010/09/17 22:13:55 | 000,421,888 | -H-- | C] ( ) -- C:\WINDOWS\System32\lxbmcomm.dll
[2010/09/17 22:13:54 | 000,684,032 | -H-- | C] ( ) -- C:\WINDOWS\System32\lxbmcomc.dll
[2010/09/17 22:13:53 | 000,381,872 | -H-- | C] ( ) -- C:\WINDOWS\System32\lxbmcfg.exe
[2010/09/17 09:26:34 | 000,016,968 | -H-- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/06/04 23:48:46 | 000,001,581 | -H-- | C] () -- C:\WINDOWS\tefview.ini
[2010/04/22 23:04:50 | 000,695,578 | -H-- | C] () -- C:\WINDOWS\System32\unins000.exe
[2010/04/22 23:04:50 | 000,001,067 | -H-- | C] () -- C:\WINDOWS\System32\unins000.dat

========== LOP Check ==========

[2010/01/18 16:44:23 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Admin\Application Data\4200Series
[2009/11/25 21:07:46 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Admin\Application Data\EPSON
[2009/11/24 20:58:18 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Admin\Application Data\Lasersoft Imaging
[2009/11/16 13:57:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Admin\Application Data\Thunderbird
[2010/09/17 09:45:27 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\022087
[2009/11/30 00:10:36 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\4200 Series
[2009/11/30 00:10:36 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\4200Series
[2011/04/26 23:45:15 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CitrixLogs
[2009/11/29 20:21:44 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010/09/17 09:47:38 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2011/10/25 08:18:14 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\IsolatedStorage
[2009/12/21 20:14:15 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2010/09/16 17:20:24 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\MSWBJMIS
[2010/09/14 22:13:15 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/11/29 00:17:28 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/12/14 22:08:00 | 000,000,294 | -H-- | M] () -- C:\WINDOWS\Tasks\classicftpSevenDaysInit.job
[2012/04/02 15:49:20 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



< End of report >

[Advertisements]

Hello, SadieS!

I'm Nedklaw and I'll be glad to help you with your malware issues.

I am currently still in training and my posts have to be approved by an expert so please expect a delay between my posts.

These instructions are specifically designed for SadieS only. No one else should follow these instructions because it can cause serious damage to your computer.

Before we start to clean your computer of malware, please read through the following points to help me and you, and prevent damage to your computer:

• Please completely read through all of the instructions given to you before attempting to follow them. Reading too lightly will cause you to miss important steps, which could have DESTRUCTIVE effects. If you can't perform a certain step or you are unsure about what to do, let me know!
• Don't be afraid to ask questions! If you are unsure about anything, ask me! No question is considered stupid here!
• Be patient with me, logs can take some time to research and my life can mean that I'm busy.
• Please copy and paste all logs into your reply. Do not attach logs to a post unless I tell you to or if they don't fit in the post.
• If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
• NEVER fix anything in OTL or other programs on your own! This can be very dangerous and cause harm to your system.
• Refrain from running any other tools apart from the ones I tell you to.

Note: You should save or print out my instructions for easy reference, as part of the fix may be in Safe Mode and you won't be able to access GeeksToGo.


I am currently reviewing your log and I will post back soon.

[Nedklaw]

Hello, SadieS!

I'm Nedklaw and I'll be glad to help you with your malware issues.

I am currently still in training and my posts have to be approved by an expert so please expect a delay between my posts.

These instructions are specifically designed for SadieS only. No one else should follow these instructions because it can cause serious damage to your computer.

Before we start to clean your computer of malware, please read through the following points to help me and you, and prevent damage to your computer:

• Please completely read through all of the instructions given to you before attempting to follow them. Reading too lightly will cause you to miss important steps, which could have DESTRUCTIVE effects. If you can't perform a certain step or you are unsure about what to do, let me know!
• Don't be afraid to ask questions! If you are unsure about anything, ask me! No question is considered stupid here!
• Be patient with me, logs can take some time to research and my life can mean that I'm busy.
• Please copy and paste all logs into your reply. Do not attach logs to a post unless I tell you to or if they don't fit in the post.
• If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
• NEVER fix anything in OTL or other programs on your own! This can be very dangerous and cause harm to your system.
• Refrain from running any other tools apart from the ones I tell you to.

Note: You should save or print out my instructions for easy reference, as part of the fix may be in Safe Mode and you won't be able to access GeeksToGo.


I am currently reviewing your log and I will post back soon.

[SadieS]

Oh man, thanks for getting to me! I'm working on a second house computer, going back and forth trying to fix mine. I will be out till around 2pm so don't think I'm not paying attention- I'm just at work! Thanks!

[Nedklaw]

Hi.
I won't think your not paying attention. I'm from the UK and I mostly help people in the United States so the different time zones often result in a delay in replies.


Step 1

• Download RogueKiller and save it on your desktop.
• Quit all programs.
• Start RogueKiller.exe.
• Note: If RogueKiller has been blocked, do not hesitate to try several times. If it really won't run, rename it to winlogon.exe (or winlogon.com) and try again.
• Wait until the Prescan has finished.
• Click on Scan.
  
  
  
• Wait for the end of the scan.
• The report has been created on the desktop.
  
• Click on the Delete button.
• The report has been created on the desktop.
  
• Next click on ShortcutsFix.
• The report has been created on the desktop.

Step 2

If you have the paid version of Malwarebytes 1.6 or later installed, please disable it for the duration of this run.

Run OTL.

• Under the Custom Scans/Fixes box at the bottom, paste in the following:
  
  

  :OTL 
  DRV - File not found [Kernel | On_Demand | Unknown] -- -- (abzpkd2i)
  FF - prefs.js..extensions.enabledItems: [email protected]:1.0.8.0552
  FF - prefs.js..extensions.enabledItems: [email protected]:3.5.2.106
  [2009/11/20 19:15:20 | 000,000,000 | -H-D | M] ("DAEMON Tools Toolbar") -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\14t9d5ra.default\extensions\[email protected]
  [2009/11/20 19:15:22 | 000,000,000 | -H-D | M] (Nero Toolbar) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\14t9d5ra.default\extensions\[email protected]
  [2009/07/08 19:44:54 | 000,000,523 | -H-- | M] () -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\14t9d5ra.default\searchplugins\daemon-search.xml
  O4 - Startup: C:\Documents and Settings\Admin\Start Menu\Programs\Startup\PowerReg SchedulerV2.exe ()
  [2012/04/01 16:45:40 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Admin\Start Menu\Programs\SMART HDD
  [2012/04/02 07:36:36 | 000,000,184 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\-Sd4NhFCI0pZefWr
  [2012/04/02 07:36:36 | 000,000,000 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\-Sd4NhFCI0pZefW
  [2012/04/02 07:36:34 | 000,000,847 | -H-- | M] () -- C:\Documents and Settings\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\SMART_HDD.lnk
  [2012/04/02 07:36:29 | 000,000,256 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\Sd4NhFCI0pZefW
  [2012/04/01 16:45:40 | 000,000,829 | -H-- | M] () -- C:\Documents and Settings\Admin\Desktop\SMART_HDD.lnk
  [2012/04/01 12:09:32 | 000,000,208 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\-b3JY6YxdHArZyzr
  [2012/04/01 12:09:32 | 000,000,000 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\-b3JY6YxdHArZyz
  [2012/04/01 12:09:29 | 000,000,256 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\b3JY6YxdHArZyz
  [2010/09/17 09:45:27 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\022087
  [2010/09/16 17:20:24 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\MSWBJMIS
  [9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
  [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
  
  :Files
  ipconfig /flushdns /c
  
  :Commands
  [resethosts]
  [CREATERESTOREPOINT] 
  [Reboot]

  
  
• Then click the Run Fix button at the top.
• Let the program run unhindered, reboot the PC when it is done.
• Post the log that appears upon reboot in your next reply.
• If no log appears upon reboot, the OTL Fix log should be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date and the time of the tool run.
• Try Normal Mode (stick to Safe Mode if it still doesn’t work after the fix).
• Open OTL again and select the "Scan All Users" box.
• Under the Custom Scan box paste this in:
  
  

  %Temp%\smtmp\1\*.*
  %Temp%\smtmp\2\*.*
  %Temp%\smtmp\3\*.*
  %Temp%\smtmp\4\*.*

• Click the Run Scan button. Post the log it produces in your next reply.

Step 3

Download aswMBR.exe (1.8mb) to your desktop.

Double click aswMBR.exe to run it.

Click the "Scan" button to start the scan.
If Avast asks to download definitions, please say Yes.




On completion of the scan click save log, save it to your desktop and post it in your next reply.




Things I want to see in your next reply

• All RKreport.txt files
• OTL Fix Log
• OTL.txt
• Update on Normal Mode
• aswMBR.txt

[SadieS]

I think I now have a bigger issue. Computer is not booting, can't hear the drive start up although the CD/DVD will fire up, no signal to monitor. So, I'm not sure how to proceed. Can I boot from a disc or something similar? Thanks!

[Nedklaw]

Hi.
If the first step doesn’t load Windows then move onto Step 2.


Step 1

• Tap the F8 repeatedly as soon as you see the initial boot screen. Wait for the Advanced Boot Options menu to appear.
• Press the down-arrow key to move the cursor to the Enable Low-Resolution Video (640 x 480) option.
• Press the Enter key and wait for Windows to load with the standard VGA video driver.

Step 2

Only proceed with this step if the first one didn't load Windows.

Please print out these instructions so that you know what you are doing.

• Download OTLPEStd.exe to your desktop.
• Ensure that you have a blank CD in the drive.
• Double click OTLPEStd.exe and this will then open imgburn to burn the file to CD.
  
• Reboot your system using the boot CD you just created.
  Note: If you do not know how to set your computer to boot from CD follow the steps here.
• As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads.
  
• Your system should now display a Reatogo desktop.
  Note: As you are running from CD it is not exactly speedy.
• Double-click on the OTLPE icon.
• Select the Windows folder of the infected drive if it asks for a location.
• When asked "Do you wish to load the remote registry", select Yes.
• When asked "Do you wish to load remote user profile(s) for scanning", select Yes.
• Ensure the box "Automatically Load All Remaining Users" is checked and press OK.
• OTL should now start.
• Press Quick Scan to start the scan.
• When finished, the file will be saved in drive C:\OTL.txt.
• Copy this file to your USB drive if you do not have internet connection on this system.
• Right click the file and select send to : select the USB drive.
• Confirm that it has copied to the USB drive by selecting it.
• You can backup any files that you wish from this OS.
• Please post the contents of the C:\OTL.txt file in your reply.

[Essexboy]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.