Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Intelligent IQ - Programs Will Not Run [Solved]

Started by joseph456 , Jan 01 2013 04:28 PM

  • This topic is locked This topic is locked

#1
joseph456
Posted 01 January 2013 - 04:28 PM

joseph456

    Member

  • Member
  • PipPipPip
  • 455 posts
I downloaded two programs that used Intelligent IQ - 7zip and Free File Viewer 2012 in an attempt to open a DocX file. Then I uninstalled the programs using Revo. Now I am unable to go on the internet via Internet Explorer, Quick Launch Toolbar disappeared, cannot open any programs from the Start Menu (although if I find the program in Windows I can open it) and cannot run Malwarebytes. Remove MB and reinstalled, still will not run. MSE installed and not reporting any problems.

IE will not run even if I locate it in Program Files. As mentioned, nothing will run from Start Menu except for Firefox

Getting Run Time Error 372 when trying to run Malwarebytes

Also - when I restart I get the message "Windows cannot find c:\programs"

I also noticed someone with similar problems here here:http://forums.whatthetech.com/index.php?showtopic=87483My link

and http://forums.malwar...showtopic=92692

OTL logfile created on: 1/1/2013 5:17:38 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.43 Gb Available Physical Memory | 71.41% Memory free
4.85 Gb Paging File | 4.41 Gb Available in Paging File | 90.97% Paging File free
Paging file location(s): C:\pagefile.sys 3069 3069 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 20.30 Gb Free Space | 54.50% Space Free | Partition Type: NTFS

Computer Name: OWNER-FE8C2F80E | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/01 17:14:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2012/12/09 21:09:49 | 000,363,752 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2012/12/08 10:10:22 | 000,916,960 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/09/12 16:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/09/12 16:19:44 | 000,947,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/08/23 12:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2012/05/04 18:29:46 | 000,161,664 | ---- | M] (Oracle Corporation) -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
PRC - [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012/12/31 10:15:17 | 014,586,296 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll
MOD - [2012/12/09 20:46:38 | 000,600,868 | ---- | M] () -- C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll
MOD - [2012/12/08 10:09:08 | 002,397,152 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/11/14 01:38:36 | 000,221,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\0284e2e0afcfd7ce09094b30c0486d46\System.ServiceProcess.ni.dll
MOD - [2012/11/14 01:38:08 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\fff1287f12f1ab73c271386342224a3a\System.Runtime.Remoting.ni.dll
MOD - [2012/11/14 01:38:05 | 000,787,456 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\6fc86a3e1d07ea824cd49b0c0b19d2f5\System.EnterpriseServices.ni.dll
MOD - [2012/11/14 01:38:04 | 000,649,728 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Transactions\102cfe160aeb1e16a35890004a421ec9\System.Transactions.ni.dll
MOD - [2012/11/14 01:27:51 | 006,815,232 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data\90f1acbd79e2a5fabfb8c516d6be36a3\System.Data.ni.dll
MOD - [2012/11/14 01:27:13 | 000,982,528 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\ed886fb71addf400705481dcf8de12da\System.Configuration.ni.dll
MOD - [2012/11/14 01:27:09 | 013,198,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\caffbced23ee85b40b919ad4a122b7aa\System.Windows.Forms.ni.dll
MOD - [2012/11/14 01:27:07 | 007,069,184 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\752225ca2585aa8f1c46b489e172e920\System.Core.ni.dll
MOD - [2012/11/14 01:26:43 | 005,617,664 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\cb0c00757e89f0b1fe282913ed667212\System.Xml.ni.dll
MOD - [2012/11/14 01:26:39 | 001,666,048 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\9422d0c052186760a4645e10995487f5\System.Drawing.ni.dll
MOD - [2012/11/14 01:26:24 | 009,093,632 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\811a7bc79f8f0a5be8065292a320819e\System.ni.dll
MOD - [2012/11/14 01:26:05 | 014,412,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\16126cae96ea2422253ae06eeb672abc\mscorlib.ni.dll
MOD - [2012/05/14 20:58:44 | 000,036,864 | ---- | M] () -- C:\WINDOWS\system32\pdf995mon.dll
MOD - [2008/09/16 19:18:06 | 000,132,608 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll


========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\system32\A9523AD0.exe -- (A9523AD0)
SRV - [2012/09/12 16:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/08/23 12:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2012/05/04 18:29:46 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2010/05/18 15:13:58 | 000,935,208 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2013/01/01 17:13:11 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{85B246E9-36CF-4804-850C-3D96765AA0EE}\MpKsl9044bb8f.sys -- (MpKsl9044bb8f)
DRV - [2011/08/09 16:33:58 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\BANTExt.sys -- (BANTExt)
DRV - [2011/03/18 11:08:54 | 000,025,240 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2005/11/10 02:47:00 | 000,922,148 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial)
DRV - [2005/08/09 21:35:42 | 001,273,856 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2003/10/14 15:05:28 | 000,252,144 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97)
DRV - [2003/07/17 16:40:06 | 000,265,728 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [1996/04/03 14:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = https://www.netaddress.com/tpl/Doo [Binary data over 200 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=en&source=iglk
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 78 ED DC 99 43 43 CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {3346F7CE-4424-41A1-BEC7-CEEEF930ACB1}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\..\SearchScopes\{3346F7CE-4424-41A1-BEC7-CEEEF930ACB1}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\..\SearchScopes\{5F5C1C9A-0684-43EA-8CDA-E9A8A6350566}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.co...ange/&reason=0"
FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:0.0.0
FF - prefs.js..extensions.enabledAddons: %7B1BC9BA34-1EED-42ca-A505-6D2F1A935BBB%7D:4.12.22.2
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/12/08 10:10:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/05/14 20:34:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2012/12/25 15:12:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\de1io1lr.default\extensions
[2012/12/25 15:12:40 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\de1io1lr.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
[2012/12/08 10:08:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/02/03 19:24:27 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2012/12/08 10:10:22 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/08/28 12:32:19 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/10/27 17:21:02 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2004/08/04 06:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - No CLSID value found.
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O15 - HKCU\..Trusted Domains: ebay.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop...t/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate...b?1318284984953 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1341705385671 (MUWebControl Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 4.2.2.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2A398A8B-AFD8-4FE6-88EA-A15565B79B08}: DhcpNameServer = 192.168.1.1 4.2.2.2
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\mhtml - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/10/10 16:00:21 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/01 17:18:37 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2013/01/01 17:14:41 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2012/12/23 14:02:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SlimCleaner
[2012/12/18 14:32:28 | 000,032,256 | ---- | C] (UltraDefrag Development Team) -- C:\WINDOWS\System32\udefrag.exe
[2012/12/18 14:32:24 | 000,008,704 | ---- | C] (UltraDefrag Development Team) -- C:\WINDOWS\System32\hibernate4win.exe
[2012/12/18 14:32:22 | 000,010,240 | ---- | C] (UltraDefrag Development Team) -- C:\WINDOWS\System32\bootexctrl.exe
[2012/12/18 14:32:20 | 000,024,064 | ---- | C] (UltraDefrag Development Team) -- C:\WINDOWS\System32\wgx.dll
[2012/12/18 14:32:00 | 000,050,176 | ---- | C] (UltraDefrag Development Team) -- C:\WINDOWS\System32\udefrag.dll
[2012/12/18 14:31:58 | 000,328,192 | ---- | C] (UltraDefrag Development Team) -- C:\WINDOWS\System32\zenwinx.dll
[2012/12/18 14:31:56 | 000,380,416 | ---- | C] (UltraDefrag Development Team) -- C:\WINDOWS\System32\defrag_native.exe
[2012/12/17 09:30:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Auslogics
[2012/12/15 18:51:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TurboTax 2012
[2012/12/08 10:51:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\Toolbar Cleaner
[2012/12/08 10:51:07 | 000,000,000 | ---D | C] -- C:\Program Files\Toolbar Cleaner
[2012/12/08 10:08:45 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox

========== Files - Modified Within 30 Days ==========

[2013/01/01 17:20:53 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2013/01/01 17:16:37 | 000,001,537 | ---- | M] () -- C:\WINDOWS\QUICKEN.INI
[2013/01/01 17:14:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2013/01/01 17:12:21 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2013/01/01 17:02:36 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/01/01 17:02:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/12/31 15:49:13 | 000,001,774 | -H-- | M] () -- C:\Documents and Settings\Owner\My Documents\Default.rdp
[2012/12/31 10:54:38 | 000,005,093 | ---- | M] () -- C:\fraglist.luar
[2012/12/31 10:26:27 | 000,128,504 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/12/31 10:10:26 | 000,001,723 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Belarc Advisor.lnk
[2012/12/31 10:10:26 | 000,001,705 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Belarc Advisor.lnk
[2012/12/31 09:47:13 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/12/28 15:45:04 | 000,000,060 | ---- | M] () -- C:\WINDOWS\wpd99.drv
[2012/12/26 15:36:45 | 000,248,041 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\misc1.pdf
[2012/12/26 14:36:24 | 000,157,296 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\misc2.pdf
[2012/12/23 19:16:15 | 000,064,509 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\misc3 .pdf
[2012/12/22 10:55:41 | 000,052,736 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\yearbook_web.jpg
[2012/12/21 10:55:06 | 000,000,736 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\UltraDefrag.lnk
[2012/12/21 10:55:06 | 000,000,718 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\UltraDefrag.lnk
[2012/12/18 14:32:28 | 000,032,256 | ---- | M] (UltraDefrag Development Team) -- C:\WINDOWS\System32\udefrag.exe
[2012/12/18 14:32:24 | 000,008,704 | ---- | M] (UltraDefrag Development Team) -- C:\WINDOWS\System32\hibernate4win.exe
[2012/12/18 14:32:22 | 000,010,240 | ---- | M] (UltraDefrag Development Team) -- C:\WINDOWS\System32\bootexctrl.exe
[2012/12/18 14:32:20 | 000,024,064 | ---- | M] (UltraDefrag Development Team) -- C:\WINDOWS\System32\wgx.dll
[2012/12/18 14:32:08 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\lua5.1a.dll
[2012/12/18 14:32:00 | 000,050,176 | ---- | M] (UltraDefrag Development Team) -- C:\WINDOWS\System32\udefrag.dll
[2012/12/18 14:31:58 | 000,328,192 | ---- | M] (UltraDefrag Development Team) -- C:\WINDOWS\System32\zenwinx.dll
[2012/12/18 14:31:56 | 000,380,416 | ---- | M] (UltraDefrag Development Team) -- C:\WINDOWS\System32\defrag_native.exe
[2012/12/16 10:27:04 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/12/15 19:07:40 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TurboTax 2012.lnk
[2012/12/15 18:55:52 | 000,000,744 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
[2012/12/15 10:24:39 | 000,076,161 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\misc4.pdf
[2012/12/15 09:59:33 | 000,161,943 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\misc5.pdf
[2012/12/14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/12/11 18:38:29 | 000,002,489 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Calculator Plus.lnk
[2012/12/08 10:51:10 | 000,000,761 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Toolbar Cleaner.lnk
[2012/12/02 18:25:39 | 000,000,372 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\spider.sav

========== Files Created - No Company Name ==========

[2013/01/01 16:09:48 | 000,002,511 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office Word Viewer 2003.lnk
[2012/12/31 10:26:27 | 000,128,504 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/12/31 10:10:26 | 000,001,723 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Belarc Advisor.lnk
[2012/12/31 10:10:26 | 000,001,705 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Belarc Advisor.lnk
[2012/12/31 09:47:13 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/12/29 19:28:33 | 000,005,093 | ---- | C] () -- C:\fraglist.luar
[2012/12/26 15:36:40 | 000,248,041 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\misc6.pdf
[2012/12/26 14:36:21 | 000,157,296 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\misc7.pdf
[2012/12/23 19:16:11 | 000,064,509 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\misc8 .pdf
[2012/12/22 10:55:40 | 000,052,736 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\yearbook_web.jpg
[2012/12/18 14:32:08 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\lua5.1a.dll
[2012/12/15 18:51:27 | 000,002,447 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TurboTax 2012.lnk
[2012/12/15 10:24:39 | 000,076,161 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\misc9.pdf
[2012/12/15 09:59:29 | 000,161,943 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\misc10.pdf
[2012/12/08 10:51:10 | 000,000,761 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Toolbar Cleaner.lnk
[2012/12/02 18:25:39 | 000,000,372 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\spider.sav
[2012/09/13 01:23:20 | 000,000,101 | ---- | C] () -- C:\WINDOWS\System32\ud-boot-time.ini
[2012/08/16 23:56:11 | 000,000,107 | ---- | C] () -- C:\WINDOWS\INTUIT.INI
[2012/06/29 23:40:04 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2012/06/10 19:44:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QFNONL.ini
[2012/06/10 19:44:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QFN.ini
[2012/06/10 19:44:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QDQICK.ini
[2012/06/04 19:43:40 | 000,068,048 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/06/04 07:39:46 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\downloads.m3u
[2012/06/01 23:17:37 | 000,000,030 | ---- | C] () -- C:\WINDOWS\INTURS.DAT
[2012/06/01 23:16:51 | 000,000,028 | ---- | C] () -- C:\WINDOWS\ICOA.INI
[2012/06/01 23:15:20 | 000,000,052 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2012/06/01 23:15:19 | 000,001,537 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2012/06/01 23:15:18 | 000,000,252 | ---- | C] () -- C:\WINDOWS\addrbook.ini
[2012/06/01 23:15:17 | 000,005,776 | ---- | C] () -- C:\WINDOWS\icoadb32.dat
[2012/05/15 19:51:48 | 000,877,094 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1275210071-1035525444-1606980848-1003-0.dat
[2012/05/15 19:51:47 | 000,120,142 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/05/15 07:03:34 | 000,000,744 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
[2012/05/14 21:00:24 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2012/05/14 20:58:45 | 000,000,060 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2012/05/14 20:58:44 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2012/05/14 20:40:58 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2012/02/14 22:19:50 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/31 13:18:40 | 000,000,162 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\default.rss
[2012/01/30 15:08:55 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/30 14:41:00 | 000,000,007 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\date
[2012/01/30 14:40:59 | 000,000,002 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\evf6
[2012/01/30 14:21:12 | 000,243,200 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2012/01/30 14:21:08 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2012/01/26 17:49:37 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2012/01/26 17:46:12 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2011/11/25 12:30:43 | 000,299,008 | ---- | C] () -- C:\WINDOWS\System32\DLEAsm.dll
[2011/11/25 12:30:43 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\DLEAsmr.dll
[2011/10/10 17:23:20 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\stac97co.dll
[2011/10/10 16:21:53 | 000,005,308 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/10/10 16:14:15 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56spn.dll
[2011/10/10 16:14:15 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56itl.dll
[2011/10/10 16:14:15 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56eng.dll
[2011/10/10 16:14:15 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56brz.dll
[2011/10/10 16:14:15 | 000,061,440 | ---- | C] () -- C:\WINDOWS\sm56ger.dll
[2011/10/10 16:14:15 | 000,061,440 | ---- | C] () -- C:\WINDOWS\sm56fra.dll
[2011/10/10 16:14:15 | 000,053,248 | ---- | C] () -- C:\WINDOWS\sm56jpn.dll
[2011/10/10 16:14:15 | 000,049,152 | ---- | C] () -- C:\WINDOWS\sm56cht.dll
[2011/10/10 16:14:15 | 000,049,152 | ---- | C] () -- C:\WINDOWS\sm56chs.dll
[2011/10/10 16:13:05 | 000,095,617 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2011/10/10 16:05:08 | 004,456,448 | -H-- | C] () -- C:\Documents and Settings\Owner\NTUSER.bak
[2011/10/10 16:03:11 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/10/10 15:56:40 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/10/10 11:49:41 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

========== ZeroAccess Check ==========

[2012/01/30 14:02:18 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 04:42:06 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 04:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/01/29 22:16:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2012/05/26 10:29:25 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2012/11/10 16:42:59 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
[2012/03/05 16:47:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ETTB
[2012/12/11 19:33:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2012/12/28 15:45:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2012/05/16 23:51:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/05/14 13:05:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Auslogics
[2012/01/29 22:16:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Babylon
[2012/11/10 16:42:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Canon
[2012/06/01 19:39:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\HandBrake
[2012/01/31 13:46:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ImgBurn
[2012/01/30 14:58:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leawo
[2012/06/13 21:48:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Oracle
[2012/05/14 21:00:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\pdf995
[2012/01/30 14:58:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\tiger-k
[2012/03/05 18:01:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Windows Desktop Search
[2012/05/14 13:57:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Windows Search
[2012/08/20 19:10:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\WinPatrol
[2012/02/08 15:48:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Xilisoft Corporation

========== Purity Check ==========



< End of report >

Edited by joseph456, 04 January 2013 - 07:58 PM.

  • 0

Advertisements

#2
Crag_Hack
Posted 03 January 2013 - 04:19 PM

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,839 posts
Hello and welcome to the Geeks to Go Virus, Spyware & Malware Removal forum. My name is Josh and I will be helping you remove your infection. I am only human not superman - I can make errors but will do my best to help you as best I can so we can solve your problems. If you have since resolved the original problem you were having, I would appreciate you letting me know. Please include a clear description of the problems you're having along with any steps you may have performed so far if you haven't already.

Some of the following instructions to begin the malware removal process can be hard to follow - let me know if you have any questions. Please read all of my responses through at least once before attempting to follow the procedures described. I would recommend printing them out, if you can, as you can check off each step as you complete it. Also please do not attempt any disinfection procedures without my instruction as things can go wrong that way or lengthen the time it takes to disinfect your computer. Also please follow your topic to conclusion or your system may not be completely clean, and it will be more vulnerable to future infections.

Throughout our interactions I will be using canned speeches. These are premade speeches for different scenarios we will encounter. If you find errors like bad links in my canned speeches please let me know so I can fix them.

Please copy and paste all logs into your reply. Do not attach logs to a post unless I tell you to or if they don't fit in the post.

One more thing - please refrain from using your computer until it is disinfected unless you absolutely have to (unless you are following my disinfection procedures) - if you do have to use your computer please disconnect it from the Internet - that way the current malware cannot propagate further infections.

Expect no more than 36 hours between your post and my response unless World War 3 breaks out and I will need at most 48 hours for initial analysis of your OTL log. Good luck! After 4 days if a topic is not replied to we assume it has been abandoned and it is closed.

The first step is to get a special OTL log by doing the following. Then we can begin disinfection. Please do the following:

  • Download OTL from here
  • Double click OTL Posted Image to run it. Make sure all other windows are closed to let it run uninterrupted.
  • Select the Scan All Users box in the middle on the top of the window
  • Under the Custom Scans/Fixes box paste this in:

    netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
services.*
WSHELPER.*
consrv.dll
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
C:\Windows\assembly\tmp\U\*.* /s
%Temp%\smtmp\1\*.*
%Temp%\smtmp\2\*.*
%Temp%\smtmp\3\*.*
%Temp%\smtmp\4\*.*
>C:\commands.txt echo list vol /raw /hide /c
/wait
>C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
/wait
type c:\diskreport.txt /c
/wait
erase c:\commands.txt /hide /c
/wait
erase c:\diskreport.txt /hide /c
CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. If you have already run OTL it won't open Extras.txt but Extras.txt will be in the same place as the new OTL.txt so simply open it manually.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

  • 0

#3
joseph456
Posted 03 January 2013 - 06:47 PM

joseph456

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 455 posts
Update: I did a System Restore which seemed to fix the programming problems. However, now I have folders that with (2) after them. Not sure what to do with them. Also downloaded, reinstalled and ran Malewarebytes.

This problem happened after I used Revo to uninstall the programs using the Advanced option. Now these two programs (7 Zip and Free File Viewer) are back and I am concerned about how to uninstall them. Also concerned with what the downloader may have added to the registry.

Seem to notice some higher activity so not sure that if computer is clean.

Should I just proceed with your previous instruction?

Thanks for your help
  • 0

#4
Crag_Hack
Posted 03 January 2013 - 07:02 PM

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,839 posts

However, now I have folders that with (2) after them. Not sure what to do with them.

Can you elaborate? Where are these folders located?

Also concerned with what the downloader may have added to the registry.

Are you referring to 7-Zip and Free File Viewer or Revo Uninstaller?

Now these two programs (7 Zip and Free File Viewer) are back and I am concerned about how to uninstall them.

Go the Start Menu --> Control Panel --> Add or Remove Programs and select them then click the Remove button. If this doesn't work reinstall the programs then follow the same method to uninstall them.
  • 0

#5
joseph456
Posted 03 January 2013 - 08:02 PM

joseph456

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 455 posts

Can you elaborate? Where are these folders located?


2 Files.JPG

Are you referring to 7-Zip and Free File Viewer or Revo Uninstaller?



Referring to the downloader when I installed these two programs. It was asking me to add all kinds of toolbar which I declined. Now I do not know what else it may have been doing.

Go the Start Menu --> Control Panel --> Add or Remove Programs and select them then click the Remove button. If this doesn't work reinstall the programs then follow the same method to uninstall them.


Can I use Revo to clean the registry of extraneous items from these programs?

*After these steps should I proceed with your OTL step in your first response?

Edited by joseph456, 03 January 2013 - 08:03 PM.

  • 0

#6
Crag_Hack
Posted 04 January 2013 - 04:12 PM

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,839 posts

Referring to the downloader when I installed these two programs. It was asking me to add all kinds of toolbar which I declined. Now I do not know what else it may have been doing.


I wouldn't worry about the downloader since those programs are legitimate. The only junk to worry about would be the toolbars you didn't install.

Can I use Revo to clean the registry of extraneous items from these programs?


I wouldn't worry about leftover registry data since it doesn't impact your system at all.

*After these steps should I proceed with your OTL step in your first response?


Yes please do that as well as this:

  • Download aswMBR.exe ( 1870KB ) to your desktop.
  • Double click the aswMBR.exe to run it
  • It will ask you if you want to download the latest Avast! virus definitions, answer yes

    Posted Image
  • Click the Scan button to start scan

    Posted Image
  • On completion of the scan click Save log, save it to your desktop and post in your next reply

  • 0

#7
joseph456
Posted 04 January 2013 - 07:45 PM

joseph456

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 455 posts
I tried to uninstall the two programs I installed previously: Free File Viewer and 7-zip. When I uninstalled 7-zip v 9.20 it caused the same computer problem I had before! Programs would not start and could not access internet via IE

I used the same previous System Restore point by finding the command and running it from the prompt. So that program is still on my computer and I cannot get it off.

Others seem to be having the same unresolved problem:

[/url]http://forums.cnet.com/7723-6142_102-566079/uninstalling-7-zip/[/url]

[/url]http://social.technet.microsoft.com/Forums/en-US/itproxpsp/thread/0a75dc5e-b837-429c-b379-5e9ce45fe081[/url]

[/url]http://www.tomshardware.com/forum/283151-45-nothing-works-after-uninstall[/url]

When I went to uninstall Free File Viewer the uninstall program was missing. I reinstalled it and then was able to uninstall it. Computer not affected the way it was with 7-zip.

FYI - the downloader that each program used is called "InstallIQ"

How can I uninstall 7-zip? I never knew that uninstalling a program could cause a computer problem.

Following are the logs you requested:

OTL

OTL logfile created on: 1/4/2013 7:48:55 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.59 Gb Available Physical Memory | 79.43% Memory free
4.85 Gb Paging File | 4.59 Gb Available in Paging File | 94.54% Paging File free
Paging file location(s): C:\pagefile.sys 3069 3069 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 20.14 Gb Free Space | 54.05% Space Free | Partition Type: NTFS

Computer Name: OWNER-FE8C2F80E | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/04 19:43:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2012/12/09 21:09:49 | 000,363,752 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2012/09/12 16:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/09/12 16:19:44 | 000,947,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/08/23 12:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2012/05/04 18:29:46 | 000,161,664 | ---- | M] (Oracle Corporation) -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
PRC - [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012/12/09 20:46:38 | 000,600,868 | ---- | M] () -- C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll
MOD - [2012/11/14 01:38:36 | 000,221,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\0284e2e0afcfd7ce09094b30c0486d46\System.ServiceProcess.ni.dll
MOD - [2012/11/14 01:38:08 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\fff1287f12f1ab73c271386342224a3a\System.Runtime.Remoting.ni.dll
MOD - [2012/11/14 01:38:05 | 000,787,456 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\6fc86a3e1d07ea824cd49b0c0b19d2f5\System.EnterpriseServices.ni.dll
MOD - [2012/11/14 01:38:04 | 000,649,728 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Transactions\102cfe160aeb1e16a35890004a421ec9\System.Transactions.ni.dll
MOD - [2012/11/14 01:27:51 | 006,815,232 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data\90f1acbd79e2a5fabfb8c516d6be36a3\System.Data.ni.dll
MOD - [2012/11/14 01:27:13 | 000,982,528 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\ed886fb71addf400705481dcf8de12da\System.Configuration.ni.dll
MOD - [2012/11/14 01:27:09 | 013,198,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\caffbced23ee85b40b919ad4a122b7aa\System.Windows.Forms.ni.dll
MOD - [2012/11/14 01:27:07 | 007,069,184 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\752225ca2585aa8f1c46b489e172e920\System.Core.ni.dll
MOD - [2012/11/14 01:26:43 | 005,617,664 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\cb0c00757e89f0b1fe282913ed667212\System.Xml.ni.dll
MOD - [2012/11/14 01:26:39 | 001,666,048 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\9422d0c052186760a4645e10995487f5\System.Drawing.ni.dll
MOD - [2012/11/14 01:26:24 | 009,093,632 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\811a7bc79f8f0a5be8065292a320819e\System.ni.dll
MOD - [2012/11/14 01:26:05 | 014,412,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\16126cae96ea2422253ae06eeb672abc\mscorlib.ni.dll
MOD - [2012/05/14 20:58:44 | 000,036,864 | ---- | M] () -- C:\WINDOWS\system32\pdf995mon.dll
MOD - [2008/09/16 19:18:06 | 000,132,608 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll


========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\system32\A9523AD0.exe -- (A9523AD0)
SRV - [2012/09/12 16:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/08/23 12:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2012/05/04 18:29:46 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2010/05/18 15:13:58 | 000,935,208 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2011/08/09 16:33:58 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\BANTExt.sys -- (BANTExt)
DRV - [2011/03/18 11:08:54 | 000,025,240 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2005/11/10 02:47:00 | 000,922,148 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial)
DRV - [2005/08/09 21:35:42 | 001,273,856 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2003/10/14 15:05:28 | 000,252,144 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97)
DRV - [2003/07/17 16:40:06 | 000,265,728 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [1996/04/03 14:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1275210071-1035525444-1606980848-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = https://www.netaddress.com/tpl/Doo [Binary data over 200 bytes]
IE - HKU\S-1-5-21-1275210071-1035525444-1606980848-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=en&source=iglk
IE - HKU\S-1-5-21-1275210071-1035525444-1606980848-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1275210071-1035525444-1606980848-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1275210071-1035525444-1606980848-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 78 ED DC 99 43 43 CD 01 [binary data]
IE - HKU\S-1-5-21-1275210071-1035525444-1606980848-1003\..\SearchScopes,DefaultScope = {3346F7CE-4424-41A1-BEC7-CEEEF930ACB1}
IE - HKU\S-1-5-21-1275210071-1035525444-1606980848-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKU\S-1-5-21-1275210071-1035525444-1606980848-1003\..\SearchScopes\{3346F7CE-4424-41A1-BEC7-CEEEF930ACB1}: "URL" = http://www.google.co...utputEncoding?}
IE - HKU\S-1-5-21-1275210071-1035525444-1606980848-1003\..\SearchScopes\{5F5C1C9A-0684-43EA-8CDA-E9A8A6350566}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\S-1-5-21-1275210071-1035525444-1606980848-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.co...ange/&reason=0"
FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:0.0.0
FF - prefs.js..extensions.enabledAddons: %7B1BC9BA34-1EED-42ca-A505-6D2F1A935BBB%7D:4.12.22.2
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/12/08 10:10:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/05/14 20:34:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2012/12/25 15:12:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\de1io1lr.default\extensions
[2012/12/25 15:12:40 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\de1io1lr.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
[2012/12/08 10:08:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/02/03 19:24:27 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2012/12/08 10:10:22 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/08/28 12:32:19 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/10/27 17:21:02 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2004/08/04 06:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Billminder.lnk = C:\QUICKENW\billmind.exe (Intuit)
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1275210071-1035525444-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O15 - HKU\S-1-5-21-1275210071-1035525444-1606980848-1003\..Trusted Domains: ebay.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-1275210071-1035525444-1606980848-1003\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop...t/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate...b?1318284984953 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1341705385671 (MUWebControl Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 4.2.2.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D25C92C6-0F60-4225-8714-F39218DF1473}: DhcpNameServer = 192.168.1.1 4.2.2.2
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/10/10 16:00:21 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/01/04 19:44:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\New Folder
[2013/01/04 19:43:41 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2013/01/04 19:25:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\APN
[2013/01/04 19:08:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\7-zip
[2013/01/04 19:08:14 | 000,000,000 | ---D | C] -- C:\Program Files\7-zip
[2013/01/01 19:32:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2013/01/01 19:32:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/01/01 19:31:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2013/01/01 19:31:48 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/01/01 19:31:47 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/01/01 19:19:09 | 000,000,000 | ---D | C] -- C:\Program Files\FreeFileViewer
[2013/01/01 18:07:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes(2)
[2013/01/01 18:07:21 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware(2)
[2013/01/01 15:54:56 | 000,444,096 | ---- | C] (W3i, LLC) -- C:\Documents and Settings\Owner\Desktop\freefileviewer_2.exe
[2012/12/23 14:02:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SlimCleaner
[2012/12/18 14:32:28 | 000,032,256 | ---- | C] (UltraDefrag Development Team) -- C:\WINDOWS\System32\udefrag.exe
[2012/12/18 14:32:24 | 000,008,704 | ---- | C] (UltraDefrag Development Team) -- C:\WINDOWS\System32\hibernate4win.exe
[2012/12/18 14:32:22 | 000,010,240 | ---- | C] (UltraDefrag Development Team) -- C:\WINDOWS\System32\bootexctrl.exe
[2012/12/18 14:32:20 | 000,024,064 | ---- | C] (UltraDefrag Development Team) -- C:\WINDOWS\System32\wgx.dll
[2012/12/18 14:32:00 | 000,050,176 | ---- | C] (UltraDefrag Development Team) -- C:\WINDOWS\System32\udefrag.dll
[2012/12/18 14:31:58 | 000,328,192 | ---- | C] (UltraDefrag Development Team) -- C:\WINDOWS\System32\zenwinx.dll
[2012/12/18 14:31:56 | 000,380,416 | ---- | C] (UltraDefrag Development Team) -- C:\WINDOWS\System32\defrag_native.exe
[2012/12/17 09:30:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Auslogics
[2012/12/15 18:51:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TurboTax 2012
[2012/12/08 10:51:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\Toolbar Cleaner
[2012/12/08 10:51:07 | 000,000,000 | ---D | C] -- C:\Program Files\Toolbar Cleaner
[2012/12/08 10:08:45 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox

========== Files - Modified Within 30 Days ==========

[2013/01/04 19:45:36 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2013/01/04 19:43:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2013/01/04 19:35:54 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/01/04 19:35:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/01/04 11:23:58 | 000,001,774 | -H-- | M] () -- C:\Documents and Settings\Owner\My Documents\Default.rdp
[2013/01/01 20:31:31 | 000,001,537 | ---- | M] () -- C:\WINDOWS\QUICKEN.INI
[2013/01/01 15:55:02 | 000,444,096 | ---- | M] (W3i, LLC) -- C:\Documents and Settings\Owner\Desktop\freefileviewer_2.exe
[2013/01/01 15:51:43 | 000,000,633 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\7-zip.lnk
[2012/12/31 10:54:38 | 000,005,093 | ---- | M] () -- C:\fraglist.luar
[2012/12/31 10:10:26 | 000,001,723 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Belarc Advisor.lnk
[2012/12/31 10:10:26 | 000,001,705 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Belarc Advisor.lnk
[2012/12/28 15:45:04 | 000,000,060 | ---- | M] () -- C:\WINDOWS\wpd99.drv
[2012/12/26 15:36:45 | 000,248,041 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\The Secret Powers of the Son-in-Law - WSJ.pdf
[2012/12/26 14:36:24 | 000,157,296 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\misc.pdf
[2012/12/23 19:16:15 | 000,064,509 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\misc1.pdf
[2012/12/22 10:55:41 | 000,052,736 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\yearbook_web.jpg
[2012/12/21 10:55:06 | 000,000,736 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\UltraDefrag.lnk
[2012/12/21 10:55:06 | 000,000,718 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\UltraDefrag.lnk
[2012/12/18 14:32:28 | 000,032,256 | ---- | M] (UltraDefrag Development Team) -- C:\WINDOWS\System32\udefrag.exe
[2012/12/18 14:32:24 | 000,008,704 | ---- | M] (UltraDefrag Development Team) -- C:\WINDOWS\System32\hibernate4win.exe
[2012/12/18 14:32:22 | 000,010,240 | ---- | M] (UltraDefrag Development Team) -- C:\WINDOWS\System32\bootexctrl.exe
[2012/12/18 14:32:20 | 000,024,064 | ---- | M] (UltraDefrag Development Team) -- C:\WINDOWS\System32\wgx.dll
[2012/12/18 14:32:08 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\lua5.1a.dll
[2012/12/18 14:32:00 | 000,050,176 | ---- | M] (UltraDefrag Development Team) -- C:\WINDOWS\System32\udefrag.dll
[2012/12/18 14:31:58 | 000,328,192 | ---- | M] (UltraDefrag Development Team) -- C:\WINDOWS\System32\zenwinx.dll
[2012/12/18 14:31:56 | 000,380,416 | ---- | M] (UltraDefrag Development Team) -- C:\WINDOWS\System32\defrag_native.exe
[2012/12/16 10:27:04 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/12/15 19:07:40 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TurboTax 2012.lnk
[2012/12/15 18:55:52 | 000,000,744 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
[2012/12/15 10:24:39 | 000,076,161 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\misc2.pdf
[2012/12/15 09:59:33 | 000,161,943 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\misc3.pdf
[2012/12/14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/12/11 18:38:29 | 000,002,489 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Calculator Plus.lnk
[2012/12/08 10:51:10 | 000,000,761 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Toolbar Cleaner.lnk

========== Files Created - No Company Name ==========

[2013/01/01 16:09:48 | 000,002,511 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office Word Viewer 2003.lnk
[2013/01/01 15:51:43 | 000,000,633 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\7-zip.lnk
[2012/12/31 10:10:26 | 000,001,723 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Belarc Advisor.lnk
[2012/12/31 10:10:26 | 000,001,705 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Belarc Advisor.lnk
[2012/12/29 19:28:33 | 000,005,093 | ---- | C] () -- C:\fraglist.luar
[2012/12/26 15:36:40 | 000,248,041 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\misc4.pdf
[2012/12/26 14:36:21 | 000,157,296 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\misc5.pdf
[2012/12/23 19:16:11 | 000,064,509 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\misc6 .pdf
[2012/12/22 10:55:40 | 000,052,736 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\yearbook_web.jpg
[2012/12/18 14:32:08 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\lua5.1a.dll
[2012/12/15 18:51:27 | 000,002,447 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TurboTax 2012.lnk
[2012/12/15 10:24:39 | 000,076,161 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\misc7.pdf
[2012/12/15 09:59:29 | 000,161,943 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\misc8.pdf
[2012/12/08 10:51:10 | 000,000,761 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Toolbar Cleaner.lnk
[2012/09/13 01:23:20 | 000,000,101 | ---- | C] () -- C:\WINDOWS\System32\ud-boot-time.ini
[2012/08/16 23:56:11 | 000,000,107 | ---- | C] () -- C:\WINDOWS\INTUIT.INI
[2012/06/29 23:40:04 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2012/06/10 19:44:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QFNONL.ini
[2012/06/10 19:44:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QFN.ini
[2012/06/10 19:44:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QDQICK.ini
[2012/06/04 19:43:40 | 000,068,048 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/06/04 07:39:46 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\downloads.m3u
[2012/06/01 23:17:37 | 000,000,030 | ---- | C] () -- C:\WINDOWS\INTURS.DAT
[2012/06/01 23:16:51 | 000,000,028 | ---- | C] () -- C:\WINDOWS\ICOA.INI
[2012/06/01 23:15:20 | 000,000,052 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2012/06/01 23:15:19 | 000,001,537 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2012/06/01 23:15:18 | 000,000,252 | ---- | C] () -- C:\WINDOWS\addrbook.ini
[2012/06/01 23:15:17 | 000,005,776 | ---- | C] () -- C:\WINDOWS\icoadb32.dat
[2012/05/15 19:51:48 | 000,877,094 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1275210071-1035525444-1606980848-1003-0.dat
[2012/05/15 19:51:47 | 000,120,142 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/05/15 07:03:34 | 000,000,744 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
[2012/05/14 21:00:24 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2012/05/14 20:58:45 | 000,000,060 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2012/05/14 20:58:44 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2012/05/14 20:40:58 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2012/02/14 22:19:50 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/31 13:18:40 | 000,000,162 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\default.rss
[2012/01/30 15:08:55 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/30 14:41:00 | 000,000,007 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\date
[2012/01/30 14:40:59 | 000,000,002 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\evf6
[2012/01/30 14:21:12 | 000,243,200 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2012/01/30 14:21:08 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2012/01/26 17:49:37 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2012/01/26 17:46:12 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2011/11/25 12:30:43 | 000,299,008 | ---- | C] () -- C:\WINDOWS\System32\DLEAsm.dll
[2011/11/25 12:30:43 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\DLEAsmr.dll
[2011/10/10 17:23:20 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\stac97co.dll
[2011/10/10 16:21:53 | 000,005,308 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/10/10 16:14:15 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56spn.dll
[2011/10/10 16:14:15 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56itl.dll
[2011/10/10 16:14:15 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56eng.dll
[2011/10/10 16:14:15 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56brz.dll
[2011/10/10 16:14:15 | 000,061,440 | ---- | C] () -- C:\WINDOWS\sm56ger.dll
[2011/10/10 16:14:15 | 000,061,440 | ---- | C] () -- C:\WINDOWS\sm56fra.dll
[2011/10/10 16:14:15 | 000,053,248 | ---- | C] () -- C:\WINDOWS\sm56jpn.dll
[2011/10/10 16:14:15 | 000,049,152 | ---- | C] () -- C:\WINDOWS\sm56cht.dll
[2011/10/10 16:14:15 | 000,049,152 | ---- | C] () -- C:\WINDOWS\sm56chs.dll
[2011/10/10 16:13:05 | 000,095,617 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2011/10/10 16:05:08 | 004,456,448 | -H-- | C] () -- C:\Documents and Settings\Owner\NTUSER.bak
[2011/10/10 16:03:11 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/10/10 15:56:40 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/10/10 11:49:41 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

========== ZeroAccess Check ==========

[2012/01/30 14:02:18 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 04:42:06 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 04:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/01/04 19:25:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\APN
[2012/01/29 22:16:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2012/05/26 10:29:25 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2012/11/10 16:42:59 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
[2012/03/05 16:47:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ETTB
[2012/12/11 19:33:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2012/12/28 15:45:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2012/05/16 23:51:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/05/14 13:05:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Auslogics
[2012/01/29 22:16:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Babylon
[2012/11/10 16:42:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Canon
[2012/06/01 19:39:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\HandBrake
[2012/01/31 13:46:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ImgBurn
[2012/01/30 14:58:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leawo
[2012/06/13 21:48:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Oracle
[2012/05/14 21:00:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\pdf995
[2012/01/30 14:58:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\tiger-k
[2012/03/05 18:01:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Windows Desktop Search
[2012/05/14 13:57:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Windows Search
[2012/08/20 19:10:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\WinPatrol
[2012/02/08 15:48:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Xilisoft Corporation

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: SERVICES >
[2004/08/04 06:00:00 | 000,007,116 | ---- | M] () MD5=95826940E657FE0567A8EC0F2A6AD11A -- C:\Documents and Settings\Owner\My Documents\etc\services
[2004/08/04 06:00:00 | 000,007,116 | ---- | M] () MD5=95826940E657FE0567A8EC0F2A6AD11A -- C:\WINDOWS\system32\drivers\etc\services

< MD5 for: SERVICES.CFG >
[2012/09/23 19:43:36 | 000,603,848 | ---- | M] () MD5=81B120EAEE296F0E54F66C16C5A21367 -- C:\Program Files\Adobe\Reader 11.0\Reader\Services\Services.cfg

< MD5 for: SERVICES.EXE >
[2009/02/06 06:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
[2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe

< MD5 for: SERVICES.HTML >
[2008/04/16 11:29:04 | 000,004,166 | ---- | M] () MD5=DB0CABD236311DDEB186C9B8A13F39A6 -- C:\Program Files\BillP Studios\WinPatrol\services.html

< MD5 for: SERVICES.LNK >
[2012/07/14 20:20:45 | 000,001,602 | ---- | M] () MD5=A829C15E186C562B19FF31F5581A3C2F -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Services.lnk

< MD5 for: SERVICES.MSC >
[2004/08/04 06:00:00 | 000,033,464 | ---- | M] () MD5=E8089AA2A6F7FEE89B38C1F2D77BA6C6 -- C:\WINDOWS\system32\services.msc

< MD5 for: SVCHOST.EXE >
[2012/12/14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2008/04/14 04:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008/04/14 04:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/04/14 04:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/14 04:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012/12/14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/14 04:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/14 04:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< C:\Windows\assembly\tmp\U\*.* /s >
[2011/10/10 15:58:02 | 000,000,065 | RH-- | C] () -- C:\WINDOWS\Tasks\desktop.ini
[2011/10/10 16:04:22 | 000,000,006 | -H-- | C] () -- C:\WINDOWS\Tasks\SA.DAT
[2012/10/20 00:31:28 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

< type c:\diskreport.txt /c >
Microsoft DiskPart version 5.1.3565
Copyright © 1999-2003 Microsoft Corporation.
On computer: OWNER-FE8C2F80E
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
Volume 0 D DVD-ROM 0 B
Volume 1 C NTFS Partition 37 GB Healthy System

< End of report >

OTL Extras

OTL Extras logfile created on: 1/4/2013 7:48:55 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.59 Gb Available Physical Memory | 79.43% Memory free
4.85 Gb Paging File | 4.59 Gb Available in Paging File | 94.54% Paging File free
Paging file location(s): C:\pagefile.sys 3069 3069 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 20.14 Gb Free Space | 54.05% Space Free | Partition Type: NTFS

Computer Name: OWNER-FE8C2F80E | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-1275210071-1035525444-1606980848-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiMalware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
"80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe" = C:\Program Files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe:*:Enabled:ABBYY FineReader
"C:\Documents and Settings\Owner\Local Settings\Application Data\LogMeIn Rescue Applet\LMIR0001.tmp\lmi_rescue.exe" = C:\Documents and Settings\Owner\Local Settings\Application Data\LogMeIn Rescue Applet\LMIR0001.tmp\lmi_rescue.exe:*:Enabled:LogMeIn Rescue
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\WINDOWS\system32\rundll32.exe" = C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App -- (Microsoft Corporation)
"C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update v4 Shared Downloads Server -- (Intuit Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP490_series" = Canon MP490 series MP Drivers
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1FE417E2-6B8F-44CA-A7DF-A4BD072E8ED8}_is1" = Leawo DVD Ripper version 4.3.0.0
"{1FE80E58-0774-4EC3-B6BA-68876B88D4B9}" = TurboTax 2011 wvaiper
"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 10
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5D9BE3C1-8BA4-4E7E-82FD-9F74FA6815D1}" = Nero Vision Help
"{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner
"{6eb90063-f7c5-42f8-b197-571607c158d9}" = Nero 9 Essentials
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
"{83073C45-3003-4671-9A86-243AAADD915A}" = Microsoft Calculator Plus
"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{89EC099E-958D-462E-972C-385591946978}" = TurboTax 2012 WinPerFedFormset
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{95120000-003F-0409-0000-0000000FF1CE}" = Microsoft Office Excel Viewer
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98EABC7F-B1A1-43A5-B505-5B4EC3908DCD}" = Microsoft Security Client
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = C-Major Audio
"{A62F9CD0-B2E0-4F2A-88F2-79254A3C8539}" = WinPatrol
"{A8B1F076-965D-4663-A9D4-C2FB58A42AE4}" = TurboTax 2012 WinPerTaxSupport
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{C9E4932C-8417-4E4C-A0E3-EE534810AB4D}" = ClearType Tuning Control Panel Applet
"{CAF5B770-082F-40C4-853D-3973BB81BDAA}" = TurboTax 2011 WinPerTaxSupport
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}" = Nero ShowTime
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E463E171-4082-4744-A466-F7CBE8502789}" = TurboTax 2011 WinPerReleaseEngine
"{E498385E-1C51-459A-B45F-1721E37AA1A0}" = Movie Templates - Starter Kit
"{E829EED6-D748-40C8-92DF-87FD22E6BCEE}" = SlimCleaner
"{E83F5F27-43F3-4163-ABE5-F68C989286ED}" = TurboTax 2012 wrapper
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EE556A3E-EB37-4392-9637-BAA8EC2F47FA}" = TurboTax 2011 wrapper
"{F014B696-28C5-4554-802F-A15380418F53}" = TurboTax 2012 WinPerReleaseEngine
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{F6BDD7C5-89ED-4569-9318-469AA9732572}" = Nero BurnRights Help
"{F8A10A25-D8DD-4661-9A1E-7F6DBAAA3C5E}" = inSSIDer
"{FAD3D68B-2F9C-459B-AA79-C04B9090FD72}" = TurboTax 2011 WinPerFedFormset
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"7-zip" = 7-zip v9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ATI Display Driver" = ATI Display Driver
"Belarc Advisor" = Belarc Advisor 8.3
"CCleaner" = CCleaner
"CleanUp!" = CleanUp!
"Defraggler" = Defraggler
"ERUNT_is1" = ERUNT 1.1j
"FileHippo.com" = FileHippo.com Update Checker
"HD Tune_is1" = HD Tune 2.55
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"KLiteCodecPack_is1" = K-Lite Codec Pack 8.2.0 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 17.0.1 (x86 en-US)" = Mozilla Firefox 17.0.1 (x86 en-US)
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Pdf995" = Pdf995
"PROSet" = Intel® PRO Network Connections Drivers
"Quicken Deluxe 98" = Quicken Deluxe 98
"Recuva" = Recuva
"Revo Uninstaller" = Revo Uninstaller 1.94
"SMSERIAL" = Motorola SM56 Data Fax Modem
"Speccy" = Speccy
"SpeedFan" = SpeedFan (remove only)
"Toolbar Cleaner" = Toolbar Cleaner 1.1
"TurboTax 2011" = TurboTax 2011
"TurboTax 2012" = TurboTax 2012
"UltraDefrag" = Ultra Defragmenter
"VLC media player" = VLC media player 2.0.4
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8/23/2012 4:48:08 PM | Computer Name = OWNER-FE8C2F80E | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P2 4.0.1526.0, P3 timeout, P4 1.1.8703.0, P5 fixed, P6 2 _ 2048, P7 5 _ not boot,
P8 NIL, P9 NIL, P10 NIL.

Error - 8/23/2012 9:07:24 PM | Computer Name = OWNER-FE8C2F80E | Source = Microsoft Security Client | ID = 5000
Description =

Error - 8/23/2012 9:07:31 PM | Computer Name = OWNER-FE8C2F80E | Source = Microsoft Security Client | ID = 5000
Description =

Error - 9/23/2012 11:46:53 AM | Computer Name = OWNER-FE8C2F80E | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\OWNER\RECENT\DESKTOP.INI> in
the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
A
device attached to the system is not functioning. (0x8007001f)

Error - 9/23/2012 11:46:53 AM | Computer Name = OWNER-FE8C2F80E | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\OWNER\RECENT\DESKTOP.INI> in
the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
A
device attached to the system is not functioning. (0x8007001f)

Error - 10/20/2012 1:58:29 AM | Computer Name = OWNER-FE8C2F80E | Source = Microsoft Security Client | ID = 5000
Description =

Error - 11/3/2012 4:32:11 PM | Computer Name = OWNER-FE8C2F80E | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\OWNER\RECENT\NEW FOLDER.LNK>
in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
A
device attached to the system is not functioning. (0x8007001f)

Error - 11/21/2012 8:24:20 PM | Computer Name = OWNER-FE8C2F80E | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P2 4.1.522.0, P3 timeout, P4 1.1.9002.0, P5 fixed, P6 2 _ 2048, P7 5 _ not boot,
P8 NIL, P9 NIL, P10 NIL.

Error - 1/1/2013 7:10:59 PM | Computer Name = OWNER-FE8C2F80E | Source = Microsoft Security Client | ID = 5000
Description =

Error - 1/4/2013 8:16:52 PM | Computer Name = OWNER-FE8C2F80E | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 unspecified, P2 hardeningtelemetry, P3 hardeningtelemetrydisablertp,
P4 4.1.522.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10
NIL.

[ System Events ]
Error - 1/1/2013 12:39:58 PM | Computer Name = OWNER-FE8C2F80E | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.1.65 on
the Network Card with network address 00E0B85CE65F.

Error - 1/1/2013 5:34:49 PM | Computer Name = OWNER-FE8C2F80E | Source = Service Control Manager | ID = 7034
Description = The Intuit Update Service v4 service terminated unexpectedly. It
has done this 1 time(s).

Error - 1/1/2013 5:34:55 PM | Computer Name = OWNER-FE8C2F80E | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 1/1/2013 6:08:45 PM | Computer Name = OWNER-FE8C2F80E | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070641: Security Update for Microsoft Office 2007 suites (KB2596615).

Error - 1/1/2013 6:08:45 PM | Computer Name = OWNER-FE8C2F80E | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070641: Security Update for Microsoft Office 2007 suites (KB2596785).

Error - 1/1/2013 6:08:45 PM | Computer Name = OWNER-FE8C2F80E | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070641: Security Update for Microsoft Office 2007 suites (KB2596672).

Error - 1/1/2013 6:08:45 PM | Computer Name = OWNER-FE8C2F80E | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070641: Security Update for Microsoft Office 2007 suites (KB2596856).

Error - 1/1/2013 8:41:33 PM | Computer Name = OWNER-FE8C2F80E | Source = Service Control Manager | ID = 7034
Description = The Intuit Update Service v4 service terminated unexpectedly. It
has done this 1 time(s).

Error - 1/1/2013 8:41:37 PM | Computer Name = OWNER-FE8C2F80E | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 1/3/2013 9:28:27 AM | Computer Name = OWNER-FE8C2F80E | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.1.65 on
the Network Card with network address 00E0B85CE65F.


< End of report >

aswMBR

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-01-04 20:04:26
-----------------------------
20:04:26.421 OS Version: Windows 5.1.2600 Service Pack 3
20:04:26.421 Number of processors: 2 586 0x209
20:04:26.421 ComputerName: OWNER-FE8C2F80E UserName: Owner
20:04:27.390 Initialize success
20:18:21.265 AVAST engine defs: 13010401
20:18:30.312 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
20:18:30.312 Disk 0 Vendor: IC25N040ATMR04-0 MO2OAD4A Size: 38154MB BusType: 3
20:18:30.343 Disk 0 MBR read successfully
20:18:30.343 Disk 0 MBR scan
20:18:30.390 Disk 0 Windows XP default MBR code
20:18:30.390 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 38146 MB offset 63
20:18:30.406 Disk 0 scanning sectors +78124095
20:18:30.500 Disk 0 scanning C:\WINDOWS\system32\drivers
20:18:54.890 Service scanning
20:19:11.250 Service MpKsl9fbe9a5f c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1D3241AA-BE39-41B9-B401-1758A00ED1D5}\MpKsl9fbe9a5f.sys **LOCKED** 32
20:19:32.140 Modules scanning
20:19:42.437 Disk 0 trace - called modules:
20:19:42.453 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys intelide.sys PCIIDEX.SYS
20:19:42.468 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89b8fab8]
20:19:42.468 3 CLASSPNP.SYS[f7657fd7] -> nt!IofCallDriver -> \Device\00000074[0x89c0f1f0]
20:19:42.468 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x89b92940]
20:19:42.890 AVAST engine scan C:\WINDOWS
20:19:49.343 AVAST engine scan C:\WINDOWS\system32
20:26:31.078 AVAST engine scan C:\WINDOWS\system32\drivers
20:26:53.359 AVAST engine scan C:\Documents and Settings\Owner
20:30:41.125 AVAST engine scan C:\Documents and Settings\All Users
20:32:05.812 Scan finished successfully
20:32:28.109 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"
20:32:28.125 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt"

Edited by joseph456, 04 January 2013 - 09:00 PM.

  • 0

#8
Crag_Hack
Posted 05 January 2013 - 06:30 PM

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,839 posts
Hi joseph456. I finished looking at your OTL and aswMBR logs. Everything looks clean save one entry. We will now clean that entry. I will get back to you with further instructions tomorrow.

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
[emptytemp]
[CREATERESTOREPOINT]

:OTL
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\system32\A9523AD0.exe -- (A9523AD0)
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Then post the produced log (it will be in C:\_OTL\MovedFiles with a filename beginning with the date)
  • Open OTL again
  • Select the Scan All Users box in the middle on the top of the window
  • Click the Quick Scan button. Post the log it produces in your next reply as well.

Things to see in your next post:
OTL fix log (it will be in C:\_OTL\MovedFiles with a filename beginning with the date)
OTL quick scan log
  • 0

#9
joseph456
Posted 06 January 2013 - 12:37 AM

joseph456

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 455 posts
Thanks

FYI - Also noticed there are a couple of instances of "InstallIQ" when I searched the registry. Should I be concerned?

Here they are:

OTL fix log (it will be in C:\_OTL\MovedFiles with a filename beginning with the date)



All processes killed
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 6942 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Owner
->Temp folder emptied: 72380 bytes
->Temporary Internet Files folder emptied: 2562527 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 97530101 bytes
->Flash cache emptied: 877 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 5489 bytes

Total Files Cleaned = 96.00 mb

Restore point Set: OTL Restore Point
========== OTL ==========
Service A9523AD0 stopped successfully!
Service A9523AD0 deleted successfully!
File C:\WINDOWS\system32\A9523AD0.exe not found.

OTL by OldTimer - Version 3.2.69.0 log created on 01062013_011204

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


OTL quick scan log



OTL logfile created on: 1/6/2013 1:21:08 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.49 Gb Available Physical Memory | 74.42% Memory free
4.85 Gb Paging File | 4.49 Gb Available in Paging File | 92.63% Paging File free
Paging file location(s): C:\pagefile.sys 3069 3069 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 19.90 Gb Free Space | 53.41% Space Free | Partition Type: NTFS

Computer Name: OWNER-FE8C2F80E | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/04 19:43:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2012/12/09 21:09:49 | 000,363,752 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2012/09/12 16:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/09/12 16:19:44 | 000,947,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/08/23 12:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2012/05/04 18:29:46 | 000,161,664 | ---- | M] (Oracle Corporation) -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
PRC - [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012/12/09 20:46:38 | 000,600,868 | ---- | M] () -- C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll
MOD - [2012/11/14 01:38:36 | 000,221,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\0284e2e0afcfd7ce09094b30c0486d46\System.ServiceProcess.ni.dll
MOD - [2012/11/14 01:38:08 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\fff1287f12f1ab73c271386342224a3a\System.Runtime.Remoting.ni.dll
MOD - [2012/11/14 01:38:05 | 000,787,456 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\6fc86a3e1d07ea824cd49b0c0b19d2f5\System.EnterpriseServices.ni.dll
MOD - [2012/11/14 01:38:04 | 000,649,728 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Transactions\102cfe160aeb1e16a35890004a421ec9\System.Transactions.ni.dll
MOD - [2012/11/14 01:27:51 | 006,815,232 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data\90f1acbd79e2a5fabfb8c516d6be36a3\System.Data.ni.dll
MOD - [2012/11/14 01:27:13 | 000,982,528 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\ed886fb71addf400705481dcf8de12da\System.Configuration.ni.dll
MOD - [2012/11/14 01:27:09 | 013,198,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\caffbced23ee85b40b919ad4a122b7aa\System.Windows.Forms.ni.dll
MOD - [2012/11/14 01:27:07 | 007,069,184 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\752225ca2585aa8f1c46b489e172e920\System.Core.ni.dll
MOD - [2012/11/14 01:26:43 | 005,617,664 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\cb0c00757e89f0b1fe282913ed667212\System.Xml.ni.dll
MOD - [2012/11/14 01:26:39 | 001,666,048 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\9422d0c052186760a4645e10995487f5\System.Drawing.ni.dll
MOD - [2012/11/14 01:26:24 | 009,093,632 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\811a7bc79f8f0a5be8065292a320819e\System.ni.dll
MOD - [2012/11/14 01:26:05 | 014,412,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\16126cae96ea2422253ae06eeb672abc\mscorlib.ni.dll
MOD - [2012/05/14 20:58:44 | 000,036,864 | ---- | M] () -- C:\WINDOWS\system32\pdf995mon.dll


========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012/09/12 16:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/08/23 12:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2012/05/04 18:29:46 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2010/05/18 15:13:58 | 000,935,208 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2011/08/09 16:33:58 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\BANTExt.sys -- (BANTExt)
DRV - [2011/03/18 11:08:54 | 000,025,240 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2005/11/10 02:47:00 | 000,922,148 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial)
DRV - [2005/08/09 21:35:42 | 001,273,856 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2003/10/14 15:05:28 | 000,252,144 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97)
DRV - [2003/07/17 16:40:06 | 000,265,728 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [1996/04/03 14:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1275210071-1035525444-1606980848-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = https://www.netaddress.com/tpl/Doo [Binary data over 200 bytes]
IE - HKU\S-1-5-21-1275210071-1035525444-1606980848-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=en&source=iglk
IE - HKU\S-1-5-21-1275210071-1035525444-1606980848-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1275210071-1035525444-1606980848-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1275210071-1035525444-1606980848-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 78 ED DC 99 43 43 CD 01 [binary data]
IE - HKU\S-1-5-21-1275210071-1035525444-1606980848-1003\..\SearchScopes,DefaultScope = {3346F7CE-4424-41A1-BEC7-CEEEF930ACB1}
IE - HKU\S-1-5-21-1275210071-1035525444-1606980848-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKU\S-1-5-21-1275210071-1035525444-1606980848-1003\..\SearchScopes\{3346F7CE-4424-41A1-BEC7-CEEEF930ACB1}: "URL" = http://www.google.co...utputEncoding?}
IE - HKU\S-1-5-21-1275210071-1035525444-1606980848-1003\..\SearchScopes\{5F5C1C9A-0684-43EA-8CDA-E9A8A6350566}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\S-1-5-21-1275210071-1035525444-1606980848-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.co...ange/&reason=0"
FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:0.0.0
FF - prefs.js..extensions.enabledAddons: %7B1BC9BA34-1EED-42ca-A505-6D2F1A935BBB%7D:4.12.22.2
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/12/08 10:10:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/05/14 20:34:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2012/12/25 15:12:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\de1io1lr.default\extensions
[2012/12/25 15:12:40 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\de1io1lr.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
[2012/12/08 10:08:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/02/03 19:24:27 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2012/12/08 10:10:22 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/08/28 12:32:19 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/10/27 17:21:02 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2004/08/04 06:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Billminder.lnk = C:\QUICKENW\billmind.exe (Intuit)
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1275210071-1035525444-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O15 - HKU\S-1-5-21-1275210071-1035525444-1606980848-1003\..Trusted Domains: ebay.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-1275210071-1035525444-1606980848-1003\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop...t/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate...b?1318284984953 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1341705385671 (MUWebControl Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 4.2.2.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2A398A8B-AFD8-4FE6-88EA-A15565B79B08}: DhcpNameServer = 192.168.1.1 4.2.2.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D25C92C6-0F60-4225-8714-F39218DF1473}: DhcpNameServer = 192.168.1.1 4.2.2.2
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/10/10 16:00:21 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/06 01:12:04 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/01/04 23:03:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013/01/04 20:03:11 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Owner\Desktop\aswMBR.exe
[2013/01/04 19:44:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\New Folder
[2013/01/04 19:43:41 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2013/01/04 19:25:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\APN
[2013/01/04 19:08:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\7-zip
[2013/01/04 19:08:14 | 000,000,000 | ---D | C] -- C:\Program Files\7-zip
[2013/01/01 19:32:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2013/01/01 19:32:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/01/01 19:31:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2013/01/01 19:31:48 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/01/01 19:31:47 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/01/01 19:19:09 | 000,000,000 | ---D | C] -- C:\Program Files\FreeFileViewer
[2013/01/01 18:07:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes(2)
[2013/01/01 18:07:21 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware(2)
[2012/12/23 14:02:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SlimCleaner
[2012/12/18 14:32:28 | 000,032,256 | ---- | C] (UltraDefrag Development Team) -- C:\WINDOWS\System32\udefrag.exe
[2012/12/18 14:32:24 | 000,008,704 | ---- | C] (UltraDefrag Development Team) -- C:\WINDOWS\System32\hibernate4win.exe
[2012/12/18 14:32:22 | 000,010,240 | ---- | C] (UltraDefrag Development Team) -- C:\WINDOWS\System32\bootexctrl.exe
[2012/12/18 14:32:20 | 000,024,064 | ---- | C] (UltraDefrag Development Team) -- C:\WINDOWS\System32\wgx.dll
[2012/12/18 14:32:00 | 000,050,176 | ---- | C] (UltraDefrag Development Team) -- C:\WINDOWS\System32\udefrag.dll
[2012/12/18 14:31:58 | 000,328,192 | ---- | C] (UltraDefrag Development Team) -- C:\WINDOWS\System32\zenwinx.dll
[2012/12/18 14:31:56 | 000,380,416 | ---- | C] (UltraDefrag Development Team) -- C:\WINDOWS\System32\defrag_native.exe
[2012/12/17 09:30:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Auslogics
[2012/12/15 18:51:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TurboTax 2012
[2012/12/08 10:51:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\Toolbar Cleaner
[2012/12/08 10:51:07 | 000,000,000 | ---D | C] -- C:\Program Files\Toolbar Cleaner
[2012/12/08 10:08:45 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox

========== Files - Modified Within 30 Days ==========

[2013/01/06 01:24:02 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2013/01/06 01:14:29 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/01/06 01:13:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/01/06 01:13:48 | 000,128,504 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/01/05 17:10:30 | 000,424,469 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\misc1.pdf
[2013/01/05 17:05:19 | 000,117,788 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\misc2.pdf
[2013/01/05 17:05:18 | 000,000,060 | ---- | M] () -- C:\WINDOWS\wpd99.drv
[2013/01/05 17:04:21 | 000,117,649 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\misc3.pdf
[2013/01/05 10:35:51 | 000,001,774 | -H-- | M] () -- C:\Documents and Settings\Owner\My Documents\Default.rdp
[2013/01/04 22:36:11 | 000,000,153 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\default.rss
[2013/01/04 22:36:11 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2013/01/04 20:32:28 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\MBR.dat
[2013/01/04 20:04:19 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Owner\Desktop\aswMBR.exe
[2013/01/04 19:43:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2013/01/01 20:31:31 | 000,001,537 | ---- | M] () -- C:\WINDOWS\QUICKEN.INI
[2013/01/01 15:51:43 | 000,000,633 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\7-zip.lnk
[2012/12/31 10:54:38 | 000,005,093 | ---- | M] () -- C:\fraglist.luar
[2012/12/31 10:10:26 | 000,001,723 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Belarc Advisor.lnk
[2012/12/31 10:10:26 | 000,001,705 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Belarc Advisor.lnk
[2012/12/26 15:36:45 | 000,248,041 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\misc4.pdf
[2012/12/26 14:36:24 | 000,157,296 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\misc5.pdf
[2012/12/23 19:16:15 | 000,064,509 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\misc6.pdf
[2012/12/22 10:55:41 | 000,052,736 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\misc7.jpg
[2012/12/21 10:55:06 | 000,000,736 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\UltraDefrag.lnk
[2012/12/21 10:55:06 | 000,000,718 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\UltraDefrag.lnk
[2012/12/18 14:32:28 | 000,032,256 | ---- | M] (UltraDefrag Development Team) -- C:\WINDOWS\System32\udefrag.exe
[2012/12/18 14:32:24 | 000,008,704 | ---- | M] (UltraDefrag Development Team) -- C:\WINDOWS\System32\hibernate4win.exe
[2012/12/18 14:32:22 | 000,010,240 | ---- | M] (UltraDefrag Development Team) -- C:\WINDOWS\System32\bootexctrl.exe
[2012/12/18 14:32:20 | 000,024,064 | ---- | M] (UltraDefrag Development Team) -- C:\WINDOWS\System32\wgx.dll
[2012/12/18 14:32:08 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\lua5.1a.dll
[2012/12/18 14:32:00 | 000,050,176 | ---- | M] (UltraDefrag Development Team) -- C:\WINDOWS\System32\udefrag.dll
[2012/12/18 14:31:58 | 000,328,192 | ---- | M] (UltraDefrag Development Team) -- C:\WINDOWS\System32\zenwinx.dll
[2012/12/18 14:31:56 | 000,380,416 | ---- | M] (UltraDefrag Development Team) -- C:\WINDOWS\System32\defrag_native.exe
[2012/12/15 19:07:40 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TurboTax 2012.lnk
[2012/12/15 18:55:52 | 000,000,744 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
[2012/12/15 10:24:39 | 000,076,161 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\misc8.pdf
[2012/12/15 09:59:33 | 000,161,943 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\misc9.pdf
[2012/12/14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/12/11 18:38:29 | 000,002,489 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Calculator Plus.lnk
[2012/12/08 10:51:10 | 000,000,761 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Toolbar Cleaner.lnk

========== Files Created - No Company Name ==========

[2013/01/06 01:13:48 | 000,128,504 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/01/05 17:10:29 | 000,424,469 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\misc10.pdf
[2013/01/05 17:05:17 | 000,117,788 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\misc11.pdf
[2013/01/05 17:04:16 | 000,117,649 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\misc12.pdf
[2013/01/04 20:32:28 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\MBR.dat
[2013/01/01 16:09:48 | 000,002,511 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office Word Viewer 2003.lnk
[2013/01/01 15:51:43 | 000,000,633 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\7-zip.lnk
[2012/12/31 10:10:26 | 000,001,723 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Belarc Advisor.lnk
[2012/12/31 10:10:26 | 000,001,705 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Belarc Advisor.lnk
[2012/12/29 19:28:33 | 000,005,093 | ---- | C] () -- C:\fraglist.luar
[2012/12/26 15:36:40 | 000,248,041 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\misc13.pdf
[2012/12/26 14:36:21 | 000,157,296 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\misc14.pdf
[2012/12/23 19:16:11 | 000,064,509 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\misc15.pdf
[2012/12/22 10:55:40 | 000,052,736 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\misc16.jpg
[2012/12/18 14:32:08 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\lua5.1a.dll
[2012/12/15 18:51:27 | 000,002,447 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TurboTax 2012.lnk
[2012/12/15 10:24:39 | 000,076,161 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\misc17.pdf
[2012/12/15 09:59:29 | 000,161,943 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\misc18.pdf
[2012/12/08 10:51:10 | 000,000,761 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Toolbar Cleaner.lnk
[2012/09/13 01:23:20 | 000,000,101 | ---- | C] () -- C:\WINDOWS\System32\ud-boot-time.ini
[2012/08/16 23:56:11 | 000,000,107 | ---- | C] () -- C:\WINDOWS\INTUIT.INI
[2012/06/29 23:40:04 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2012/06/10 19:44:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QFNONL.ini
[2012/06/10 19:44:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QFN.ini
[2012/06/10 19:44:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QDQICK.ini
[2012/06/04 19:43:40 | 000,068,048 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/06/04 07:39:46 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\downloads.m3u
[2012/06/01 23:17:37 | 000,000,030 | ---- | C] () -- C:\WINDOWS\INTURS.DAT
[2012/06/01 23:16:51 | 000,000,028 | ---- | C] () -- C:\WINDOWS\ICOA.INI
[2012/06/01 23:15:20 | 000,000,052 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2012/06/01 23:15:19 | 000,001,537 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2012/06/01 23:15:18 | 000,000,252 | ---- | C] () -- C:\WINDOWS\addrbook.ini
[2012/06/01 23:15:17 | 000,005,776 | ---- | C] () -- C:\WINDOWS\icoadb32.dat
[2012/05/15 19:51:48 | 000,877,094 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1275210071-1035525444-1606980848-1003-0.dat
[2012/05/15 19:51:47 | 000,120,142 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/05/15 07:03:34 | 000,000,744 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
[2012/05/14 21:00:24 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2012/05/14 20:58:45 | 000,000,060 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2012/05/14 20:58:44 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2012/05/14 20:40:58 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2012/02/14 22:19:50 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/31 13:18:40 | 000,000,153 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\default.rss
[2012/01/30 15:08:55 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/30 14:41:00 | 000,000,007 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\date
[2012/01/30 14:40:59 | 000,000,002 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\evf6
[2012/01/30 14:21:12 | 000,243,200 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2012/01/30 14:21:08 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2012/01/26 17:49:37 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2012/01/26 17:46:12 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2011/11/25 12:30:43 | 000,299,008 | ---- | C] () -- C:\WINDOWS\System32\DLEAsm.dll
[2011/11/25 12:30:43 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\DLEAsmr.dll
[2011/10/10 17:23:20 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\stac97co.dll
[2011/10/10 16:21:53 | 000,005,308 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/10/10 16:14:15 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56spn.dll
[2011/10/10 16:14:15 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56itl.dll
[2011/10/10 16:14:15 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56eng.dll
[2011/10/10 16:14:15 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56brz.dll
[2011/10/10 16:14:15 | 000,061,440 | ---- | C] () -- C:\WINDOWS\sm56ger.dll
[2011/10/10 16:14:15 | 000,061,440 | ---- | C] () -- C:\WINDOWS\sm56fra.dll
[2011/10/10 16:14:15 | 000,053,248 | ---- | C] () -- C:\WINDOWS\sm56jpn.dll
[2011/10/10 16:14:15 | 000,049,152 | ---- | C] () -- C:\WINDOWS\sm56cht.dll
[2011/10/10 16:14:15 | 000,049,152 | ---- | C] () -- C:\WINDOWS\sm56chs.dll
[2011/10/10 16:13:05 | 000,095,617 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2011/10/10 16:05:08 | 004,456,448 | -H-- | C] () -- C:\Documents and Settings\Owner\NTUSER.bak
[2011/10/10 16:03:11 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/10/10 15:56:40 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/10/10 11:49:41 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

========== ZeroAccess Check ==========

[2012/01/30 14:02:18 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 04:42:06 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 04:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/01/04 19:25:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\APN
[2012/01/29 22:16:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2012/05/26 10:29:25 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2012/11/10 16:42:59 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
[2012/03/05 16:47:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ETTB
[2012/12/11 19:33:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2013/01/05 17:05:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2012/05/16 23:51:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/05/14 13:05:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Auslogics
[2012/01/29 22:16:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Babylon
[2012/11/10 16:42:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Canon
[2012/06/01 19:39:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\HandBrake
[2012/01/31 13:46:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ImgBurn
[2012/01/30 14:58:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leawo
[2012/06/13 21:48:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Oracle
[2012/05/14 21:00:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\pdf995
[2012/01/30 14:58:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\tiger-k
[2012/03/05 18:01:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Windows Desktop Search
[2012/05/14 13:57:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Windows Search
[2012/08/20 19:10:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\WinPatrol
[2012/02/08 15:48:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Xilisoft Corporation

========== Purity Check ==========



< End of report >

Edited by joseph456, 06 January 2013 - 08:18 PM.

  • 0

#10
Crag_Hack
Posted 06 January 2013 - 06:45 PM

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,839 posts

Also noticed there are a couple of instances of "InstallIQ" when I searched the registry. Should I be concerned?


Nope nothing bad about InstallIQ and registry remnants are not important. Your computer shows no signs of malware so everything is good to go. If you are interested there is a free version of Microsoft Office called OpenOffice which you can use to view and edit office files. Last time I checked it could open but not edit .docx files (you can probably save as a normal .doc file then edit that). I would ignore all the duplicate files and folders if they are system or program files and folders (you don't want to cripple Windows or any other programs) - if they are your documents/music/pictures it is of course safe to delete the duplicates. Let me know if you have any questions about anything and if you'd like to try and get rid of 7-Zip you can follow these instructions:

  • Download and install Advanced Uninstaller Pro
  • Run Advanced Uninstaller Pro
  • Select General Tools
    Posted Image
  • Select Monitored Installations
    Posted Image
  • Start the monitor
    Posted Image
  • In system tray right click the Advanced Uninstaller Pro icon and select Monitor an installation
    Posted Image
  • Then select the 7zip installation file
    Posted Image
  • Once it has installed in system tray right click the Advanced Uninstaller Pro icon and select Uninstall an application you have monitored
    Posted Image
  • Use uninstaller to remove the monitored programme
    Posted Image

If all is good let me know and I can give you my all clear speech to provide you with information about how to stay safe and clean and some software you might be interested in.
  • 0

Advertisements

#11
joseph456
Posted 06 January 2013 - 07:33 PM

joseph456

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 455 posts
Thanks for sending the link to Advanced Uninstaller Pro. Looks like a great program. However, I am not sure what to do.

The program (7-zip) is already installed so how can I get it to monitor the installation? Or should I be picking all the application files for it to monitor?

Should I find another copy of 7-zip and reinstall it? And then ask AUP to monitor the installation? Will that work if the program is already installed?

Edited by joseph456, 06 January 2013 - 08:10 PM.

  • 0

#12
Crag_Hack
Posted 07 January 2013 - 12:27 AM

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,839 posts
For the step:

Then select the 7zip installation file

Redownload the 7zip setup file and choose it in the dialog box. It will then install over the current copy. You then can uninstall it using Advanced Uninstaller Pro. (if everything works to plan :) )
  • 0

#13
joseph456
Posted 07 January 2013 - 02:15 PM

joseph456

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 455 posts
Thanks! Will get to this tonight. If it does not work, I will System Restore it back.
  • 0

#14
joseph456
Posted 07 January 2013 - 07:17 PM

joseph456

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 455 posts
Downloaded second installation but uninstall did not fully uninstall the program uninstalling only the help file. I guess I could leave it on since it does not take up much space and if you think it is ok to keep.

Advanced Uninstaller is a good program though!

What do we do next?

I still have the two programs - OTL and aswMBR on my computer. Also, do you see any problem with a file called - DeployJava1.DLL? How can I get rid of it?

Also can I delete the folders listed in the post of 03 January 2013 - 08:02 PM?

Edited by joseph456, 07 January 2013 - 07:24 PM.

  • 0

#15
Crag_Hack
Posted 08 January 2013 - 05:28 PM

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,839 posts

Also, do you see any problem with a file called - DeployJava1.DLL


That files is related to Java. Java is used to display special web programs written in Java. It is not necessary and I find I rarely use Java at all so if you don't knowingly use you can remove Java from Add or Remove Programs under the Control Panel.

I still have the two programs - OTL and aswMBR on my computer


We'll clean those up next

Also can I delete the folders listed in the post of 03 January 2013 - 08:02 PM?


I would ignore all the duplicate files and folders if they are system or program files and folders (you don't want to cripple Windows or any other programs) - if they are your documents/music/pictures it is of course safe to delete the duplicates.


----------------------


Now that we're done scanning for and disinfecting malware it's time to clean up.

Please use your computer a couple hours at least and make sure there are no remaining symptoms. If there are no symptoms proceed with the following instructions.

You can now remove all the tools that were used to disinfect your computer by running OTL and clicking the CleanUp button.

Now that your computer is disinfected it is important to keep it that way. What follows are guidelines to keeping your computer malware-free.

You absolutely must have an antivirus program installed. This is important because the antivirus program runs in the background of the computer and prevents viruses from both infecting the computer and doing malicious things to the computer. This can prevent many infections in the first place. Just as a city without police would be chaotic so would a computer with an anti-virus program. I recommend the free programs Avira AntiVir Personal and avast! Free Anti-Virus . Also make absolutely sure to only have one anti-virus installed as more than one can slow your computer, create software conflicts, and increase your vulnerability to viruses and malware.

It is also advised to have an anti-spyware program as well. I recommend the paid version of Malwarebytes' Anti-Malware. This program complementing your anti-virus can protect your computer from most infections out there. Make absolutely sure to only have one anti-spyware installed as more than one can slow your computer, create software conflicts, and increase your vulnerability to viruses and malware.

A program to complement your anti-virus and anti-spyware with passive protection is SpywareBlaster. SpywareBlaster is not a malware scanner or removal tool and uses no system resources except a little disk space. It does a great job of preventing malware from being installed in the first place! It blocks the popular spyware ActiveX controls, and also prevents the installation of any of them from malicious websites. You can download it here. To use it to protect your computer install it then do the following regularly at your concenience (once a week is adequate):
  • Run SpywareBlaster
  • Click Updates on the left of the screen
  • Click the 'Check for Updates' button and let the program update
  • Click 'Protection Status' on the left of the screen
  • Click 'Enable All Protection' on the bottom of the screen and SpywareBlaster will implement its protection
  • Exit the program
Another program to add additional protection is Spybot Search and Destroy. It works similar to SpywareBlaster by providing passive protection. You can download it here. To use it to protect your computer install it then do the following regularly at your concenience (once a week is adequate):
  • Run Spybot S&D
  • Click "Search for Updates"
  • Click "Continue"
  • Click "Download" - ignore if it says "please select some update files from the list first"
  • Click "OK" in update window if it prompts you
  • Click "Exit" in update window when update finishes or if Spybot said "please select some update files from the list first"
  • Go back to Spybot main window
  • Close Internet Explorer/Firefox/Chrome if they are open
  • Click "Immunize"
  • Wait for the progress meter to complete
  • Click the "Immunize" button with the plus sign next to it towards the top of the window
  • Wait for the progress meter to complete
  • Close the program
And one last program to add additional protection is Panda USB vaccine. This program disables the autorun rile on removable devices. You can vaccinate both a computer and a removable device. To download and run refer to here.

Another important thing to have installed is a firewall to secure communications to and from your computer. The firewall prevents inbound communications from the Internet to your computer that could be malicious in nature. Some firewalls also regulate outbound communications from your computer to the Internet that could be malicious as well. Inbound communications can take advantage of security holes in software running on your computer to gain control of your computer and infect you with malware. Outbound communications can be from malware on your computer to malicious websites on the Internet, containing information about your computer usage and even your passwords. For these reasons it is essential to the security of your computer to install a firewall. Make sure to only install one firewall as any more than that would prove to be redundant - one firewall is just as effective as multiple ones. Also more than one firewall could cause software conflicts. This applies to the Windows firewall as well - if you use a third-party firewall make sure to disable the Windows firewall. I recommend ZoneAlarm Free Firewall or Comodo Firewall.

Besides these measures, an equally important step to take to protect your computer from malware is to update all programs regularly including Windows Updates. Windows, Java, Adobe Flash, PDF readers, and other programs have security holes in them that leave your computer vulnerable to malicious code from hackers that could infect your computer with malware when taken advantage of. Updates close these holes. For this reason it is important to always update programs when prompted. Windows Updates is enabled by default in Windows and Java, Flash, and others have auto-update programs enabled by default as well. You will not have to worry about setting up the auto-update feature for these programs unless you altered the settings to begin with. Make sure as well to never update a program via e-mail - companies will never send e-mails to update their products. In order to help you update programs you might want to download and run FileHippo.com Update Checker from here. This program will tell you which programs need to be updated.

One last thing to consider is to exercise caution when browsing the web and viewing e-mails. Try to stay away from non-reputable websites including websites for software piracy and pornography. By staying away from these websites you decrease your chances of malware infection significantly. To help you exercise caution in your browsing habits you can download and install Web of Trust into your web browser here. This program will install in your browser and color code the website you are viewing to inform you if it is safe or not; green means safe, yellow means proceed with caution, and red means danger. Viewing e-mails should also be done with caution. If you don't recognize an email as one from a known or requested source then you will be safer to avoid opening it. File attachments should be opened only with extreme caution as they can contain files that exploit security holes on your computer and infect you with malware. Never open an attachment unless you are expecting it or you verify that the sender intended to send it to you. Also make sure to scan the attachment before opening it.

You might want to use an alternate browser than Internet Explorer. Firefox and Google Chrome are excellent candidates. They are more secure than Internet Explorer and are just as functional. You can download Google Chrome here and Firefox here.

Something just as important as preventing infection by malware is to backup your data. You can read about different methods here.

Some articles you might be interested in reading to reiterate points I have addressed in this post as well as make new points follow:
By following these steps you should ensure that you most likely will never get infected with malware again. Good luck and safe browsing!

-Josh
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP