Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Windows 7 Repair and W32 Blaster Worm, Adware

Started by dc523680 , Jul 08 2011 06:51 PM

  • This topic is locked This topic is locked

#16
dc523680
Posted 11 July 2011 - 08:51 PM

dc523680

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
Here are the two logs that were generated. I was never advised to restart but I did anyway.

aswMBR version 0.9.7.705 Copyright© 2011 AVAST Software
Run date: 2011-07-10 05:14:55
-----------------------------
05:14:55.416 OS Version: Windows x64 6.1.7600
05:14:55.416 Number of processors: 2 586 0x170A
05:14:55.416 ComputerName: DAN-PC UserName: Dan
05:14:57.397 Initialize success
05:15:05.119 AVAST engine defs: 11070901
05:15:35.594 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
05:15:35.610 Disk 0 Vendor: SAMSUNG_HM320II 2AC101C4 Size: 305245MB BusType: 11
05:15:37.653 Disk 0 MBR read successfully
05:15:37.653 Disk 0 MBR scan
05:15:37.653 Disk 0 unknown MBR code
05:15:37.653 Disk 0 MBR hidden
05:15:37.669 Service scanning
05:15:38.667 Disk 0 trace - called modules:
05:15:38.683 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa80033b1254]<<
05:15:38.683 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8003398220]
05:15:38.699 3 CLASSPNP.SYS[fffff8800112843f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8002e221f0]
05:15:38.699 \Driver\atapi[0xfffffa8002ddb510] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa80033b1254
05:15:39.837 AVAST engine scan C:\Windows
05:28:52.631 File: C:\Windows\System32\drivers\en-US\bfe.dll.mui **SUSPICIOUS**
05:28:53.270 File: C:\Windows\System32\drivers\en-US\ndiscap.sys.mui **SUSPICIOUS**
05:28:53.380 File: C:\Windows\System32\drivers\en-US\pacer.sys.mui **SUSPICIOUS**
05:28:53.598 File: C:\Windows\System32\drivers\en-US\qwavedrv.sys.mui **SUSPICIOUS**
05:28:53.707 File: C:\Windows\System32\drivers\en-US\scfilter.sys.mui **SUSPICIOUS**
05:28:53.926 File: C:\Windows\System32\drivers\en-US\tcpip.sys.mui **SUSPICIOUS**
05:29:07.950 File: C:\Windows\System32\drivers\wimmount.sys **SUSPICIOUS**
06:28:37.548 AVAST engine scan C:\Users\Dan
06:36:45.470 AVAST engine scan C:\ProgramData
06:49:35.394 Scan finished successfully
08:53:34.050 Disk 0 MBR has been saved successfully to "C:\Users\Dan\Desktop\MBR.dat"
08:53:34.066 The log file has been saved successfully to "C:\Users\Dan\Desktop\aswMBR.txt"


aswMBR version 0.9.7.705 Copyright© 2011 AVAST Software
Run date: 2011-07-11 20:19:42
-----------------------------
20:19:42.524 OS Version: Windows x64 6.1.7600
20:19:42.524 Number of processors: 2 586 0x170A
20:19:42.524 ComputerName: DAN-PC UserName: Dan
20:19:43.523 Initialize success
20:19:50.808 AVAST engine defs: 11071101
20:20:00.417 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
20:20:00.417 Disk 0 Vendor: SAMSUNG_HM320II 2AC101C4 Size: 305245MB BusType: 11
20:20:02.477 Disk 0 MBR read successfully
20:20:02.477 Disk 0 MBR scan
20:20:02.477 Disk 0 Windows 7 default MBR code
20:20:02.492 Service scanning
20:20:03.678 Disk 0 trace - called modules:
20:20:03.693 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
20:20:03.693 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800339a060]
20:20:03.709 3 CLASSPNP.SYS[fffff880010c443f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8002e21680]
20:20:04.692 AVAST engine scan C:\Windows
20:49:25.229 File: C:\Windows\System32\drivers\en-US\bfe.dll.mui **SUSPICIOUS**
20:49:29.503 File: C:\Windows\System32\drivers\en-US\ndiscap.sys.mui **SUSPICIOUS**
20:49:30.112 File: C:\Windows\System32\drivers\en-US\pacer.sys.mui **SUSPICIOUS**
20:49:31.063 File: C:\Windows\System32\drivers\en-US\qwavedrv.sys.mui **SUSPICIOUS**
20:49:31.406 File: C:\Windows\System32\drivers\en-US\scfilter.sys.mui **SUSPICIOUS**
20:49:31.890 File: C:\Windows\System32\drivers\en-US\tcpip.sys.mui **SUSPICIOUS**
20:49:47.428 File: C:\Windows\System32\drivers\wimmount.sys **SUSPICIOUS**
21:55:40.059 AVAST engine scan C:\Users\Dan
22:06:36.317 AVAST engine scan C:\ProgramData
22:18:15.617 Scan finished successfully
22:18:39.629 Disk 0 MBR has been saved successfully to "C:\Users\Dan\Desktop\MBR.dat"
22:18:39.770 The log file has been saved successfully to "C:\Users\Dan\Desktop\aswMBR.txt"


aswMBR version 0.9.7.705 Copyright© 2011 AVAST Software
Run date: 2011-07-11 20:19:42
-----------------------------
20:19:42.524 OS Version: Windows x64 6.1.7600
20:19:42.524 Number of processors: 2 586 0x170A
20:19:42.524 ComputerName: DAN-PC UserName: Dan
20:19:43.523 Initialize success
20:19:50.808 AVAST engine defs: 11071101
20:20:00.417 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
20:20:00.417 Disk 0 Vendor: SAMSUNG_HM320II 2AC101C4 Size: 305245MB BusType: 11
20:20:02.477 Disk 0 MBR read successfully
20:20:02.477 Disk 0 MBR scan
20:20:02.477 Disk 0 Windows 7 default MBR code
20:20:02.492 Service scanning
20:20:03.678 Disk 0 trace - called modules:
20:20:03.693 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
20:20:03.693 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800339a060]
20:20:03.709 3 CLASSPNP.SYS[fffff880010c443f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8002e21680]
20:20:04.692 AVAST engine scan C:\Windows
20:49:25.229 File: C:\Windows\System32\drivers\en-US\bfe.dll.mui **SUSPICIOUS**
20:49:29.503 File: C:\Windows\System32\drivers\en-US\ndiscap.sys.mui **SUSPICIOUS**
20:49:30.112 File: C:\Windows\System32\drivers\en-US\pacer.sys.mui **SUSPICIOUS**
20:49:31.063 File: C:\Windows\System32\drivers\en-US\qwavedrv.sys.mui **SUSPICIOUS**
20:49:31.406 File: C:\Windows\System32\drivers\en-US\scfilter.sys.mui **SUSPICIOUS**
20:49:31.890 File: C:\Windows\System32\drivers\en-US\tcpip.sys.mui **SUSPICIOUS**
20:49:47.428 File: C:\Windows\System32\drivers\wimmount.sys **SUSPICIOUS**
21:55:40.059 AVAST engine scan C:\Users\Dan
22:06:36.317 AVAST engine scan C:\ProgramData
22:18:15.617 Scan finished successfully
22:18:39.629 Disk 0 MBR has been saved successfully to "C:\Users\Dan\Desktop\MBR.dat"
22:18:39.770 The log file has been saved successfully to "C:\Users\Dan\Desktop\aswMBR.txt"
22:19:21.141 Disk 0 Windows 601 MBR fixed successfully
22:48:29.997 Disk 0 MBR has been saved successfully to "C:\Users\Dan\Desktop\MBR.dat"
22:48:29.997 The log file has been saved successfully to "C:\Users\Dan\Desktop\aswMBRrecent.txt"
  • 0

Advertisements

#17
Essexboy
Posted 12 July 2011 - 10:40 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
What is the current situation ? Are you still getting redirected ?

Could you run a fresh OTL scan please and select all users then run a quick scan
  • 0

#18
dc523680
Posted 12 July 2011 - 05:35 PM

dc523680

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
I have not been redirected at all today. The only thing I noticed that was different was in the bottom left taskbar, the icons are hidden. The first four icons are blank white sheets of paper and when I try to open them it says "Can't open this item, it may have been moved, renamed, or deleted. Do you want to remove this item?" While I was running another OTL scan, Microsoft Security Essentials blocked a new trojan while I was visiting a social networking site. This was identified as Trojan:DOS/Alureon.c and the file it is associated with is file:C:/users/dan/desktop/mbrcheck/_MBR_Backup_07-11-11_16-09-44.bak I just removed it. Here is the new OTL log

OTL logfile created on: 7/12/2011 7:22:30 PM - Run 3
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Dan\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.93 Gb Total Physical Memory | 1.68 Gb Available Physical Memory | 57.30% Memory free
5.86 Gb Paging File | 4.48 Gb Available in Paging File | 76.36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.51 Gb Total Space | 182.35 Gb Free Space | 63.87% Space Free | Partition Type: NTFS
Drive D: | 12.39 Gb Total Space | 2.06 Gb Free Space | 16.65% Space Free | Partition Type: NTFS
Drive F: | 968.25 Mb Total Space | 460.19 Mb Free Space | 47.53% Space Free | Partition Type: FAT

Computer Name: DAN-PC | User Name: Dan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/08 20:31:59 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Dan\Desktop\OTL.exe
PRC - [2011/06/01 16:34:35 | 001,546,640 | ---- | M] (Bandoo Media, inc) -- C:\Program Files (x86)\Windows Savevid Toolbar\Datamngr\datamngrUI.exe
PRC - [2010/03/10 22:32:26 | 000,648,536 | ---- | M] (Research In Motion Limited) -- C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
PRC - [2010/01/26 23:49:15 | 000,729,664 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\17.0.0.136\InstStub.exe
PRC - [2009/08/24 18:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe
PRC - [2009/07/16 15:35:18 | 000,130,400 | ---- | M] (Microsoft Corp.) -- c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msntask.exe


========== Modules (SafeList) ==========

MOD - [2011/07/08 20:31:59 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Dan\Desktop\OTL.exe
MOD - [2010/08/21 01:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/04/27 17:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011/04/27 17:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/06/29 13:49:27 | 000,128,752 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/24 00:59:36 | 001,037,824 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009/08/24 18:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe -- (NIS)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/05 20:07:28 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/04/29 15:21:18 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/04/28 21:41:49 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2011/04/27 15:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2010/02/17 14:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2010/02/17 14:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2010/01/18 19:40:26 | 000,004,608 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rcmirror.sys -- (rcmirror)
DRV:64bit: - [2009/09/21 23:47:14 | 001,484,800 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/08/29 20:16:41 | 000,504,880 | R--- | M] (Symantec Corporation) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1100000.088\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2009/08/29 20:16:41 | 000,032,304 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1100000.088\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2009/08/13 18:53:50 | 007,370,176 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/07/13 21:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 21:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/13 20:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/07/13 19:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/07/10 10:45:10 | 000,139,264 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV:64bit: - [2009/06/23 20:28:22 | 000,684,544 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2009/06/19 00:12:32 | 000,272,432 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 17:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 16:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel®
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 20:46:50 | 000,216,064 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/05/23 02:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/04/29 15:21:08 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio)
DRV:64bit: - [2009/04/29 11:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2009/02/13 02:24:56 | 001,485,824 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2009/02/13 02:20:56 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAXHWAZL.sys -- (CAXHWAZL)
DRV:64bit: - [2009/02/13 02:19:34 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2009/01/09 15:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2008/05/20 18:33:36 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2007/08/31 17:15:34 | 000,079,872 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emAudio64.sys -- (emAudio)
DRV:64bit: - [2007/06/21 20:51:46 | 000,215,808 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emDevice64.sys -- (DCamUSBEMPIA)
DRV:64bit: - [2007/06/21 20:51:32 | 000,006,400 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emFilter64.sys -- (FiltUSBEMPIA)
DRV:64bit: - [2007/06/21 20:51:30 | 000,006,144 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emScan64.sys -- (ScanUSBEMPIA)
DRV:64bit: - [2006/06/18 10:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV:64bit: - [2005/09/24 01:18:34 | 000,261,120 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MarvinBus64.sys -- (MarvinBus)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpr...D-C640E4B342B6}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3129310027-621649945-1879468611-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-3129310027-621649945-1879468611-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:4.51
FF - prefs.js..browser.startup.homepage: "http://www.searchqu.com/405"
FF - prefs.js..browser.search.selectedEngine: "Search Results"
FF - prefs.js..browser.search.defaultenginename: "Search Results"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..keyword.URL: "http://dts.search-re...ystemid=405&q="


FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2321: C:\Program Files\My MPC\Rpplugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2379: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1483: C:\Program Files\My MPC\Rpplugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/12/02 23:32:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4C0766D3-67A7-45a3-85A2-752F77312F32}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/05/16 14:09:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/06/19 09:50:28 | 000,000,000 | ---D | M]

[2011/07/12 00:54:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dan\AppData\Roaming\Mozilla\Extensions
[2010/07/15 19:36:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dan\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/07/12 00:54:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\vo3258jn.default\extensions
[2011/07/12 00:54:40 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\vo3258jn.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
[2011/07/12 00:54:36 | 000,002,497 | ---- | M] () -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\vo3258jn.default\searchplugins\SearchResults.xml
[2011/07/12 00:54:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/12/02 23:32:42 | 000,000,000 | ---D | M] (HP Smart Web Printing) -- C:\PROGRAM FILES (X86)\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON3
[2011/07/12 00:54:36 | 000,002,497 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\SearchResults.xml

O1 HOSTS File: ([2011/07/10 11:54:28 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (UrlHelper Class) - {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - C:\Program Files (x86)\Windows Savevid Toolbar\Datamngr\x64\IEBHO.dll (Bandoo Media, inc)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files (x86)\Windows Savevid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO: (UrlHelper Class) - {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - C:\Program Files (x86)\Windows Savevid Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files (x86)\Windows Savevid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-3129310027-621649945-1879468611-1001\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files (x86)\Windows Savevid Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-3129310027-621649945-1879468611-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3129310027-621649945-1879468611-1001\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-3129310027-621649945-1879468611-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Save video on Savevid.com - C:\Program Files (x86)\Savevid\redirect.htm ()
O8 - Extra context menu item: Save video on Savevid.com - C:\Program Files (x86)\Savevid\redirect.htm ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} http://h20364.www2.h...DataManager.CAB (Hewlett-Packard Online Support Services)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} https://wimpro.cce.h...ads/sysinfo.cab (SysData Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.237.161.12
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WI5C88~1\Datamngr\x64\datamngr.dll) - C:\Program Files (x86)\Windows Savevid Toolbar\Datamngr\x64\datamngr.dll (Bandoo Media, inc)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WI5C88~1\Datamngr\x64\IEBHO.dll) - C:\Program Files (x86)\Windows Savevid Toolbar\Datamngr\x64\IEBHO.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (C:\PROGRA~2\WI5C88~1\Datamngr\datamngr.dll) - C:\Program Files (x86)\Windows Savevid Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (C:\PROGRA~2\WI5C88~1\Datamngr\IEBHO.dll) - C:\Program Files (x86)\Windows Savevid Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/12 00:54:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Savevid Toolbar
[2011/07/12 00:54:36 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2011/07/12 00:54:31 | 000,000,000 | -H-D | C] -- C:\ProgramData\{ACFC9F59-F1AE-43D2-8CFE-E2F1E0F82ABA}
[2011/07/12 00:54:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Savevid
[2011/07/12 00:54:08 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\PackageAware
[2011/07/11 09:28:32 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/07/10 11:11:37 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/07/10 11:11:37 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/07/10 11:11:37 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/07/10 11:10:12 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/07/10 11:00:04 | 004,138,680 | R--- | C] (Swearware) -- C:\Users\Dan\Desktop\cfix.exe
[2011/07/10 10:57:37 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/07/10 10:55:10 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/07/10 10:54:15 | 004,131,692 | R--- | C] (Swearware) -- C:\Users\Dan\Desktop\ComboFix.exe
[2011/07/10 09:52:07 | 000,000,000 | ---D | C] -- C:\Users\Dan\Desktop\tdsskiller
[2011/07/10 01:51:27 | 001,925,512 | ---- | C] (AVAST Software) -- C:\Users\Dan\Desktop\aswMBR.exe
[2011/07/10 01:41:09 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/07/09 01:57:26 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/07/08 20:31:58 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\Dan\Desktop\OTL.exe
[2011/07/08 18:29:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2011/07/08 18:29:36 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/07/07 21:43:46 | 000,135,360 | ---- | C] (Symantec Corporation) -- C:\Users\Dan\Desktop\FixBlast.exe
[2011/07/07 19:31:37 | 000,000,000 | ---D | C] -- C:\Malwarebytes' Anti-Malware
[2011/07/06 22:57:22 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Roaming\Malwarebytes
[2011/07/06 22:54:23 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/07/06 22:54:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/07/06 22:54:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/06/19 09:50:38 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Roaming\acccore
[2011/06/19 09:50:37 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\AOL
[2011/06/19 09:50:37 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\AIM
[2011/06/19 09:50:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIM
[2011/06/19 09:50:31 | 000,000,000 | ---D | C] -- C:\ProgramData\AIM
[2011/06/19 09:50:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Software Update Utility
[2011/06/19 09:50:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AIM
[2011/06/19 09:50:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AOL
[2011/04/28 21:41:49 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Dan\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2011/07/12 19:19:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/07/12 18:23:36 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/12 18:23:36 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/07/12 18:15:31 | 2361,802,752 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/12 00:55:46 | 003,360,517 | ---- | M] () -- C:\Users\Dan\Documents\Jess-O-Sample-Song.mp4
[2011/07/11 22:48:29 | 000,000,512 | ---- | M] () -- C:\Users\Dan\Desktop\MBR.dat
[2011/07/11 20:51:51 | 000,001,780 | ---- | M] () -- C:\Users\Dan\Documents\Schizoprenia Cautilli.htm
[2011/07/11 16:09:44 | 000,000,512 | ---- | M] () -- C:\Users\Dan\Desktop\MBRCheck_MBR_Backup_07-11-11_16-09-44.bak
[2011/07/11 15:04:53 | 000,080,384 | ---- | M] () -- C:\Users\Dan\Desktop\MBRCheck.exe
[2011/07/11 02:45:40 | 000,743,746 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/07/11 02:45:40 | 000,626,278 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/07/11 02:45:40 | 000,107,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/07/10 11:54:28 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/07/10 11:00:08 | 004,138,680 | R--- | M] (Swearware) -- C:\Users\Dan\Desktop\cfix.exe
[2011/07/10 10:54:21 | 004,131,692 | R--- | M] (Swearware) -- C:\Users\Dan\Desktop\ComboFix.exe
[2011/07/10 09:51:25 | 001,327,397 | ---- | M] () -- C:\Users\Dan\Desktop\tdsskiller.zip
[2011/07/10 04:08:23 | 000,505,256 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/07/10 01:51:27 | 001,925,512 | ---- | M] (AVAST Software) -- C:\Users\Dan\Desktop\aswMBR.exe
[2011/07/09 01:57:28 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/07/08 20:31:59 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Dan\Desktop\OTL.exe
[2011/07/08 18:30:00 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/07/08 18:29:46 | 000,731,106 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/07/07 21:43:46 | 000,135,360 | ---- | M] (Symantec Corporation) -- C:\Users\Dan\Desktop\FixBlast.exe
[2011/07/07 21:19:17 | 000,013,915 | ---- | M] () -- C:\Users\Dan\Desktop\iexplore - Shortcut.lnk
[2011/07/07 20:20:30 | 001,008,041 | ---- | M] () -- C:\rkill.com
[2011/07/06 23:09:48 | 001,008,041 | ---- | M] () -- C:\Users\Dan\Desktop\rkill.com
[2011/07/06 22:54:23 | 000,000,522 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/05 20:50:41 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForDan.job
[2011/07/02 10:27:08 | 000,000,000 | ---- | M] () -- C:\Users\Dan\Documents\Default.rdp
[2011/06/29 16:03:12 | 000,341,476 | ---- | M] () -- C:\Users\Dan\Documents\Personality Disorders.pdf
[2011/06/28 11:16:22 | 000,083,008 | ---- | M] () -- C:\Users\Dan\Documents\Behavior Analyst today 5 3 255.pdf
[2011/06/28 11:15:11 | 000,072,483 | ---- | M] () -- C:\Users\Dan\Documents\Behavior Analyst Today 6 1 65.pdf
[2011/06/28 11:12:56 | 000,097,145 | ---- | M] () -- C:\Users\Dan\Documents\Behavior analyst today 7 1.pdf
[2011/06/26 02:45:56 | 000,256,000 | ---- | M] () -- C:\Windows\PEV.exe
[2011/06/20 23:21:45 | 000,083,008 | ---- | M] () -- C:\Users\Dan\Documents\Behavior analyst today 5 3.pdf
[2011/06/20 23:20:28 | 000,072,483 | ---- | M] () -- C:\Users\Dan\Documents\Behavior Analyst Today 6 1.pdf
[2011/06/20 23:17:44 | 000,097,145 | ---- | M] () -- C:\Users\Dan\Documents\Behavior Analyst Today.pdf
[2011/06/19 09:50:37 | 000,000,360 | ---- | M] () -- C:\IPH.PH
[2011/06/19 09:50:31 | 000,001,935 | ---- | M] () -- C:\Users\Dan\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk
[2011/06/19 09:50:31 | 000,001,911 | ---- | M] () -- C:\Users\Public\Desktop\AIM.lnk

========== Files Created - No Company Name ==========

[2011/07/12 00:57:12 | 003,360,517 | ---- | C] () -- C:\Users\Dan\Documents\Jess-O-Sample-Song.mp4
[2011/07/11 20:52:44 | 000,001,780 | ---- | C] () -- C:\Users\Dan\Documents\Schizoprenia Cautilli.htm
[2011/07/11 16:09:44 | 000,000,512 | ---- | C] () -- C:\Users\Dan\Desktop\MBRCheck_MBR_Backup_07-11-11_16-09-44.bak
[2011/07/11 15:04:53 | 000,080,384 | ---- | C] () -- C:\Users\Dan\Desktop\MBRCheck.exe
[2011/07/10 11:11:37 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/07/10 11:11:37 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/07/10 11:11:37 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/07/10 11:11:37 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/07/10 11:11:37 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/07/10 09:51:22 | 001,327,397 | ---- | C] () -- C:\Users\Dan\Desktop\tdsskiller.zip
[2011/07/10 08:53:34 | 000,000,512 | ---- | C] () -- C:\Users\Dan\Desktop\MBR.dat
[2011/07/09 01:57:28 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/07/08 18:30:00 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/07/08 18:29:46 | 000,731,106 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/07/08 18:29:40 | 000,001,897 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/07/07 21:19:17 | 000,013,915 | ---- | C] () -- C:\Users\Dan\Desktop\iexplore - Shortcut.lnk
[2011/07/07 21:16:08 | 000,002,272 | ---- | C] () -- C:\Users\Public\Desktop\eBay.lnk
[2011/07/07 21:16:08 | 000,002,216 | ---- | C] () -- C:\Users\Public\Desktop\Play HP Games.lnk
[2011/07/07 21:16:08 | 000,002,014 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/07/07 21:16:08 | 000,001,992 | ---- | C] () -- C:\Users\Public\Desktop\Desktop Manager.lnk
[2011/07/07 21:16:08 | 000,001,939 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/07/07 21:16:08 | 000,001,911 | ---- | C] () -- C:\Users\Public\Desktop\AIM.lnk
[2011/07/07 21:16:08 | 000,001,845 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/07/07 21:16:08 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/07/07 21:16:08 | 000,001,321 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Office - 60 Day Trial.lnk
[2011/07/07 21:16:08 | 000,001,315 | ---- | C] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
[2011/07/07 21:16:08 | 000,001,194 | ---- | C] () -- C:\Users\Public\Desktop\Pinnacle Studio 14.lnk
[2011/07/07 21:16:08 | 000,001,097 | ---- | C] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2011/07/07 21:16:08 | 000,000,748 | ---- | C] () -- C:\Users\Public\Desktop\My Player.lnk
[2011/07/07 21:15:59 | 000,002,557 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2007.lnk
[2011/07/07 21:15:59 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011/07/07 21:15:59 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2011/07/07 21:15:59 | 000,002,278 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
[2011/07/07 21:15:59 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2011/07/07 21:15:59 | 000,001,352 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
[2011/07/07 21:15:59 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2011/07/07 21:15:59 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
[2011/07/07 21:15:59 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2011/07/07 21:15:59 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
[2011/07/07 21:15:59 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
[2011/07/07 21:15:59 | 000,001,147 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works Task Launcher.lnk
[2011/07/07 21:15:59 | 000,001,054 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
[2011/07/07 21:15:59 | 000,001,009 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat.com.lnk
[2011/07/07 21:15:59 | 000,000,183 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pandora Internet Radio.url
[2011/07/07 20:21:57 | 001,008,041 | ---- | C] () -- C:\rkill.com
[2011/07/07 19:31:42 | 000,000,522 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/06 23:17:56 | 001,008,041 | ---- | C] () -- C:\Users\Dan\Desktop\rkill.com
[2011/07/02 10:27:08 | 000,000,000 | ---- | C] () -- C:\Users\Dan\Documents\Default.rdp
[2011/06/29 16:03:09 | 000,341,476 | ---- | C] () -- C:\Users\Dan\Documents\Personality Disorders.pdf
[2011/06/28 11:16:21 | 000,083,008 | ---- | C] () -- C:\Users\Dan\Documents\Behavior Analyst today 5 3 255.pdf
[2011/06/28 11:15:10 | 000,072,483 | ---- | C] () -- C:\Users\Dan\Documents\Behavior Analyst Today 6 1 65.pdf
[2011/06/28 11:12:52 | 000,097,145 | ---- | C] () -- C:\Users\Dan\Documents\Behavior analyst today 7 1.pdf
[2011/06/20 23:21:43 | 000,083,008 | ---- | C] () -- C:\Users\Dan\Documents\Behavior analyst today 5 3.pdf
[2011/06/20 23:20:26 | 000,072,483 | ---- | C] () -- C:\Users\Dan\Documents\Behavior Analyst Today 6 1.pdf
[2011/06/20 23:17:42 | 000,097,145 | ---- | C] () -- C:\Users\Dan\Documents\Behavior Analyst Today.pdf
[2011/06/19 09:50:31 | 000,001,935 | ---- | C] () -- C:\Users\Dan\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk
[2011/06/19 09:50:10 | 000,000,360 | ---- | C] () -- C:\IPH.PH
[2011/04/28 21:41:49 | 000,007,859 | ---- | C] () -- C:\Users\Dan\AppData\Roaming\pcouffin.cat
[2011/04/28 21:41:49 | 000,001,167 | ---- | C] () -- C:\Users\Dan\AppData\Roaming\pcouffin.inf
[2010/05/18 21:09:00 | 000,231,448 | ---- | C] () -- C:\Windows\hpwins23.dat.temp
[2010/05/18 21:09:00 | 000,001,843 | ---- | C] () -- C:\Windows\hpwmdl23.dat.temp
[2010/05/18 08:43:07 | 000,000,878 | ---- | C] () -- C:\Users\Dan\AppData\Roaming\wklnhst.dat
[2010/05/16 16:26:27 | 000,160,768 | ---- | C] () -- C:\Windows\SysWow64\Unrar.dll
[2010/05/16 16:26:25 | 000,006,144 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010/05/16 16:26:21 | 000,761,856 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010/05/16 16:26:21 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010/05/16 16:26:21 | 000,122,880 | ---- | C] () -- C:\Windows\SysWow64\v2k2_dec.dll
[2010/05/16 02:40:14 | 000,231,448 | ---- | C] () -- C:\Windows\hpwins23.dat
[2010/05/16 02:40:14 | 000,001,843 | ---- | C] () -- C:\Windows\hpwmdl23.dat
[2010/01/26 23:29:12 | 000,000,312 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini
[2010/01/26 23:29:12 | 000,000,253 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini
[2009/09/29 18:25:16 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2009/08/13 18:51:32 | 000,439,300 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009/08/13 18:51:30 | 000,982,220 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2009/08/13 18:51:30 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009/08/13 18:51:30 | 000,092,216 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:59:36 | 001,498,564 | ---- | C] () -- C:\Windows\SysWow64\igkrng400.bin
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2008/01/14 20:47:06 | 000,099,712 | ---- | C] () -- C:\Windows\HPBroker.dll
[2005/08/26 18:28:34 | 000,143,360 | ---- | C] () -- C:\Windows\unzip.exe
[2005/08/26 18:28:20 | 000,024,576 | ---- | C] () -- C:\Windows\shortcut.exe
[2005/08/26 18:27:58 | 000,045,056 | ---- | C] () -- C:\Windows\devenum.exe

========== LOP Check ==========

[2011/06/19 09:50:56 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\acccore
[2011/06/05 15:52:33 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/04/28 21:51:49 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\DeepBurner
[2011/01/02 16:51:59 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\DriverCure
[2010/08/15 17:23:57 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\iWin
[2011/07/09 01:31:59 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\LimeWire
[2011/01/02 16:51:59 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\ParetoLogic
[2010/08/13 23:57:45 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\PlayFirst
[2010/12/02 23:33:01 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Research In Motion
[2010/05/18 08:43:15 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Template
[2011/03/01 11:43:37 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Titanium Gears
[2011/04/28 21:42:32 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Vso
[2010/05/21 17:03:35 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\WildTangent
[2010/12/02 23:33:01 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\WildTangentv1001
[2011/07/12 10:06:42 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

#19
Essexboy
Posted 13 July 2011 - 10:58 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
That was the backup of the MBR made before the fix :) Do you know what programmes the blank icons relate to ?
On completion of these runs can you let me know what problems remain

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    FF - prefs.js..browser.startup.homepage: "http://www.searchqu.com/405"
    FF - prefs.js..browser.search.selectedEngine: "Search Results"
    FF - prefs.js..browser.search.defaultenginename: "Search Results"
    FF - prefs.js..browser.search.order.1: "Search Results"
    [2011/07/12 00:54:40 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\vo3258jn.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
    [2011/07/12 00:54:36 | 000,002,497 | ---- | M] () -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\vo3258jn.default\searchplugins\SearchResults.xml
    [2011/07/12 00:54:36 | 000,002,497 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\SearchResults.xml
    O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files (x86)\Windows Savevid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
    O2 - BHO: (UrlHelper Class) - {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - C:\Program Files (x86)\Windows Savevid Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)
    O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files (x86)\Windows Savevid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
    O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O3 - HKU\S-1-5-21-3129310027-621649945-1879468611-1001\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
    O4 - HKLM..\Run: [DATAMNGR] C:\Program Files (x86)\Windows Savevid Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)
    O8:64bit: - Extra context menu item: Save video on Savevid.com - C:\Program Files (x86)\Savevid\redirect.htm ()
    O8 - Extra context menu item: Save video on Savevid.com - C:\Program Files (x86)\Savevid\redirect.htm ()
    O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WI5C88~1\Datamngr\x64\datamngr.dll) - C:\Program Files (x86)\Windows Savevid Toolbar\Datamngr\x64\datamngr.dll (Bandoo Media, inc)
    O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WI5C88~1\Datamngr\x64\IEBHO.dll) - C:\Program Files (x86)\Windows Savevid Toolbar\Datamngr\x64\IEBHO.dll (Bandoo Media, inc)
    O20 - AppInit_DLLs: (C:\PROGRA~2\WI5C88~1\Datamngr\datamngr.dll) - C:\Program Files (x86)\Windows Savevid Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc)
    O20 - AppInit_DLLs: (C:\PROGRA~2\WI5C88~1\Datamngr\IEBHO.dll) - C:\Program Files (x86)\Windows Savevid Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)
    [2011/07/12 00:54:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Savevid Toolbar
    [2011/07/12 00:54:36 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
    [2011/07/12 00:54:31 | 000,000,000 | -H-D | C] -- C:\ProgramData\{ACFC9F59-F1AE-43D2-8CFE-E2F1E0F82ABA}
    [2011/07/12 00:54:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Savevid

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
  • 0

#20
dc523680
Posted 13 July 2011 - 11:03 PM

dc523680

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
Hello,

I thought I would take care of the first part while Malwarebytes is running. The icons that were missing are now back since I last ran OTL. Here is the OTL log.

All processes killed
========== OTL ==========
Prefs.js: "http://www.searchqu.com/405" removed from browser.startup.homepage
Prefs.js: "Search Results" removed from browser.search.selectedEngine
Prefs.js: "Search Results" removed from browser.search.defaultenginename
Prefs.js: "Search Results" removed from browser.search.order.1
C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\vo3258jn.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\components folder moved successfully.
C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\vo3258jn.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\searchbar folder moved successfully.
C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\vo3258jn.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\options folder moved successfully.
C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\vo3258jn.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\panels\images folder moved successfully.
C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\vo3258jn.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\panels folder moved successfully.
C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\vo3258jn.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\icons folder moved successfully.
Folder move failed. C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\vo3258jn.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton scheduled to be moved on reboot.
C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\vo3258jn.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\uwa folder moved successfully.
C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\vo3258jn.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\images folder moved successfully.
C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\vo3258jn.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\css folder moved successfully.
C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\vo3258jn.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio folder moved successfully.
C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\vo3258jn.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images folder moved successfully.
C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\vo3258jn.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default\scripts folder moved successfully.
C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\vo3258jn.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default\images folder moved successfully.
C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\vo3258jn.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default\css folder moved successfully.
C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\vo3258jn.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default folder moved successfully.
C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\vo3258jn.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\css folder moved successfully.
Folder move failed. C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\vo3258jn.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels scheduled to be moved on reboot.
Folder move failed. C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\vo3258jn.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib scheduled to be moved on reboot.
Folder move failed. C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\vo3258jn.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin scheduled to be moved on reboot.
C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\vo3258jn.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets\net.vmn.www.PPCBully folder moved successfully.
C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\vo3258jn.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\scripts folder moved successfully.
C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\vo3258jn.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images folder moved successfully.
C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\vo3258jn.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\css folder moved successfully.
C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\vo3258jn.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin folder moved successfully.
C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\vo3258jn.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets\net.vmn.www.MyStartFacebook\js folder moved successfully.
C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\vo3258jn.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets\net.vmn.www.MyStartFacebook\images folder moved successfully.
C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\vo3258jn.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets\net.vmn.www.MyStartFacebook\css folder moved successfully.
Folder move failed. C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\vo3258jn.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets\net.vmn.www.MyStartFacebook scheduled to be moved on reboot.
C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\vo3258jn.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\scripts folder moved successfully.
C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\vo3258jn.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images folder moved successfully.
C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\vo3258jn.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\css folder moved successfully.
C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\vo3258jn.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets\net.vmn.www.Coupons_v2\skin folder moved successfully.
C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\vo3258jn.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets\net.vmn.www.Coupons_v2\js folder moved successfully.
C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\vo3258jn.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets\net.vmn.www.Coupons_v2\images folder moved successfully.
C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\vo3258jn.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets\net.vmn.www.Coupons_v2\css folder moved successfully.
Folder move failed. C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\vo3258jn.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets\net.vmn.www.Coupons_v2 scheduled to be moved on reboot.
C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\vo3258jn.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets\com.djboxservice.dj.DJBox\thumbs folder moved successfully.
C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\vo3258jn.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets\com.djboxservice.dj.DJBox folder moved successfully.
Folder move failed. C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\vo3258jn.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets scheduled to be moved on reboot.
C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\vo3258jn.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\modules folder moved successfully.
C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\vo3258jn.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\lib folder moved successfully.
C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\vo3258jn.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\data\search folder moved successfully.
C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\vo3258jn.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\data folder moved successfully.
Folder move failed. C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\vo3258jn.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content scheduled to be moved on reboot.
Folder move failed. C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\vo3258jn.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome scheduled to be moved on reboot.
Folder move failed. C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\vo3258jn.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7} scheduled to be moved on reboot.
C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\vo3258jn.default\searchplugins\SearchResults.xml moved successfully.
C:\Program Files (x86)\Mozilla Firefox\searchplugins\SearchResults.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.
C:\Program Files (x86)\Windows Savevid Toolbar\Datamngr\ToolBar\searchqudtx.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\ deleted successfully.
C:\Program Files (x86)\Windows Savevid Toolbar\Datamngr\IEBHO.dll moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
File C:\Program Files (x86)\Windows Savevid Toolbar\Datamngr\ToolBar\searchqudtx.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3129310027-621649945-1879468611-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DATAMNGR deleted successfully.
C:\Program Files (x86)\Windows Savevid Toolbar\Datamngr\datamngrUI.exe moved successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Save video on Savevid.com\ deleted successfully.
C:\Program Files (x86)\Savevid\redirect.htm moved successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Save video on Savevid.com\ not found.
File C:\Program Files (x86)\Savevid\redirect.htm not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\WI5C88~1\Datamngr\x64\datamngr.dll deleted successfully.
C:\Program Files (x86)\Windows Savevid Toolbar\Datamngr\x64\datamngr.dll moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\WI5C88~1\Datamngr\x64\IEBHO.dll deleted successfully.
C:\Program Files (x86)\Windows Savevid Toolbar\Datamngr\x64\IEBHO.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\WI5C88~1\Datamngr\datamngr.dll deleted successfully.
C:\Program Files (x86)\Windows Savevid Toolbar\Datamngr\datamngr.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\WI5C88~1\Datamngr\IEBHO.dll deleted successfully.
File C:\Program Files (x86)\Windows Savevid Toolbar\Datamngr\IEBHO.dll not found.
C:\Program Files (x86)\Windows Savevid Toolbar\Datamngr\x64 folder moved successfully.
C:\Program Files (x86)\Windows Savevid Toolbar\Datamngr\ToolBar\components folder moved successfully.
C:\Program Files (x86)\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\searchbar folder moved successfully.
C:\Program Files (x86)\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\options folder moved successfully.
C:\Program Files (x86)\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images folder moved successfully.
C:\Program Files (x86)\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels folder moved successfully.
C:\Program Files (x86)\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons folder moved successfully.
C:\Program Files (x86)\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton folder moved successfully.
C:\Program Files (x86)\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa folder moved successfully.
C:\Program Files (x86)\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images folder moved successfully.
C:\Program Files (x86)\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\css folder moved successfully.
C:\Program Files (x86)\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio folder moved successfully.
C:\Program Files (x86)\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images folder moved successfully.
C:\Program Files (x86)\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\scripts folder moved successfully.
C:\Program Files (x86)\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images folder moved successfully.
C:\Program Files (x86)\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\css folder moved successfully.
C:\Program Files (x86)\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default folder moved successfully.
C:\Program Files (x86)\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css folder moved successfully.
C:\Program Files (x86)\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels folder moved successfully.
C:\Program Files (x86)\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib folder moved successfully.
C:\Program Files (x86)\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin folder moved successfully.
C:\Program Files (x86)\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.PPCBully folder moved successfully.
C:\Program Files (x86)\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\scripts folder moved successfully.
C:\Program Files (x86)\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images folder moved successfully.
C:\Program Files (x86)\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\css folder moved successfully.
C:\Program Files (x86)\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin folder moved successfully.
C:\Program Files (x86)\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\js folder moved successfully.
C:\Program Files (x86)\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images folder moved successfully.
C:\Program Files (x86)\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\css folder moved successfully.
C:\Program Files (x86)\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook folder moved successfully.
C:\Program Files (x86)\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\scripts folder moved successfully.
C:\Program Files (x86)\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images folder moved successfully.
C:\Program Files (x86)\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\css folder moved successfully.
C:\Program Files (x86)\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin folder moved successfully.
C:\Program Files (x86)\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\js folder moved successfully.
C:\Program Files (x86)\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images folder moved successfully.
C:\Program Files (x86)\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\css folder moved successfully.
C:\Program Files (x86)\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2 folder moved successfully.
C:\Program Files (x86)\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\com.djboxservice.dj.DJBox\thumbs folder moved successfully.
C:\Program Files (x86)\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\com.djboxservice.dj.DJBox folder moved successfully.
C:\Program Files (x86)\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets folder moved successfully.
C:\Program Files (x86)\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\modules folder moved successfully.
C:\Program Files (x86)\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\lib folder moved successfully.
C:\Program Files (x86)\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\data\search folder moved successfully.
C:\Program Files (x86)\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\data folder moved successfully.
C:\Program Files (x86)\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content folder moved successfully.
C:\Program Files (x86)\Windows Savevid Toolbar\Datamngr\ToolBar\chrome folder moved successfully.
C:\Program Files (x86)\Windows Savevid Toolbar\Datamngr\ToolBar folder moved successfully.
C:\Program Files (x86)\Windows Savevid Toolbar\Datamngr\FirefoxExtension\content folder moved successfully.
C:\Program Files (x86)\Windows Savevid Toolbar\Datamngr\FirefoxExtension\components folder moved successfully.
C:\Program Files (x86)\Windows Savevid Toolbar\Datamngr\FirefoxExtension folder moved successfully.
C:\Program Files (x86)\Windows Savevid Toolbar\Datamngr folder moved successfully.
C:\Program Files (x86)\Windows Savevid Toolbar folder moved successfully.
C:\ProgramData\boost_interprocess\BEED1BC62040CC01 folder moved successfully.
C:\ProgramData\boost_interprocess folder moved successfully.
C:\ProgramData\{ACFC9F59-F1AE-43D2-8CFE-E2F1E0F82ABA} folder moved successfully.
C:\Program Files (x86)\Savevid\[email protected]\chrome\content folder moved successfully.
C:\Program Files (x86)\Savevid\[email protected]\chrome folder moved successfully.
C:\Program Files (x86)\Savevid\[email protected] folder moved successfully.
C:\Program Files (x86)\Savevid folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Dan\Desktop\cmd.bat deleted successfully.
C:\Users\Dan\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes

User: All Users

User: Dan
->Temp folder emptied: 452435970 bytes
->Temporary Internet Files folder emptied: 81815099 bytes
->Java cache emptied: 38448 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 16645 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 10880740 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
RecycleBin emptied: 590183 bytes

Total Files Cleaned = 521.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Dan
->Flash cache emptied: 0 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

Error creating restore point.

OTL by OldTimer - Version 3.2.26.1 log created on 07142011_004839

Files\Folders moved on Reboot...
C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\vo3258jn.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton folder moved successfully.
C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\vo3258jn.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels folder moved successfully.
C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\vo3258jn.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib folder moved successfully.
C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\vo3258jn.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin folder moved successfully.
C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\vo3258jn.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets\net.vmn.www.MyStartFacebook folder moved successfully.
C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\vo3258jn.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets\net.vmn.www.Coupons_v2 folder moved successfully.
C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\vo3258jn.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets folder moved successfully.
C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\vo3258jn.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content folder moved successfully.
C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\vo3258jn.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome folder moved successfully.
C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\vo3258jn.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7} folder moved successfully.
C:\Users\Dan\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Dan\AppData\Local\Temp\~DF0AC5CBEB609DCBC7.TMP not found!
File\Folder C:\Users\Dan\AppData\Local\Temp\~DF0B2C730B2ACD91A8.TMP not found!
File\Folder C:\Users\Dan\AppData\Local\Temp\~DF41FF63C0479AB7B6.TMP not found!
File\Folder C:\Users\Dan\AppData\Local\Temp\~DF56A7F28A709C2199.TMP not found!
File\Folder C:\Users\Dan\AppData\Local\Temp\~DF6E22CC589E37AD95.TMP not found!
File\Folder C:\Users\Dan\AppData\Local\Temp\~DF9070DC9647D10FD6.TMP not found!
File\Folder C:\Users\Dan\AppData\Local\Temp\~DF953AF400E1302492.TMP not found!
File\Folder C:\Users\Dan\AppData\Local\Temp\~DFE8138EC156B14CA7.TMP not found!
C:\Users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z2190TPU\page__st__15[1].htm moved successfully.
C:\Users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TN00RA31\button[1].htm moved successfully.
C:\Users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NAGCU6RB\net[1].htm moved successfully.
C:\Users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NAGCU6RB\techspot_com[1].htm moved successfully.
C:\Users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N1QQD4D5\proxy[1].html moved successfully.
C:\Users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D12HLOJL\like[1].htm moved successfully.
C:\Users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CXIAR6TT\collect[1].htm moved successfully.
C:\Users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CBNV71CK\iframescript[1].htm moved successfully.
C:\Users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CBNV71CK\likebox[1].htm moved successfully.
C:\Users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CBNV71CK\login_status[5].htm moved successfully.

Registry entries deleted on Reboot...

Malwarebytes has just finished and nothing was found! Here is the log

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 7123

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

7/14/2011 12:57:39 AM
mbam-log-2011-07-14 (00-57-39).txt

Scan type: Quick scan
Objects scanned: 173963
Time elapsed: 4 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Now that the icons are back I can't find anything else wrong with my computer. It appears to be back to normal! You guys are the best. Is this the last step if everything checks out upon your review of the above logs? Thank you very much for your help!
  • 0

#21
Essexboy
Posted 14 July 2011 - 10:14 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Subject to no further problems :yes:

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :)

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself. For aswMBR just delete from the desktop

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click Do I have Java
  • It will check your current version and then offer to update to the latest version

SPRING CLEAN

To manually create a new Restore Point

  • Go to Control Panel and select System
  • Select System
  • On the left select System Protection and accept the warning if you get one
  • Select System Protection Tab
  • Select Create at the bottom
  • Type in a name i.e. Clean
  • Select Create

Now we can purge the infected ones

  • GoStart > All programs > Accessories > system tools
  • Right click Disc cleanup an select run as administrator
  • Select Your main drive and accept the warning if you get one
  • For a few moments the system will make some calculations
  • Select the More Options tab
  • In the System Restore and Shadow Backups select Clean up
  • Select Delete on the pop up
  • Select OK
  • Select Delete

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Posted Image Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?
Keep safe :unsure:
  • 0

#22
dc523680
Posted 14 July 2011 - 03:18 PM

dc523680

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
Thank you very much for all of your help Essexboy! Computer is running great. I will let you know if I have any more problems. Take care!
  • 0

#23
Essexboy
Posted 15 July 2011 - 10:37 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP