Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Folder Content Missing on all Drives [Closed]


  • This topic is locked This topic is locked

#1
pi-ppo

pi-ppo

    New Member

  • Member
  • Pip
  • 5 posts
Attached File  Extras.Txt   64.83KB   15 downloadsAttached File  OTL.Txt   202.54KB   17 downloads
Last week, June 5-8th 2012, my computer began running very slowly.
On Sunday June 10th, my wife and I looked at some pictures (in Google Images) of a criminal in the news.
On one of the pics, I got a RED ESET alert the site connection was closed due to malware.
About ten minutes later, I deleted some files before going to bed.

Next morning, Monday June 09th, I awakened to dozens of popups telling me the hard drive was crashing. I hit cancel to close each one. When I closed the last notice, an app panel opened to tell me my hard drive was in critical danger of failing. It began "scanning". I closed the application but it re-generated. When it finally closed off my desktop, it stayed active on my taskbar.

Trying to use my MS Word, I had NO CONTENT IN ANY FILE FOLDERS!
All File Folders were gone for ALL Files! No Text, Music, or Pictures on my hard-drive or two 500G External Drives. Moving the External Drives to another computer shows only there is NO CONTENT on either drive, but Properties shows the drives have Gigs of content on the drives even if they do not appear.

My Favorites Menu and My Favorites Bar are completely hidden, but show "multiple copies" when I put an icon on the Menu bar.

I did two System Restores from 10 days+ back.

My files did not return.
MS updates is not working.

I used the following apps:
SuperAntiSpyware
ESET Scanner
Malwarebytes
Advanced SystemCare

I have a new desktop icon: PC Healthboost. It will not go away.
I tried to erase all footprints in REGEDIT & MSCONFIG, but it comes back.
I have three "dimmed" IE icons named "Desktop.INI on my desktop. They too will not be deleted.

Periodically (once or twice a day) my file folders wil show up, but they are dim. I can access the content, but not copy, edit, or save them to another media. Then, like they appeared, they disappear again.

I have gotten NO error codes, All anti-spyware/virus software says I am not infected.

I ran OTL.Txt I have saved the two text results. I am attaching them below.
Question:

1. Can anything be done to restore visiblity of my files?

2. Is this going to be a low level format situation?

Observation:
I believe I have described as completely as possible. If you need anything further... please ask.

Thank You,

PI-PPO
1432 hrs
6/14/2012

Edited by pi-ppo, 14 June 2012 - 02:11 PM.

  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there lets kill this bad boy

  • Download RogueKiller and save it on your desktop.
  • Quit all programs
  • Start RogueKiller.exe.
  • Wait until Prescan has finished ...
  • Click on Scan
Posted Image
  • Wait for the end of the scan.
  • The report has been created on the desktop.
  • Click on the Delete button.
Posted Image
  • The report has been created on the desktop.

  • Next click on the ShortcutsFix
    Posted Image
  • The report has been created on the desktop.

Please post: All RKreport.txt text files located on your desktop.

NEXT

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    services.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

FINALLY


Download aswMBR.exe ( 4.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image
  • 0

#3
pi-ppo

pi-ppo

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
GeekU,

Thank You for the quick response.

I have completed your instructions down through RogueKiller.

I am attaching the reports here.

Thank You for the wonderful insightful help. I will talk to you after the next set of instructions.

PI-PPO

Attached Files


  • 0

#4
pi-ppo

pi-ppo

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
GeekU,

I have run OT. The *final.txt files are attaced.

Will contact you after final instructions finished.

Thank You

PI-PPO

OTL logfile created on: 6/14/2012 5:01:18 PM - Run 2
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\Dr Major\Pictures\X Work Folder
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.37 Gb Total Physical Memory | 1.96 Gb Available Physical Memory | 58.03% Memory free
6.96 Gb Paging File | 5.31 Gb Available in Paging File | 76.34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 455.59 Gb Total Space | 10.84 Gb Free Space | 2.38% Space Free | Partition Type: NTFS
Drive D: | 10.17 Gb Total Space | 1.36 Gb Free Space | 13.37% Space Free | Partition Type: NTFS
Drive F: | 4.38 Gb Total Space | 1.73 Gb Free Space | 39.60% Space Free | Partition Type: UDF
Drive L: | 232.88 Gb Total Space | 20.77 Gb Free Space | 8.92% Space Free | Partition Type: NTFS
Drive M: | 232.83 Gb Total Space | 2.95 Gb Free Space | 1.27% Space Free | Partition Type: FAT32

Computer Name: TAZ | User Name: Dr Major | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Dr Major\Pictures\X Work Folder\OTL.exe (OldTimer Tools)
PRC - C:\Users\Dr Major\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe (IObit)
PRC - C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe (IObit)
PRC - C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
PRC - C:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe ()
PRC - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\Lexmark S300-S400 Series\ezprint.exe ()
PRC - C:\Program Files\Lexmark S300-S400 Series\lxeamon.exe ()
PRC - C:\Windows\System32\lxeacoms.exe ( )
PRC - C:\Windows\System32\spool\drivers\w32x86\3\lxeaserv.exe (Lexmark International, Inc.)
PRC - C:\Program Files\ESET\ESET Smart Security\ekrn.exe (ESET)
PRC - C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
PRC - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
PRC - C:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Google\Gmail Notifier\gnotify.exe (Google Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\bfdd10e0a0aacf46bac557ffc5d55ba5\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll ()
MOD - C:\Program Files\HTC\HTC Sync 3.0\Maps\R66Api.dll ()
MOD - C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
MOD - C:\Program Files\HTC\HTC Sync 3.0\sqlite3.7.dll ()
MOD - C:\Program Files\HTC\HTC Sync 3.0\sqlite3.dll ()
MOD - C:\Program Files\HTC\HTC Sync 3.0\htcDetect.dll ()
MOD - C:\Program Files\HTC\HTC Sync 3.0\htcDetectLegend.dll ()
MOD - C:\Program Files\HTC\HTC Sync 3.0\htcDisk.dll ()
MOD - C:\Program Files\HTC\HTC Sync 3.0\fdHttpd.dll ()
MOD - C:\Program Files\Lexmark S300-S400 Series\ezprint.exe ()
MOD - C:\Program Files\Lexmark S300-S400 Series\lxeamon.exe ()
MOD - C:\Program Files\Lexmark S300-S400 Series\epoemdll.dll ()
MOD - C:\Program Files\Lexmark S300-S400 Series\epstring.dll ()
MOD - C:\Program Files\Lexmark S300-S400 Series\epwizres.dll ()
MOD - C:\Program Files\Lexmark S300-S400 Series\epwizard.dll ()
MOD - C:\Program Files\Lexmark S300-S400 Series\customui.dll ()
MOD - C:\Program Files\Lexmark S300-S400 Series\epfunct.dll ()
MOD - C:\Program Files\Lexmark S300-S400 Series\eputil.dll ()
MOD - C:\Program Files\Lexmark S300-S400 Series\imagutil.dll ()
MOD - C:\Program Files\Lexmark S300-S400 Series\lxeadrs.dll ()
MOD - C:\Program Files\Lexmark S300-S400 Series\lxeascw.dll ()
MOD - C:\Windows\System32\spool\drivers\w32x86\3\lxeadatr.dll ()
MOD - C:\Program Files\Lexmark S300-S400 Series\iptk.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\Program Files\Lexmark S300-S400 Series\lxeacaps.dll ()
MOD - C:\Program Files\Lexmark S300-S400 Series\lxeaptp.dll ()
MOD - C:\Program Files\Lexmark Toolbar\resource.dll ()
MOD - C:\Program Files\Lexmark Toolbar\toolband.dll ()


========== Win32 Services (SafeList) ==========

SRV - (Updater Service for StartNow Toolbar) -- File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AdvancedSystemCareService5) -- C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe (IObit)
SRV - (AdobeActiveFileMonitor10.0) -- C:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (PassThru Service) -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe ()
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
SRV - (lxea_device) -- C:\Windows\System32\lxeacoms.exe ( )
SRV - (lxeaCATSCustConnectService) -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxeaserv.exe ()
SRV - (EhttpSrv) -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe (ESET)
SRV - (ekrn) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe (ESET)
SRV - (IntuitUpdateService) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies)


========== Driver Services (SafeList) ==========

DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (MCSTRM) -- File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (TrueSight) -- C:\Windows\System32\drivers\TrueSight.sys ()
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (htcnprot) -- C:\Windows\System32\drivers\htcnprot.sys (Windows ® Win 7 DDK provider)
DRV - (epfwwfp) -- C:\Windows\System32\drivers\epfwwfp.sys (ESET)
DRV - (epfw) -- C:\Windows\System32\drivers\epfw.sys (ESET)
DRV - (ehdrv) -- C:\Windows\System32\drivers\ehdrv.sys (ESET)
DRV - (eamon) -- C:\Windows\System32\drivers\eamon.sys (ESET)
DRV - (Epfwndis) -- C:\Windows\System32\drivers\epfwndis.sys (ESET)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (HSXHWBS2) -- C:\Windows\System32\drivers\HSXHWBS2.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\Windows\System32\drivers\HSX_DP.sys (Conexant Systems, Inc.)
DRV - (nvrd32) -- C:\Windows\System32\drivers\nvrd32.sys (NVIDIA Corporation)
DRV - (nvstor32) -- C:\Windows\System32\drivers\nvstor32.sys (NVIDIA Corporation)
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (NPF) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (Ps2) -- C:\Windows\System32\drivers\PS2.sys (Hewlett-Packard Company)
DRV - (ICDUSB2) Sony IC Recorder (P) -- C:\Windows\System32\drivers\IcdUsb2.sys (Sony Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cndt
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0563BA60-7C18-4EF8-B3E2-E0556ACF5529}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{87800764-5566-44EA-97A7-1824D5DEF617}: "URL" = http://search.yahoo....ing}&fr=hp-pvdt


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2151857577-884416560-3081426803-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cndt
IE - HKU\S-1-5-21-2151857577-884416560-3081426803-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.myway.com/...arconfigchanged
IE - HKU\S-1-5-21-2151857577-884416560-3081426803-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/
IE - HKU\S-1-5-21-2151857577-884416560-3081426803-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2151857577-884416560-3081426803-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-2151857577-884416560-3081426803-1000\..\SearchScopes\{0563BA60-7C18-4EF8-B3E2-E0556ACF5529}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKU\S-1-5-21-2151857577-884416560-3081426803-1000\..\SearchScopes\{63140ECF-C629-BE59-8F0E-90B4FF340C03}: "URL" = http://www.bing.com/...eferrer:source}
IE - HKU\S-1-5-21-2151857577-884416560-3081426803-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7GGLL_en
IE - HKU\S-1-5-21-2151857577-884416560-3081426803-1000\..\SearchScopes\{87800764-5566-44EA-97A7-1824D5DEF617}: "URL" = http://search.yahoo....ing}&fr=hp-pvdt
IE - HKU\S-1-5-21-2151857577-884416560-3081426803-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2151857577-884416560-3081426803-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.4: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Dr Major\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Dr Major\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/06/09 03:03:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2012/06/09 03:03:41 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Bing (Enabled)
CHR - default_search_provider: search_url = http://www.bing.com/...l_date=20110814
CHR - default_search_provider: suggest_url = http://api.bing.com/...n.aspx?query=%s
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Dr Major\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.126_0\

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Lexmark Printable Web) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKU\S-1-5-21-2151857577-884416560-3081426803-1000\..\Toolbar\ShellBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe (Google Inc.)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark S300-S400 Series\ezprint.exe ()
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()
O4 - HKLM..\Run: [lxeamon.exe] C:\Program Files\Lexmark S300-S400 Series\lxeamon.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2151857577-884416560-3081426803-1000..\Run: [Advanced SystemCare 5] C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe (IObit)
O4 - HKU\S-1-5-21-2151857577-884416560-3081426803-1000..\Run: [Akamai NetSession Interface] C:\Users\Dr Major\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O7 - HKU\S-1-5-21-2151857577-884416560-3081426803-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-2151857577-884416560-3081426803-1000\..Trusted Domains: real.com ([rhap-app-4-0] https in Trusted sites)
O15 - HKU\S-1-5-21-2151857577-884416560-3081426803-1000\..Trusted Domains: real.com ([rhapreg] https in Trusted sites)
O15 - HKU\S-1-5-21-2151857577-884416560-3081426803-1000\..Trusted Domains: xbox.com ([live] https in Trusted sites)
O15 - HKU\S-1-5-21-2151857577-884416560-3081426803-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In https://my.garmin.co...inAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 66.160.208.114 66.160.208.45 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B30D6ACE-6698-49DA-A2A9-5503F9713C73}: DhcpNameServer = 66.160.208.114 66.160.208.45 192.168.1.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/08/18 14:07:59 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/05/07 03:01:54 | 000,000,162 | ---- | M] () - L:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009/09/04 19:08:14 | 000,000,183 | ---- | M] () - M:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{019f3eb4-49b7-11df-8cec-0021971e8fca}\Shell - "" = AutoRun
O33 - MountPoints2\{0870a86f-276e-11de-a0a8-001e90443962}\Shell - "" = AutoRun
O33 - MountPoints2\{0870a86f-276e-11de-a0a8-001e90443962}\Shell\AutoRun\command - "" = N:\LaunchU3.exe -a
O33 - MountPoints2\{7094e2a3-3463-11df-89d9-0021971e8fca}\Shell\AutoRun\command - "" = restore\restorestarter.exe
O33 - MountPoints2\{dfc75d56-7b64-11de-92b8-001e90443962}\Shell - "" = AutoRun
O33 - MountPoints2\{dfc75d76-7b64-11de-92b8-001e90443962}\Shell - "" = AutoRun
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/06/14 15:21:51 | 000,000,000 | ---D | C] -- C:\Users\Dr Major\Desktop\RK_Quarantine
[2012/06/13 12:09:46 | 000,000,000 | ---D | C] -- C:\Users\Dr Major\AppData\Roaming\Malwarebytes
[2012/06/13 12:09:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/06/13 12:09:34 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/06/13 12:09:34 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/06/13 12:09:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/06/10 16:37:22 | 000,000,000 | ---D | C] -- C:\Users\Dr Major\AppData\Roaming\ApplicationData
[2012/06/10 16:37:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC HealthBoost
[2012/06/10 16:37:11 | 000,000,000 | ---D | C] -- C:\Program Files\PC HealthBoost
[2012/06/10 16:37:00 | 000,000,000 | ---D | C] -- C:\ProgramData\PCHealthBoost
[2012/06/10 14:05:07 | 000,000,000 | ---D | C] -- C:\Users\Dr Major\AppData\Local\ElevatedDiagnostics
[2012/06/09 16:47:11 | 000,000,000 | ---D | C] -- C:\UnknownFolder184254
[2012/06/09 16:47:10 | 000,000,000 | ---D | C] -- C:\UnknownFolder179901
[2012/06/09 16:35:17 | 000,000,000 | ---D | C] -- C:\UnknownFolder193590
[2012/06/09 16:35:16 | 000,000,000 | ---D | C] -- C:\UnknownFolder277197
[2012/06/09 16:35:16 | 000,000,000 | ---D | C] -- C:\UnknownFolder193707
[2012/06/09 16:32:19 | 000,000,000 | ---D | C] -- C:\UnknownFolder180882
[2012/06/09 14:46:36 | 000,000,000 | ---D | C] -- C:\UnknownFolder238904
[2012/06/05 09:13:14 | 000,000,000 | ---D | C] -- C:\Users\Dr Major\Documents\NASA
[2012/06/01 14:38:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2012/06/01 14:37:08 | 000,000,000 | ---D | C] -- C:\Program Files\Complitly
[2012/06/01 14:37:01 | 000,000,000 | ---D | C] -- C:\Users\Dr Major\Documents\Freecorder
[2012/06/01 14:37:00 | 000,000,000 | ---D | C] -- C:\Users\Dr Major\AppData\Local\FLVService
[2012/06/01 14:36:32 | 000,000,000 | ---D | C] -- C:\Program Files\Freecorder
[2012/05/31 12:29:59 | 000,000,000 | ---D | C] -- C:\Users\Dr Major\Documents\! Major Work
[2012/05/30 15:58:41 | 000,000,000 | ---D | C] -- C:\Users\Dr Major\Documents\My Kindle Content
[2012/05/30 15:58:29 | 000,000,000 | ---D | C] -- C:\Users\Dr Major\AppData\Local\Amazon
[2012/05/21 03:09:04 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

========== Files - Modified Within 30 Days ==========

[2012/06/14 16:51:15 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/14 16:34:00 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/14 16:25:32 | 000,035,328 | ---- | M] () -- C:\Users\Dr Major\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/06/14 16:16:59 | 000,654,772 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/06/14 16:16:59 | 000,123,226 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/06/14 16:09:47 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/14 16:09:30 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/14 16:09:29 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/14 16:09:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/14 16:08:32 | 3622,162,432 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/14 15:21:54 | 000,014,080 | ---- | M] () -- C:\Windows\System32\drivers\TrueSight.sys
[2012/06/14 15:07:00 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2151857577-884416560-3081426803-1000UA.job
[2012/06/14 14:57:55 | 000,002,651 | ---- | M] () -- C:\Users\Dr Major\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007 (2).lnk
[2012/06/14 14:41:19 | 000,002,651 | ---- | M] () -- C:\Users\Dr Major\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007.lnk
[2012/06/14 13:45:00 | 000,000,516 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 6ec74b52-01b5-46c1-acf0-148dee9669db.job
[2012/06/14 13:33:47 | 000,000,722 | ---- | M] () -- C:\Users\Dr Major\Desktop\OTL.exe - Shortcut.lnk
[2012/06/14 09:07:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2151857577-884416560-3081426803-1000Core.job
[2012/06/14 03:35:45 | 000,412,496 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/06/13 12:09:35 | 000,000,937 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/10 16:37:11 | 000,001,790 | ---- | M] () -- C:\Users\Public\Desktop\PC HealthBoost.lnk
[2012/06/10 02:49:54 | 003,225,985 | ---- | M] () -- C:\Users\Dr Major\Documents\! 0 Linksys Router.zip
[2012/06/10 02:46:39 | 002,129,155 | ---- | M] () -- C:\Users\Dr Major\Documents\Zip 00.zip
[2012/06/10 02:45:20 | 000,008,298 | ---- | M] () -- C:\Users\Dr Major\Documents\! Atkins.zip
[2012/06/08 23:23:08 | 000,000,128 | ---- | M] () -- C:\ProgramData\-5Ehhe3rO4gcKXLr
[2012/06/08 23:23:08 | 000,000,000 | ---- | M] () -- C:\ProgramData\-5Ehhe3rO4gcKXL
[2012/06/08 23:22:57 | 000,000,256 | ---- | M] () -- C:\ProgramData\5Ehhe3rO4gcKXL
[2012/05/21 03:32:13 | 000,002,609 | ---- | M] () -- C:\Users\Dr Major\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2007.lnk

========== Files Created - No Company Name ==========

[2012/06/14 15:21:54 | 000,014,080 | ---- | C] () -- C:\Windows\System32\drivers\TrueSight.sys
[2012/06/14 13:33:47 | 000,000,722 | ---- | C] () -- C:\Users\Dr Major\Desktop\OTL.exe - Shortcut.lnk
[2012/06/13 12:09:35 | 000,000,937 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/10 16:37:11 | 000,001,790 | ---- | C] () -- C:\Users\Public\Desktop\PC HealthBoost.lnk
[2012/06/10 02:49:54 | 003,225,985 | ---- | C] () -- C:\Users\Dr Major\Documents\! 0 Linksys Router.zip
[2012/06/10 02:46:38 | 002,129,155 | ---- | C] () -- C:\Users\Dr Major\Documents\Zip 00.zip
[2012/06/10 02:45:20 | 000,008,298 | ---- | C] () -- C:\Users\Dr Major\Documents\! Atkins.zip
[2012/06/08 23:23:08 | 000,000,128 | ---- | C] () -- C:\ProgramData\-5Ehhe3rO4gcKXLr
[2012/06/08 23:23:07 | 000,000,000 | ---- | C] () -- C:\ProgramData\-5Ehhe3rO4gcKXL
[2012/06/08 23:22:57 | 000,000,256 | ---- | C] () -- C:\ProgramData\5Ehhe3rO4gcKXL
[2012/05/17 16:26:50 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2012/04/19 15:42:39 | 000,000,176 | ---- | C] () -- C:\ProgramData\-B0O789j3gi4BM7r
[2012/04/19 15:42:39 | 000,000,000 | ---- | C] () -- C:\ProgramData\-B0O789j3gi4BM7
[2012/04/19 15:42:31 | 000,000,256 | ---- | C] () -- C:\ProgramData\B0O789j3gi4BM7
[2012/03/11 19:34:12 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2011/12/31 16:19:08 | 000,020,312 | ---- | C] () -- C:\Windows\System32\RegistryDefragBootTime.exe
[2011/12/26 23:23:38 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2011/08/18 19:27:53 | 000,000,044 | -H-- | C] () -- C:\Windows\System32\lxearwrd.ini
[2011/08/18 19:21:10 | 000,299,008 | ---- | C] () -- C:\Windows\System32\LXEAsm.dll
[2011/08/18 19:21:10 | 000,023,552 | ---- | C] () -- C:\Windows\System32\LXEAsmr.dll

========== LOP Check ==========

[2011/12/12 11:33:21 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\IObit
[2011/12/12 11:33:21 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\IObit
[2009/04/17 17:51:06 | 000,000,000 | ---D | M] -- C:\Users\Dr Major\AppData\Roaming\Amazon
[2012/06/10 16:37:22 | 000,000,000 | ---D | M] -- C:\Users\Dr Major\AppData\Roaming\ApplicationData
[2012/04/16 13:29:17 | 000,000,000 | ---D | M] -- C:\Users\Dr Major\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/10/11 15:18:51 | 000,000,000 | ---D | M] -- C:\Users\Dr Major\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/01/02 00:29:59 | 000,000,000 | ---D | M] -- C:\Users\Dr Major\AppData\Roaming\ESET
[2009/06/26 20:38:21 | 000,000,000 | ---D | M] -- C:\Users\Dr Major\AppData\Roaming\GARMIN
[2012/06/09 03:04:36 | 000,000,000 | ---D | M] -- C:\Users\Dr Major\AppData\Roaming\Hoyle FaceCreator
[2012/06/09 03:04:36 | 000,000,000 | ---D | M] -- C:\Users\Dr Major\AppData\Roaming\Hoyle Puzzle and Board Games
[2011/12/22 10:56:33 | 000,000,000 | ---D | M] -- C:\Users\Dr Major\AppData\Roaming\HTC
[2012/06/09 03:04:36 | 000,000,000 | ---D | M] -- C:\Users\Dr Major\AppData\Roaming\IObit
[2010/01/23 18:34:26 | 000,000,000 | ---D | M] -- C:\Users\Dr Major\AppData\Roaming\Nova Development
[2009/01/03 11:16:13 | 000,000,000 | ---D | M] -- C:\Users\Dr Major\AppData\Roaming\Snapfish
[2011/08/14 16:25:40 | 000,000,000 | ---D | M] -- C:\Users\Dr Major\AppData\Roaming\TweakNow PowerPack 2011
[2012/06/14 03:30:14 | 000,032,556 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/06/14 13:45:00 | 000,000,516 | ---- | M] () -- C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 6ec74b52-01b5-46c1-acf0-148dee9669db.job

========== Purity Check ==========



========== Custom Scans ==========

< •Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. >

< >

< •Select All Users >

< >

< •Under the Custom Scan box paste this in >

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2008/10/29 01:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 22:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/27 21:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/20 21:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: SERVICES >
[2006/09/18 16:41:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\Windows\System32\drivers\etc\services
[2006/09/18 16:41:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6000.16386_none_024e4071fa6fea95\services

< MD5 for: SERVICES.DLL >
[2011/08/03 14:22:22 | 004,529,944 | ---- | M] (SmartSound Software Inc.) MD5=B54D688D918F0C6ECB38804D0ECED3CE -- C:\Program Files\SmartSound Software\Sonicfire Pro 5\Services.dll

< MD5 for: SERVICES.EXE >
[2008/01/20 21:24:48 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2009/04/11 01:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\System32\services.exe
[2009/04/11 01:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2006/11/02 07:40:53 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Windows\System32\en-US\services.exe.mui
[2006/11/02 07:40:53 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.0.6000.16386_en-us_67c6851b290a1ced\services.exe.mui

< MD5 for: SERVICES.LNK >
[2008/01/20 21:42:58 | 000,001,688 | ---- | M] () MD5=C50AE46E57C3F3FB61A3B3A1E5D9C412 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2008/01/20 21:42:58 | 000,001,688 | ---- | M] () MD5=C50AE46E57C3F3FB61A3B3A1E5D9C412 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2006/09/18 16:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\System32\wbem\services.mof
[2006/09/18 16:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.mof
[2006/09/18 16:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.mof

< MD5 for: SERVICES.MSC >
[2006/11/02 07:41:29 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\en-US\services.msc
[2006/09/18 16:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\services.msc
[2006/11/02 07:41:29 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.0.6000.16386_en-us_a2085506ff73b6e0\services.msc
[2006/09/18 16:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.0.6001.18000_none_cf63e2a445bae4e3\services.msc

< MD5 for: SERVICES.PNG >
[2008/03/26 13:02:52 | 000,000,875 | ---- | M] () MD5=3382D191625A7528ED791FEDCCE3F212 -- C:\Program Files\PC-Doctor 5 for Windows\Images\img16_16\services.png
[2008/03/26 13:03:00 | 000,002,244 | ---- | M] () MD5=8C5F2C34A5FB317B868565F9451BF74C -- C:\Program Files\PC-Doctor 5 for Windows\Images\img32_32\services.png
[2008/03/26 13:03:08 | 000,006,479 | ---- | M] () MD5=AFCA60ED198BE9309943722FE8758392 -- C:\Program Files\PC-Doctor 5 for Windows\Images\img64_64\services.png
[2008/03/26 13:03:04 | 000,004,193 | ---- | M] () MD5=E1C3A20056206C394E65B37CE1D43851 -- C:\Program Files\PC-Doctor 5 for Windows\Images\img48_48\services.png
[2008/03/26 13:02:56 | 000,001,509 | ---- | M] () MD5=F4EC3ABEAE15FA9BB42D721E9D543F44 -- C:\Program Files\PC-Doctor 5 for Windows\Images\img24_24\services.png

< MD5 for: SVCHOST.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2008/01/20 21:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/20 21:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/20 21:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/20 21:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/04/11 01:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 01:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/20 21:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\$NtUninstallKB1012$] -> Error: Cannot create file handle -> Unknown point type

< End of report >

Attached Files


  • 0

#5
pi-ppo

pi-ppo

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
GeekU,

I have completed the final scan with aswMBR.exe ... find attached.

Questions:

1). I still have the .ini files on my desktop.
My Recycle Bin is still loaded with hundreds of files I do not recognize.
Are these files okay to recycle?

2). Can I assume the computer is ready to rock and the Badboy is Dead?

Comments:
1). I am qualified to recognize a good detective when I meet one. You are a good Detective.
2). I will discuss with my wife, about depositing a token in your PP acct. It will not be as much as I want to donate or you have earned (worth), but it will be something.
3). Thank You for your time and energy that caused my help.

PI-PPO

Attached Files


Edited by pi-ppo, 14 June 2012 - 04:34 PM.

  • 0

#6
pi-ppo

pi-ppo

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
GeekU,

PP=30.30L.

Thank You,

PI-PPO
  • 0

#7
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Looking better, could you confirm that all files and folders are now visible

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run
To disable MBAM
Open the scanner and select the protection tab
Remove the tick from "Start with Windows"
Reboot and then run OTL
Posted Image

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    SRV - (Updater Service for StartNow Toolbar) -- File not found
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    [2012/06/09 16:47:11 | 000,000,000 | ---D | C] -- C:\UnknownFolder184254
    [2012/06/09 16:47:10 | 000,000,000 | ---D | C] -- C:\UnknownFolder179901
    [2012/06/09 16:35:17 | 000,000,000 | ---D | C] -- C:\UnknownFolder193590
    [2012/06/09 16:35:16 | 000,000,000 | ---D | C] -- C:\UnknownFolder277197
    [2012/06/09 16:35:16 | 000,000,000 | ---D | C] -- C:\UnknownFolder193707
    [2012/06/09 16:32:19 | 000,000,000 | ---D | C] -- C:\UnknownFolder180882
    [2012/06/09 14:46:36 | 000,000,000 | ---D | C] -- C:\UnknownFolder238904
    [2012/06/08 23:23:08 | 000,000,128 | ---- | M] () -- C:\ProgramData\-5Ehhe3rO4gcKXLr
    [2012/06/08 23:23:08 | 000,000,000 | ---- | M] () -- C:\ProgramData\-5Ehhe3rO4gcKXL
    [2012/06/08 23:22:57 | 000,000,256 | ---- | M] () -- C:\ProgramData\5Ehhe3rO4gcKXL
    [2012/04/19 15:42:39 | 000,000,176 | ---- | C] () -- C:\ProgramData\-B0O789j3gi4BM7r
    [2012/04/19 15:42:39 | 000,000,000 | ---- | C] () -- C:\ProgramData\-B0O789j3gi4BM7
    [2012/04/19 15:42:31 | 000,000,256 | ---- | C] () -- C:\ProgramData\B0O789j3gi4BM7

    :Files
    ipconfig /flushdns /c

    :Commands
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.



Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP