Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

MS REMOVAL TOOL

Started by PunchaHacker , May 06 2011 08:58 PM

  • Please log in to reply

#1
PunchaHacker
Posted 06 May 2011 - 08:58 PM

PunchaHacker

    New Member

  • Member
  • Pip
  • 1 posts
I'm having trouble with Microsoft removal tool. I've followed the directions from this guide and ran malwarebytes, but it keeps showing up. I'm pretty sure you guys deal with this alot, but some help would be nice. :)
OTL logfile created on: 5/6/2011 7:26:05 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Jami\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 63.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): c:\pagefile.sys 2000 2686 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 210.22 Gb Free Space | 45.14% Space Free | Partition Type: NTFS

Computer Name: JAMI-PC | User Name: Jami | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/06 19:22:48 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Jami\Desktop\OTL.exe
PRC - [2011/04/29 17:20:32 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/03/18 18:18:18 | 000,619,288 | ---- | M] (http://tortoisesvn.net) -- C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
PRC - [2011/02/25 22:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/05/06 19:22:48 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Jami\Desktop\OTL.exe
MOD - [2010/08/20 22:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (WPFFontCache_v0400)
SRV - [2011/04/28 03:21:57 | 000,136,360 | ---- | M] (Avira GmbH) [Disabled | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/04/20 12:55:39 | 000,403,240 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/03/17 21:45:45 | 000,269,480 | ---- | M] (Avira GmbH) [Disabled | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/11/15 04:03:07 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/11/12 18:18:33 | 000,655,624 | ---- | M] (Acresso Software Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/04/24 02:10:54 | 000,209,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010/04/24 02:10:44 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2009/07/13 18:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 18:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 18:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011/03/17 21:45:46 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/01/08 14:09:39 | 000,218,176 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2010/11/22 20:23:59 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/10/16 11:55:00 | 010,084,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/10/08 16:57:54 | 000,143,184 | ---- | M] (Oracle Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\VBoxDrv.sys -- (VBoxDrv)
DRV - [2010/10/08 16:57:54 | 000,100,560 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV - [2010/10/08 16:57:54 | 000,041,936 | ---- | M] (Oracle Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\VBoxUSBMon.sys -- (VBoxUSBMon)
DRV - [2010/08/12 13:07:48 | 000,298,216 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmf6232.sys -- (NVNET)
DRV - [2010/06/17 16:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/04/24 02:10:54 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2010/04/24 02:10:52 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2010/04/24 02:10:50 | 000,195,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2010/04/24 02:10:44 | 000,550,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2009/07/13 18:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/13 18:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 18:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/13 16:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 16:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 16:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/13 15:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o...68&l=dis&gct=hp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 60 ED 9F 9C B1 A6 CB 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: " "
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.ask.com?o...8&l=dis&gct=hp"
FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.1.1
FF - prefs.js..extensions.enabledItems: [email protected]:2.1.6
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.5
FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2c}:0.6.4
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.2
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110323
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [email protected]:3.3.3.2
FF - prefs.js..extensions.enabledItems: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.3.3.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.1.3.0244
FF - prefs.js..keyword.URL: "http://search.condui...d=CT2786678&q="

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/29 17:20:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/29 17:20:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0b12\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 7\components [2011/03/16 19:18:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0b12\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 7\plugins

[2010/11/13 23:59:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jami\AppData\Roaming\Mozilla\Extensions
[2011/05/05 19:25:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jami\AppData\Roaming\Mozilla\Firefox\Profiles\umkrw55u.default\extensions
[2011/01/28 08:36:54 | 000,000,000 | ---D | M] ("ColorfulTabs") -- C:\Users\Jami\AppData\Roaming\Mozilla\Firefox\Profiles\umkrw55u.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2010/11/13 23:59:52 | 000,000,000 | ---D | M] (Organize Status Bar) -- C:\Users\Jami\AppData\Roaming\Mozilla\Firefox\Profiles\umkrw55u.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2c}
[2011/04/05 17:57:21 | 000,000,000 | ---D | M] (Stylish) -- C:\Users\Jami\AppData\Roaming\Mozilla\Firefox\Profiles\umkrw55u.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
[2011/04/05 17:57:24 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Jami\AppData\Roaming\Mozilla\Firefox\Profiles\umkrw55u.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011/04/05 17:57:23 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\Jami\AppData\Roaming\Mozilla\Firefox\Profiles\umkrw55u.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2011/01/08 14:09:34 | 000,000,000 | ---D | M] ("DAEMON Tools Toolbar") -- C:\Users\Jami\AppData\Roaming\Mozilla\Firefox\Profiles\umkrw55u.default\extensions\[email protected]
[2011/04/05 17:57:24 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Jami\AppData\Roaming\Mozilla\Firefox\Profiles\umkrw55u.default\extensions\[email protected]
[2011/02/10 14:36:17 | 000,000,000 | ---D | M] (Firebug) -- C:\Users\Jami\AppData\Roaming\Mozilla\Firefox\Profiles\umkrw55u.default\extensions\[email protected]
[2011/02/01 20:14:36 | 000,000,000 | ---D | M] (Hide Caption Titlebar Plus) -- C:\Users\Jami\AppData\Roaming\Mozilla\Firefox\Profiles\umkrw55u.default\extensions\[email protected]
[2011/04/04 21:07:09 | 000,002,572 | ---- | M] () -- C:\Users\Jami\AppData\Roaming\Mozilla\Firefox\Profiles\umkrw55u.default\searchplugins\askcom.xml
[2010/12/28 18:26:26 | 000,000,863 | ---- | M] () -- C:\Users\Jami\AppData\Roaming\Mozilla\Firefox\Profiles\umkrw55u.default\searchplugins\conduit.xml
[2011/01/08 14:09:12 | 000,002,059 | ---- | M] () -- C:\Users\Jami\AppData\Roaming\Mozilla\Firefox\Profiles\umkrw55u.default\searchplugins\daemon-search.xml
[2010/12/14 20:16:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/08 14:55:17 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/11/28 10:19:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/11/28 10:19:21 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/11/30 18:56:19 | 000,000,791 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.10 intouchonline.net
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKCU..\RunOnce: [iN31000BhNcA31000] C:\ProgramData\iN31000BhNcA31000\iN31000BhNcA31000.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.syste...yri_4.3.1.0.cab (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O24 - Desktop WallPaper: C:\Users\Jami\Downloads\Hello.jpg
O24 - Desktop BackupWallPaper: C:\Users\Jami\Downloads\Hello.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 14:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{65c45c5a-ef58-11df-8e09-08002700c088}\Shell - "" = AutoRun
O33 - MountPoints2\{65c45c5a-ef58-11df-8e09-08002700c088}\Shell\AutoRun\command - "" = K:\setup.exe
O33 - MountPoints2\{7b8fe1b6-5fe3-11e0-91fd-406186fc4d78}\Shell - "" = AutoRun
O33 - MountPoints2\{7b8fe1b6-5fe3-11e0-91fd-406186fc4d78}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/06 19:22:44 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Jami\Desktop\OTL.exe
[2011/05/06 17:51:37 | 000,000,000 | ---D | C] -- C:\Users\Jami\Documents\Autoruns[1]
[2011/05/06 17:46:18 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011/05/05 20:06:28 | 000,000,000 | ---D | C] -- C:\ProgramData\iN31000BhNcA31000
[2011/05/03 19:59:43 | 000,000,000 | ---D | C] -- C:\Users\Jami\Documents\d2-cdkey
[2011/05/03 18:04:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hero Editor
[2011/05/03 18:04:28 | 000,000,000 | ---D | C] -- C:\Users\Jami\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hero Editor
[2011/05/01 20:45:37 | 000,000,000 | ---D | C] -- C:\Users\Jami\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LucasArts
[2011/05/01 20:45:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LucasArts
[2011/05/01 20:32:42 | 000,000,000 | ---D | C] -- C:\Program Files\LucasArts
[2011/05/01 19:54:01 | 000,000,000 | ---D | C] -- C:\Users\Jami\Documents\nethack-343-win
[2011/05/01 18:48:00 | 000,000,000 | ---D | C] -- C:\Users\Jami\Documents\zsnesw151
[2011/05/01 18:09:34 | 000,108,144 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll
[2011/05/01 17:59:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\THQ
[2011/05/01 17:51:14 | 000,000,000 | ---D | C] -- C:\Program Files\THQ
[2011/05/01 17:51:14 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\STALKER-SHOC
[2011/05/01 11:41:30 | 000,000,000 | ---D | C] -- C:\Users\Jami\Documents\Drakensang_TRoT
[2011/05/01 11:37:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Drakensang - The River of Time
[2011/05/01 11:31:52 | 000,000,000 | ---D | C] -- C:\Program Files\Drakensang - The River of Time
[2011/04/28 16:17:32 | 000,000,000 | ---D | C] -- C:\Users\Jami\AppData\Local\Microsoft Help
[2011/04/28 16:17:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2011/04/27 11:18:49 | 000,000,000 | ---D | C] -- C:\Users\Jami\AppData\Local\{43B9D3F7-65F9-4E8F-AED7-7501FBA1EADC}
[2011/04/26 23:18:24 | 000,000,000 | ---D | C] -- C:\Users\Jami\AppData\Local\{C866E84D-6DF4-4E21-9A48-F5095074A92F}
[2011/04/26 20:10:28 | 000,000,000 | ---D | C] -- C:\Users\Jami\Desktop\hay
[2011/04/26 11:18:11 | 000,000,000 | ---D | C] -- C:\Users\Jami\AppData\Local\{507ACA44-C933-4CEE-8A3E-05B55A3D362C}
[2011/04/25 23:17:59 | 000,000,000 | ---D | C] -- C:\Users\Jami\AppData\Local\{0CBBE568-A065-486F-B091-25458E2170DB}
[2011/04/25 11:17:46 | 000,000,000 | ---D | C] -- C:\Users\Jami\AppData\Local\{333669E1-DA49-4028-A826-606384579E42}
[2011/04/24 23:17:32 | 000,000,000 | ---D | C] -- C:\Users\Jami\AppData\Local\{BBB9F924-52A5-41F1-9E0D-E7E4E2283B5D}
[2011/04/24 11:17:19 | 000,000,000 | ---D | C] -- C:\Users\Jami\AppData\Local\{7ABE7AF2-DEAB-4529-9FBE-63C828F76BFA}
[2011/04/23 23:17:06 | 000,000,000 | ---D | C] -- C:\Users\Jami\AppData\Local\{E0B60F92-9FF6-486F-9E8B-665E8ED3D428}
[2011/04/23 11:16:54 | 000,000,000 | ---D | C] -- C:\Users\Jami\AppData\Local\{B37F6832-3356-46D8-9BE0-6F48C21C7633}
[2011/04/22 23:16:41 | 000,000,000 | ---D | C] -- C:\Users\Jami\AppData\Local\{05159FEE-F8CC-49E5-A619-842D6B77FE38}
[2011/04/22 11:16:42 | 000,000,000 | ---D | C] -- C:\Users\Jami\AppData\Local\{33085C0E-2B88-4402-8695-0F12BD9CB8A8}
[2011/04/20 07:45:33 | 000,000,000 | ---D | C] -- C:\Users\Jami\AppData\Local\{9847141D-B6F7-4016-A2F0-0AA172F0775E}
[2011/04/19 20:36:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011/04/19 20:36:01 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2011/04/19 19:45:20 | 000,000,000 | ---D | C] -- C:\Users\Jami\AppData\Local\{B26C3C4B-1067-4BA5-ADD4-F4E211E2C7F5}
[2011/04/19 07:45:08 | 000,000,000 | ---D | C] -- C:\Users\Jami\AppData\Local\{77D20C30-8F4E-4CBD-904F-1AB9215D00D6}
[2011/04/18 19:44:55 | 000,000,000 | ---D | C] -- C:\Users\Jami\AppData\Local\{FB60865C-D5BA-4982-9881-34DDC428542E}
[2011/04/08 20:52:16 | 000,000,000 | ---D | C] -- C:\Users\Jami\AppData\Local\{1C9C5CBA-7B33-4656-8BC8-55476CF79207}
[2011/04/08 19:12:58 | 000,000,000 | ---D | C] -- C:\Users\Jami\AppData\Roaming\U3
[2011/04/08 08:52:04 | 000,000,000 | ---D | C] -- C:\Users\Jami\AppData\Local\{1EDD59E1-E030-4CCA-85A3-7D1DD2529136}
[2011/04/07 20:51:51 | 000,000,000 | ---D | C] -- C:\Users\Jami\AppData\Local\{A42D05D3-5F76-4E26-9C71-C8D5AD9FCABC}
[2011/04/07 08:51:39 | 000,000,000 | ---D | C] -- C:\Users\Jami\AppData\Local\{15A04E48-79D4-4F7F-878D-79AA1C310B27}
[2011/04/06 20:51:26 | 000,000,000 | ---D | C] -- C:\Users\Jami\AppData\Local\{29E976E6-320C-41A7-8603-62981946D8F3}
[3 C:\Users\Jami\Documents\*.tmp files -> C:\Users\Jami\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/06 19:22:48 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Jami\Desktop\OTL.exe
[2011/05/06 19:13:26 | 000,624,384 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/06 19:13:26 | 000,106,502 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/06 19:07:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/06 19:07:26 | 1408,688,128 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/06 19:06:02 | 000,010,512 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/06 19:06:02 | 000,010,512 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/05 21:04:44 | 000,000,234 | -H-- | M] () -- C:\Windows\tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job
[2011/05/05 21:03:00 | 000,000,434 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Jami.job
[2011/05/03 20:00:34 | 000,001,437 | ---- | M] () -- C:\Windows\DIIUnin.dat
[2011/05/03 17:58:42 | 000,000,822 | ---- | M] () -- C:\Users\Jami\Desktop\Diablo II - Shortcut.lnk
[2011/05/01 20:56:28 | 000,043,520 | ---- | M] () -- C:\Windows\System32\CmdLineExt03.dll
[2011/05/01 18:09:34 | 000,108,144 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll
[2011/04/21 11:43:59 | 000,000,054 | ---- | M] () -- C:\Users\Jami\AppData\Roaming\RSBot_Accounts.ini
[2011/04/15 18:43:52 | 001,207,740 | ---- | M] () -- C:\Users\Jami\Desktop\RSBot-235.jar
[2011/04/15 03:23:33 | 002,203,168 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[3 C:\Users\Jami\Documents\*.tmp files -> C:\Users\Jami\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/05 20:05:20 | 000,000,234 | -H-- | C] () -- C:\Windows\tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job
[2011/05/03 20:00:27 | 000,001,437 | ---- | C] () -- C:\Windows\DIIUnin.dat
[2011/05/03 17:58:42 | 000,000,822 | ---- | C] () -- C:\Users\Jami\Desktop\Diablo II - Shortcut.lnk
[2011/05/01 20:56:28 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2011/04/10 18:37:31 | 001,207,740 | ---- | C] () -- C:\Users\Jami\Desktop\RSBot-235.jar
[2011/03/29 22:33:28 | 000,000,000 | ---- | C] () -- C:\Users\Jami\AppData\Roaming\we565trf.ini
[2011/03/22 19:02:50 | 000,000,054 | ---- | C] () -- C:\Users\Jami\AppData\Roaming\RSBot_Accounts.ini
[2011/03/16 17:13:55 | 000,000,263 | ---- | C] () -- C:\Windows\PowerReg.dat
[2011/03/16 17:13:52 | 000,045,568 | ---- | C] () -- C:\Windows\UniFish3.exe
[2011/02/19 13:22:56 | 000,000,600 | ---- | C] () -- C:\Users\Jami\AppData\Roaming\winscp.rnd
[2011/02/13 13:53:57 | 000,055,132 | ---- | C] () -- C:\Windows\War3Unin.dat
[2011/01/08 14:13:54 | 000,034,898 | ---- | C] () -- C:\Windows\scunin.dat
[2010/11/30 18:29:38 | 000,011,164 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2010/11/14 00:06:31 | 000,021,316 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2010/11/13 17:20:02 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010/11/13 13:53:51 | 001,970,176 | ---- | C] () -- C:\Windows\System32\d3dx9.dll
[2009/07/13 21:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:33:53 | 002,203,168 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 19:05:48 | 000,624,384 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 19:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 19:05:48 | 000,106,502 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 19:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 19:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 19:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 17:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009/07/13 16:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 16:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 14:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[1774/08/29 06:22:31 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll

========== LOP Check ==========

[2011/04/26 19:46:14 | 000,000,000 | ---D | M] -- C:\Users\Jami\AppData\Roaming\.minecraft
[2011/01/08 14:11:52 | 000,000,000 | ---D | M] -- C:\Users\Jami\AppData\Roaming\DAEMON Tools Lite
[2010/11/13 23:59:41 | 000,000,000 | ---D | M] -- C:\Users\Jami\AppData\Roaming\FKRMonitor
[2011/03/17 18:33:18 | 000,000,000 | ---D | M] -- C:\Users\Jami\AppData\Roaming\GetRightToGo
[2010/11/13 23:59:41 | 000,000,000 | ---D | M] -- C:\Users\Jami\AppData\Roaming\ImgBurn
[2010/12/28 22:07:51 | 000,000,000 | ---D | M] -- C:\Users\Jami\AppData\Roaming\Ludia
[2011/04/04 20:40:21 | 000,000,000 | ---D | M] -- C:\Users\Jami\AppData\Roaming\ManyCam
[2010/11/13 23:59:56 | 000,000,000 | ---D | M] -- C:\Users\Jami\AppData\Roaming\Rainmeter
[2011/05/05 20:16:44 | 000,000,000 | ---D | M] -- C:\Users\Jami\AppData\Roaming\SoftGrid Client
[2011/03/22 18:52:32 | 000,000,000 | ---D | M] -- C:\Users\Jami\AppData\Roaming\Subversion
[2011/05/01 16:50:56 | 000,000,000 | ---D | M] -- C:\Users\Jami\AppData\Roaming\SystemRequirementsLab
[2010/11/16 21:11:58 | 000,000,000 | ---D | M] -- C:\Users\Jami\AppData\Roaming\TP
[2011/05/06 17:24:32 | 000,000,000 | ---D | M] -- C:\Users\Jami\AppData\Roaming\uTorrent
[2011/03/31 12:53:59 | 000,000,000 | ---D | M] -- C:\Users\Jami\AppData\Roaming\Windows Live Writer
[2009/07/13 21:53:46 | 000,014,368 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/05/05 21:04:44 | 000,000,234 | -H-- | M] () -- C:\Windows\Tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:89C6F032
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:4769CB2A

< End of report >
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP