Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

HELP! Ultradefragger and trojan.Gen.2 removal [Closed]

Started by rdbadger , May 21 2012 04:00 PM

  • This topic is locked This topic is locked

#31
rdbadger
Posted 28 May 2012 - 04:43 PM

rdbadger

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 107 posts
nearly there!! so slow still!!
  • 0

Advertisements

#32
Render
Posted 28 May 2012 - 05:05 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
No. Just leave all settings as default and click on Quick Scan button.

If you don't like to see "Thumbs.db" file on your desktop and actually in all your folders do the following:
  • Click Start
  • Click Computer/My Computer
  • Click Tools in the menu bar.
  • Go to the View tab.
  • In the “Advanced Settings” box, scroll to “Hidden Files and Folders”.
  • Choose “Do not show hidden files and folders”.
  • Click OK to close the window.

  • 0

#33
rdbadger
Posted 28 May 2012 - 05:15 PM

rdbadger

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 107 posts
First Log as requested

========== OTL ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Roanna\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Roanna\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C >
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\desktop.ini
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Set Program Access and Defaults.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Windows Catalog.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Windows Update.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Acrobat.com.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Adobe Download Assistant.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Adobe Help.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Adobe Photoshop Elements 10.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Adobe Reader 9.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Apple Software Update.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Audacity.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\desktop.ini
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Microsoft ActiveSync.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\MSN.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Windows Live Mail.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Windows Live Photo Gallery.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Windows Messenger.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Windows Movie Maker.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Calculator.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Accessories\desktop.ini
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Paint.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Remote Desktop Connection.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Scanner and Camera Wizard.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Accessories\WordPad.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Accessibility\Accessibility Wizard.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Accessibility\desktop.ini
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\desktop.ini
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\HyperTerminal.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\Network Connections.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\Network Setup Wizard.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\New Connection Wizard.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\Wireless Network Setup Wizard.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Entertainment\desktop.ini
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Entertainment\Sound Recorder.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Entertainment\Volume Control.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Activate Windows.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Backup.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Character Map.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\desktop.ini
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Disk Cleanup.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Disk Defragmenter.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Files and Settings Transfer Wizard.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Scheduled Tasks.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\System Information.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\System Restore.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Component Services.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Computer Management.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Data Sources (ODBC).lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\desktop.ini
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Event Viewer.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Local Security Policy.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Performance.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Services.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Any Video Converter\Any Video Converter on the Web.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Any Video Converter\Any Video Converter.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Any Video Converter\Uninstall Any Video Converter.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\ArcSoft Connect\Start ArcSoft Connect.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\ArcSoft Connect\View My ArcSoft Info.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\ArcSoft Software Suite\MediaImpression.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\ArcSoft Software Suite\Panorama Maker 4.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\ArcSoft VideoImpression 2\Uninstall.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\ArcSoft VideoImpression 2\VideoImpression 2.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\ArcSoft VideoImpression 2\Web Services.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\EPSON\CX4300_5500_DX4400 manual.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\EPSON\EPSON Printer Software Uninstall.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\EPSON\EPSON Stylus CX5500 Series Driver Update.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\EPSON\EPSON Stylus CX5500 Series Technical Support.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\EPSON Creativity Suite\EPSON Copy Utility.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\EPSON Creativity Suite\EPSON Easy Photo Print.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\EPSON Creativity Suite\EPSON File Manager.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\EPSON Creativity Suite\Attach To Email\EPSON Attach To Email.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\EPSON Creativity Suite\Attach To Email\Read Me.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\EPSON Creativity Suite\Attach To Email\Uninstall EPSON Attach To Email.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\EPSON Creativity Suite\Copy Utility\EPSON Copy Utility ReadMe.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\EPSON Creativity Suite\Copy Utility\EPSON Copy Utility.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\EPSON Creativity Suite\Easy Photo Print\EPSON Easy Photo Print.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\EPSON Creativity Suite\Easy Photo Print\Readme.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\EPSON Creativity Suite\File Manager\EPSON File Manager.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\EPSON Creativity Suite\File Manager\Readme.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\EPSON Creativity Suite\Scan Assistant\Scan Assistant.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\EPSON Scan\EPSON Scan.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Free M4a to MP3 Converter\Free M4a to MP3 Converter Web-site.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Free M4a to MP3 Converter\Free M4a to MP3 Converter.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Free M4a to MP3 Converter\Help.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Free M4a to MP3 Converter\Uninstall the program.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Games\desktop.ini
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Games\Freecell.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Games\Hearts.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Games\Internet Backgammon.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Games\Internet Checkers.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Games\Internet Hearts.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Games\Internet Reversi.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Games\Internet Spades.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Games\Minesweeper.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Games\Pinball.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Games\Solitaire.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Games\Spider Solitaire.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\iTunes\About iTunes.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\iTunes\iTunes.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\K-Lite Codec Pack\Media Player Classic.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\K-Lite Codec Pack\Configuration\Codec Tweak Tool.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\K-Lite Codec Pack\Configuration\DirectVobSub.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\K-Lite Codec Pack\Configuration\ffdshow audio decoder.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\K-Lite Codec Pack\Configuration\ffdshow VFW interface.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\K-Lite Codec Pack\Configuration\ffdshow video decoder.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\K-Lite Codec Pack\Configuration\Haali Media Splitter.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\K-Lite Codec Pack\Configuration\Reset to recommended settings.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\K-Lite Codec Pack\Help\FAQ.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\K-Lite Codec Pack\Tools\Codec Tweak Tool.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\K-Lite Codec Pack\Tools\GSpot Codec Information.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\K-Lite Codec Pack\Tools\VobSubStrip.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\K-Lite Codec Pack\Uninstall\Uninstall K-Lite Codec Pack.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Magic M4A to MP3 Converter\Magic M4A to MP3 Converter 3.1.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Magic M4A to MP3 Converter\Magic M4A to MP3 Converter Help.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Magic M4A to MP3 Converter\Magic M4A to MP3 Converter On Web.url
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Magic M4A to MP3 Converter\Uninstall Magic M4A to MP3 Converter.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Access 2007.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Excel 2007.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Groove 2007.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office InfoPath 2007.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office OneNote 2007.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Outlook 2007.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office PowerPoint 2007.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Publisher 2007.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Word 2007.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Digital Certificate for VBA Projects.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Clip Organizer.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office 2007 Language Settings.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Diagnostics.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Picture Manager.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\MixPad Audio Mixer\MixPad Audio Mixer Help.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\MixPad Audio Mixer\MixPad Audio Mixer.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Musicnotes\Musicnotes Help.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Musicnotes\Musicnotes Player.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Musicnotes\Visit Musicnotes.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Musicnotes\Uninstall\Uninstall Musicnotes Player.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Nero 8\Nero BackItUp.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Nero 8\Nero Burning ROM.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Nero 8\Nero CoverDesigner.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Nero 8\Nero Express.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Nero 8\Nero Home.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Nero 8\Nero MediaHome.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Nero 8\Nero PhotoSnap Viewer.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Nero 8\Nero PhotoSnap.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Nero 8\Nero Recode.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Nero 8\Nero ShowTime.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Nero 8\Nero SoundTrax.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Nero 8\Nero StartSmart.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Nero 8\Nero Vision.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Nero 8\Nero WaveEditor.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Nero 8\Nero Manuals\Nero BackItUp [English Manual].lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Nero 8\Nero Manuals\Nero Burning ROM [English Manual].lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Nero 8\Nero Manuals\Nero BurnRights [English Manual].lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Nero 8\Nero Manuals\Nero ControlCenter [English Manual].lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Nero 8\Nero Manuals\Nero CoverDesigner [English Manual].lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Nero 8\Nero Manuals\Nero DriveSpeed [English Manual].lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Nero 8\Nero Manuals\Nero Express [English Manual].lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Nero 8\Nero Manuals\Nero Home [English Manual].lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Nero 8\Nero Manuals\Nero ImageDrive [English Manual].lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Nero 8\Nero Manuals\Nero InfoTool [English Manual].lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Nero 8\Nero Manuals\Nero MediaHome [English Manual].lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Nero 8\Nero Manuals\Nero PhotoSnap [English Manual].lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Nero 8\Nero Manuals\Nero Recode [English Manual].lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Nero 8\Nero Manuals\Nero RescueAgent [English Manual].lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Nero 8\Nero Manuals\Nero ShowTime [English Manual].lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Nero 8\Nero Manuals\Nero SoundTrax [English Manual].lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Nero 8\Nero Manuals\Nero StartSmart [English Manual].lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Nero 8\Nero Manuals\Nero Vision [English Manual].lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Nero 8\Nero Manuals\Nero WaveEditor [English Manual].lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Nero 8\Nero Toolkit\Nero BurnRights.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Nero 8\Nero Toolkit\Nero ControlCenter.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Nero 8\Nero Toolkit\Nero DiscSpeed.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Nero 8\Nero Toolkit\Nero DriveSpeed.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Nero 8\Nero Toolkit\Nero ImageDrive.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Nero 8\Nero Toolkit\Nero InfoTool.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Nero 8\Nero Toolkit\Nero RescueAgent.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Nero 8\Nero Toolkit\Nero Scout.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Panasonic\PHOTOfunSTUDIO -viewer-\Delete picture management information.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Panasonic\PHOTOfunSTUDIO -viewer-\Manual.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Panasonic\PHOTOfunSTUDIO -viewer-\PHOTOfunSTUDIO -viewer-.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Panasonic\PHOTOfunSTUDIO -viewer-\Readme.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\PhotobookShop.com.au\PhotobookShop.com.au.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\PhotobookShop.com.au\Uninstall.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\QuickTime\About QuickTime.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\QuickTime\PictureViewer.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\QuickTime\QuickTime Player.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\QuickTime\Uninstall QuickTime.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Samsung\Kies\Samsung Kies.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Samsung\Kies\Uninstall Kies.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Samsung\Samsung Auto Backup\Samsung Auto Backup Help(ENG).lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Samsung\Samsung Auto Backup\Samsung Auto Backup.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\SMPCS Apps\SM-Marks 2.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Startup\CancelAutoPlay.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Startup\desktop.ini
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Startup\PHOTOfunSTUDIO -viewer-.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Symantec Client Security\Symantec AntiVirus.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Teachers Report Assistant\Program Notes.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Teachers Report Assistant\Teachers Report Assistant .lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Teachers Report Assistant\Teachers Report Assistant Help.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Teachers Report Assistant\Uninstall.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Winamp\Uninstall Winamp.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Winamp\What's New.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Winamp\Winamp.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Windows Live\Windows Live Home.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Windows Live\Windows Live Mail.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Windows Live\Windows Live Photo Gallery.lnk
207 File(s) copied
C:\Documents and Settings\Roanna\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Roanna\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C >
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\2\Data_Recovery.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\2\desktop.ini
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\2\Launch Internet Explorer Browser.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\2\Nero Home.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\2\Nero StartSmart.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\2\Samsung Kies.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\2\Show Desktop.scf
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\2\Winamp.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\2\Windows Live Mail.lnk
C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\2\Windows Media Player.lnk
10 File(s) copied
C:\Documents and Settings\Roanna\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Roanna\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\Roanna\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Roanna\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\Roanna\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Roanna\Desktop\cmd.txt deleted successfully.
========== REGISTRY ==========
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYJAVA]

User: Administrator

User: All Users

User: Default User

User: LocalService

User: MIDGE
->Java cache emptied: 36282 bytes

User: NetworkService

User: Roanna
->Java cache emptied: 42484 bytes

Total Java Files Cleaned = 0.00 mb

Unable to start System Restore Service. Error code 1056

OTL by OldTimer - Version 3.2.43.0 log created on 05292012_081831
  • 0

#34
rdbadger
Posted 28 May 2012 - 05:17 PM

rdbadger

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 107 posts
Second log as requested
thanks Render

OTL logfile created on: 29/05/2012 8:55:48 AM - Run 3
OTL by OldTimer - Version 3.2.43.0 Folder = C:\Documents and Settings\Roanna\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

502.96 Mb Total Physical Memory | 56.04 Mb Available Physical Memory | 11.14% Memory free
1.20 Gb Paging File | 0.41 Gb Available in Paging File | 33.75% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 6.72 Gb Free Space | 9.02% Space Free | Partition Type: NTFS
Drive E: | 7.20 Gb Total Space | 3.91 Gb Free Space | 54.31% Space Free | Partition Type: FAT32

Computer Name: ROANNA-36A94C04 | User Name: Roanna | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/20 16:01:03 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Roanna\Desktop\OTL.exe
PRC - [2012/03/24 18:18:52 | 000,021,416 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2012/02/22 15:57:02 | 003,508,624 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
PRC - [2011/09/14 21:06:38 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
PRC - [2010/07/28 18:58:58 | 000,102,400 | ---- | M] (Clarus, Inc.) -- C:\Program Files\Clarus\Samsung Auto Backup\ISFTimerD.exe
PRC - [2010/07/28 18:58:04 | 000,065,536 | ---- | M] (Clarus, Inc.) -- C:\Program Files\Clarus\Samsung Auto Backup\ISFRealTimeD.exe
PRC - [2009/09/01 12:15:56 | 000,125,368 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2009/09/01 12:15:46 | 001,966,008 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2009/09/01 12:15:38 | 000,031,160 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2009/08/03 12:23:34 | 000,169,320 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2009/08/03 12:23:30 | 000,191,848 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2009/08/03 12:23:30 | 000,053,096 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2008/04/17 13:14:48 | 000,102,712 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2008/04/17 13:14:00 | 000,098,616 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2008/04/14 10:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/11/16 13:43:16 | 000,040,960 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\Program Files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe
PRC - [2007/10/23 14:18:46 | 000,202,024 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
PRC - [2007/07/26 18:25:20 | 001,181,016 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
PRC - [2007/03/01 16:01:00 | 000,180,736 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATICAP.EXE
PRC - [2005/12/14 11:53:26 | 000,057,344 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\ArcSoft\VideoImpression 2\CancelAutoPlay.exe


========== Modules (No Company Name) ==========

MOD - [2012/03/24 18:19:32 | 000,115,137 | ---- | M] () -- C:\Documents and Settings\Roanna\Local Settings\Temp\6573b3c6-4299-4ce1-bc75-7f3a9cd9d739\CliSecureRT.dll
MOD - [2012/03/24 18:18:52 | 000,021,416 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MOD - [2012/03/24 18:18:52 | 000,007,168 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\IPCServer.dll
MOD - [2012/03/24 18:18:52 | 000,003,584 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\ISharedIPCInterface.dll
MOD - [2012/03/24 18:18:49 | 000,509,352 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\FirmwareUpdateAgent.Common.dll
MOD - [2012/03/24 18:18:48 | 000,639,912 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\CommonModule.dll
MOD - [2012/03/01 15:42:34 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\a2a14380e8c9149d5b212d0100ef588a\System.Management.ni.dll
MOD - [2012/03/01 14:57:22 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\77e1279cbf4eecfb0284b63316fe43fe\System.Xml.ni.dll
MOD - [2012/03/01 14:57:08 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ad99ac6b5666edb8ee742dd64f9578af\System.Windows.Forms.ni.dll
MOD - [2012/03/01 14:51:44 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\9351cf29bb1ba951e45a9b3b0edab937\System.Drawing.ni.dll
MOD - [2012/03/01 14:47:56 | 002,295,296 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\0a6d6717e76be12295711ff02c7aa1d4\System.Core.ni.dll
MOD - [2012/03/01 14:46:09 | 000,539,648 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1552f18ca434c1dca6d082df476d089a\PresentationFramework.Luna.ni.dll
MOD - [2012/03/01 14:42:13 | 014,328,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\5060105fb9e169399fe45600b1e9215e\PresentationFramework.ni.dll
MOD - [2012/03/01 14:36:41 | 012,215,808 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\0665bba8c9962deadc418881eb3a2a2a\PresentationCore.ni.dll
MOD - [2012/03/01 14:35:08 | 003,325,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\174c2f776741812aed02c337bbcd1dae\WindowsBase.ni.dll
MOD - [2012/03/01 13:12:57 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\9e3803cd2a11f056291862e306a8e2b2\System.ni.dll
MOD - [2012/03/01 13:10:19 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2011/10/22 21:48:09 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2007/10/29 19:49:16 | 000,036,864 | ---- | M] () -- C:\Program Files\Panasonic\PHOTOfunSTUDIO -viewer-\RawPictureLib.pcp


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012/04/23 07:11:23 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011/09/14 21:06:38 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor10.0)
SRV - [2009/09/01 12:15:50 | 000,116,664 | ---- | M] (symantec) [On_Demand | Stopped] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2009/09/01 12:15:46 | 001,966,008 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2009/09/01 12:15:38 | 000,031,160 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2009/08/03 12:23:34 | 000,169,320 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2009/08/03 12:23:30 | 000,191,848 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2009/03/20 18:10:15 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2008/12/17 14:21:08 | 000,214,408 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2008/04/17 13:14:48 | 000,102,712 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2007/07/26 18:25:20 | 001,181,016 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/05/28 06:36:53 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012/02/13 19:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/02/13 19:00:00 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/01/16 10:48:06 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20120510.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2012/01/16 10:48:06 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20120510.002\NAVENG.SYS -- (NAVENG)
DRV - [2011/10/27 11:25:40 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2011/10/27 11:25:40 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV - [2011/10/27 11:25:40 | 000,114,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadserd.sys -- (ssadserd) SAMSUNG Android USB Diagnostic Serial Port (WDM)
DRV - [2011/10/27 11:25:40 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadadb.sys -- (androidusb)
DRV - [2011/10/27 11:25:40 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV - [2011/03/27 10:40:17 | 000,123,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/06/14 09:47:12 | 000,055,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2009/06/14 09:47:10 | 000,339,328 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2008/12/17 14:20:40 | 000,188,808 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\symtdi.sys -- (SYMTDI)
DRV - [2008/12/17 14:20:34 | 000,023,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\symredrv.sys -- (SYMREDRV)
DRV - [2008/05/02 10:58:14 | 000,020,864 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2008/05/02 10:58:12 | 000,017,536 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2007/07/26 18:25:18 | 000,400,216 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {BE28C22E-F666-424d-B5FD-125C4AFEE34E}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{BE28C22E-F666-424d-B5FD-125C4AFEE34E}: "URL" = http://search.myheri...q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKCU\..\SearchScopes,DefaultScope = {61A20553-13A7-4CA5-A960-1F32B74F33B0}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\..\SearchScopes\{61A20553-13A7-4CA5-A960-1F32B74F33B0}: "URL" = http://www.google.co...age={startPage}
IE - HKCU\..\SearchScopes\{BE28C22E-F666-424d-B5FD-125C4AFEE34E}: "URL" = http://search.myheri...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\Roanna\Application Data\Facebook\npfbplugin_1_0_3.dll ( )



O1 HOSTS File: ([2012/05/29 08:19:17 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [EPSON Stylus CX5500 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAP.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKCU..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKCU..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CancelAutoPlay.lnk = C:\Program Files\ArcSoft\VideoImpression 2\CancelAutoPlay.exe (ArcSoft Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PHOTOfunSTUDIO -viewer-.lnk = C:\Program Files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe (Matsushita Electric Industrial Co., Ltd.)
O4 - Startup: C:\Documents and Settings\Roanna\Start Menu\Programs\Startup\Samsung Auto Backup Guage.lnk = C:\Program Files\Clarus\Samsung Auto Backup\ISFGuage.exe (Clarus, Inc.)
O4 - Startup: C:\Documents and Settings\Roanna\Start Menu\Programs\Startup\Samsung Auto Backup Real-Time Daemon.lnk = C:\Program Files\Clarus\Samsung Auto Backup\ISFRealTimeD.exe (Clarus, Inc.)
O4 - Startup: C:\Documents and Settings\Roanna\Start Menu\Programs\Startup\Samsung Auto Backup Scheduler.lnk = C:\Program Files\Clarus\Samsung Auto Backup\ISFTimerD.exe (Clarus, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnote...ad/mnviewer.cab (Musicnotes Viewer)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} http://static.ak.fac...fbootloader.cab (Reg Error: Key error.)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www4.snapfish...fishActivia.cab (Snapfish Activia)
O16 - DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} https://portalsrvs.d...0,2009,514,2213 (F5 Networks Dynamic Application Tunnel Control)
O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} C:\DOCUME~1\Roanna\LOCALS~1\Temp\IXP000.TMP\InstallerControl.cab (F5 Networks Auto Update)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {63F5866B-A7C5-40B4-9A89-0CCA99726C8D} https://secure.logme...eDownloader.cab (LogMeIn Rescue Applet Downloader)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symant...ex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius....tiveXPlugin.cab (ScorchPlugin Class)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://msnau.oberon-...aploader_v6.cab (PopCapLoader Object)
O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} https://portalsrvs.d...0,2009,514,2205 (F5 Networks Host Control)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail....ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 61.9.195.193 61.9.194.49
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{045D4957-ED8B-4D44-B11C-D565645E043C}: DhcpNameServer = 61.9.195.193 61.9.194.49
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - (C:\WINDOWS\system32\NavLogon.dll) - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/08/20 17:15:11 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2012/05/23 22:28:20 | 000,000,016 | -H-- | M] () - E:\AUTORUN.INF -- [ FAT32 ]
O33 - MountPoints2\{76667b4a-7a40-11dd-a050-00112576143e}\Shell - "" = AutoRun
O33 - MountPoints2\{76667b4a-7a40-11dd-a050-00112576143e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{76667b4a-7a40-11dd-a050-00112576143e}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/28 06:36:53 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/05/27 10:08:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Roanna\Desktop\RK_Quarantine
[2012/05/27 08:13:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Roanna\My Documents\LOOSE FILES ON MY DOUCMENTS IBM
[2012/05/24 07:29:32 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Roanna\Desktop\aswMBR.exe
[2012/05/24 07:20:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2012/05/21 07:50:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Roanna\Application Data\Malwarebytes
[2012/05/21 07:50:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/05/21 07:50:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/05/21 07:49:55 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/05/21 07:49:54 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/05/21 07:36:55 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Roanna\Desktop\mbam-setup-1.61.0.1400.exe
[2012/05/20 22:28:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Roanna\My Documents\word docs on desktop 2012
[2012/05/20 20:56:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Roanna\My Documents\DESKTOP 2012
[2012/05/20 17:16:32 | 000,399,264 | ---- | C] (Bleeping Computer, LLC) -- C:\Documents and Settings\Roanna\Desktop\unhide.exe
[2012/05/20 17:01:05 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/05/20 15:44:50 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Roanna\Recent
[2012/05/20 15:36:11 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Roanna\Desktop\OTL.exe
[2012/05/08 17:02:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Roanna\Application Data\Smmarks2
[2012/05/08 17:02:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SMPCS Apps
[2012/05/08 17:02:19 | 000,000,000 | ---D | C] -- C:\Program Files\Smmarks2
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Roanna\My Documents\*.tmp files -> C:\Documents and Settings\Roanna\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/14 23:07:25 | 000,000,424 | ---- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{D3A97F3F-D2EA-4592-8A59-B55B37F0567F}.job
[2012/05/29 09:06:33 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/05/29 08:26:08 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/05/29 08:22:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/05/29 08:19:17 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012/05/28 20:00:00 | 000,000,738 | ---- | M] () -- C:\WINDOWS\tasks\Norton Internet Security - Run Full System Scan - Roanna.job
[2012/05/28 06:56:34 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2012/05/28 06:36:53 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/05/27 09:54:44 | 001,489,920 | ---- | M] () -- C:\Documents and Settings\Roanna\Desktop\RogueKiller.exe
[2012/05/24 07:51:53 | 000,200,704 | ---- | M] () -- C:\Documents and Settings\Roanna\Desktop\virus bugger 2.pub
[2012/05/23 22:34:02 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Roanna\Desktop\aswMBR.exe
[2012/05/21 07:50:05 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/21 07:36:55 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Roanna\Desktop\mbam-setup-1.61.0.1400.exe
[2012/05/20 17:16:37 | 000,399,264 | ---- | M] (Bleeping Computer, LLC) -- C:\Documents and Settings\Roanna\Desktop\unhide.exe
[2012/05/20 16:24:11 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/05/20 16:01:03 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Roanna\Desktop\OTL.exe
[2012/05/18 17:31:10 | 000,000,855 | ---- | M] () -- C:\Documents and Settings\Roanna\Application Data\Microsoft\Internet Explorer\Quick Launch\Data_Recovery.lnk
[2012/05/08 18:51:56 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Roanna\My Documents\*.tmp files -> C:\Documents and Settings\Roanna\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/27 10:08:29 | 001,489,920 | ---- | C] () -- C:\Documents and Settings\Roanna\Desktop\RogueKiller.exe
[2012/05/24 07:51:47 | 000,200,704 | ---- | C] () -- C:\Documents and Settings\Roanna\Desktop\virus bugger 2.pub
[2012/05/23 23:36:19 | 000,800,240 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/05/21 07:50:05 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/20 18:15:17 | 000,002,370 | ---- | C] () -- C:\Documents and Settings\Roanna\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart.lnk
[2012/05/20 18:15:17 | 000,002,272 | ---- | C] () -- C:\Documents and Settings\Roanna\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero Home.lnk
[2012/05/20 18:15:17 | 000,001,845 | ---- | C] () -- C:\Documents and Settings\Roanna\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Live Mail.lnk
[2012/05/20 18:15:17 | 000,001,612 | ---- | C] () -- C:\Documents and Settings\Roanna\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Kies.lnk
[2012/05/20 18:15:17 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Roanna\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/05/20 18:15:17 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\Roanna\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/05/20 18:15:17 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\Roanna\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk
[2012/05/20 18:15:17 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Roanna\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2012/05/20 18:15:16 | 000,001,941 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2012/05/20 18:15:16 | 000,001,833 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Live Mail.lnk
[2012/05/20 18:15:16 | 000,001,736 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PHOTOfunSTUDIO -viewer-.lnk
[2012/05/20 18:15:16 | 000,001,713 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CancelAutoPlay.lnk
[2012/05/20 18:15:16 | 000,000,855 | ---- | C] () -- C:\Documents and Settings\Roanna\Application Data\Microsoft\Internet Explorer\Quick Launch\Data_Recovery.lnk
[2012/05/20 18:15:16 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk
[2012/05/20 18:15:16 | 000,000,785 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
[2012/05/20 18:15:13 | 000,002,359 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft ActiveSync.lnk
[2012/05/20 18:15:13 | 000,001,986 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\MSN.lnk
[2012/05/20 18:15:11 | 000,000,636 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Audacity.lnk
[2012/05/20 18:15:10 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk
[2012/05/20 18:15:10 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2012/05/20 18:15:10 | 000,001,683 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Photoshop Elements 10.lnk
[2012/05/20 18:15:10 | 000,000,796 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Download Assistant.lnk
[2012/05/20 18:15:10 | 000,000,740 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Acrobat.com.lnk
[2012/05/20 18:15:10 | 000,000,728 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Help.lnk
[2012/03/01 08:40:27 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/12/25 16:11:53 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/09/07 14:40:12 | 000,002,048 | ---- | C] () -- C:\Documents and Settings\Roanna\Application Data\PhotobookShop.com.au Prefs
[2011/05/03 16:17:13 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2011/03/27 10:59:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2011/03/02 22:57:44 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe
[2011/03/02 22:57:40 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
[2011/03/02 22:57:40 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2011/03/02 22:57:40 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2011/03/02 22:57:40 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
[2011/01/05 09:57:53 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\Roanna\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini

========== LOP Check ==========

[2010/12/06 07:05:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Clarus
[2008/08/25 16:44:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2009/06/18 07:17:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Musicnotes
[2009/10/08 16:04:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2008/10/11 09:14:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2008/09/19 22:57:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2012/03/10 20:04:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2011/12/25 15:12:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung
[2009/09/11 23:19:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/08/25 16:48:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2010/06/11 18:02:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/12/14 08:48:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/03/02 07:21:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roanna\Application Data\Any Video Converter
[2012/03/10 20:43:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roanna\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/03/10 15:56:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roanna\Application Data\com.adobe.downloadassistant.AdobeDownloadAssistant
[2008/08/22 20:02:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roanna\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/04/23 07:11:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roanna\Application Data\EPSON
[2010/06/02 01:05:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roanna\Application Data\Facebook
[2009/10/09 07:45:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roanna\Application Data\NCH Swift Sound
[2008/12/26 21:34:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roanna\Application Data\Panasonic
[2011/09/07 14:36:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roanna\Application Data\PhotobookShop.com.au
[2011/12/25 15:07:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roanna\Application Data\Samsung
[2012/05/08 18:05:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roanna\Application Data\Smmarks2
[2011/05/24 20:53:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roanna\Application Data\Smrepwk2
[2008/09/04 15:08:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roanna\Application Data\Snapfish
[2011/12/26 13:34:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roanna\Application Data\Temp
[2012/06/14 23:07:25 | 000,000,424 | ---- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{D3A97F3F-D2EA-4592-8A59-B55B37F0567F}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:411E1BE2

< End of report >
  • 0

#35
Render
Posted 28 May 2012 - 05:26 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
OK. You are running low on space on system partition C:.

Please uninstall unneeded programs and delete or move unnecessary files from system partition to some external media.
You now have only 6.72 GB or 9.02% free space. Let's make it at least 20GB free.

How to unistall program in Windows XP:

  • Click Start, click Control Panel, and then double-click Add or Remove Programs.
  • In the Currently installed programs box, click the program that you want to remove, and then click Remove.
  • If you are prompted to confirm the removal of the program, click Yes.

  • 0

#36
rdbadger
Posted 28 May 2012 - 05:36 PM

rdbadger

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 107 posts
ok will do onto it now - I just looked in task manager again and that services.exe is still running at around 250,000k - do you know what is causing this?
ta
  • 0

#37
rdbadger
Posted 28 May 2012 - 05:42 PM

rdbadger

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 107 posts
just waiting for the add/remove programs to come up - and I looked at the last option "set program access and defaults" and it is set on custom rather than microsoft windows - should it be set on custom?
  • 0

#38
Render
Posted 28 May 2012 - 07:04 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts

ok will do onto it now - I just looked in task manager again and that services.exe is still running at around 250,000k - do you know what is causing this?

If process is legit it is Services Control Manager, which is responsible for running, ending, and interacting with system services. Please, don't worry about this at this point of malware removal process.

just waiting for the add/remove programs to come up - and I looked at the last option "set program access and defaults" and it is set on custom rather than microsoft windows - should it be set on custom?

Nothing wrong with this. Operating system is from Microsoft, but that doesn't mean you should not use some non Microsoft program. Firefox for example for browsing instead of Internet Explorer and so one.

When you will release enough space on your system partition we will run another tool to check if all your system files are legit.
  • 0

#39
rdbadger
Posted 28 May 2012 - 08:10 PM

rdbadger

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 107 posts
...uninstalled quite a few programs and deleted quite a bit of unecessary files/folders, but barely making a dint! Arcsoft video capture seems to refuse to uninstall - I think the operating system is only about 80G anyway
  • 0

#40
rdbadger
Posted 28 May 2012 - 08:14 PM

rdbadger

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 107 posts
is there anywhere else you would recommend looking to get rid of files?
ta
  • 0

Advertisements

#41
rdbadger
Posted 28 May 2012 - 08:32 PM

rdbadger

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 107 posts
...hmmmm.... and how is it possible for "updates" to be flagged as needing to be installed (just had a message pop up), when I haven't had the computer connected to the internet for abput 4 days?!
  • 0

#42
rdbadger
Posted 28 May 2012 - 08:33 PM

rdbadger

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 107 posts
...oh and NMIndexStoreSvr.exe error message keeps popping up!
  • 0

#43
Render
Posted 28 May 2012 - 09:24 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Posted Image Please download ComboFix from one of these locations:

Bleepingcomputer
ForoSpyware

Notes:
  • Do not mouse-click Combofix's window while it is running. That may cause it to stall.
  • ComboFix may reset a number of Internet Explorer's settings, including making Internet Explorer the default browser.
  • Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
  • CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
  • If you are using personal certificates I recommend you to export them before running ComboFix and save them to external media.
Please carefully follow all steps below:
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
    Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Posted Image

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes. ComboFix will now start scanning your computer for known infections. This procedure can take some time, so please be patient.
  • When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Give it at least 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofix. Use copy/paste.

Also please describe how your computer behaves at the moment.
  • 0

#44
rdbadger
Posted 28 May 2012 - 10:36 PM

rdbadger

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 107 posts
I've got aboout 14GB free - will that help?!
thanks
  • 0

#45
rdbadger
Posted 28 May 2012 - 11:52 PM

rdbadger

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 107 posts
ok onto the next instructions - however, if i don't have internet connection - can i still run combofix and will it still install microsoft recovery without being connected?
thanks
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP