Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

SMART HDD Virus [Closed]

Started by slippybippy , Apr 07 2012 10:13 AM

  • This topic is locked This topic is locked

#1
slippybippy
Posted 07 April 2012 - 10:13 AM

slippybippy

    Member

  • Member
  • PipPip
  • 27 posts
I acquired the SMART HDD virus yesterday. I found several posts on how to fake the virus into submission, and did so. I ran everything that all posts told me too. Malwarebytes, Kapersky TDSSKiller, HitmanPro, tried ComboFix which didn't work after the scan. I found this site and ran the OTL as instructed. I am posting the logs. SMART HDD is still in the program menu, and has slowed down the starting of the computer big time. Here's both OTL logs.

OTL logfile created on: 4/7/2012 11:31:32 AM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Program Files
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.47 Gb Available Physical Memory | 73.84% Memory free
3.84 Gb Paging File | 3.29 Gb Available in Paging File | 85.83% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 146.47 Gb Total Space | 89.75 Gb Free Space | 61.28% Space Free | Partition Type: NTFS

Computer Name: ALLAN-LAPPY | User Name: Allan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/07 11:30:25 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Program Files\OTL.exe
PRC - [2012/01/31 08:57:32 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012/01/31 08:57:06 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012/01/31 08:56:50 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/01/31 08:56:50 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/01/13 07:20:00 | 000,041,296 | ---- | M] (AOL Inc.) -- C:\Program Files\AOL Desktop 9.6\waol.exe
PRC - [2011/01/13 07:19:58 | 000,045,392 | ---- | M] (AOL Inc.) -- C:\Program Files\AOL Desktop 9.6\shellmon.exe
PRC - [2010/11/22 18:19:45 | 002,201,936 | ---- | M] (AOL Inc.) -- C:\Program Files\AOL Desktop 9.6\AOLBrowser\aolbrowser.exe
PRC - [2010/10/18 15:08:40 | 000,039,240 | ---- | M] (AOL Inc.) -- C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe
PRC - [2010/03/08 03:27:49 | 000,041,800 | ---- | M] (AOL Inc.) -- C:\Program Files\Common Files\aol\1272640394\ee\aolsoftware.exe
PRC - [2010/01/21 16:24:08 | 000,110,592 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
PRC - [2009/06/16 08:58:08 | 000,020,480 | ---- | M] (Memeo) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/14 14:23:32 | 001,191,936 | ---- | M] (Dell Inc) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2007/05/06 18:10:52 | 000,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2007/01/31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\aol\acs\AOLacsd.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/15 17:12:02 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\11dcb806c92f55111f5fa9f1a90e3bdd\System.ServiceProcess.ni.dll
MOD - [2012/02/15 17:10:16 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\94a40f415bfa947e251888bbe88bb973\System.Configuration.ni.dll
MOD - [2012/02/15 11:39:53 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\77e1279cbf4eecfb0284b63316fe43fe\System.Xml.ni.dll
MOD - [2012/02/15 11:36:04 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\9e3803cd2a11f056291862e306a8e2b2\System.ni.dll
MOD - [2012/02/14 19:23:42 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2012/01/31 08:57:08 | 000,398,288 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2011/10/13 17:31:19 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/01/13 07:20:01 | 000,048,640 | ---- | M] () -- C:\Program Files\AOL Desktop 9.6\zlib.dll
MOD - [2011/01/13 07:19:49 | 000,094,208 | ---- | M] () -- C:\Program Files\AOL Desktop 9.6\components\Tier2Svc.dll
MOD - [2011/01/13 07:19:49 | 000,060,928 | ---- | M] () -- C:\Program Files\AOL Desktop 9.6\components\DataSvcs.dll
MOD - [2009/01/09 17:10:52 | 000,139,264 | ---- | M] () -- C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
MOD - [2007/05/14 14:24:00 | 000,098,304 | ---- | M] () -- C:\Program Files\Dell\QuickSet\dadkeyb.dll
MOD - [2007/03/16 18:10:54 | 000,086,016 | ---- | M] () -- C:\WINDOWS\system32\preflib.dll
MOD - [2007/03/16 18:10:48 | 000,757,760 | ---- | M] () -- C:\WINDOWS\system32\bcm1xsup.dll
MOD - [2005/10/13 13:53:36 | 000,090,223 | ---- | M] () -- C:\Program Files\Dell\QuickSet\preflibcl.dll
MOD - [2002/11/26 13:43:18 | 000,106,496 | ---- | M] () -- C:\WINDOWS\system32\BrMuSNMP.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/03/30 09:09:08 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/01/31 08:57:06 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/01/31 08:56:50 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/01/18 06:21:52 | 000,737,184 | ---- | M] (Enigma Software Group USA, LLC.) [Auto | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe -- (SpyHunter 4 Service)
SRV - [2010/01/21 16:24:08 | 000,110,592 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2009/06/16 08:58:08 | 000,020,480 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)
SRV - [2007/01/31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) [On_Demand | Running] -- C:\Program Files\Common Files\aol\acs\AOLacsd.exe -- (AOL ACS)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | Disabled | Stopped] -- system32\DRIVERS\s24trans.sys -- (s24trans)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/01/31 08:57:31 | 000,137,416 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2012/01/31 08:57:31 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/09/16 16:09:17 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011/05/06 15:57:10 | 000,013,904 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV - [2010/06/17 14:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/02/13 11:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2007/07/23 09:23:46 | 000,021,632 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2007/07/23 09:23:46 | 000,019,840 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2007/07/23 09:23:44 | 000,012,416 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2007/05/06 18:12:00 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/03/20 01:00:00 | 000,234,496 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2007/03/16 18:10:56 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2007/03/05 18:45:00 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2007/01/10 17:43:00 | 000,141,376 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\OEM02Afx.sys -- (OEM02Afx)
DRV - [2006/11/21 04:25:44 | 000,045,568 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/11/02 19:47:36 | 000,989,696 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2006/11/02 19:47:00 | 000,209,152 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2006/11/02 19:46:56 | 000,730,112 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/08/12 17:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\APPDRV.SYS -- (APPDRV)
DRV - [2003/01/10 17:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1214440339-1035525444-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1214440339-1035525444-839522115-1004\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-1214440339-1035525444-839522115-1004\..\SearchScopes,DefaultScope = {13913002-EAD1-478A-957D-FA0A81787BA8}
IE - HKU\S-1-5-21-1214440339-1035525444-839522115-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKU\S-1-5-21-1214440339-1035525444-839522115-1004\..\SearchScopes\{13913002-EAD1-478A-957D-FA0A81787BA8}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKU\S-1-5-21-1214440339-1035525444-839522115-1004\..\SearchScopes\{CCF26F0D-6FDB-46E6-9660-137D3CE470B2}: "URL" = http://search.aol.co...ionType=msie70a
IE - HKU\S-1-5-21-1214440339-1035525444-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1214440339-1035525444-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.2.72: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.2.72: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.2.72: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Documents and Settings\Allan\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/02/17 17:02:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/17 17:01:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/02/17 17:02:21 | 000,000,000 | ---D | M]

[2011/08/22 23:28:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Allan\Application Data\Mozilla\Extensions
[2011/08/22 23:28:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Allan\Application Data\Mozilla\Firefox\Profiles\7bwbxg1r.default\extensions
[2011/08/22 23:28:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Allan\Application Data\Mozilla\Firefox\Profiles\7bwbxg1r.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/08/22 23:28:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Allan\Application Data\Mozilla\Firefox\Profiles\7bwbxg1r.default\extensions\staged-xpis
[2011/01/12 20:05:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/03/11 22:22:52 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010/05/10 15:25:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/09/24 20:29:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/25 22:09:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/05 16:05:32 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{AB2CE124-6272-4B12-94A9-7303C7397BD1}
[2011/01/05 16:05:31 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2004/08/04 06:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AOL Toolbar Loader) - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1214440339-1035525444-839522115-1004\..\Toolbar\WebBrowser: (AOL Toolbar) - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\aol\1272640394\ee\aolsoftware.exe (AOL Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKU\S-1-5-21-1214440339-1035525444-839522115-1004..\Run: [AOL Fast Start] C:\Program Files\AOL Desktop 9.6\AOL.EXE (AOL Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1214440339-1035525444-839522115-1004\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-1214440339-1035525444-839522115-1004\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-1214440339-1035525444-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-1214440339-1035525444-839522115-1004\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FF55C92A-2521-474E-B530-6BDBAB4FA25B}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/04/29 22:32:19 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-1214440339-1035525444-839522115-1004\...exe [@ = exefile] -- Reg Error: Key error. File not found

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/04/07 11:30:24 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Program Files\OTL.exe
[2012/04/07 11:12:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Allan\Desktop\RK_Quarantine
[2012/04/07 10:48:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HitmanPro
[2012/04/07 10:48:24 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2012/04/07 10:35:04 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2012/04/07 10:34:41 | 004,452,287 | R--- | C] (Swearware) -- C:\Program Files\PCHelpForum.exe
[2012/04/07 10:33:24 | 004,452,287 | ---- | C] (Swearware) -- C:\Program Files\ComboFix.exe
[2012/04/06 16:56:57 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2012/04/06 15:02:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2012/04/06 15:02:06 | 007,156,360 | ---- | C] (SurfRight B.V.) -- C:\Program Files\HitmanPro36.exe
[2012/04/06 14:56:33 | 000,397,728 | ---- | C] (Bleeping Computer, LLC) -- C:\Program Files\unhide.exe
[2012/04/06 11:34:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Allan\Desktop\tdsskiller
[2012/04/06 11:34:06 | 000,000,000 | ---D | C] -- C:\Program Files\BucksBee Loyalty Plugin - Softonic
[2012/04/06 10:48:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Allan\Start Menu\Programs\SpyHunter
[2012/04/06 10:48:24 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2012/04/06 10:48:24 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012/04/06 10:47:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2012/04/06 10:46:10 | 000,725,408 | ---- | C] (Enigma Software Group USA, LLC.) -- C:\Program Files\SpyHunter-Installer.exe
[2012/04/06 10:41:06 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Allan\Recent
[2012/04/06 09:29:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Allan\Start Menu\Programs\SMART HDD
[2012/03/30 09:09:08 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/03/28 19:43:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Allan\Application Data\Avira
[2012/03/28 19:38:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira
[2012/03/28 19:38:13 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2012/03/28 19:38:10 | 000,137,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2012/03/28 19:38:10 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avkmgr.sys
[2012/03/28 19:38:09 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2012/03/28 19:38:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2012/03/11 22:22:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012/03/11 22:22:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2012/02/29 22:27:55 | 000,493,520 | ---- | C] (Facebook Inc.) -- C:\Program Files\FacebookVideoCallSetup_v1.2.203.0.exe
[2012/02/17 16:59:43 | 000,692,480 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RealPlayer.exe
[2012/01/24 12:10:12 | 001,070,488 | ---- | C] (Lenovo Group Limited ) -- C:\Program Files\68md01ww.exe
[2012/01/24 12:10:06 | 002,438,952 | ---- | C] (Lenovo Group Limited ) -- C:\Program Files\68cr04ww.exe
[2012/01/24 12:09:37 | 036,927,832 | ---- | C] (Lenovo Group Limited ) -- C:\Program Files\68ar04ww.exe
[2012/01/24 11:51:27 | 002,443,048 | ---- | C] (Lenovo Group Limited ) -- C:\Program Files\68cs06ww.exe
[2011/12/09 15:16:45 | 001,630,912 | ---- | C] (W3i, LLC) -- C:\Program Files\gimp_app_1201.exe
[2011/04/13 15:01:22 | 048,536,984 | ---- | C] (Adobe Systems Incorporated) -- C:\Program Files\AdbeRdr1001_en_US.exe
[2011/04/01 09:26:36 | 000,231,224 | ---- | C] (Trusteer Ltd.) -- C:\Program Files\RapportSetup.exe
[2011/02/27 14:02:24 | 000,509,440 | ---- | C] (iS3, Inc.) -- C:\Program Files\STOPzilla_Setup.exe
[2011/02/27 13:59:13 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Program Files\mbam-setup-1.50.1.1100.exe
[2011/02/27 13:50:44 | 006,623,888 | ---- | C] (Malwarebytes Corporation ) -- C:\Program Files\Malwarebytes.exe
[2010/08/26 17:32:44 | 001,704,744 | ---- | C] (Skype Technologies S.A.) -- C:\Program Files\SkypeSetup.exe
[2010/04/29 23:57:19 | 002,959,376 | ---- | C] (Microsoft Corporation) -- C:\Program Files\dotnetfx35setup.exe
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/07 11:38:16 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/04/07 11:30:25 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Program Files\OTL.exe
[2012/04/07 11:11:06 | 001,261,568 | ---- | M] () -- C:\Program Files\winlogon.exe
[2012/04/07 10:48:26 | 000,001,610 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HitmanPro.lnk
[2012/04/07 10:33:35 | 004,452,287 | R--- | M] (Swearware) -- C:\Program Files\PCHelpForum.exe
[2012/04/07 10:33:35 | 004,452,287 | ---- | M] (Swearware) -- C:\Program Files\ComboFix.exe
[2012/04/07 10:28:15 | 000,464,324 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/04/07 10:28:15 | 000,080,884 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/04/07 10:14:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/04/07 01:29:55 | 000,015,360 | ---- | M] () -- C:\Documents and Settings\Allan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/07 00:36:29 | 000,000,998 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1214440339-1035525444-839522115-1004UA.job
[2012/04/06 16:56:57 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2012/04/06 15:02:06 | 007,156,360 | ---- | M] (SurfRight B.V.) -- C:\Program Files\HitmanPro36.exe
[2012/04/06 14:56:34 | 000,397,728 | ---- | M] (Bleeping Computer, LLC) -- C:\Program Files\unhide.exe
[2012/04/06 12:16:23 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/04/06 11:40:04 | 002,053,661 | ---- | M] () -- C:\Program Files\tdsskiller.zip
[2012/04/06 11:34:02 | 002,886,784 | ---- | M] () -- C:\Documents and Settings\Allan\Desktop\Toolbar_production_100709.exe
[2012/04/06 11:33:52 | 001,954,684 | ---- | M] () -- C:\Documents and Settings\Allan\Desktop\tdsskiller.zip
[2012/04/06 11:22:51 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/06 10:48:33 | 000,001,973 | ---- | M] () -- C:\Documents and Settings\Allan\Desktop\SpyHunter.lnk
[2012/04/06 10:46:14 | 000,725,408 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Program Files\SpyHunter-Installer.exe
[2012/04/06 09:34:33 | 000,000,256 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\FKDCSB2HMaDCw4
[2012/04/06 09:29:43 | 000,000,168 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\-FKDCSB2HMaDCw4r
[2012/04/06 09:29:43 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\-FKDCSB2HMaDCw4
[2012/04/03 17:10:28 | 000,012,567 | ---- | M] () -- C:\Documents and Settings\Allan\My Documents\Customer Sales Log Sheet.ods
[2012/04/02 09:39:11 | 000,016,651 | ---- | M] () -- C:\Documents and Settings\Allan\My Documents\Michael Georgalas letter.odt
[2012/04/01 14:54:48 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/03/30 09:09:08 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/03/30 09:09:08 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/03/28 19:38:31 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira Control Center.lnk
[2012/03/26 21:34:00 | 000,000,976 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1214440339-1035525444-839522115-1004Core.job
[2012/03/26 20:00:50 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2012/03/24 14:11:14 | 000,404,718 | ---- | M] () -- C:\Documents and Settings\Allan\My Documents\George Flugrad pdf.pdf
[2012/03/14 15:14:15 | 000,011,796 | ---- | M] () -- C:\Documents and Settings\Allan\My Documents\William Travis Police Letter.odt
[2012/03/14 15:13:43 | 000,010,932 | ---- | M] () -- C:\Documents and Settings\Allan\My Documents\William Travis Occupancy Letter.odt
[2012/03/14 11:49:21 | 000,119,744 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/03/14 11:10:15 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/07 11:10:52 | 001,261,568 | ---- | C] () -- C:\Program Files\winlogon.exe
[2012/04/07 10:48:26 | 000,001,610 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HitmanPro.lnk
[2012/04/06 11:40:04 | 002,053,661 | ---- | C] () -- C:\Program Files\tdsskiller.zip
[2012/04/06 11:33:49 | 002,886,784 | ---- | C] () -- C:\Documents and Settings\Allan\Desktop\Toolbar_production_100709.exe
[2012/04/06 11:33:49 | 001,954,684 | ---- | C] () -- C:\Documents and Settings\Allan\Desktop\tdsskiller.zip
[2012/04/06 11:22:51 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/06 10:48:33 | 000,001,973 | ---- | C] () -- C:\Documents and Settings\Allan\Desktop\SpyHunter.lnk
[2012/04/06 09:29:43 | 000,000,168 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\-FKDCSB2HMaDCw4r
[2012/04/06 09:29:43 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\-FKDCSB2HMaDCw4
[2012/04/06 09:29:35 | 000,000,256 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\FKDCSB2HMaDCw4
[2012/04/02 09:30:04 | 000,016,651 | ---- | C] () -- C:\Documents and Settings\Allan\My Documents\Michael Georgalas letter.odt
[2012/03/30 09:09:09 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/03/28 19:38:31 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira Control Center.lnk
[2012/03/24 14:11:14 | 000,404,718 | ---- | C] () -- C:\Documents and Settings\Allan\My Documents\George Flugrad pdf.pdf
[2012/03/14 15:12:48 | 000,010,932 | ---- | C] () -- C:\Documents and Settings\Allan\My Documents\William Travis Occupancy Letter.odt
[2012/03/14 15:07:59 | 000,011,796 | ---- | C] () -- C:\Documents and Settings\Allan\My Documents\William Travis Police Letter.odt
[2012/03/11 22:22:19 | 000,002,265 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2012/02/14 17:37:34 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/24 12:07:43 | 008,556,672 | ---- | C] () -- C:\Program Files\Lenovo_Download_Manager_Installer.exe
[2011/06/03 12:38:32 | 000,000,242 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2011/06/03 12:38:32 | 000,000,093 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2011/06/03 12:38:17 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2011/06/03 12:37:49 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\bridf08c.dat
[2011/06/03 12:37:42 | 000,000,086 | ---- | C] () -- C:\WINDOWS\Brfaxrx.ini
[2011/06/03 12:37:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
[2011/06/03 12:37:41 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2011/06/03 12:33:03 | 000,031,767 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2011/04/13 11:44:41 | 021,058,523 | ---- | C] () -- C:\Program Files\FullTiltSetup.exe
[2010/11/07 13:55:01 | 000,015,360 | ---- | C] () -- C:\Documents and Settings\Allan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/26 17:41:49 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/08/26 08:59:53 | 000,680,340 | ---- | C] () -- C:\Program Files\StarterSetup.zip
[2010/07/11 15:55:48 | 000,198,144 | ---- | C] () -- C:\WINDOWS\System32\_psisdecd.dll
[2010/06/06 23:52:30 | 000,018,632 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/05/14 10:21:41 | 156,607,328 | ---- | C] () -- C:\Program Files\OOo_3.2.0_Win_x86_install-wJRE_en-US.exe
[2010/05/06 09:49:05 | 000,734,286 | ---- | C] () -- C:\Program Files\Starter.zip
[2010/05/03 16:53:06 | 027,386,256 | ---- | C] ( ) -- C:\Program Files\AdbeRdr930_en_US.exe
[2010/04/30 11:06:24 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/04/29 23:56:12 | 000,009,523 | ---- | C] () -- C:\Program Files\DellDriverDownloadManager.application
[2010/04/29 23:38:22 | 044,089,904 | ---- | C] () -- C:\Program Files\avira_antivir_personal_en.exe
[2010/04/29 23:08:09 | 000,319,488 | ---- | C] () -- C:\WINDOWS\System32\AegisI5Installer.exe
[2010/04/29 23:01:04 | 000,910,304 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2010/04/29 23:01:04 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4831.dll
[2010/04/29 22:59:10 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2010/04/29 22:59:08 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2010/04/29 22:59:07 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2010/04/29 22:42:04 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/29 22:35:48 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/04/29 22:29:10 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/04/29 18:19:46 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/04/29 18:18:07 | 000,119,744 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004/08/04 06:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2004/08/04 06:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/04 06:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 06:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2012/04/07 11:11:06 | 001,261,568 | ---- | M] () MD5=445AC2F54B1CFC1EE110329E68FA61A0 -- C:\Program Files\winlogon.exe
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< C:\Windows\assembly\tmp\U\*.* /s >

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >
[2012/04/06 09:29:41 | 000,000,847 | ---- | M] () -- C:\DOCUME~1\Allan\LOCALS~1\Temp\smtmp\2\SMART_HDD.lnk

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

< type c:\diskreport.txt /c >
Microsoft DiskPart version 5.1.3565
Copyright © 1999-2003 Microsoft Corporation.
On computer: ALLAN-LAPPY
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
Volume 0 D DVD-ROM 0 B
Volume 1 C NTFS Partition 146 GB Healthy System

< >

< End of report >

OTL Extras logfile created on: 4/7/2012 11:31:32 AM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Program Files
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.47 Gb Available Physical Memory | 73.84% Memory free
3.84 Gb Paging File | 3.29 Gb Available in Paging File | 85.83% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 146.47 Gb Total Space | 89.75 Gb Free Space | 61.28% Space Free | Partition Type: NTFS

Computer Name: ALLAN-LAPPY | User Name: Allan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = aolfile_HTM] -- C:\Program Files\AOL 9.5\aol.exe (AOL Inc.)

[HKEY_USERS\S-1-5-21-1214440339-1035525444-839522115-1004\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- C:\PROGRA~1\AOL9~1.5\aol.exe -z"%1" (AOL Inc.)
https [open] -- C:\PROGRA~1\AOL9~1.5\aol.exe -z"%1" (AOL Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"54925:UDP" = 54925:UDP:*:Enabled:BrotherNetwork Scanner

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\aol\acs\AOLDial.exe" = C:\Program Files\Common Files\aol\acs\AOLDial.exe:*:Enabled:AOL Connectivity Service Dialer -- (America Online)
"C:\Program Files\Common Files\aol\acs\AOLacsd.exe" = C:\Program Files\Common Files\aol\acs\AOLacsd.exe:*:Enabled:AOL Connectivity Service -- (AOL LLC)
"C:\Program Files\Common Files\aol\1272640394\ee\aolsoftware.exe" = C:\Program Files\Common Files\aol\1272640394\ee\aolsoftware.exe:*:Enabled:AOL Shared Components -- (AOL Inc.)
"C:\Program Files\AOL 9.5\waol.exe" = C:\Program Files\AOL 9.5\waol.exe:*:Enabled:AOL -- (AOL Inc.)
"C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe" = C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed -- (AOL Inc.)
"C:\Program Files\Common Files\aol\Loader\aolload.exe" = C:\Program Files\Common Files\aol\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL Inc.)
"C:\Program Files\Common Files\aol\System Information\sinf.exe" = C:\Program Files\Common Files\aol\System Information\sinf.exe:*:Enabled:AOL System Information -- (AOL Inc.)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AIM -- (AOL Inc.)
"C:\Program Files\Electronic Arts\EADM\Core.exe" = C:\Program Files\Electronic Arts\EADM\Core.exe:*:Disabled:EA Download Manager -- (Electronic Arts)
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
"C:\Program Files\AOL Desktop 9.6\waol.exe" = C:\Program Files\AOL Desktop 9.6\waol.exe:*:Enabled:AOL Software -- (AOL Inc.)
"C:\Program Files\Brother\Brmfl08l\FAXRX.exe" = C:\Program Files\Brother\Brmfl08l\FAXRX.exe:*:Enabled:FAXRX.EXE -- (Brother Industries Ltd.)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Documents and Settings\Allan\Local Settings\Application Data\Akamai\netsession_win.exe" = C:\Documents and Settings\Allan\Local Settings\Application Data\Akamai\netsession_win.exe:*:Enabled:Akamai NetSession Client -- (Akamai Technologies, Inc)
"C:\Documents and Settings\Allan\Local Settings\Application Data\Facebook\Video\Skype\FacebookVideoCalling.exe" = C:\Documents and Settings\Allan\Local Settings\Application Data\Facebook\Video\Skype\FacebookVideoCalling.exe:*:Enabled:Facebook Video Calling Plugin -- (Skype Limited)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}" = ScanSoft PaperPort 11
"{0A02D347-5E53-48A5-BC49-1469393103FA}" = Brother MFL-Pro Suite MFC-495CW
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{232DB76D-4751-41A9-9EC2-CDC0DAC1FAB6}" = WD SmartWare
"{26A24AE4-039D-4CA4-87B4-2F83216018F0}" = Java™ 6 Update 18
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java™ 6 Update 22
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{29ED20C9-5E15-4969-9279-25BF3727A3DA}" = iTunes
"{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E0C6314-A8B8-4026-AC15-084E8B63AFB5}" = SpyHunter
"{612B9183-67A9-4B44-9877-2F059E35B86A}" = Broadcom 440x 10/100 Integrated Controller
"{6ADD0603-16EF-400D-9F9E-486432835002}" = OpenOffice.org 3.2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{797EE0CA-8165-405C-B5CE-F11EC20F1BB0}" = Microsoft VC9 runtime libraries
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}" = Apple Mobile Device Support
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{AA027AE9-DD20-4677-AA72-D760A358320B}" = Microsoft VC9 runtime libraries
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{FA02ACAC-9E14-4878-A257-92A22A647C2C}" = LG USB Modem Drivers
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AIM_7" = AIM 7
"AOL Emergency Connect Utility 1.0" = Uninstall AOL Emergency Connect Utility 1.0
"AOL Toolbar" = AOL Toolbar
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"Avira AntiVir Desktop" = Avira Free Antivirus
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CAL" = Canon Camera Access Library
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC5" = Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"CodeStuff Starter" = CodeStuff Starter
"Creative OEM002" = Laptop Integrated Webcam Driver (1.00.10.0320)
"CSCLIB" = Canon Camera Support Core Library
"EADM" = EA Download Manager
"EOS Utility" = Canon Utilities EOS Utility
"HDMI" = Intel® Graphics Media Accelerator Driver
"HitmanPro36" = HitmanPro 3.6
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"PhotoStitch" = Canon Utilities PhotoStitch
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RealPlayer 15.0" = RealPlayer
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SynTPDeinstKey" = Dell Touchpad
"ViewpointMediaPlayer" = Viewpoint Media Player
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1214440339-1035525444-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"GoToMeeting" = GoToMeeting 4.5.0.457

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/7/2012 11:44:21 AM | Computer Name = ALLAN-LAPPY | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/04/07 11:44:21.921]: [00000272]: GetDeviceIpAddress:
GetAddressByName [BRWC417FEB4E154] Error

Error - 4/7/2012 11:44:56 AM | Computer Name = ALLAN-LAPPY | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/04/07 11:44:56.437]: [00000272]: GetDeviceIpAddress:
GetAddressByName [BRWC417FEB4E154] Error

Error - 4/7/2012 11:45:30 AM | Computer Name = ALLAN-LAPPY | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/04/07 11:45:30.937]: [00000272]: GetDeviceIpAddress:
GetAddressByName [BRWC417FEB4E154] Error

Error - 4/7/2012 11:46:05 AM | Computer Name = ALLAN-LAPPY | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/04/07 11:46:05.468]: [00000272]: GetDeviceIpAddress:
GetAddressByName [BRWC417FEB4E154] Error

Error - 4/7/2012 11:46:39 AM | Computer Name = ALLAN-LAPPY | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/04/07 11:46:39.984]: [00000272]: GetDeviceIpAddress:
GetAddressByName [BRWC417FEB4E154] Error

Error - 4/7/2012 11:47:14 AM | Computer Name = ALLAN-LAPPY | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/04/07 11:47:14.515]: [00000272]: GetDeviceIpAddress:
GetAddressByName [BRWC417FEB4E154] Error

Error - 4/7/2012 11:47:49 AM | Computer Name = ALLAN-LAPPY | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/04/07 11:47:49.062]: [00000272]: GetDeviceIpAddress:
GetAddressByName [BRWC417FEB4E154] Error

Error - 4/7/2012 11:48:23 AM | Computer Name = ALLAN-LAPPY | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/04/07 11:48:23.609]: [00000272]: GetDeviceIpAddress:
GetAddressByName [BRWC417FEB4E154] Error

Error - 4/7/2012 11:48:58 AM | Computer Name = ALLAN-LAPPY | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/04/07 11:48:58.125]: [00000272]: GetDeviceIpAddress:
GetAddressByName [BRWC417FEB4E154] Error

Error - 4/7/2012 11:49:36 AM | Computer Name = ALLAN-LAPPY | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/04/07 11:49:36.984]: [00000272]: GetDeviceIpAddress:
GetAddressByName [BRWC417FEB4E154] Error

[ System Events ]
Error - 4/7/2012 12:14:05 AM | Computer Name = ALLAN-LAPPY | Source = Service Control Manager | ID = 7001
Description = The DHCP Client service depends on the NetBios over Tcpip service
which failed to start because of the following error: %%31

Error - 4/7/2012 12:14:05 AM | Computer Name = ALLAN-LAPPY | Source = Service Control Manager | ID = 7001
Description = The DNS Client service depends on the TCP/IP Protocol Driver service
which failed to start because of the following error: %%31

Error - 4/7/2012 12:14:05 AM | Computer Name = ALLAN-LAPPY | Source = Service Control Manager | ID = 7001
Description = The TCP/IP NetBIOS Helper service depends on the AFD service which
failed to start because of the following error: %%31

Error - 4/7/2012 12:14:05 AM | Computer Name = ALLAN-LAPPY | Source = Service Control Manager | ID = 7001
Description = The Apple Mobile Device service depends on the TCP/IP Protocol Driver
service which failed to start because of the following error: %%31

Error - 4/7/2012 12:14:05 AM | Computer Name = ALLAN-LAPPY | Source = Service Control Manager | ID = 7001
Description = The Bonjour Service service depends on the TCP/IP Protocol Driver
service which failed to start because of the following error: %%31

Error - 4/7/2012 12:14:05 AM | Computer Name = ALLAN-LAPPY | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 4/7/2012 12:14:05 AM | Computer Name = ALLAN-LAPPY | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD APPDRV avipbb avkmgr Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss ssmdrv Tcpip

Error - 4/7/2012 12:15:21 AM | Computer Name = ALLAN-LAPPY | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 4/7/2012 2:17:22 AM | Computer Name = ALLAN-LAPPY | Source = DCOM | ID = 10010
Description = The server {C2BFE331-6739-4270-86C9-493D9A04CD38} did not register
with DCOM within the required timeout.

Error - 4/7/2012 10:35:29 AM | Computer Name = ALLAN-LAPPY | Source = Service Control Manager | ID = 7034
Description = The SpyHunter 4 Service service terminated unexpectedly. It has done
this 1 time(s).


< End of report >
  • 0

Advertisements

#2
slippybippy
Posted 07 April 2012 - 10:22 AM

slippybippy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
I forgot to mention I also ran RogueKiller, which the log is below, and the aswMBR log.

RogueKiller V7.3.2 [03/20/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Allan [Admin rights]
Mode: Scan -- Date: 04/07/2012 11:14:36

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 1 ¤¤¤
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤
SSDT[25] : NtClose @ 0x805BC530 -> HOOKED (Unknown @ 0xA10950F4)
SSDT[41] : NtCreateKey @ 0x806240F0 -> HOOKED (Unknown @ 0xA10950AE)
SSDT[50] : NtCreateSection @ 0x805AB3C8 -> HOOKED (Unknown @ 0xA10950FE)
SSDT[53] : NtCreateThread @ 0x805D1018 -> HOOKED (Unknown @ 0xA10950A4)
SSDT[63] : NtDeleteKey @ 0x8062458C -> HOOKED (Unknown @ 0xA10950B3)
SSDT[65] : NtDeleteValueKey @ 0x8062475C -> HOOKED (Unknown @ 0xA10950BD)
SSDT[68] : NtDuplicateObject @ 0x805BE008 -> HOOKED (Unknown @ 0xA10950EF)
SSDT[98] : NtLoadKey @ 0x80626314 -> HOOKED (Unknown @ 0xA10950C2)
SSDT[122] : NtOpenProcess @ 0x805CB440 -> HOOKED (Unknown @ 0xA1095090)
SSDT[128] : NtOpenThread @ 0x805CB6CC -> HOOKED (Unknown @ 0xA1095095)
SSDT[177] : NtQueryValueKey @ 0x80622314 -> HOOKED (Unknown @ 0xA1095117)
SSDT[193] : NtReplaceKey @ 0x806261C4 -> HOOKED (Unknown @ 0xA10950CC)
SSDT[200] : NtRequestWaitReplyPort @ 0x805A2D76 -> HOOKED (Unknown @ 0xA1095108)
SSDT[204] : NtRestoreKey @ 0x80625AD0 -> HOOKED (Unknown @ 0xA10950C7)
SSDT[213] : NtSetContextThread @ 0x805D173A -> HOOKED (Unknown @ 0xA1095103)
SSDT[237] : NtSetSecurityObject @ 0x805C062E -> HOOKED (Unknown @ 0xA109510D)
SSDT[247] : NtSetValueKey @ 0x80622662 -> HOOKED (Unknown @ 0xA10950B8)
SSDT[255] : NtSystemDebugControl @ 0x806180BA -> HOOKED (Unknown @ 0xA1095112)
SSDT[257] : NtTerminateProcess @ 0x805D29E2 -> HOOKED (Unknown @ 0xA109509F)
S_SSDT[549] : Unknown -> HOOKED (Unknown @ 0xA1095126)
S_SSDT[552] : Unknown -> HOOKED (Unknown @ 0xA109512B)

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9160821AS +++++
--- User ---
[MBR] da29546b4a01af59d6610379d03515ca
[BSP] ae203e84dcb456630d870d8f3155a2b5 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 78 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 160650 | Size: 149989 Mo
2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 307339515 | Size: 2557 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt



aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-07 12:16:57
-----------------------------
12:16:57.000 OS Version: Windows 5.1.2600 Service Pack 3
12:16:57.000 Number of processors: 2 586 0xF0D
12:16:57.000 ComputerName: ALLAN-LAPPY UserName: Allan
12:17:01.921 Initialize success
12:17:28.171 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
12:17:28.171 Disk 0 Vendor: ST9160821AS 3.CDE Size: 152627MB BusType: 3
12:17:28.234 Disk 0 MBR read successfully
12:17:28.234 Disk 0 MBR scan
12:17:28.234 Disk 0 Windows XP default MBR code
12:17:28.234 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 78 MB offset 63
12:17:28.250 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 149989 MB offset 160650
12:17:28.265 Disk 0 Partition - 00 0F Extended LBA 2557 MB offset 307339515
12:17:28.328 Disk 0 Partition 3 00 DD MSDOS5.0 2557 MB offset 307339578
12:17:28.343 Disk 0 scanning sectors +312576705
12:17:28.515 Disk 0 scanning C:\WINDOWS\system32\drivers
12:17:54.109 Service scanning
12:18:34.968 Modules scanning
12:19:09.578 Disk 0 trace - called modules:
12:19:09.593 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys
12:19:09.593 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89dc3ab8]
12:19:09.593 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x89dc5d98]
12:19:09.609 Scan finished successfully
12:19:19.375 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Allan\Desktop\MBR.dat"
12:19:19.375 The log file has been saved successfully to "C:\Documents and Settings\Allan\Desktop\aswMBR.txt"


Thanks for the help in advance.
  • 0

#3
Essexboy
Posted 07 April 2012 - 02:02 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there lets see if we can give you your computer back

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run
To disable MBAM
Open the scanner and select the protection tab
Remove the tick from "Start with Windows"
Reboot and then run OTL
Posted Image

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE - HKU\S-1-5-21-1214440339-1035525444-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
    [2012/04/06 09:29:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Allan\Start Menu\Programs\SMART HDD
    [2012/04/06 09:34:33 | 000,000,256 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\FKDCSB2HMaDCw4
    [2012/04/06 09:29:43 | 000,000,168 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\-FKDCSB2HMaDCw4r
    [2012/04/06 09:29:43 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\-FKDCSB2HMaDCw4
    [2012/04/07 11:10:52 | 001,261,568 | ---- | C] () -- C:\Program Files\winlogon.exe

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#4
slippybippy
Posted 08 April 2012 - 08:33 AM

slippybippy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
First, thanks for helping me.

I ran OTL but quickly got an OTL error window that said:

Cannot create File C:\WiNDOWS\System 32\Driver\etc\Hosts

Then OTL stopped running. When I rebooted manually, there was this log from the OTL:


Files\Folders moved on Reboot...
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.

Registry entries deleted on Reboot...
----------
I assume it didn't run properly. What would you like me to do?
  • 0

#5
slippybippy
Posted 08 April 2012 - 08:59 AM

slippybippy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
I ran an OTL scan anyway, just in case what happened was suppose to happen.

OTL logfile created on: 4/8/2012 10:39:49 AM - Run 2
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Program Files
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.40 Gb Available Physical Memory | 70.47% Memory free
3.84 Gb Paging File | 3.26 Gb Available in Paging File | 84.85% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 146.47 Gb Total Space | 89.69 Gb Free Space | 61.24% Space Free | Partition Type: NTFS

Computer Name: ALLAN-LAPPY | User Name: Allan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/07 11:30:25 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Program Files\OTL.exe
PRC - [2012/01/31 08:57:32 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012/01/31 08:57:06 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012/01/31 08:56:50 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/01/31 08:56:50 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012/01/18 06:21:52 | 000,737,184 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
PRC - [2011/01/13 07:20:00 | 000,041,296 | ---- | M] (AOL Inc.) -- C:\Program Files\AOL Desktop 9.6\waol.exe
PRC - [2010/11/22 18:19:45 | 002,201,936 | ---- | M] (AOL Inc.) -- C:\Program Files\AOL Desktop 9.6\AOLBrowser\aolbrowser.exe
PRC - [2010/10/18 15:08:40 | 000,039,240 | ---- | M] (AOL Inc.) -- C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe
PRC - [2010/03/08 03:27:49 | 000,041,800 | ---- | M] (AOL Inc.) -- C:\Program Files\Common Files\aol\1272640394\ee\aolsoftware.exe
PRC - [2010/01/21 16:24:08 | 000,110,592 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
PRC - [2009/06/16 08:58:08 | 000,020,480 | ---- | M] (Memeo) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/14 14:23:32 | 001,191,936 | ---- | M] (Dell Inc) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2007/05/06 18:10:52 | 000,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2007/01/31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\aol\acs\AOLacsd.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/15 17:12:02 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\11dcb806c92f55111f5fa9f1a90e3bdd\System.ServiceProcess.ni.dll
MOD - [2012/02/15 17:10:16 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\94a40f415bfa947e251888bbe88bb973\System.Configuration.ni.dll
MOD - [2012/02/15 11:39:53 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\77e1279cbf4eecfb0284b63316fe43fe\System.Xml.ni.dll
MOD - [2012/02/15 11:36:04 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\9e3803cd2a11f056291862e306a8e2b2\System.ni.dll
MOD - [2012/02/14 19:23:42 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2012/01/31 08:57:08 | 000,398,288 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2011/10/13 17:31:19 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/01/13 07:20:01 | 000,048,640 | ---- | M] () -- C:\Program Files\AOL Desktop 9.6\zlib.dll
MOD - [2011/01/13 07:19:49 | 000,094,208 | ---- | M] () -- C:\Program Files\AOL Desktop 9.6\components\Tier2Svc.dll
MOD - [2011/01/13 07:19:49 | 000,060,928 | ---- | M] () -- C:\Program Files\AOL Desktop 9.6\components\DataSvcs.dll
MOD - [2009/01/09 17:10:52 | 000,139,264 | ---- | M] () -- C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
MOD - [2007/05/14 14:24:00 | 000,098,304 | ---- | M] () -- C:\Program Files\Dell\QuickSet\dadkeyb.dll
MOD - [2007/03/16 18:10:54 | 000,086,016 | ---- | M] () -- C:\WINDOWS\system32\preflib.dll
MOD - [2007/03/16 18:10:48 | 000,757,760 | ---- | M] () -- C:\WINDOWS\system32\bcm1xsup.dll
MOD - [2005/10/13 13:53:36 | 000,090,223 | ---- | M] () -- C:\Program Files\Dell\QuickSet\preflibcl.dll
MOD - [2002/11/26 13:43:18 | 000,106,496 | ---- | M] () -- C:\WINDOWS\system32\BrMuSNMP.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/03/30 09:09:08 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/01/31 08:57:06 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/01/31 08:56:50 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/01/18 06:21:52 | 000,737,184 | ---- | M] (Enigma Software Group USA, LLC.) [Auto | Running] -- C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe -- (SpyHunter 4 Service)
SRV - [2010/01/21 16:24:08 | 000,110,592 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2009/06/16 08:58:08 | 000,020,480 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)
SRV - [2007/01/31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) [On_Demand | Stopped] -- C:\Program Files\Common Files\aol\acs\AOLacsd.exe -- (AOL ACS)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | Disabled | Stopped] -- system32\DRIVERS\s24trans.sys -- (s24trans)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/01/31 08:57:31 | 000,137,416 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2012/01/31 08:57:31 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/09/16 16:09:17 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011/05/06 15:57:10 | 000,013,904 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV - [2010/06/17 14:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/02/13 11:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2007/07/23 09:23:46 | 000,021,632 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2007/07/23 09:23:46 | 000,019,840 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2007/07/23 09:23:44 | 000,012,416 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2007/05/06 18:12:00 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/03/20 01:00:00 | 000,234,496 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2007/03/16 18:10:56 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2007/03/05 18:45:00 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2007/01/10 17:43:00 | 000,141,376 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\OEM02Afx.sys -- (OEM02Afx)
DRV - [2006/11/21 04:25:44 | 000,045,568 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/11/02 19:47:36 | 000,989,696 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2006/11/02 19:47:00 | 000,209,152 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2006/11/02 19:46:56 | 000,730,112 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/08/12 17:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\APPDRV.SYS -- (APPDRV)
DRV - [2003/01/10 17:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {13913002-EAD1-478A-957D-FA0A81787BA8}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\..\SearchScopes\{13913002-EAD1-478A-957D-FA0A81787BA8}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\..\SearchScopes\{CCF26F0D-6FDB-46E6-9660-137D3CE470B2}: "URL" = http://search.aol.co...ionType=msie70a
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.9.0.9216
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:15.0.2
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.2.72: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.2.72: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.2.72: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Documents and Settings\Allan\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/02/17 17:02:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/17 17:01:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/02/17 17:02:21 | 000,000,000 | ---D | M]

[2011/08/22 23:28:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Allan\Application Data\Mozilla\Extensions
[2012/04/07 13:55:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Allan\Application Data\Mozilla\Firefox\Profiles\7bwbxg1r.default\extensions
[2012/04/07 13:54:16 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Allan\Application Data\Mozilla\Firefox\Profiles\7bwbxg1r.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/04/07 13:55:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/03/11 22:22:52 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010/05/10 15:25:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/09/24 20:29:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/25 22:09:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2012/02/17 17:02:02 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2011/01/05 16:05:32 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/01/05 16:05:31 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

Hosts file not found
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AOL Toolbar Loader) - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\aol\1272640394\ee\aolsoftware.exe (AOL Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKCU..\Run: [AOL Fast Start] C:\Program Files\AOL Desktop 9.6\AOL.EXE (AOL Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FF55C92A-2521-474E-B530-6BDBAB4FA25B}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/04/29 22:32:19 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/04/08 10:07:22 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/04/08 09:19:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2012/04/07 12:16:50 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Allan\Desktop\aswMBR.exe
[2012/04/07 11:30:24 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Program Files\OTL.exe
[2012/04/07 11:12:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Allan\Desktop\RK_Quarantine
[2012/04/07 10:48:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HitmanPro
[2012/04/07 10:48:24 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2012/04/07 10:35:04 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2012/04/07 10:34:41 | 004,452,287 | R--- | C] (Swearware) -- C:\Program Files\PCHelpForum.exe
[2012/04/07 10:33:24 | 004,452,287 | ---- | C] (Swearware) -- C:\Program Files\ComboFix.exe
[2012/04/06 16:56:57 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2012/04/06 15:02:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2012/04/06 15:02:06 | 007,156,360 | ---- | C] (SurfRight B.V.) -- C:\Program Files\HitmanPro36.exe
[2012/04/06 14:56:33 | 000,397,728 | ---- | C] (Bleeping Computer, LLC) -- C:\Program Files\unhide.exe
[2012/04/06 11:34:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Allan\Desktop\tdsskiller
[2012/04/06 11:34:06 | 000,000,000 | ---D | C] -- C:\Program Files\BucksBee Loyalty Plugin - Softonic
[2012/04/06 10:48:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Allan\Start Menu\Programs\SpyHunter
[2012/04/06 10:48:24 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2012/04/06 10:48:24 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012/04/06 10:47:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2012/04/06 10:46:10 | 000,725,408 | ---- | C] (Enigma Software Group USA, LLC.) -- C:\Program Files\SpyHunter-Installer.exe
[2012/04/06 10:41:06 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Allan\Recent
[2012/03/30 09:09:08 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/03/28 19:43:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Allan\Application Data\Avira
[2012/03/28 19:38:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira
[2012/03/28 19:38:13 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2012/03/28 19:38:10 | 000,137,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2012/03/28 19:38:10 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avkmgr.sys
[2012/03/28 19:38:09 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2012/03/28 19:38:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2012/03/11 22:22:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012/03/11 22:22:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2012/02/29 22:27:55 | 000,493,520 | ---- | C] (Facebook Inc.) -- C:\Program Files\FacebookVideoCallSetup_v1.2.203.0.exe
[2012/02/17 16:59:43 | 000,692,480 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RealPlayer.exe
[2012/01/24 12:10:12 | 001,070,488 | ---- | C] (Lenovo Group Limited ) -- C:\Program Files\68md01ww.exe
[2012/01/24 12:10:06 | 002,438,952 | ---- | C] (Lenovo Group Limited ) -- C:\Program Files\68cr04ww.exe
[2012/01/24 12:09:37 | 036,927,832 | ---- | C] (Lenovo Group Limited ) -- C:\Program Files\68ar04ww.exe
[2012/01/24 11:51:27 | 002,443,048 | ---- | C] (Lenovo Group Limited ) -- C:\Program Files\68cs06ww.exe
[2011/12/09 15:16:45 | 001,630,912 | ---- | C] (W3i, LLC) -- C:\Program Files\gimp_app_1201.exe
[2011/04/13 15:01:22 | 048,536,984 | ---- | C] (Adobe Systems Incorporated) -- C:\Program Files\AdbeRdr1001_en_US.exe
[2011/04/01 09:26:36 | 000,231,224 | ---- | C] (Trusteer Ltd.) -- C:\Program Files\RapportSetup.exe
[2011/02/27 14:02:24 | 000,509,440 | ---- | C] (iS3, Inc.) -- C:\Program Files\STOPzilla_Setup.exe
[2011/02/27 13:59:13 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Program Files\mbam-setup-1.50.1.1100.exe
[2011/02/27 13:50:44 | 006,623,888 | ---- | C] (Malwarebytes Corporation ) -- C:\Program Files\Malwarebytes.exe
[2010/08/26 17:32:44 | 001,704,744 | ---- | C] (Skype Technologies S.A.) -- C:\Program Files\SkypeSetup.exe
[2010/04/29 23:57:19 | 002,959,376 | ---- | C] (Microsoft Corporation) -- C:\Program Files\dotnetfx35setup.exe
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/08 10:51:19 | 000,466,096 | ---- | M] () -- C:\Documents and Settings\Allan\My Documents\Rachel Lease19SOL2012-13.pdf
[2012/04/08 10:38:03 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/04/08 10:22:55 | 000,464,324 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/04/08 10:22:55 | 000,080,884 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/04/08 10:17:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/04/08 09:35:45 | 000,000,998 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1214440339-1035525444-839522115-1004UA.job
[2012/04/07 12:19:19 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Allan\Desktop\MBR.dat
[2012/04/07 12:16:49 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Allan\Desktop\aswMBR.exe
[2012/04/07 11:30:25 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Program Files\OTL.exe
[2012/04/07 10:48:26 | 000,001,610 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HitmanPro.lnk
[2012/04/07 10:33:35 | 004,452,287 | R--- | M] (Swearware) -- C:\Program Files\PCHelpForum.exe
[2012/04/07 10:33:35 | 004,452,287 | ---- | M] (Swearware) -- C:\Program Files\ComboFix.exe
[2012/04/07 01:29:55 | 000,015,360 | ---- | M] () -- C:\Documents and Settings\Allan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/06 16:56:57 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2012/04/06 15:02:06 | 007,156,360 | ---- | M] (SurfRight B.V.) -- C:\Program Files\HitmanPro36.exe
[2012/04/06 14:56:34 | 000,397,728 | ---- | M] (Bleeping Computer, LLC) -- C:\Program Files\unhide.exe
[2012/04/06 12:16:23 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/04/06 11:40:04 | 002,053,661 | ---- | M] () -- C:\Program Files\tdsskiller.zip
[2012/04/06 11:34:02 | 002,886,784 | ---- | M] () -- C:\Documents and Settings\Allan\Desktop\Toolbar_production_100709.exe
[2012/04/06 11:33:52 | 001,954,684 | ---- | M] () -- C:\Documents and Settings\Allan\Desktop\tdsskiller.zip
[2012/04/06 11:22:51 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/06 10:48:33 | 000,001,973 | ---- | M] () -- C:\Documents and Settings\Allan\Desktop\SpyHunter.lnk
[2012/04/06 10:46:14 | 000,725,408 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Program Files\SpyHunter-Installer.exe
[2012/04/03 17:10:28 | 000,012,567 | ---- | M] () -- C:\Documents and Settings\Allan\My Documents\Customer Sales Log Sheet.ods
[2012/04/02 09:39:11 | 000,016,651 | ---- | M] () -- C:\Documents and Settings\Allan\My Documents\Michael Georgalas letter.odt
[2012/04/01 14:54:48 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/03/30 09:09:08 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/03/30 09:09:08 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/03/28 19:38:31 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira Control Center.lnk
[2012/03/26 21:34:00 | 000,000,976 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1214440339-1035525444-839522115-1004Core.job
[2012/03/26 20:00:50 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2012/03/24 14:11:14 | 000,404,718 | ---- | M] () -- C:\Documents and Settings\Allan\My Documents\George Flugrad pdf.pdf
[2012/03/14 15:14:15 | 000,011,796 | ---- | M] () -- C:\Documents and Settings\Allan\My Documents\William Travis Police Letter.odt
[2012/03/14 15:13:43 | 000,010,932 | ---- | M] () -- C:\Documents and Settings\Allan\My Documents\William Travis Occupancy Letter.odt
[2012/03/14 11:49:21 | 000,119,744 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/03/14 11:10:15 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/08 10:51:18 | 000,466,096 | ---- | C] () -- C:\Documents and Settings\Allan\My Documents\Rachel Lease19SOL2012-13.pdf
[2012/04/07 12:19:19 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Allan\Desktop\MBR.dat
[2012/04/07 10:48:26 | 000,001,610 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HitmanPro.lnk
[2012/04/06 11:40:04 | 002,053,661 | ---- | C] () -- C:\Program Files\tdsskiller.zip
[2012/04/06 11:33:49 | 002,886,784 | ---- | C] () -- C:\Documents and Settings\Allan\Desktop\Toolbar_production_100709.exe
[2012/04/06 11:33:49 | 001,954,684 | ---- | C] () -- C:\Documents and Settings\Allan\Desktop\tdsskiller.zip
[2012/04/06 11:22:51 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/06 10:48:33 | 000,001,973 | ---- | C] () -- C:\Documents and Settings\Allan\Desktop\SpyHunter.lnk
[2012/04/02 09:30:04 | 000,016,651 | ---- | C] () -- C:\Documents and Settings\Allan\My Documents\Michael Georgalas letter.odt
[2012/03/30 09:09:09 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/03/28 19:38:31 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira Control Center.lnk
[2012/03/24 14:11:14 | 000,404,718 | ---- | C] () -- C:\Documents and Settings\Allan\My Documents\George Flugrad pdf.pdf
[2012/03/14 15:12:48 | 000,010,932 | ---- | C] () -- C:\Documents and Settings\Allan\My Documents\William Travis Occupancy Letter.odt
[2012/03/14 15:07:59 | 000,011,796 | ---- | C] () -- C:\Documents and Settings\Allan\My Documents\William Travis Police Letter.odt
[2012/03/11 22:22:19 | 000,002,265 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2012/02/14 17:37:34 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/24 12:07:43 | 008,556,672 | ---- | C] () -- C:\Program Files\Lenovo_Download_Manager_Installer.exe
[2011/06/03 12:38:32 | 000,000,242 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2011/06/03 12:38:32 | 000,000,093 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2011/06/03 12:38:17 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2011/06/03 12:37:49 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\bridf08c.dat
[2011/06/03 12:37:42 | 000,000,086 | ---- | C] () -- C:\WINDOWS\Brfaxrx.ini
[2011/06/03 12:37:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
[2011/06/03 12:37:41 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2011/06/03 12:33:03 | 000,031,767 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2011/04/13 11:44:41 | 021,058,523 | ---- | C] () -- C:\Program Files\FullTiltSetup.exe
[2010/11/07 13:55:01 | 000,015,360 | ---- | C] () -- C:\Documents and Settings\Allan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/26 17:41:49 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/08/26 08:59:53 | 000,680,340 | ---- | C] () -- C:\Program Files\StarterSetup.zip
[2010/07/11 15:55:48 | 000,198,144 | ---- | C] () -- C:\WINDOWS\System32\_psisdecd.dll
[2010/06/06 23:52:30 | 000,018,632 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/05/14 10:21:41 | 156,607,328 | ---- | C] () -- C:\Program Files\OOo_3.2.0_Win_x86_install-wJRE_en-US.exe
[2010/05/06 09:49:05 | 000,734,286 | ---- | C] () -- C:\Program Files\Starter.zip
[2010/05/03 16:53:06 | 027,386,256 | ---- | C] ( ) -- C:\Program Files\AdbeRdr930_en_US.exe
[2010/04/30 11:06:24 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/04/29 23:56:12 | 000,009,523 | ---- | C] () -- C:\Program Files\DellDriverDownloadManager.application
[2010/04/29 23:38:22 | 044,089,904 | ---- | C] () -- C:\Program Files\avira_antivir_personal_en.exe
[2010/04/29 23:08:09 | 000,319,488 | ---- | C] () -- C:\WINDOWS\System32\AegisI5Installer.exe
[2010/04/29 23:01:04 | 000,910,304 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2010/04/29 23:01:04 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4831.dll
[2010/04/29 22:59:10 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2010/04/29 22:59:08 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2010/04/29 22:59:07 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2010/04/29 22:42:04 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/29 22:35:48 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/04/29 22:29:10 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/04/29 18:19:46 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/04/29 18:18:07 | 000,119,744 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

< End of report >

Attached Files


  • 0

#6
Essexboy
Posted 08 April 2012 - 10:43 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
How is the computer running now ?

Yopu seem to have a plethora of anti-malwar tools on your system.. I do not feels it is a good idea to have so many
  • 0

#7
slippybippy
Posted 08 April 2012 - 10:55 AM

slippybippy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
I haven't rebooted yet, so I don't know how it's acting. My startups were quite slow. It'd take about 4-5 minutes to get to the user screen. Then things loaded very slowly. Took about another 3 mins for the things to load on the bottom right task bar. I can reboot if you think it'll be different now?

Also, I use codestuff starter to regualte my startups so nothing is loading unless I let it. I can get rid of Hitman, roguekiller, OTL, Kapersky TDSSkiller, and combofix if you think I am clean.

I do not see SMART HDD in the program list anymore?

Do you want me to run a HJT or anyting else?

Thanks Essexboy for your quick help and answers. Happy Holidays.
  • 0

#8
Essexboy
Posted 08 April 2012 - 11:02 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you reboot, try some searching on Google or your usual search engine, try windows updates.

Once done let me know of any unusual problems that you are seeing
  • 0

#9
slippybippy
Posted 08 April 2012 - 11:04 AM

slippybippy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Okay. I'll do it now. I'll let you know.
  • 0

#10
slippybippy
Posted 08 April 2012 - 11:24 AM

slippybippy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
I rebooted. It took forever. It still takes 4 mins to get to the user screen, and then when I click on my name, it takes 4 1/2 mins to load windows. It takes another 2 mins just to load my ISP software. This is way too long. It used to be 30 secs to get to the user window, and then another 45 secs to load the other programs.

If I go back to a good restore point, when it loaded quickly, before the virus happened, do think it would fix it?

BTW, searching on Google was fine.
  • 0

Advertisements

#11
slippybippy
Posted 08 April 2012 - 11:25 AM

slippybippy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Oh, and Windows Update was fine. I had no major updates to DL.
  • 0

#12
Essexboy
Posted 08 April 2012 - 11:37 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK uninstall Hitmanpro and SpyHunter

Then I will remove all the tools that have been used and empty your temporary files, then I would like you to do a drive defragment .. Do you have a defragmenter ?

Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [emptytemp]
    [CLEARALLRESTOREPOINTS]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Remove ComboFix
  • Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
  • In the Run box, type in ComboFix /Uninstall
    (Notice the space between the "x" and "/")
    then click OK

    Posted Image
  • Follow the prompts on the screen
  • A message should appear confirming that ComboFix was uninstalled

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

Posted Image Your Java is out of date.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click Do I have Java
  • It will check your current version and then offer to update to the latest version


Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Posted Image Malwarebytes.

Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?Keep safe :wave:
  • 0

#13
slippybippy
Posted 08 April 2012 - 01:40 PM

slippybippy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Okay, I did everything you said to. I have a few statements though.

After uninstaling hitman and SpyHunter, the icons were still there, so I deleted the them. Tthey were the installers.

ComboFix was just the installer program, so I deleted it. There wasn't ComboFix on my computer.

I analyzed if I needed to Defrag, and it said no, so I didn't.

My system restore does not work for some reason. It cannot restore me to March 23. Have same settings as before I tried to restore.

Startup loading is still waaay toooo slow. What can be done to speed it up? 10 mins to get up and working isn't right.

Thank you for everything so far EssexBoy.
  • 0

#14
Essexboy
Posted 08 April 2012 - 01:48 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Was it the windows defrag that said it was OK ?

Have you the ability to run Bootvis ?

A step by step guide here

If so you can download Bootvis from here

I used it to good effect on my old XP system
  • 0

#15
slippybippy
Posted 08 April 2012 - 01:52 PM

slippybippy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Yes, it was the Windows Defragmenter.

I'll DL Bootvis and run it.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP