Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with System Restore virus, keep getting google redirect


  • This topic is locked This topic is locked
36 replies to this topic

#1 becca_lynn

becca_lynn

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:11:05 AM

Posted 15 October 2011 - 11:21 PM

I was infected with the fake System Restore virus. I googled it and tried to remove it. I was successful in removing the System Restore files and related popups, but I still have something. I am getting the google redirect and I also keep getting the following 2 pop-ups about every 5-10 minutes, even when IE is not running or open.

“Internet Explorer has stopped working. Windows can check online for a solution to the problem and try to restart the program
check online for a solution and restart the program
restart the program” (tried to attach screenshot (.docx file) but I'm getting Error - I'm not permitted to upload this kind of file)

“Internet Explorer was closed. To help protect your computer, Data Execution Prevention has closed Internet Explorer. Click to learn more.”

I have a 32 bit running in Vista. Here are the following steps I have taken (in hindsight, I probably shouldn't have done all these steps but I didn't know that until I started reading into this forum...I hope I haven't made things worse and I hope someone is still able to help me!) (I also downloaded Secunia and Wise PC doctor at some point but I'm not sure where)

- downloaded Rkill and ran it in safe mode (but I may have rebooted afterwards)
- downloaded and updated with Malwarebytes Anti-malware, scanned and removed threats (in safe mode)
- unhid data – using unhide.exe and “show hidden files” etc.
- Deleted 4 registry entries and 3 files manually from instructions online that listed “manual removal instructions”
- at this point the System restore virus appeared to be gone, but still getting google redirect, and advertisements and music playing in the background

- tried to download and run TDSSkiller but it won't run. Renamed as abc123.com and still doesn't work. Also tried downloading to USB, renaming, then inserting and running but still won't work.
- Downloaded other Rkills, ran several times (without rebooting), then ran Super anti-spyware
- did complete SAS scan, removed threats
- ran MBAM quick scan, removed threats
- still can't run TDSSkiller

- windows update
- downloaded and ran Trojan Killer – then realized I had to pay so instead I manually deleted the files that were returned in the log.
- Still getting google redirect and error messages
- ran ESET (triggered ads and music in background while scanning even though browsers were closed) – it found 2 threats, then crashed from a pop-up at around 90% complete
- re-ran ESET, no threats found
- ran TFC and rebooted – log showed no infections
- pop-ups and redirect still happening.
- Also noticed a quick pop-up when I boot my computer up that I don't ever remember seeing before, “AmIcoSingLun”

- I've backed up my files using Backup and Restore (my computer didn't give option to back up computer)
- See DDS log below.
- GMER wouldn't run, error message said "LoadDriver( "C:\Users\Becca\AppData\Local\Temp\fgtdqpob.sys") error 0xC000010E: An instance of the service is already running." then I clicked x and GMER popped up, but the only selectable options were Services, Registries, and Files. (again, I have screenshots but not sure what format to upload them in)

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.19088 BrowserJavaVersion: 1.6.0_26
Run by Becca at 23:22:09 on 2011-10-15
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.2.1033.18.3002.1775 [GMT -4:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\ProgramData\2degrees Mobile Broadband\OnlineUpdate\ouc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\ProgramData\DatacardService\HWDeviceService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Acer\Acer VCM\RS_Service.exe
C:\Program Files\Secunia\PSI\PSIA.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Selective Suspend Driver\AmIcoSinglun.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe
C:\Program Files\Sierra Wireless Inc\3G Watcher\WaHelper.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Secunia\PSI\psi_tray.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\system32\igfxext.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ca/
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=1009&m=aspire_1410&r=2v3509093416l03g3zq85w4741r83r
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=1009&m=aspire_1410&r=2v3509093416l03g3zq85w4741r83r
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=1009&m=aspire_1410&r=2v3509093416l03g3zq85w4741r83r
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: E-Zsoft VideoDownloaderToolBar: {4322a444-92f8-4c3e-bd4c-013ba51e2871} - c:\program files\versalsoft\internetdownload\VDTB.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: E-Zsoft VideoDownloaderToolBar: {4322a444-92f8-4c3e-bd4c-013ba51e2871} - c:\program files\versalsoft\internetdownload\VDTB.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [Google Update] "c:\users\becca\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [AmIcoSinglun] c:\program files\selective suspend driver\AmIcoSinglun.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [Acer ePower Management] c:\program files\acer\acer epower management\ePowerTray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Acer Product Registration] "c:\program files\acer\acer registration\ACE1.exe" /startup
mRun: [PLFSetI] c:\windows\PLFSetI.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [LManager] c:\program files\launch manager\LManager.exe
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [BellCanada_UninstallTracking] c:\users\becca\appdata\local\temp\InstallHelper.exe /uninstalltrackingvendor=BellCanada
mRun: [InternetDownload_upgrade] "c:\program files\versalsoft\internetdownload\InternetDownload.exe" /upgrade
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [TRUUpdater] "c:\program files\sierra wireless inc\webupdater\TRUUpdater.exe" /bkground
mRun: [WatcherHelper] "c:\program files\sierra wireless inc\3g watcher\WaHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
StartupFolder: c:\users\becca\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: Download by VersalSoft Internet Download - c:\program files\versalsoft\internetdownload\adddownload.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: download.com
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{0F7BD4C2-109B-430F-AA02-D159723B369A} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{66C5D064-F01B-40F5-8995-79F50D396F5E} : DhcpNameServer = 118.148.1.10 118.148.1.20
TCP: Interfaces\{74172B85-8BB9-492D-8B3F-3A45593ECDAB} : DhcpNameServer = 202.74.207.253 202.74.207.254
TCP: Interfaces\{A3276E19-F7FB-4AB3-89BC-5A54BE098F40} : DhcpNameServer = 118.148.1.10 118.148.1.20
TCP: Interfaces\{A69F5AB1-4B02-464C-AE81-A0FF8ED7F397} : DhcpNameServer = 118.148.1.10 118.148.1.20
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\becca\appdata\roaming\mozilla\firefox\profiles\phnxwque.default\
FF - prefs.js: browser.startup.homepage - www.google.ca
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\visan\reseller2\npRLViewer.dll
FF - plugin: c:\users\becca\appdata\local\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\users\becca\appdata\local\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
FF - plugin: c:\users\becca\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\becca\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-10-13 442200]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-10-13 320856]
R1 DPMemGridVista;Physical Memory I/O for GridVista;c:\program files\gridvista\DPMemGridVista.sys [2009-7-1 10504]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-2-10 136360]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-2-10 269480]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-10-13 20568]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-10-13 54616]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-10-13 44768]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-2-10 66616]
R2 ePowerSvc;Acer ePower Service;c:\program files\acer\acer epower management\ePowerSvc.exe [2009-7-1 723488]
R2 HWDeviceService.exe;HWDeviceService.exe;c:\programdata\datacardservice\hwdeviceservice.exe -/service --> c:\programdata\datacardservice\HWDeviceService.exe -/service [?]
R2 RS_Service;Raw Socket Service;c:\program files\acer\acer vcm\RS_Service.exe [2009-7-1 237568]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-7-29 994360]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2011-7-29 399416]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2011-6-16 72576]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-7-1 112640]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\L1C60x86.sys [2009-7-1 50176]
R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2009-7-1 4232704]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
S2 2degrees Mobile Broadband. RunOuc;2degrees Mobile Broadband. OUC;c:\program files\2degrees mobile broadband\updatedog\ouc.exe [2011-6-16 218624]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-8-3 135664]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-10-13 366152]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [2011-6-16 102784]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2011-6-16 116736]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-8-3 135664]
S3 SSDISK;SSDISK Filter;c:\windows\system32\drivers\SSDISK.sys [2009-3-30 10752]
S3 SSUSB;SSUSB Filter;c:\windows\system32\drivers\SSUSB.sys [2009-4-7 14848]
S3 SWNC8UA3;Sierra Wireless MUX NDIS Driver (UMTSA3);c:\windows\system32\drivers\swnc8ua3.sys [2009-8-12 197504]
S3 SWUMXA3;Sierra Wireless USB MUX Driver (UMTSA3);c:\windows\system32\drivers\swumxa3.sys [2009-7-22 148992]
.
=============== Created Last 30 ================
.
2011-10-14 22:44:26 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{583605ea-c636-41f6-86b0-499963fdc86d}\offreg.dll
2011-10-14 17:00:05 -------- d-----w- c:\program files\GridinSoft Trojan Killer
2011-10-14 16:38:54 7269712 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{583605ea-c636-41f6-86b0-499963fdc86d}\mpengine.dll
2011-10-14 01:29:49 -------- d-----w- c:\users\becca\appdata\roaming\SUPERAntiSpyware.com
2011-10-14 01:28:04 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-10-14 01:28:04 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-10-13 23:17:29 -------- d-----w- c:\users\becca\appdata\local\Secunia PSI
2011-10-13 23:17:24 -------- d-----w- c:\program files\Secunia
2011-10-13 19:05:01 -------- d-----w- c:\program files\Wise PC Doctor
2011-10-13 19:00:18 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-10-13 19:00:17 54616 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-10-13 19:00:03 41184 ----a-w- c:\windows\avastSS.scr
2011-10-13 18:59:44 -------- d-----w- c:\programdata\AVAST Software
2011-10-13 18:59:44 -------- d-----w- c:\program files\AVAST Software
2011-10-13 18:19:50 -------- d-----w- c:\users\becca\appdata\roaming\Malwarebytes
2011-10-13 18:19:38 -------- d-----w- c:\programdata\Malwarebytes
2011-10-13 18:19:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-12 04:32:59 -------- d-----w- c:\program files\iPod
2011-10-12 04:26:31 -------- d-----w- c:\program files\Bonjour
2011-09-29 18:06:17 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin7.dll
2011-09-29 18:06:17 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin6.dll
2011-09-29 18:06:17 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin5.dll
2011-09-29 18:06:17 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin4.dll
2011-09-29 18:06:17 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin3.dll
2011-09-29 18:06:17 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin2.dll
2011-09-29 17:52:57 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2011-09-29 17:52:57 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2011-09-29 17:52:57 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2011-09-29 17:52:57 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2011-09-29 17:52:57 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2011-09-29 17:52:57 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2011-09-29 17:52:57 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2011-09-21 13:35:54 4566176 ----a-w- c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
.
==================== Find3M ====================
.
2011-10-14 01:12:56 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-31 03:05:04 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-31 03:05:04 73064 ----a-w- c:\windows\system32\dnssd.dll
.
============= FINISH: 23:29:40.36 ===============

I thank you great people in advance for your help! :)
Rebecca

Attached Files



BC AdBot (Login to Remove)

 


#2 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:07:05 PM

Posted 16 October 2011 - 04:33 AM

Hello Rebecca ! Welcome to BleepingComputer Forums! :welcome:

My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:
  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.



I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either avast! or Avira.



Please download ComboFix from the link below:

ComboFix

Save it to your Desktop, but do not run it yet <-- Important!!!

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Please refer to this link for instructions.
  • Double click it & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    Notes: Skip the Recovery Console part as you're running Vista. You can use the Windows DVD to boot into the Vista Recovery Environment if something goes awry.
  • Click on Yes, to continue scanning for malware.
  • If you receive a UAC prompt asking if you want to continue running the program, you should press the Continue button.
  • When finished, it will produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.
  • Note: After running Combofix, you may receive an error about "illegal operation on a registry key that has been marked for deletion." If you receive this error, please reboot and it should disappear.
  • If you no longer have access to your Internet connection after running ComboFix, please reboot to restore it. If that does not restore the connection, then follow the instructions for Manually restoring the Internet connection provided in the "How to Guide" you printed out earlier.



-- Do not touch your mouse/keyboard until the ComboFix scan has completed, as this may cause the process to stall or the computer to lock.



Regards,
Georgi

cXfZ4wS.png


#3 becca_lynn

becca_lynn
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:11:05 AM

Posted 16 October 2011 - 11:21 AM

Hi Georgi :) Thank you SO much for helping me!

- I uninstalled Avast!
- I disabled Avira and SAS
- ran ComboFix with no errors and my internet connection was still there
- log is attached

Thank you!!! :busy:
Rebecca

Attached Files



#4 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:07:05 PM

Posted 16 October 2011 - 04:57 PM

Hello Rebecca, :)



Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Please click this link-->Virustotal

When the Virustotal page has finished loading, click the Browse button and navigate to the following file and click Submit.

C:\Qoobox\c:\programdata\DatacardService\DCService.exe

note, if VT says these files have already been analysed, make sure you click re-analyse file now.

Please post back the results of the scan in your next post.

If Virustotal is busy, try the same at Virscan: http://virscan.org/





Please download aswMBR.exe to your desktop.

  • Double click the aswMBR.exe icon to run it.
  • The program will offers to download the latest antivirus definitions from Avast servers. Click YES to agree.
  • When it's done in the AV Scan drop down options choose C:\
    Posted Image
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.
  • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To => Compressed (zipped) file. Attach that zipped file in your next reply as well.
Note - do NOT attempt any Fix or FixMBR yet.



Please download Rootkit Unhooker from one of the following links and save it to your desktop.
Link 1 (.exe file)
Link 2 (zipped file)
Link 3 (.rar file)In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

  • Double-click on RKUnhookerLE.exe to start the program.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • Click the Report tab, then click Scan.
  • Check Drivers, Stealth, and uncheck the rest.
  • Click OK.
  • Wait until it's finished and then go to File > Save Report.
  • Save the report to your Desktop.
  • Copy and paste the contents of the report into your next reply.
-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".



Regards,
Georgi

cXfZ4wS.png


#5 becca_lynn

becca_lynn
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:11:05 AM

Posted 16 October 2011 - 05:22 PM

Hi Georgi :)

I have unhid all files and opened the virustotal page, but when I browse, I cannot find the file C:\Qoobox\c:\programdata\DatacardService\DCService.exe

I can browse to c:\Qoobox or c:\programdata\datacard service, but neither of these contain a file called DC Service.exe. My options under datacard service are: DCSHelper.exe, HWDeviceService.exe, and HWDeviceService64.exe.

I will wait for your reply before doing anything else, thanks!

Rebecca

Edited by becca_lynn, 16 October 2011 - 05:24 PM.


#6 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:07:05 PM

Posted 16 October 2011 - 06:37 PM

Hi Rebecca, :)


I am sorry. My fault.

Please try to navigate to:

C:\Qoobox\Quarantine\C\ProgramData\DatacardService\DCService.exe

and if the DCService.exe exist then scan it on VirusTotal and let me know about the results.

Next please proceed with the rest of the steps (even if the file is missing).


Due to time difference (here it is 02.35 AM) I'll get some sleep.
See ya tomorrow as I'm very tired and I might just fall asleep during typing..stay tuned. :wink:


Regards,
Georgi

cXfZ4wS.png


#7 becca_lynn

becca_lynn
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:11:05 AM

Posted 16 October 2011 - 07:15 PM

File name: DCService.exe.vir
Submission date: 2011-10-16 23:55:07 (UTC)
Current status: finished
Result: 0/ 41 (0.0%)

AntivirusVersionLast UpdateResultAhnLab-V32011.10.13.002011.10.13-AntiVir7.11.15.2522011.10.13-Antiy-AVL2.0.3.72011.10.13-Avast6.0.1289.02011.10.13-AVG10.0.0.11902011.10.13-BitDefender7.22011.10.13-ByteHero1.0.0.12011.09.23-CAT-QuickHeal11.002011.10.13-ClamAV0.97.0.02011.10.13-Commtouch5.3.2.62011.10.13-Comodo104402011.10.13-DrWeb5.0.2.033002011.10.12-Emsisoft5.1.0.112011.10.13-eSafe7.0.17.02011.10.11-eTrust-Vet36.1.86172011.10.13-F-Prot4.6.5.1412011.10.13-F-Secure9.0.16440.02011.10.13-Fortinet4.3.370.02011.10.13-GData222011.10.13-IkarusT3.1.1.107.02011.10.13-Jiangmin13.0.9002011.10.12-K7AntiVirus9.115.52782011.10.13-Kaspersky9.0.0.8372011.10.13-McAfee5.400.0.11582011.10.13-McAfee-GW-Edition2010.1D2011.10.13-Microsoft1.77022011.10.13-NOD3265412011.10.13-nProtect2011-10-13.012011.10.13-Panda10.0.3.52011.10.13-Prevx3.02011.10.17-Rising23.79.03.022011.10.13-Sophos4.70.02011.10.13-SUPERAntiSpyware4.40.0.10062011.10.13-Symantec20111.2.0.822011.10.13-TheHacker6.7.0.1.3222011.10.13-TrendMicro9.500.0.10082011.10.13-TrendMicro-HouseCall9.500.0.10082011.10.13-VBA323.12.16.42011.10.13-VIPRE107492011.10.13-ViRobot2011.10.13.47172011.10.13-VirusBuster14.1.11.02011.10.13-

Additional information
MD5 : 3cbce963f59f5701fc70d977e056ffb3SHA1 : 031215f1dd552d47026bdb44ad6bc2741ce479d1SHA256: 73d5d1dc6f2ce710975daedffc066c64f775f04d8cca393e66f8d5604197eff1ssdeep: 1536:apTA3GncFulWY5S+TNpkV3257sh2oJp3NfWT+xN59WWpz2oR:a9A3mSulFNTbk8iLWT+xN
59WWpz2oFile size : 137216 bytesFirst seen: 2011-02-01 11:45:29Last seen : 2011-10-16 23:55:07TrID:
InstallShield setup (46.1%)
Win32 Executable MS Visual C++ (generic) (40.4%)
Win32 Executable Generic (9.1%)
Generic Win/DOS Executable (2.1%)
DOS Executable Generic (2.1%)sigcheck:
publisher....: n/a
copyright....: Copyright © 2010
product......: RunDCSer ____
description..: RunDCSer ____
original name: RunDCSer.exe
internal name: RunDCSer
file version.: 2, 0, 0, 42
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0x4457
timedatestamp....: 0x4CE28925 (Tue Nov 16 13:37:41 2010)
machinetype......: 0x14c (I386)

[[ 5 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0xEA69, 0xEC00, 6.55, 3c6c6d55f26613b9483c215486bdcb20
.rdata, 0x10000, 0x3414, 0x3600, 5.21, 91c4cec4ce5ea1fc663451a295bb8858
.data, 0x14000, 0x2DA0, 0x1200, 2.35, 8cb2a4e51114eac4974ab4f546da1de0
.rsrc, 0x17000, 0xC310, 0xC400, 4.36, cd2dfc4f3d49ad875655096a81e722a8
.reloc, 0x24000, 0x1A2E, 0x1C00, 3.97, 2007ad7ba1782279f3820364dce255e2

[[ 4 import(s) ]]
KERNEL32.dll: CreateToolhelp32Snapshot, Process32First, Process32Next, GetFileAttributesW, SetFileAttributesW, DeleteFileW, Sleep, CreateDirectoryA, GetLocalTime, GetFileSize, GetProcessHeap, SetLastError, GetCurrentProcess, HeapFree, HeapAlloc, LoadLibraryA, CreateFileA, GetModuleFileNameA, GetProcAddress, GetModuleHandleA, CloseHandle, GetLastError, WideCharToMultiByte, MultiByteToWideChar, ReadFile, SetEndOfFile, GetStringTypeW, GetStringTypeA, TerminateProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, GetCommandLineA, GetStartupInfoA, RaiseException, RtlUnwind, HeapCreate, VirtualFree, DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, VirtualAlloc, HeapReAlloc, GetModuleHandleW, ExitProcess, WriteFile, GetStdHandle, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, InterlockedIncrement, GetCurrentThreadId, InterlockedDecrement, SetHandleCount, GetFileType, GetConsoleCP, GetConsoleMode, FlushFileBuffers, HeapSize, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetSystemTimeAsFileTime, InitializeCriticalSectionAndSpinCount, SetFilePointer, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, SetStdHandle, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, GetLocaleInfoA, LCMapStringA, LCMapStringW
ADVAPI32.dll: GetUserNameA
SHELL32.dll: SHGetFolderPathA, ShellExecuteA
SHLWAPI.dll: PathAppendA, PathFileExistsW
ExifTool:
file metadata
CharacterSet: Unicode
CodeSize: 60416
EntryPoint: 0x4457
FileDescription: RunDCSer
FileFlagsMask: 0x0017
FileOS: Win32
FileSize: 134 kB
FileSubtype: 0
FileType: Win32 EXE
FileVersion: 2, 0, 0, 42
FileVersionNumber: 2.0.0.42
ImageVersion: 0.0
InitializedDataSize: 75776
InternalName: RunDCSer
LanguageCode: Chinese (Simplified)
LegalCopyright: Copyright © 2010
LinkerVersion: 9.0
MIMEType: application/octet-stream
MachineType: Intel 386 or later, and compatibles
OSVersion: 5.0
ObjectFileType: Executable application
OriginalFilename: RunDCSer.exe
PEType: PE32
ProductName: RunDCSer
ProductVersion: 2, 0, 0, 42
ProductVersionNumber: 2.0.0.42
Subsystem: Windows GUI
SubsystemVersion: 5.0
TimeStamp: 2010:11:16 14:37:41+01:00
UninitializedDataSize: 0

I will perform the remaining steps now :)

#8 becca_lynn

becca_lynn
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:11:05 AM

Posted 16 October 2011 - 08:21 PM

Hi Georgi :)

Unfortunately my computer will not run aswMBR.exe. I tried renaming it to iexplore.exe, I also tried running in safe mode, and under a different user account. None of those options worked. I will wait to hear from you before I download the Rootkit Unhooker.

Thanks!
Rebecca

#9 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:07:05 PM

Posted 17 October 2011 - 02:44 AM

Hi Rebecca, :)


I would like to take a look at your MBR before we continue.

Please go to this site and download MBRFix.exe.

Scroll down to locate mbrfix.exe, and in the lower right corner of the tool info, you'll see the Download link. Save it directly to the C:\ drive and extract all files there.

Windows Vista/7 do not display the Run line on the Start menu in the default setting but the Run line can be accessed in all current versiions of Windows by pressing the keyboard combination Windows key + R.

Copy/paste the following into the Run box and click OK:

cmd /c MbrFix /drive 0 savembr C:\beccambr

You should now see the beccambr on your C:\ drive.

Please zip that file and attach in your next reply.



Regards,
Georgi

cXfZ4wS.png


#10 becca_lynn

becca_lynn
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:11:05 AM

Posted 17 October 2011 - 07:19 AM

Hi Georgi :)

It would not let me download MBRFix directly to the C:\ drive.

Error - C:\mbrfix.zip
You don't have permission to save in this location. Contact the administrator to obtain permission. Would you like to save to the Becca folder instead?

So I did save it to C:\users\becca. Then I copy/pasted the folder to C:\ and extracted the files there. Then run, copy/paste into the run box, but I got a black windows screen pop up.

C:\windows\system32\cmd.exe
'MBRFix' is not recognized as an internal or external command, operable program or batch file.

This pop-up only appeared for 1 second and then went away. I had to "print screen" to copy the error message to you. There is no "beccambr" file on my c:\ drive.

Hope this information helps! Thanks :)
Rebecca

#11 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:07:05 PM

Posted 17 October 2011 - 08:56 AM

Hi Rebecca,


So where is MBRFix.exe exactly located - C:\MBRFix.exe or C:\Becca\Mbrfix.exe ?


Ok, let's try the command once more:

In the command prompt type in the following and press Enter:

cd c:\

Make sure you are on drive C:\

Now try again to type in the following and press Enter:

MbrFix.exe /drive 0 savembr beccambr

Note: there is a space between: MbrFix.exe, /drive, 0, savembr, beccambr

You should see beccambr on the C:\ drive. Zip it up and attach it in your next reply.

Note 2: If the file is located to C:\Becca\Mbrfix.exe you should enter these commands instead:

cd c:\ => Enter

cd becca => Enter

MbrFix.exe /drive 0 savembr beccambr => Enter

etc.

Keep me posted about the results. :)



Regards,
Georgi

cXfZ4wS.png


#12 becca_lynn

becca_lynn
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:11:05 AM

Posted 17 October 2011 - 09:24 AM

Hi Georgi :)

I tried all of the above instructions and I keep getting the same error message 'MBRFix' is not recognized as an internal or external command, operable program or batch file.

Also,

" In the command prompt type in the following and press Enter:
cd c:\" - This returned "Windows cannot find 'cd'. make sure you typed the name correctly, and then try again"

I think you meant cmd, when I use cmd and the Windows box pops up, it is already navigated to C:\Windows\system32>

Then I enter
MbrFix.exe /drive 0 savembr beccambr with the spaces and everything, and I still get the same error message.

I'm sure that I'm doing everything exactly as you say! Thanks :)
Rebecca

#13 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:07:05 PM

Posted 17 October 2011 - 10:10 AM

Hi Rebecca,


Let's make it easier for you.

  • Please download OTL from the link below:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • OTL should now start. Change the following settings:
    - Click on Scan All Users checkbox given at the top.Posted Image
    - Under File Scans, change File age to 90
    - Check the boxes beside LOP Check and Purity Check
  • Copy and Paste the following code into the Posted Image textbox.
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    %SYSTEMDRIVE%\*.*
    %USERPROFILE%\*.*
    %USERPROFILE%\AppData\Local\*.*
    %USERPROFILE%\AppData\Roaming\*.*
    %ProgramData%\*.*
    %CommonProgramFiles%\*.*
    %PROGRAMFILES%\*.*
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /90
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\*. /mp /s
    SAVEMBR:0
    /md5start
    explorer.exe
    lsass.exe
    svchost.exe
    wininit.exe
    winlogon.exe
    userinit.exe
    atapi.sys
    iaStor.sys
    volsnap.sys
    disk.sys
    afd.sys
    redbook.sys
    i8042prt.sys
    serial.sys
    ndis.sys
    mup.sys
    beep.sys
    acpi.sys
    /md5stop
    
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized


Also please zip and attach - C:\PhysicalMBR.bin in your next reply.


Regards,
Georgi

cXfZ4wS.png


#14 becca_lynn

becca_lynn
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:11:05 AM

Posted 17 October 2011 - 11:29 AM

Hi Georgi :)

I tried several times to download to desktop but each time my IE browser was closed, the download box was closed, I got the "IE has stopped working" error and the other error message. So I downloaded on another computer to USB and then ran OTL scan from there.

OTL logfile created on: 17/10/2011 11:29:19 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = E:\
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.93 Gb Total Physical Memory | 1.78 Gb Available Physical Memory | 60.66% Memory free
6.06 Gb Paging File | 4.81 Gb Available in Paging File | 79.43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220.88 Gb Total Space | 50.04 Gb Free Space | 22.65% Space Free | Partition Type: NTFS
Drive E: | 7.50 Gb Total Space | 2.57 Gb Free Space | 34.21% Space Free | Partition Type: FAT32

Computer Name: WALDO | User Name: Becca | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 90 Days

========== Processes (SafeList) ==========

PRC - [2011/10/17 11:27:16 | 000,584,192 | ---- | M] (OldTimer Tools) -- E:\OTL.exe
PRC - [2011/10/12 12:18:01 | 004,615,552 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2011/09/03 16:52:19 | 000,307,376 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/07/29 05:30:30 | 000,994,360 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psia.exe
PRC - [2011/07/29 05:30:28 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe
PRC - [2011/07/29 05:30:28 | 000,291,896 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi_tray.exe
PRC - [2011/07/04 09:31:14 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/06/16 18:45:37 | 000,218,624 | ---- | M] () -- C:\ProgramData\2degrees Mobile Broadband\OnlineUpdate\ouc.exe
PRC - [2011/04/27 16:00:30 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/01/10 02:23:29 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/11/16 09:37:38 | 000,264,704 | ---- | M] () -- C:\ProgramData\DatacardService\HWDeviceService.exe
PRC - [2010/01/14 09:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/11/02 17:55:08 | 000,160,592 | ---- | M] (Siber Systems) -- C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2009/09/25 13:59:10 | 000,058,648 | ---- | M] (Sierra Wireless Inc.) -- C:\Program Files\Sierra Wireless Inc\3G Watcher\WaHelper.exe
PRC - [2009/09/21 18:49:04 | 000,562,456 | ---- | M] (Sierra Wireless, Inc.) -- C:\Program Files\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe
PRC - [2009/06/18 18:00:24 | 000,723,488 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
PRC - [2009/06/18 18:00:24 | 000,703,008 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
PRC - [2009/06/18 18:00:22 | 000,453,152 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
PRC - [2009/05/14 01:33:44 | 000,805,384 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
PRC - [2009/04/29 15:09:14 | 000,237,568 | ---- | M] (AlcorMicro Co., Ltd.) -- C:\Program Files\Selective Suspend Driver\AmIcoSinglun.exe
PRC - [2009/02/11 17:38:40 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/02/11 17:38:38 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/02/05 08:14:56 | 000,237,568 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer VCM\RS_Service.exe
PRC - [2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/07/29 19:29:26 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/17 11:23:19 | 000,052,736 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2011/10/17 11:23:18 | 000,063,488 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2011/10/13 21:29:57 | 000,117,760 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2011/10/13 21:29:57 | 000,052,224 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/09/21 18:46:02 | 000,242,968 | ---- | M] () -- C:\Program Files\Sierra Wireless Inc\WebUpdater\WebUpdtAPI.dll
MOD - [2008/07/29 19:29:26 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Running] -- -- (HWDeviceService.exe)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/07/29 05:30:30 | 000,994,360 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2011/07/29 05:30:28 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2011/07/04 09:31:14 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/06/16 18:45:37 | 000,218,624 | ---- | M] () [Auto | Stopped] -- C:\Program Files\2degrees Mobile Broadband\UpdateDog\ouc.exe -- (2degrees Mobile Broadband. RunOuc)
SRV - [2011/04/27 16:00:30 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/06/18 18:00:24 | 000,723,488 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2009/02/11 17:38:40 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2009/02/05 08:14:56 | 000,237,568 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/07/04 09:31:15 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/07/04 09:31:15 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/06/16 18:45:43 | 000,116,736 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2011/06/16 18:45:43 | 000,106,880 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2011/06/16 18:45:43 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2011/06/16 18:45:43 | 000,072,576 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2010/09/01 04:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI)
DRV - [2010/06/17 02:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/05/03 00:18:12 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2009/08/12 15:50:44 | 000,197,504 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swnc8ua3.sys -- (SWNC8UA3) Sierra Wireless MUX NDIS Driver (UMTSA3)
DRV - [2009/07/22 16:44:18 | 000,148,992 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swumxa3.sys -- (SWUMXA3) Sierra Wireless USB MUX Driver (UMTSA3)
DRV - [2009/06/09 05:29:22 | 001,177,600 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/04/27 04:16:04 | 000,050,176 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C60x86.sys -- (L1C)
DRV - [2009/04/07 20:14:40 | 000,014,848 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SSUSB.sys -- (SSUSB)
DRV - [2009/03/30 14:35:12 | 000,010,752 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SSDISK.sys -- (SSDISK)
DRV - [2009/03/03 22:49:22 | 004,232,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel®
DRV - [2009/01/14 17:20:01 | 000,028,288 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swmsflt.sys -- (swmsflt)
DRV - [2008/12/04 14:25:38 | 000,112,640 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV - [2008/09/30 23:50:50 | 000,010,504 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Program Files\GridVista\DPMemGridVista.sys -- (DPMemGridVista)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=1009&m=aspire_1410&r=2v3509093416l03g3zq85w4741r83r


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-21-1140253788-2411192593-1253430561-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKU\S-1-5-21-1140253788-2411192593-1253430561-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKU\S-1-5-21-1140253788-2411192593-1253430561-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1140253788-2411192593-1253430561-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1140253788-2411192593-1253430561-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.ca"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@photoproduct.rocketlife.com/RocketLife App Viewer v0.9;version=0.9: C:\ProgramData\Visan\Reseller2\npRLViewer.dll (RocketLife, LLP)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Becca\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Becca\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Becca\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Becca\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Becca\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/05 02:08:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/29 14:06:17 | 000,000,000 | ---D | M]

[2010/01/07 23:07:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Becca\AppData\Roaming\Mozilla\Extensions
[2011/05/08 20:57:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Becca\AppData\Roaming\Mozilla\Firefox\Profiles\phnxwque.default\extensions
[2010/06/29 00:07:06 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Becca\AppData\Roaming\Mozilla\Firefox\Profiles\phnxwque.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/08/24 13:59:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/10/10 18:47:52 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/03/23 01:12:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/07/27 14:45:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/10/05 02:08:45 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/05 02:08:42 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/10/16 11:49:13 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (E-Zsoft VideoDownloaderToolBar) - {4322A444-92F8-4C3E-BD4C-013BA51E2871} - C:\Program Files\VersalSoft\InternetDownload\VDTB.dll File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Reg Error: Value error.) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (E-Zsoft VideoDownloaderToolBar) - {4322A444-92F8-4C3E-BD4C-013BA51E2871} - C:\Program Files\VersalSoft\InternetDownload\VDTB.dll File not found
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKU\S-1-5-21-1140253788-2411192593-1253430561-1000\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4 - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4 - HKLM..\Run: [Acer Product Registration] C:\Program Files\Acer\Acer Registration\ACE1.exe (Leader Technologies)
O4 - HKLM..\Run: [AmIcoSinglun] C:\Program Files\Selective Suspend Driver\AmIcoSinglun.exe (AlcorMicro Co., Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [TRUUpdater] C:\Program Files\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe (Sierra Wireless, Inc.)
O4 - HKLM..\Run: [WatcherHelper] C:\Program Files\Sierra Wireless Inc\3G Watcher\WaHelper.exe (Sierra Wireless Inc.)
O4 - HKU\S-1-5-21-1140253788-2411192593-1253430561-1000..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKU\S-1-5-21-1140253788-2411192593-1253430561-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-1140253788-2411192593-1253430561-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1140253788-2411192593-1253430561-1000\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-1140253788-2411192593-1253430561-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Download by VersalSoft Internet Download - C:\Program Files\VersalSoft\InternetDownload\adddownload.htm File not found
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-1140253788-2411192593-1253430561-1000\..Trusted Domains: download.com ([]* in Trusted sites)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0F7BD4C2-109B-430F-AA02-D159723B369A}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{66C5D064-F01B-40F5-8995-79F50D396F5E}: DhcpNameServer = 118.148.1.10 118.148.1.20
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{74172B85-8BB9-492D-8B3F-3A45593ECDAB}: DhcpNameServer = 202.74.207.253 202.74.207.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A3276E19-F7FB-4AB3-89BC-5A54BE098F40}: DhcpNameServer = 118.148.1.10 118.148.1.20
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A69F5AB1-4B02-464C-AE81-A0FF8ED7F397}: DhcpNameServer = 118.148.1.10 118.148.1.20
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/10/01 18:21:24 | 000,000,000 | RHSD | M] - E:\AutoRun -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - State: "startup" - 2

SafeBootMin: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SafeBootMin: AppMgmt - File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SafeBootNet: AppMgmt - File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 90 Days ==========

[2011/10/17 11:21:44 | 000,000,000 | ---D | C] -- C:\Users\Becca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD
[2011/10/17 10:17:19 | 000,000,000 | ---D | C] -- C:\Users\Becca\mbrfix
[2011/10/16 20:54:43 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Becca\Desktop\iexplore.exe
[2011/10/16 12:08:24 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/10/16 12:08:07 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/10/16 12:08:06 | 000,000,000 | ---D | C] -- C:\Users\Becca\AppData\Local\temp
[2011/10/16 11:03:37 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/10/16 11:03:37 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/10/16 11:03:37 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/10/16 11:02:30 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/10/16 11:02:24 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/10/16 11:01:22 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/16 10:50:19 | 004,261,887 | R--- | C] (Swearware) -- C:\Users\Becca\Desktop\ComboFix.exe
[2011/10/15 23:47:23 | 000,000,000 | ---D | C] -- C:\Users\Becca\Desktop\gmer
[2011/10/15 23:20:37 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Becca\Desktop\dds.scr
[2011/10/14 13:00:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft
[2011/10/14 13:00:05 | 000,000,000 | ---D | C] -- C:\Program Files\GridinSoft Trojan Killer
[2011/10/14 12:58:23 | 026,937,888 | ---- | C] (GridinSoft, Inc. ) -- C:\Users\Becca\Desktop\trojankiller2109-setup2.exe
[2011/10/13 21:29:49 | 000,000,000 | ---D | C] -- C:\Users\Becca\AppData\Roaming\SUPERAntiSpyware.com
[2011/10/13 21:28:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/10/13 21:28:04 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/10/13 21:28:04 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/10/13 21:17:28 | 001,559,856 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Becca\Desktop\tdsskiller.exe
[2011/10/13 21:17:28 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Becca\Desktop\TFC.exe
[2011/10/13 21:17:27 | 012,827,280 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\Becca\Desktop\SUPERAntiSpyware.exe
[2011/10/13 21:17:25 | 001,559,856 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Becca\Desktop\killittdss.com
[2011/10/13 19:17:29 | 000,000,000 | ---D | C] -- C:\Users\Becca\AppData\Local\Secunia PSI
[2011/10/13 19:17:24 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia
[2011/10/13 19:09:31 | 000,000,000 | ---D | C] -- C:\Users\Becca\Documents\tdsskiller[1]
[2011/10/13 18:05:25 | 001,559,856 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Becca\Desktop\getawaasd.com
[2011/10/13 17:09:37 | 001,739,728 | ---- | C] (Secunia) -- C:\Users\Becca\Desktop\PSISetup.exe
[2011/10/13 15:05:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise PC Doctor
[2011/10/13 15:05:01 | 000,000,000 | ---D | C] -- C:\Program Files\Wise PC Doctor
[2011/10/13 14:59:44 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011/10/13 14:59:44 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/10/13 14:19:50 | 000,000,000 | ---D | C] -- C:\Users\Becca\AppData\Roaming\Malwarebytes
[2011/10/13 14:19:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/10/13 14:19:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/10/13 14:19:34 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/10/13 14:18:44 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Becca\Desktop\mbam-setup-1.51.2.1300.exe
[2011/10/12 00:34:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/10/12 00:32:59 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/10/12 00:26:31 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/10/10 20:40:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011/09/29 13:52:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/09/27 13:07:10 | 000,000,000 | ---D | C] -- C:\Users\Becca\Desktop\VISA bills
[2011/09/15 17:21:11 | 000,000,000 | ---D | C] -- C:\Users\Becca\Desktop\Telus Bills
[2011/09/11 17:57:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2011/09/04 19:25:16 | 000,000,000 | ---D | C] -- C:\Users\Becca\AppData\Local\etax2011
[2011/09/04 19:22:04 | 000,000,000 | ---D | C] -- C:\Users\Becca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\e-tax 2011
[2011/09/04 19:21:46 | 000,000,000 | ---D | C] -- C:\Program Files\etax2011
[2011/09/02 15:07:17 | 000,000,000 | ---D | C] -- C:\Users\Becca\Desktop\TABLEMANSION
[2011/08/30 23:05:04 | 000,083,816 | ---- | C] (Apple Inc.) -- C:\Windows\System32\dns-sd.exe
[2011/08/30 23:05:04 | 000,073,064 | ---- | C] (Apple Inc.) -- C:\Windows\System32\dnssd.dll
[2011/08/24 13:59:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011/08/17 09:37:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Sierra Wireless
[2011/08/12 15:25:53 | 002,042,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/08/12 15:25:51 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2011/08/12 15:25:51 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2011/08/08 15:29:40 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2011/08/02 17:44:18 | 000,000,000 | ---D | C] -- C:\Users\Becca\AppData\Local\CrashDumps
[2011/08/02 12:11:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sierra Wireless
[2011/07/28 10:51:59 | 000,000,000 | ---D | C] -- C:\Program Files\Sierra Wireless Inc
[2011/07/27 14:45:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/07/27 14:44:52 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/07/27 14:44:52 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/07/27 14:44:52 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/02/11 02:40:40 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2009/07/01 12:57:53 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll

========== Files - Modified Within 90 Days ==========

[2011/10/17 11:32:23 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2011/10/17 11:28:12 | 000,609,196 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/10/17 11:28:12 | 000,108,672 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/10/17 11:22:04 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1140253788-2411192593-1253430561-1000UA.job
[2011/10/17 11:21:27 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/17 11:21:27 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/17 11:21:20 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/17 11:20:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/17 11:20:40 | 3148,787,712 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/17 10:55:01 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/17 10:15:33 | 000,133,632 | ---- | M] (Systemintegrasjon AS) -- C:\MbrFix64.exe
[2011/10/17 10:15:33 | 000,011,638 | ---- | M] () -- C:\MbrFix.htm
[2011/10/17 10:15:32 | 000,123,904 | ---- | M] (Systemintegrasjon AS) -- C:\MbrFix.exe
[2011/10/17 10:15:02 | 000,138,820 | ---- | M] () -- C:\Users\Becca\mbrfix.zip
[2011/10/16 20:54:50 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Becca\Desktop\iexplore.exe
[2011/10/16 13:22:02 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1140253788-2411192593-1253430561-1000Core.job
[2011/10/16 11:49:13 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/10/16 10:50:38 | 004,261,887 | R--- | M] (Swearware) -- C:\Users\Becca\Desktop\ComboFix.exe
[2011/10/16 10:22:28 | 000,077,824 | ---- | M] () -- C:\Users\Becca\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/15 23:46:59 | 000,294,216 | ---- | M] () -- C:\Users\Becca\Desktop\gmer.zip
[2011/10/15 23:21:10 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Becca\Desktop\dds.scr
[2011/10/14 15:46:11 | 000,000,104 | ---- | M] () -- C:\Users\Becca\Desktop\Recycle Bin - Shortcut.lnk
[2011/10/14 13:00:12 | 000,000,900 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Killer.lnk
[2011/10/14 12:59:50 | 026,937,888 | ---- | M] (GridinSoft, Inc. ) -- C:\Users\Becca\Desktop\trojankiller2109-setup2.exe
[2011/10/13 21:28:13 | 000,001,764 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/10/13 21:12:56 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/10/13 20:54:47 | 000,001,356 | ---- | M] () -- C:\Users\Becca\AppData\Local\d3d9caps.dat
[2011/10/13 20:19:08 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Becca\Desktop\TFC.exe
[2011/10/13 20:17:50 | 017,351,064 | ---- | M] () -- C:\Users\Becca\Desktop\SAS_238054.COM
[2011/10/13 20:16:30 | 012,827,280 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Becca\Desktop\SUPERAntiSpyware.exe
[2011/10/13 20:15:32 | 001,008,092 | ---- | M] () -- C:\Users\Becca\Desktop\3rkill.exe
[2011/10/13 20:15:22 | 001,008,092 | ---- | M] () -- C:\Users\Becca\Desktop\2rkill.com
[2011/10/13 20:14:26 | 001,559,856 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Becca\Desktop\killittdss.com
[2011/10/13 20:13:58 | 001,559,856 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Becca\Desktop\tdsskiller.exe
[2011/10/13 19:17:26 | 000,000,863 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2011/10/13 18:05:27 | 001,559,856 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Becca\Desktop\getawaasd.com
[2011/10/13 17:10:05 | 001,739,728 | ---- | M] (Secunia) -- C:\Users\Becca\Desktop\PSISetup.exe
[2011/10/13 17:03:19 | 000,000,834 | ---- | M] () -- C:\Users\Becca\Application Data\Microsoft\Internet Explorer\Quick Launch\firefox - Shortcut.lnk
[2011/10/13 16:31:43 | 000,133,562 | ---- | M] () -- C:\Users\Becca\Desktop\warnonbadcertrec.reg
[2011/10/13 16:30:43 | 000,006,692 | ---- | M] () -- C:\Users\Becca\Desktop\useformssuggest = yes.reg
[2011/10/13 16:30:12 | 000,000,274 | ---- | M] () -- C:\Users\Becca\Desktop\Checkexesignatures = no.reg
[2011/10/13 16:27:57 | 000,000,330 | ---- | M] () -- C:\Users\Becca\Desktop\savezoneinformation = 1.reg
[2011/10/13 15:05:02 | 000,000,830 | ---- | M] () -- C:\Users\Public\Desktop\Wise PC Doctor.lnk
[2011/10/13 15:00:17 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/10/13 14:58:08 | 078,206,752 | ---- | M] () -- C:\Users\Becca\Desktop\setup_av_pro.exe
[2011/10/13 14:19:39 | 000,000,870 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/13 14:18:57 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Becca\Desktop\mbam-setup-1.51.2.1300.exe
[2011/10/13 14:12:24 | 001,008,092 | ---- | M] () -- C:\Users\Becca\Desktop\rkill.com
[2011/10/12 23:54:07 | 003,162,243 | ---- | M] () -- C:\Users\Becca\Desktop\Guide for Angel Investors.pdf
[2011/09/13 13:53:10 | 000,000,414 | ---- | M] () -- C:\Windows\MYOBP.INI
[2011/09/13 13:48:37 | 000,000,042 | ---- | M] () -- C:\Windows\MYOB.INI
[2011/09/04 19:28:02 | 000,001,756 | ---- | M] () -- C:\Users\Becca\Desktop\e-tax 2011.lnk
[2011/08/30 23:05:04 | 000,083,816 | ---- | M] (Apple Inc.) -- C:\Windows\System32\dns-sd.exe
[2011/08/30 23:05:04 | 000,073,064 | ---- | M] (Apple Inc.) -- C:\Windows\System32\dnssd.dll
[2011/08/13 00:21:13 | 000,295,896 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2011/10/17 11:32:23 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2011/10/17 10:15:00 | 000,138,820 | ---- | C] () -- C:\Users\Becca\mbrfix.zip
[2011/10/16 20:50:03 | 3148,787,712 | -HS- | C] () -- C:\hiberfil.sys
[2011/10/16 11:03:37 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/10/16 11:03:37 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/10/16 11:03:37 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/10/16 11:03:37 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/10/16 11:03:37 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/10/15 23:46:51 | 000,294,216 | ---- | C] () -- C:\Users\Becca\Desktop\gmer.zip
[2011/10/14 15:46:11 | 000,000,104 | ---- | C] () -- C:\Users\Becca\Desktop\Recycle Bin - Shortcut.lnk
[2011/10/14 13:00:12 | 000,000,900 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Killer.lnk
[2011/10/13 21:28:13 | 000,001,764 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/10/13 21:17:28 | 001,008,092 | ---- | C] () -- C:\Users\Becca\Desktop\3rkill.exe
[2011/10/13 21:17:28 | 001,008,092 | ---- | C] () -- C:\Users\Becca\Desktop\2rkill.com
[2011/10/13 21:17:25 | 017,351,064 | ---- | C] () -- C:\Users\Becca\Desktop\SAS_238054.COM
[2011/10/13 19:17:26 | 000,000,863 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2011/10/13 19:17:26 | 000,000,826 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
[2011/10/13 17:03:19 | 000,000,834 | ---- | C] () -- C:\Users\Becca\Application Data\Microsoft\Internet Explorer\Quick Launch\firefox - Shortcut.lnk
[2011/10/13 16:31:42 | 000,133,562 | ---- | C] () -- C:\Users\Becca\Desktop\warnonbadcertrec.reg
[2011/10/13 16:30:43 | 000,006,692 | ---- | C] () -- C:\Users\Becca\Desktop\useformssuggest = yes.reg
[2011/10/13 16:30:12 | 000,000,274 | ---- | C] () -- C:\Users\Becca\Desktop\Checkexesignatures = no.reg
[2011/10/13 16:27:57 | 000,000,330 | ---- | C] () -- C:\Users\Becca\Desktop\savezoneinformation = 1.reg
[2011/10/13 15:05:02 | 000,000,830 | ---- | C] () -- C:\Users\Public\Desktop\Wise PC Doctor.lnk
[2011/10/13 14:58:08 | 078,206,752 | ---- | C] () -- C:\Users\Becca\Desktop\setup_av_pro.exe
[2011/10/13 14:19:39 | 000,000,870 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/13 14:13:38 | 001,008,092 | ---- | C] () -- C:\Users\Becca\Desktop\rkill.com
[2011/10/12 23:54:07 | 003,162,243 | ---- | C] () -- C:\Users\Becca\Desktop\Guide for Angel Investors.pdf
[2011/09/04 19:22:04 | 000,001,756 | ---- | C] () -- C:\Users\Becca\Desktop\e-tax 2011.lnk
[2011/08/02 12:11:08 | 000,028,288 | ---- | C] () -- C:\Windows\System32\drivers\swmsflt.sys
[2011/04/25 20:09:11 | 000,000,414 | ---- | C] () -- C:\Windows\MYOBP.INI
[2011/04/25 20:09:11 | 000,000,042 | ---- | C] () -- C:\Windows\MYOB.INI
[2011/04/25 20:04:54 | 000,000,663 | ---- | C] () -- C:\Windows\openrda.ini
[2011/04/25 20:04:26 | 000,000,000 | ---- | C] () -- C:\Windows\drvxl32.INI
[2011/04/25 20:04:25 | 000,000,000 | ---- | C] () -- C:\Windows\drvwd32.INI
[2011/03/02 22:01:23 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010/08/25 07:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010/08/25 07:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010/08/25 07:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010/08/25 06:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010/02/10 20:05:52 | 000,001,356 | ---- | C] () -- C:\Users\Becca\AppData\Local\d3d9caps.dat
[2010/01/07 23:06:57 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/12/22 03:53:04 | 000,000,099 | ---- | C] () -- C:\Windows\WININIT.INI
[2009/11/02 22:53:09 | 000,000,256 | ---- | C] () -- C:\Windows\System32\pool.bin
[2009/10/11 09:49:30 | 000,124,488 | ---- | C] () -- C:\Windows\System32\mlfcache.dat
[2009/10/10 22:52:46 | 000,000,056 | ---- | C] () -- C:\Windows\System32\ezsidmv.dat
[2009/09/22 01:24:07 | 000,000,000 | ---- | C] () -- C:\Users\Becca\AppData\Roaming\wklnhst.dat
[2009/09/10 22:53:45 | 000,077,824 | ---- | C] () -- C:\Users\Becca\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/08 23:13:58 | 000,020,480 | ---- | C] () -- C:\Windows\USB_VIDEO_REG.exe
[2009/09/08 23:13:57 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2009/09/08 23:13:57 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2009/09/08 23:13:57 | 000,000,323 | ---- | C] () -- C:\Windows\PidList.ini
[2009/09/08 23:04:28 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2009/07/01 12:54:11 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2009/07/01 12:54:10 | 000,134,544 | ---- | C] () -- C:\Windows\System32\igfcg500.bin
[2009/07/01 11:50:30 | 000,123,780 | ---- | C] () -- C:\Windows\System32\drivers\RtConvEQ.DAT
[2009/07/01 11:50:30 | 000,000,728 | ---- | C] () -- C:\Windows\System32\drivers\RtHdatEx.dat
[2009/07/01 11:50:30 | 000,000,712 | ---- | C] () -- C:\Windows\System32\drivers\SamSfPa.dat
[2009/07/01 11:50:30 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX2.dat
[2009/07/01 11:50:30 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2009/07/01 11:50:30 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2009/07/01 11:50:30 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2009/07/01 09:58:22 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/07/01 09:58:22 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/12/29 18:44:46 | 000,000,061 | ---- | C] () -- C:\Windows\ssdisk.ini
[2008/12/05 15:27:10 | 000,098,304 | ---- | C] () -- C:\Windows\ssusb.exe
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,295,896 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,609,196 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,108,672 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/05/05 02:26:00 | 000,335,872 | ---- | C] () -- C:\Windows\System32\ctreestd.dll

========== LOP Check ==========

[2009/09/21 11:12:41 | 000,000,000 | -HSD | M] -- C:\Users\Becca\AppData\Roaming\.#
[2009/09/13 17:04:41 | 000,000,000 | ---D | M] -- C:\Users\Becca\AppData\Roaming\Acer
[2009/07/01 12:23:09 | 000,000,000 | ---D | M] -- C:\Users\Becca\AppData\Roaming\Acer GameZone Console
[2009/09/16 18:39:57 | 000,000,000 | ---D | M] -- C:\Users\Becca\AppData\Roaming\Bell
[2011/04/27 21:07:59 | 000,000,000 | ---D | M] -- C:\Users\Becca\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/09/16 19:32:43 | 000,000,000 | ---D | M] -- C:\Users\Becca\AppData\Roaming\eSobi
[2011/02/08 23:21:26 | 000,000,000 | ---D | M] -- C:\Users\Becca\AppData\Roaming\QuickScan
[2011/07/28 10:56:49 | 000,000,000 | ---D | M] -- C:\Users\Becca\AppData\Roaming\Sierra Wireless
[2009/09/22 01:24:56 | 000,000,000 | ---D | M] -- C:\Users\Becca\AppData\Roaming\Template
[2011/10/05 03:04:29 | 000,000,000 | ---D | M] -- C:\Users\Becca\AppData\Roaming\uTorrent
[2011/06/21 22:15:06 | 000,000,000 | ---D | M] -- C:\Users\Becca\AppData\Roaming\Visan
[2009/12/31 02:17:08 | 000,000,000 | ---D | M] -- C:\Users\Becca\AppData\Roaming\Vodafone
[2011/03/10 05:03:16 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Acer
[2011/08/23 19:22:20 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Sierra Wireless
[2011/03/10 05:03:44 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Vodafone
[2011/03/14 10:25:44 | 000,000,000 | ---D | M] -- C:\Users\Testing\AppData\Roaming\Acer
[2011/03/02 22:01:52 | 000,000,000 | ---D | M] -- C:\Users\Testing\AppData\Roaming\iPhone Tool Kits
[2011/10/12 00:12:21 | 000,000,000 | ---D | M] -- C:\Users\Testing\AppData\Roaming\Sierra Wireless
[2011/06/21 22:10:14 | 000,000,000 | ---D | M] -- C:\Users\Testing\AppData\Roaming\Visan
[2011/02/10 09:45:09 | 000,000,000 | ---D | M] -- C:\Users\Testing\AppData\Roaming\Vodafone
[2011/10/17 11:19:53 | 000,032,564 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2006/09/18 17:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2008/01/20 22:24:42 | 000,333,203 | RHS- | M] () -- C:\bootmgr
[2009/07/01 12:58:42 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2011/10/16 12:07:48 | 000,016,586 | ---- | M] () -- C:\ComboFix.txt
[2006/09/18 17:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2011/10/17 11:20:40 | 3148,787,712 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/17 10:15:32 | 000,123,904 | ---- | M] (Systemintegrasjon AS) -- C:\MbrFix.exe
[2011/10/17 10:15:33 | 000,011,638 | ---- | M] () -- C:\MbrFix.htm
[2011/10/17 10:15:33 | 000,133,632 | ---- | M] (Systemintegrasjon AS) -- C:\MbrFix64.exe
[2011/10/17 11:20:39 | 3462,586,368 | -HS- | M] () -- C:\pagefile.sys
[2011/10/17 11:32:23 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2009/07/01 11:51:27 | 000,001,925 | ---- | M] () -- C:\RHDSetup.log
[2011/10/14 17:04:23 | 000,000,531 | ---- | M] () -- C:\rkill.log
[2009/09/08 23:13:58 | 000,000,189 | ---- | M] () -- C:\Webcam.log

< %USERPROFILE%\*.* >
[2011/10/17 10:15:02 | 000,138,820 | ---- | M] () -- C:\Users\Becca\mbrfix.zip
[2011/10/17 11:33:50 | 003,145,728 | -HS- | M] () -- C:\Users\Becca\ntuser.dat
[2011/10/17 11:33:50 | 000,262,144 | ---- | M] () -- C:\Users\Becca\ntuser.dat.LOG1
[2009/09/08 23:04:22 | 000,000,000 | ---- | M] () -- C:\Users\Becca\ntuser.dat.LOG2
[2011/10/17 11:19:46 | 000,065,536 | -HS- | M] () -- C:\Users\Becca\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2011/05/13 10:28:13 | 000,524,288 | -HS- | M] () -- C:\Users\Becca\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2011/10/17 11:19:46 | 000,524,288 | -HS- | M] () -- C:\Users\Becca\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2009/09/08 23:04:22 | 000,000,020 | -HS- | M] () -- C:\Users\Becca\ntuser.ini

< %USERPROFILE%\AppData\Local\*.* >
[2011/10/13 20:54:47 | 000,001,356 | ---- | M] () -- C:\Users\Becca\AppData\Local\d3d9caps.dat
[2011/10/16 10:22:28 | 000,077,824 | ---- | M] () -- C:\Users\Becca\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/09 04:17:37 | 000,070,744 | ---- | M] () -- C:\Users\Becca\AppData\Local\GDIPFONTCACHEV1.DAT
[2011/10/17 11:19:03 | 001,097,756 | -H-- | M] () -- C:\Users\Becca\AppData\Local\IconCache.db
[2011/03/23 01:51:50 | 000,006,279 | ---- | M] () -- C:\Users\Becca\AppData\Local\MyWinLockerInstaller.txt-20110323.log

< %USERPROFILE%\AppData\Roaming\*.* >
[2009/09/22 01:24:07 | 000,000,000 | ---- | M] () -- C:\Users\Becca\AppData\Roaming\wklnhst.dat

< %ProgramData%\*.* >

< %CommonProgramFiles%\*.* >

< %PROGRAMFILES%\*.* >
[2008/01/20 22:43:21 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /90 >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Spool\prtprocs\w32x86\msonpppr.dll

< %systemroot%\*. /mp /s >


< MD5 for: ACPI.SYS >
[2006/11/02 05:51:30 | 000,255,592 | ---- | M] (Microsoft Corporation) MD5=192BDBD1540645C4A2AA69F24CCE197F -- C:\Windows\System32\DriverStore\FileRepository\acpi.inf_97916753\acpi.sys
[2009/04/11 02:32:46 | 000,265,688 | ---- | M] (Microsoft Corporation) MD5=82B296AE1892FE3DBEE00C9CF92F8AC7 -- C:\Windows\SoftwareDistribution\Download\2e5f114e20ecbd999499689940a1c721\x86_acpi.inf_31bf3856ad364e35_6.0.6002.18005_none_24743d0fcb299a94\acpi.sys
[2009/04/11 02:32:46 | 000,265,688 | ---- | M] (Microsoft Corporation) MD5=82B296AE1892FE3DBEE00C9CF92F8AC7 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_acpi.inf_31bf3856ad364e35_6.0.6002.18005_none_24743d0fcb299a94\acpi.sys
[2008/01/20 22:23:00 | 000,266,808 | ---- | M] (Microsoft Corporation) MD5=FCB8C7210F0135E24C6580F7F649C73C -- C:\Windows\System32\drivers\acpi.sys
[2008/01/20 22:23:00 | 000,266,808 | ---- | M] (Microsoft Corporation) MD5=FCB8C7210F0135E24C6580F7F649C73C -- C:\Windows\System32\DriverStore\FileRepository\acpi.inf_cae6072a\acpi.sys
[2008/01/20 22:23:00 | 000,266,808 | ---- | M] (Microsoft Corporation) MD5=FCB8C7210F0135E24C6580F7F649C73C -- C:\Windows\winsxs\x86_acpi.inf_31bf3856ad364e35_6.0.6001.18000_none_2288c403ce07cf48\acpi.sys

< MD5 for: AFD.SYS >
[2011/04/21 09:58:27 | 000,273,408 | ---- | M] (Microsoft Corporation) MD5=3911B972B55FEA0478476B2E777B29FA -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.18457_none_d99fb42e5bb59d9b\afd.sys
[2011/04/21 09:16:42 | 000,273,408 | ---- | M] (Microsoft Corporation) MD5=48EB99503533C27AC6135648E5474457 -- C:\Windows\System32\drivers\afd.sys
[2011/04/21 09:16:42 | 000,273,408 | ---- | M] (Microsoft Corporation) MD5=48EB99503533C27AC6135648E5474457 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.18639_none_d7d0e0cc5e7d461c\afd.sys
[2011/04/21 09:28:53 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=70EE0FC7A0F384DBD929A01384AEEB4B -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.22629_none_da4bc33774b91967\afd.sys
[2008/01/20 22:24:17 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=763E172A55177E478CB419F88FD0BA03 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.18000_none_d7e842925e6d1f50\afd.sys
[2009/04/11 00:47:03 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=A201207363AA900ABF1A388468688570 -- C:\Windows\SoftwareDistribution\Download\2e5f114e20ecbd999499689940a1c721\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.18005_none_d9d3bb9e5b8eea9c\afd.sys
[2009/04/11 00:47:03 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=A201207363AA900ABF1A388468688570 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.18005_none_d9d3bb9e5b8eea9c\afd.sys
[2011/04/21 09:12:21 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=C8AF25017CECB75906A571AC70D2D306 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.22905_none_d876efff77862705\afd.sys

< MD5 for: ATAPI.SYS >
[2009/04/11 02:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\2e5f114e20ecbd999499689940a1c721\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2009/04/11 02:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/20 22:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\ERDNT\cache\atapi.sys
[2008/01/20 22:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys
[2008/01/20 22:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/20 22:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 05:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

< MD5 for: BEEP.SYS >
[2008/01/20 22:23:44 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=67E506B75BD5326A3EC7B70BD014DFB6 -- C:\Windows\ERDNT\cache\beep.sys
[2008/01/20 22:23:44 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=67E506B75BD5326A3EC7B70BD014DFB6 -- C:\Windows\System32\drivers\beep.sys
[2008/01/20 22:23:44 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=67E506B75BD5326A3EC7B70BD014DFB6 -- C:\Windows\winsxs\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.0.6001.18000_none_c420a153079d485b\beep.sys

< MD5 for: DISK.SYS >
[2009/04/11 02:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\SoftwareDistribution\Download\2e5f114e20ecbd999499689940a1c721\x86_disk.inf_31bf3856ad364e35_6.0.6002.18005_none_fbb1faf0714e4ea6\disk.sys
[2009/04/11 02:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_disk.inf_31bf3856ad364e35_6.0.6002.18005_none_fbb1faf0714e4ea6\disk.sys
[2008/01/20 22:23:20 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\System32\drivers\disk.sys
[2008/01/20 22:23:20 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_90722180\disk.sys
[2008/01/20 22:23:20 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.0.6001.18000_none_f9c681e4742c835a\disk.sys
[2006/11/02 05:49:51 | 000,052,840 | ---- | M] (Microsoft Corporation) MD5=841AF4C4D41D3E3B2F244E976B0F7963 -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_e0b0b355\disk.sys

< MD5 for: EXPLORER.EXE >
[2008/10/29 02:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\ERDNT\cache\explorer.exe
[2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\explorer.exe
[2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 23:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SoftwareDistribution\Download\2e5f114e20ecbd999499689940a1c721\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/27 22:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/20 22:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: I8042PRT.SYS >
[2006/11/02 04:51:13 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=1060F1377F395A242E27719440ECE602 -- C:\Windows\System32\DriverStore\FileRepository\keyboard.inf_93b1c41f\i8042prt.sys
[2006/11/02 04:51:13 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=1060F1377F395A242E27719440ECE602 -- C:\Windows\System32\DriverStore\FileRepository\msmouse.inf_3dfa3917\i8042prt.sys
[2008/01/20 22:09:47 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=1C9EE072BAA3ABB460B91D7EE9152660 -- C:\Windows\System32\DriverStore\FileRepository\keyboard.inf_a81145df\i8042prt.sys
[2008/01/20 22:09:47 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=1C9EE072BAA3ABB460B91D7EE9152660 -- C:\Windows\System32\DriverStore\FileRepository\msmouse.inf_f4514c17\i8042prt.sys
[2008/01/20 22:09:47 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=1C9EE072BAA3ABB460B91D7EE9152660 -- C:\Windows\winsxs\x86_keyboard.inf_31bf3856ad364e35_6.0.6000.16609_none_957131ccdbca3f9c\i8042prt.sys
[2008/01/20 22:09:47 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=1C9EE072BAA3ABB460B91D7EE9152660 -- C:\Windows\winsxs\x86_msmouse.inf_31bf3856ad364e35_6.0.6000.16609_none_4c56cf70d52c8670\i8042prt.sys
[2008/01/20 22:23:20 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=22D56C8184586B7A1F6FA60BE5F5A2BD -- C:\Windows\System32\drivers\i8042prt.sys
[2008/01/20 22:23:23 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=22D56C8184586B7A1F6FA60BE5F5A2BD -- C:\Windows\System32\DriverStore\FileRepository\keyboard.inf_da7e599e\i8042prt.sys
[2008/01/20 22:23:20 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=22D56C8184586B7A1F6FA60BE5F5A2BD -- C:\Windows\System32\DriverStore\FileRepository\msmouse.inf_8b7c4328\i8042prt.sys
[2008/01/20 22:23:23 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=22D56C8184586B7A1F6FA60BE5F5A2BD -- C:\Windows\winsxs\x86_keyboard.inf_31bf3856ad364e35_6.0.6001.18000_none_974e6dd8d8f8ec7e\i8042prt.sys
[2008/01/20 22:23:23 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=22D56C8184586B7A1F6FA60BE5F5A2BD -- C:\Windows\winsxs\x86_keyboard.inf_31bf3856ad364e35_6.0.6002.18005_none_9939e6e4d61ab7ca\i8042prt.sys
[2008/01/20 22:23:20 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=22D56C8184586B7A1F6FA60BE5F5A2BD -- C:\Windows\winsxs\x86_msmouse.inf_31bf3856ad364e35_6.0.6001.18000_none_4e340b7cd25b3352\i8042prt.sys
[2008/01/20 22:09:47 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=BEA9838CD25D36BEBA3F94386A761D60 -- C:\Windows\winsxs\x86_keyboard.inf_31bf3856ad364e35_6.0.6000.20734_none_95d55d61f504b486\i8042prt.sys
[2008/01/20 22:09:47 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=BEA9838CD25D36BEBA3F94386A761D60 -- C:\Windows\winsxs\x86_msmouse.inf_31bf3856ad364e35_6.0.6000.20734_none_4cbafb05ee66fb5a\i8042prt.sys

< MD5 for: IASTOR.SYS >
[2009/02/11 17:26:18 | 000,407,576 | ---- | M] (Intel Corporation) MD5=1ADAA4F16073FD0C7270F451FD024E97 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2009/02/11 17:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2009/02/11 17:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Windows\System32\drivers\iaStor.sys
[2009/02/11 17:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_ea118ff5\iaStor.sys

< MD5 for: LSASS.EXE >
[2009/06/15 08:51:56 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=203D86EBD6D8E4C8501B222421E81506 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.22152_none_a886901f7335e2fc\lsass.exe
[2009/09/10 10:44:14 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=2D3AC5E7AC01E905F3ABD2D745FE3A9B -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.22223_none_a8a80213731ca5a7\lsass.exe
[2009/06/15 08:48:49 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=3978F3540329E16C0AC3BCF677E5669F -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.18051_none_a7fbf30a5a1929db\lsass.exe
[2009/02/13 03:26:04 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=59DE082968FDD257FFF0D209B9A5B460 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16820_none_a44eb0105fb4d975\lsass.exe
[2009/06/15 09:03:38 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=6F1F23D3599EAE17734451936B7F17C6 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22450_none_a69e1da376115b2a\lsass.exe
[2009/06/15 08:57:59 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=A911ECAC81F94ADEAFBE8E3F7873EDB0 -- C:\Windows\ERDNT\cache\lsass.exe
[2009/06/15 08:57:59 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=A911ECAC81F94ADEAFBE8E3F7873EDB0 -- C:\Windows\System32\lsass.exe
[2009/06/15 08:57:59 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=A911ECAC81F94ADEAFBE8E3F7873EDB0 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18272_none_a600dfae5d0228c9\lsass.exe
[2009/02/13 00:58:37 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=AFF8A58280863629CA4FFA9E0B259F1E -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21010_none_a4e2f4e978ca9090\lsass.exe
[2009/06/15 08:59:08 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=BA9A67672E025078C77967731BCFC560 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21067_none_a4b3e75378eccda6\lsass.exe
[2009/06/15 09:10:12 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=C731B1FE449D4E9CEA358C9D55B69BE9 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16870_none_a418a0745fdd652a\lsass.exe
[2009/09/09 07:09:38 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=CB7E838C140B4087B2DA323F2D4523C5 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22518_none_a6d1618975e9b345\lsass.exe
[2009/09/10 10:47:51 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=D09A5DA84B7C9CA9B02EBCD7FAE41C8D -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21125_none_a4dd285578ce285b\lsass.exe
[2008/01/20 22:24:15 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=DCF733788C7D088D814E5F80EB4B3E0F -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18000_none_a64a8ac25ccb3836\lsass.exe
[2008/01/20 22:24:15 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=DCF733788C7D088D814E5F80EB4B3E0F -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18215_none_a644c0145ccecd28\lsass.exe
[2008/01/20 22:24:15 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=DCF733788C7D088D814E5F80EB4B3E0F -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.18005_none_a83603ce59ed0382\lsass.exe
[2009/02/13 04:20:29 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=F4C62B07E5BF96F1FDCA9DB393ECED22 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22376_none_a68e7da1761c2def\lsass.exe

< MD5 for: MUP.SYS >
[2009/04/11 02:32:31 | 000,048,104 | ---- | M] (Microsoft Corporation) MD5=6A57B5733D4CB702C8EA4542E836B96C -- C:\Windows\SoftwareDistribution\Download\2e5f114e20ecbd999499689940a1c721\x86_microsoft-windows-mup_31bf3856ad364e35_6.0.6002.18005_none_aeddc23a55a59404\mup.sys
[2009/04/11 02:32:31 | 000,048,104 | ---- | M] (Microsoft Corporation) MD5=6A57B5733D4CB702C8EA4542E836B96C -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-mup_31bf3856ad364e35_6.0.6002.18005_none_aeddc23a55a59404\mup.sys
[2008/01/20 22:24:14 | 000,049,720 | ---- | M] (Microsoft Corporation) MD5=6DFD1D322DE55B0B7DB7D21B90BEC49C -- C:\Windows\System32\drivers\mup.sys
[2008/01/20 22:24:14 | 000,049,720 | ---- | M] (Microsoft Corporation) MD5=6DFD1D322DE55B0B7DB7D21B90BEC49C -- C:\Windows\winsxs\x86_microsoft-windows-mup_31bf3856ad364e35_6.0.6001.18000_none_acf2492e5883c8b8\mup.sys

< MD5 for: NDIS.SYS >
[2009/04/11 02:32:49 | 000,527,848 | ---- | M] (Microsoft Corporation) MD5=1357274D1883F68300AEADD15D7BBB42 -- C:\Windows\SoftwareDistribution\Download\2e5f114e20ecbd999499689940a1c721\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6002.18005_none_a9b2a4d31930d864\ndis.sys
[2009/04/11 02:32:49 | 000,527,848 | ---- | M] (Microsoft Corporation) MD5=1357274D1883F68300AEADD15D7BBB42 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6002.18005_none_a9b2a4d31930d864\ndis.sys
[2008/01/20 22:23:50 | 000,529,464 | ---- | M] (Microsoft Corporation) MD5=9BDC71790FA08F0A0B5F10462B1BD0B1 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6001.18000_none_a7c72bc71c0f0d18\ndis.sys
[2008/02/08 00:25:28 | 000,529,464 | ---- | M] (Microsoft Corporation) MD5=C8560010A542B5DCA94C62468DC20784 -- C:\Windows\ERDNT\cache\ndis.sys
[2008/02/08 00:25:28 | 000,529,464 | ---- | M] (Microsoft Corporation) MD5=C8560010A542B5DCA94C62468DC20784 -- C:\Windows\System32\drivers\ndis.sys
[2008/02/08 00:25:28 | 000,529,464 | ---- | M] (Microsoft Corporation) MD5=C8560010A542B5DCA94C62468DC20784 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6001.22110_none_a845f8a63534c8d3\ndis.sys
[2008/02/08 00:22:00 | 000,503,352 | ---- | M] (Microsoft Corporation) MD5=E50187F20ED749F57C97836FEDE14BD6 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6000.20768_none_a631acb4382f8e4f\ndis.sys

< MD5 for: SERIAL.SYS >
[2008/01/20 22:23:26 | 000,083,456 | ---- | M] (Microsoft Corporation) MD5=6D663022DB3E7058907784AE14B69898 -- C:\Windows\System32\DriverStore\FileRepository\hiddigi.inf_33048ac2\serial.sys
[2008/01/20 22:23:01 | 000,083,456 | ---- | M] (Microsoft Corporation) MD5=6D663022DB3E7058907784AE14B69898 -- C:\Windows\System32\DriverStore\FileRepository\msports.inf_44880ea7\serial.sys
[2008/01/20 22:23:26 | 000,083,456 | ---- | M] (Microsoft Corporation) MD5=6D663022DB3E7058907784AE14B69898 -- C:\Windows\winsxs\x86_hiddigi.inf_31bf3856ad364e35_6.0.6001.18000_none_955c449145dbf667\serial.sys
[2008/01/20 22:23:01 | 000,083,456 | ---- | M] (Microsoft Corporation) MD5=6D663022DB3E7058907784AE14B69898 -- C:\Windows\winsxs\x86_msports.inf_31bf3856ad364e35_6.0.6001.18000_none_f897b0b1b85e4433\serial.sys
[2006/11/02 04:51:30 | 000,083,456 | ---- | M] (Microsoft Corporation) MD5=C70D69A918B178D3C3B06339B40C2E1B -- C:\Windows\System32\drivers\serial.sys
[2006/11/02 04:51:30 | 000,083,456 | ---- | M] (Microsoft Corporation) MD5=C70D69A918B178D3C3B06339B40C2E1B -- C:\Windows\System32\DriverStore\FileRepository\hiddigi.inf_9d4661e2\serial.sys
[2006/11/02 04:51:30 | 000,083,456 | ---- | M] (Microsoft Corporation) MD5=C70D69A918B178D3C3B06339B40C2E1B -- C:\Windows\System32\DriverStore\FileRepository\msports.inf_ac874de4\serial.sys

< MD5 for: SVCHOST.EXE >
[2008/01/20 22:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\ERDNT\cache\svchost.exe
[2008/01/20 22:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/20 22:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/20 22:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache\userinit.exe
[2008/01/20 22:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/20 22:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

< MD5 for: VOLSNAP.SYS >
[2006/11/02 05:51:18 | 000,208,488 | ---- | M] (Microsoft Corporation) MD5=11EF6C1CAEF76B685233450A126125D6 -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_9320b452\volsnap.sys
[2009/04/11 02:32:55 | 000,226,280 | ---- | M] (Microsoft Corporation) MD5=147281C01FCB1DF9252DE2A10D5E7093 -- C:\Windows\SoftwareDistribution\Download\2e5f114e20ecbd999499689940a1c721\x86_volume.inf_31bf3856ad364e35_6.0.6002.18005_none_17a2308cf936c619\volsnap.sys
[2009/04/11 02:32:55 | 000,226,280 | ---- | M] (Microsoft Corporation) MD5=147281C01FCB1DF9252DE2A10D5E7093 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_volume.inf_31bf3856ad364e35_6.0.6002.18005_none_17a2308cf936c619\volsnap.sys
[2008/01/20 22:23:21 | 000,227,896 | ---- | M] (Microsoft Corporation) MD5=D8B4A53DD2769F226B3EB374374987C9 -- C:\Windows\System32\drivers\volsnap.sys
[2008/01/20 22:23:21 | 000,227,896 | ---- | M] (Microsoft Corporation) MD5=D8B4A53DD2769F226B3EB374374987C9 -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_f53a1785\volsnap.sys
[2008/01/20 22:23:21 | 000,227,896 | ---- | M] (Microsoft Corporation) MD5=D8B4A53DD2769F226B3EB374374987C9 -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6001.18000_none_15b6b780fc14facd\volsnap.sys

< MD5 for: WININIT.EXE >
[2008/01/20 22:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\ERDNT\cache\wininit.exe
[2008/01/20 22:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008/01/20 22:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\2e5f114e20ecbd999499689940a1c721\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/20 22:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\ERDNT\cache\winlogon.exe
[2008/01/20 22:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe
[2008/01/20 22:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:4F636E25
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:814B9485

< End of report >

OTL Extras logfile created on: 17/10/2011 11:29:19 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = E:\
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.93 Gb Total Physical Memory | 1.78 Gb Available Physical Memory | 60.66% Memory free
6.06 Gb Paging File | 4.81 Gb Available in Paging File | 79.43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220.88 Gb Total Space | 50.04 Gb Free Space | 22.65% Space Free | Partition Type: NTFS
Drive E: | 7.50 Gb Total Space | 2.57 Gb Free Space | 34.21% Space Free | Partition Type: FAT32

Computer Name: WALDO | User Name: Becca | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 90 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1140253788-2411192593-1253430561-1000\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1140253788-2411192593-1253430561-1000]
"EnableNotifications" = 1
"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Sierra Wireless Inc\WebUpdater\SwiApiMux.exe" = C:\Program Files\Sierra Wireless Inc\WebUpdater\SwiApiMux.exe:*:Enabled:SwiApiMux -- (Sierra Wireless, Inc.)
"C:\Program Files\Telstra\Mobile Broadband Manager\SwiApiMux.exe" = C:\Program Files\Telstra\Mobile Broadband Manager\SwiApiMux.exe:*:Enabled:SwiApiMux
"C:\Program Files\Sierra Wireless Inc\3G Watcher\SwiApiMux.exe" = C:\Program Files\Sierra Wireless Inc\3G Watcher\SwiApiMux.exe:*:Enabled:SwiApiMux -- (Sierra Wireless, Inc.)
"C:\Program Files\Sierra Wireless Inc\3G Watcher\TRUUpdater.exe" = C:\Program Files\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe:*:Enabled:TRUUpdater -- (Sierra Wireless, Inc.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0645BD63-F3B5-4277-8960-71A44016C7E0}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F9740451-F7BB-4B43-A47E-7AE3D02A9D9C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09011E60-424F-4EF8-94BF-CD221D48AF8E}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{10C1FB7C-F01E-4ED3-AF9A-6CCE7DEF203F}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{12A333BF-04DD-4901-9370-F9AC7FDC1A25}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{1394A91B-E440-43D5-A71F-F21EDEAA1CEC}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{25DB3980-D46C-4139-A598-0C08066A936A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{32AE184E-BA82-4442-98D1-EC0FD2FF54FD}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{48BD70A9-4434-43B5-88A3-E9D378057345}" = protocol=17 | dir=in | app=c:\users\becca\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{509F07CE-B2FF-44E9-AB7D-6B0275CC4DC6}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5A0FF86B-F584-40AD-810E-00E9E53C28FC}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5A6A199E-2013-46CD-83B1-2619A287380C}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{63320883-5C22-4853-A0D4-42AEA30D3193}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6565A814-8784-49A8-BDA4-11F8699BC38B}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{7B46D1BF-2B49-4817-A4C3-489670600BC6}" = protocol=6 | dir=in | app=c:\users\becca\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{80FCFC68-5C2B-4F7F-8C93-681E93695206}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{81C21176-B8A2-43D0-80D9-70CAF9CED1B4}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{8AB0418B-0004-4F45-9862-6CF78017CC1B}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{8D293A9F-9681-485A-9009-C3A29B6FF81A}" = protocol=17 | dir=in | app=c:\users\becca\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{AD104604-9F87-441A-9C4C-BE4EC658933D}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{B591C1EB-6DB3-49E1-AC14-D86AA8CC3073}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{B7543C2A-19C8-4939-A088-10E52BD81FD8}" = protocol=6 | dir=in | app=c:\users\becca\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{C35A74F3-0B94-4F19-A09D-46CCA0E6A32F}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{CDF31E0B-CD35-4217-B97F-BB2F2A537D79}" = dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe |
"{D167FF57-7DAE-47F9-ACC1-A76BBD57E4EB}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{DAC730FD-85F1-4896-B109-00FA775B537D}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{E180BC00-E986-47B4-9FA5-52F5507C75D9}" = dir=in | app=c:\program files\acer\acer vcm\vc.exe |
"{F49CF546-66EB-45F9-8C4C-D5A3AB4B0E90}" = dir=in | app=c:\program files\acer\acer vcm\rs_service.exe |
"TCP Query User{00E9E9EF-5725-4088-8F73-9828B88F1192}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{B73D5058-8E88-4383-A8B3-6B793C544AE2}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{93710397-207C-4E1C-8887-BFF956B51C36}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{C7A38E9D-3B75-43A6-A18F-33534C3B9A9E}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21F0BBD5-7AFF-4219-99C3-CB8C8F140C61}" = Sierra Wireless 3G Watcher
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 26
"{29ED20C9-5E15-4969-9279-25BF3727A3DA}" = iTunes
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{41785C66-90F2-40CE-8CB5-1C94BFC97280}" = Microsoft Chart Controls for Microsoft .NET Framework 3.5
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{6471B123-F60F-4DC8-8FB4-DE0879A01BB3}" = Alcor Micro Card Rader Driver and Utility
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7760D94E-B1B5-40A0-9AA0-ABF942108755}" = Acer Crystal Eye Webcam
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{82705358-3BD6-3CD5-AA9A-B8F058BE3A29}" = Google Talk Plugin
"{8686D4FE-62EF-46FB-B9FD-00679EB381FF}_is1" = Trojan Killer 2.1
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98780400-EC17-11E0-96CF-B8AC6F97B88E}" = Google Earth Plug-in
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}" = Apple Mobile Device Support
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C078C299-C2C2-4110-A6EF-8D5E66C228DA}" = e-tax 2011
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials
"{DF817F49-F4DE-4564-9D0A-68F742A573F9}_is1" = Wise PC Doctor version 3.8.6
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EBD932C3-38FF-45A0-A88C-7973E161ED64}" = MYOB AccountRight Premier v19
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F73A5B18-EB75-4B2C-B32D-9457576E2417}" = Windows Live Photo Gallery
"{FA6EA8C2-2921-4ACC-9AA6-C1858D03F4CF}" = MYOB ODBC Direct v9 NZ
"{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
"2degrees Mobile Broadband" = 2degrees Mobile Broadband
"5E8F128761A9B07EC2DEC909F167D92DB8B3A348" = Windows Driver Package - Cmotech Modem (12/13/2006 2.0.3.5)
"6A032F4180B5A0E8F4BC27384D0A423B2595A785" = Windows Driver Package - Cmotech Ports (12/13/2006 2.0.3.5)
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AI RoboForm" = AI RoboForm (All Users)
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Carbonite Setup Lite" = Carbonite Online Backup Setup
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Cucusoft iPhone Tool Kits_is1" = iPhone Tool Kits 2.5.1
"E7E257830CD4614E7CF1B3792DF19B85FE5E7BE7" = Windows Driver Package - Cmotech (cmusbnet) Net (06/11/2007 2.0.0.9)
"ESET Online Scanner" = ESET Online Scanner v3
"GridVista" = GridVista
"HDMI" = Intel® Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{6471B123-F60F-4DC8-8FB4-DE0879A01BB3}" = Alcor Micro Card Rader Driver and Utility
"InstallShield_{EBD932C3-38FF-45A0-A88C-7973E161ED64}" = MYOB AccountRight Premier v19
"InstallShield_{FA6EA8C2-2921-4ACC-9AA6-C1858D03F4CF}" = MYOB ODBC Direct v9 NZ
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 7.0.1 (x86 en-US)" = Mozilla Firefox 7.0.1 (x86 en-US)
"RocketLife" = RocketLife
"Secunia PSI" = Secunia PSI (2.0.0.4002)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TVWiz" = Intel® TV Wizard
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.11
"WinLiveSuite_Wave3" = Windows Live Essentials
"YTdetect" = Yahoo! Detect

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1140253788-2411192593-1253430561-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >




#15 becca_lynn

becca_lynn
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:11:05 AM

Posted 17 October 2011 - 11:35 AM

Also I couldn't attach the PhysicalMBR zip file using my infected computer. The same thing - it kept shutting down IE and giving the error message. So I copied to USB and uploading from other computer.

Thanks!! :)
Rebecca

Attached Files






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users