Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

mouse trap. more windows than one can close

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: mouse trap. more windows than one can close

Unread postby ejames82 » February 1st, 2012, 1:42 pm

torreattack,

that's quite alright. that has given me time to perfect the scan report anyway. though it's probably bad news, it's the truth, so we have to run with it.

the file that we ran the virustotal scan on is the one that had an error with avast quarantine. sorry for the mistake.
C:\ProgramData\5DrSpjUPng4J6D.exe
Win32:FakeSysdef-JX[Trj]
avast could not quarantine this file only. not the other file as stated earlier.


these are password protected files:

C:\ProgramFiles\Dell DataSafe Local Backup\Components\DSUpdate\Updates\DataSafe_TGG_Tag_ini_Update.exe|>DataSafe_Green.ico
C:\ProgramFiles\Dell DataSafe Local Backup\Components\DSUpdate\Updates\DataSafe_TGG_Tag_ini_Update.exe|>diff_000001.dif
C:\ProgramFiles\Dell DataSafe Local Backup\Components\DSUpdate\Updates\DataSafe_TGG_Tag_ini_Update.exe|>IRIMG1.BMP
C:\ProgramFiles\Dell DataSafe Local Backup\Components\DSUpdate\Updates\DataSafe_TGG_Tag_ini_Update.exe|>IRIMG1.JPG


these files went to quarantine:

C:\Users\Jason\AppData\Local\gbi.exe
Win32:MalOb-IG[Cryp]
C:\Users\Jason\AppData\Local\Temp\480.0984.exe
Win32:MalOb-IG[Cryp]
C:\Users\Jason\AppData\Local\Temp\9XBIBQ2Il1nkZF.exe.tmp
Win32:FakeSysdef-JX[Trj]
C:\Users\Jason\AppData\Local\Temp\ErKvvqN4SsRxxB.exe.tmp
Win32:FakeSysdef-JX[Trj]
C:\Users\Jason\AppData\Local\Temp\kna0.7285776298927835.exe
Win32:MalOb-IG[Cryp]
C:\Users\Jason\AppData\Local\Temp\msimg32.dll
Win32:MalOb-IG[Cryp]
C:\Users\Jason\AppData\Local\Temp\qessaeuxoq
Win32:MalOb-IG[Cryp]
C:\Users\Jason\AppData\Local\Temp\sghj0.9470953159697454.exe
Win32:MalOb-IG[Cryp]
C:\Users\Jason\AppData\Local\Temp\viw.dll
Win32:MalOb-IG[Cryp]
C:\Users\Jason\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\68619c2c-297e29c5
Win32:MalOb-IG[Cryp]
C:\Users\Jason\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\75a038ae-5fd870ab
Win32:FakeSysdef-JX[Trj]
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\TemporaryInternetFiles\ContentIE5\INSTNEXX\search[1].htm
HTML:Iframe-inf
C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16802_none_d81220b5bf827af7\afd.sys
Win32:Aluroot[Rtk]


I am going back and checking the thread to provide you with what you require. if I skip anything, please let me know (It wouldn't be deliberate). I think you require an OTL.
thanks torreattack AND the teachers.
ejames82
Regular Member
 
Posts: 54
Joined: December 2nd, 2007, 4:34 pm
Location: syracuse, new york

Re: mouse trap. more windows than one can close

Unread postby ejames82 » February 1st, 2012, 2:42 pm

torreattack,

the OTL scan didn't go as smoothly as it could have. to begin with, the pc, or browser doesn't save to desktop. and it never asks if I need to run as administrator. if I was familiar with this OS/pc I would fix it.
I didn't think running the scan could hurt and I can always re-run it if you require me to. :)
thank you!
here it is:

OTL logfile created on: 2/1/2012 1:13:46 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Jason\Downloads
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.42 Mb Total Physical Memory | 405.04 Mb Available Physical Memory | 39.97% Memory free
1.99 Gb Paging File | 1.29 Gb Available in Paging File | 64.88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.19 Gb Total Space | 118.09 Gb Free Space | 84.84% Space Free | Partition Type: NTFS

Computer Name: JASON-PC | User Name: Jason | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Jason\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil11e_ActiveX.exe (Adobe Systems, Inc.)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\Dell DataSafe Local Backup\Toaster.exe (SoftThinks - Dell)
PRC - C:\Program Files\Dell DataSafe Local Backup\Components\Scheduler\STService.exe ()
PRC - C:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe (SoftThinks - Dell)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\WSED\WSED.exe (Dell)
PRC - C:\Program Files\Battery Meter\BTMeter.exe (Dell)
PRC - C:\Program Files\CapsLKNotify\CapsLKNotify.exe (Compal Electronics, Inc)


========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dd56ffc9d534de278c79420dcce058a4\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\07cdef1a740151932dcf161f3306bd9c\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\70e2ca33ffa52c743285dc5b4910a229\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7c94a121334aeca7553c7f01290740f0\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll ()
MOD - C:\Program Files\Dell DataSafe Local Backup\Components\Scheduler\STService.exe ()
MOD - C:\Windows\System32\EMSC.DLL ()


========== Win32 Services (SafeList) ==========

SRV - (ReflectService.exe) -- C:\Program Files\Macrium\Reflect\ReflectService.exe ()
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (BBUpdate) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (SftService) -- C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks SAS)
SRV - (GoToAssist) -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (sftvsa) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (AERTFilters) -- C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe (Andrea Electronics Corporation)
SRV - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV - (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)


========== Driver Services (SafeList) ==========

DRV - (pssnap) -- C:\Windows\system32\DRIVERS\pssnap.sys (Macrium Software)
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (Sftvol) -- C:\Windows\System32\drivers\Sftvollh.sys (Microsoft Corporation)
DRV - (Sftredir) -- C:\Windows\System32\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV - (Sftplay) -- C:\Windows\System32\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV - (Sftfs) -- C:\Windows\System32\drivers\Sftfslh.sys (Microsoft Corporation)
DRV - (RTL8192Ce) -- C:\Windows\System32\drivers\rtl8192ce.sys (Realtek Semiconductor Corporation )
DRV - (RSUSBSTOR) -- C:\Windows\System32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (EMSC) -- C:\Windows\system32\DRIVERS\EMSC.SYS (Windows (R) Win 7 DDK provider)
DRV - (CtClsFlt) -- C:\Windows\System32\drivers\CtClsFlt.sys (Creative Technology Ltd.)
DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========




IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3780860486-297848617-718311817-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKU\S-1-5-21-3780860486-297848617-718311817-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3780860486-297848617-718311817-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



Hosts file not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3780860486-297848617-718311817-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BTMeter] C:\Program Files\Battery Meter\BTMeter.exe (Dell)
O4 - HKLM..\Run: [CapsLKNotify] C:\Program Files\CapsLKNotify\CapsLKNotify.exe (Compal Electronics, Inc)
O4 - HKLM..\Run: [WSED] C:\Program Files\WSED\WSED.exe (Dell)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{294B54CD-9A79-442E-9C06-427C363FA3D1}: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F9F4F60C-45F4-43F2-A5B5-4D1E1EC7566A}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{385a522a-21c8-11e1-af7d-5c260a0e0ee8}\Shell - "" = AutoRun
O33 - MountPoints2\{385a522a-21c8-11e1-af7d-5c260a0e0ee8}\Shell\AutoRun\command - "" = D:\TL-Bootstrap.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-3780860486-297848617-718311817-1000\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/01/30 01:09:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/01/29 11:41:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/01/29 11:41:34 | 000,314,456 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012/01/29 11:41:34 | 000,020,568 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012/01/29 11:41:30 | 000,052,952 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012/01/29 11:41:30 | 000,034,392 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2012/01/29 11:41:29 | 000,435,032 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012/01/29 11:41:25 | 000,055,128 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012/01/29 11:40:07 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/01/29 11:40:06 | 000,199,816 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012/01/29 11:39:52 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/01/29 11:39:52 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/01/27 18:54:31 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webio.dll
[2012/01/27 18:54:31 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sspisrv.dll
[2012/01/27 17:45:07 | 000,000,000 | ---D | C] -- C:\Users\Jason\Documents\Reflect
[2012/01/27 17:37:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Macrium
[2012/01/27 17:31:50 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Macrium
[2012/01/27 17:31:49 | 000,000,000 | ---D | C] -- C:\Program Files\Macrium
[2012/01/27 17:26:08 | 000,000,000 | ---D | C] -- C:\ProgramData\VirtualizedApplications
[2012/01/26 02:52:57 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\SoftGrid Client
[2012/01/26 02:52:53 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\SoftGrid Client
[2012/01/26 02:52:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (English)
[2012/01/26 02:51:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2012/01/26 02:51:15 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Application Virtualization Client
[2012/01/26 02:50:46 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\TP
[2012/01/26 00:28:48 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2012/01/26 00:28:47 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2012/01/21 18:29:16 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2012/01/21 18:29:16 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2012/01/21 18:29:16 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2012/01/21 18:29:16 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2012/01/21 18:29:16 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2012/01/21 18:29:16 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2012/01/21 18:29:16 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/01/21 18:29:16 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2012/01/21 18:29:16 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2012/01/21 18:29:16 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2012/01/21 18:29:15 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/01/21 18:29:15 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2012/01/21 18:29:14 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2012/01/21 18:29:14 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2012/01/21 18:29:14 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2012/01/21 18:29:14 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2012/01/21 18:29:14 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2012/01/21 18:29:14 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/01/21 18:29:14 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2012/01/21 18:29:14 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2012/01/21 18:29:14 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2012/01/21 18:29:14 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2012/01/21 18:29:12 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/01/21 18:29:12 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/01/21 18:29:12 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2012/01/21 18:29:12 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2012/01/21 18:29:12 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2012/01/21 18:29:12 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2012/01/21 18:29:11 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/01/21 18:29:11 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/01/21 18:29:10 | 001,798,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/01/21 18:29:10 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2012/01/21 18:29:10 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2012/01/21 18:29:10 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2012/01/21 18:29:10 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2012/01/21 18:29:10 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2012/01/21 18:29:10 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2012/01/21 17:01:47 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview
[2012/01/21 16:39:33 | 000,000,000 | -HSD | C] -- C:\found.000
[2012/01/19 00:49:45 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2012/01/17 10:39:08 | 000,000,000 | -H-D | C] -- C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
[2012/01/11 16:41:43 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll
[2012/01/11 16:41:40 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2012/01/11 16:41:39 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2012/01/11 05:11:16 | 000,000,000 | ---D | C] -- C:\437f678f23918983676b9187
[2012/01/05 22:56:00 | 000,000,000 | -H-D | C] -- C:\Users\Jason\Tracing

========== Files - Modified Within 30 Days ==========

[2012/02/01 10:48:47 | 000,000,734 | ---- | M] () -- C:\Users\Jason\Desktop\MalWare Removal • Malware Removal - Website Home Page..website
[2012/02/01 10:44:39 | 000,624,622 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/02/01 10:44:39 | 000,106,708 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/02/01 10:42:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/01 08:53:43 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/01 08:53:43 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/01 08:45:32 | 796,987,392 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/30 00:05:49 | 000,000,408 | ---- | M] () -- C:\Users\Jason\Desktop\VirusTotal - Free Online Virus, Malware and URL Scanner.website
[2012/01/29 11:41:35 | 000,001,996 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/01/29 11:41:25 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/01/27 17:31:50 | 000,002,929 | ---- | M] () -- C:\Users\Jason\Desktop\Reflect.lnk
[2012/01/26 00:28:48 | 000,001,224 | ---- | M] () -- C:\Users\Jason\Desktop\Revo Uninstaller.lnk
[2012/01/22 18:29:53 | 000,257,736 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/01/22 16:55:14 | 000,000,272 | -H-- | M] () -- C:\ProgramData\~5DrSpjUPng4J6D
[2012/01/21 20:12:21 | 000,001,409 | -H-- | M] () -- C:\Users\Jason\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/01/21 18:29:16 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2012/01/21 18:29:16 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2012/01/21 18:29:16 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2012/01/21 18:29:16 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2012/01/21 18:29:16 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2012/01/21 18:29:16 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2012/01/21 18:29:16 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2012/01/21 18:29:16 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/01/21 18:29:16 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2012/01/21 18:29:16 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2012/01/21 18:29:16 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2012/01/21 18:29:15 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/01/21 18:29:14 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2012/01/21 18:29:14 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/01/21 18:29:14 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2012/01/21 18:29:14 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2012/01/21 18:29:14 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2012/01/21 18:29:14 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2012/01/21 18:29:14 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/01/21 18:29:14 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2012/01/21 18:29:14 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2012/01/21 18:29:14 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2012/01/21 18:29:14 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2012/01/21 18:29:14 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2012/01/21 18:29:12 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/01/21 18:29:12 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2012/01/21 18:29:12 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2012/01/21 18:29:12 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2012/01/21 18:29:12 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2012/01/21 18:29:11 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/01/21 18:29:11 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/01/21 18:29:10 | 001,798,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/01/21 18:29:10 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2012/01/21 18:29:10 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2012/01/21 18:29:10 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2012/01/21 18:29:10 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2012/01/21 18:29:10 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2012/01/21 18:29:10 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2012/01/21 17:41:43 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msclmd.dll
[2012/01/21 16:40:31 | 000,003,368 | -H-- | M] () -- C:\bootsqm.dat
[2012/01/17 11:49:26 | 000,001,986 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/01/17 10:39:13 | 000,000,176 | -H-- | M] () -- C:\ProgramData\~5DrSpjUPng4J6Dr
[2012/01/17 10:39:09 | 000,000,679 | -H-- | M] () -- C:\Users\Jason\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk

========== Files Created - No Company Name ==========

[2012/02/01 10:45:01 | 000,000,734 | ---- | C] () -- C:\Users\Jason\Desktop\MalWare Removal • Malware Removal - Website Home Page..website
[2012/01/30 00:05:49 | 000,000,408 | ---- | C] () -- C:\Users\Jason\Desktop\VirusTotal - Free Online Virus, Malware and URL Scanner.website
[2012/01/29 11:41:35 | 000,001,996 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/01/27 17:31:50 | 000,002,929 | ---- | C] () -- C:\Users\Jason\Desktop\Reflect.lnk
[2012/01/26 00:28:48 | 000,001,224 | ---- | C] () -- C:\Users\Jason\Desktop\Revo Uninstaller.lnk
[2012/01/22 16:55:13 | 000,000,272 | -H-- | C] () -- C:\ProgramData\~5DrSpjUPng4J6D
[2012/01/21 20:12:20 | 000,001,415 | -H-- | C] () -- C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/01/21 18:29:14 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2012/01/21 16:40:31 | 000,003,368 | -H-- | C] () -- C:\bootsqm.dat
[2012/01/17 11:49:26 | 000,001,986 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/01/17 11:49:25 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2012/01/17 10:39:13 | 000,000,176 | -H-- | C] () -- C:\ProgramData\~5DrSpjUPng4J6Dr
[2012/01/17 10:39:09 | 000,000,679 | -H-- | C] () -- C:\Users\Jason\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2011/12/23 04:12:34 | 000,013,262 | -HS- | C] () -- C:\Users\Jason\AppData\Local\137132d1d242g542m314v1qhj6n6
[2011/12/23 04:12:34 | 000,013,262 | -HS- | C] () -- C:\ProgramData\137132d1d242g542m314v1qhj6n6
[2010/09/30 04:25:14 | 000,000,076 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2010/09/30 04:12:21 | 000,451,072 | ---- | C] () -- C:\Windows\System32\ISSRemoveSP.exe
[2010/09/30 04:11:02 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009/09/09 20:18:28 | 000,577,536 | ---- | C] () -- C:\Windows\System32\EMSC.DLL
[2009/07/13 23:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 23:33:53 | 000,257,736 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 21:05:48 | 000,624,622 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 21:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 21:05:48 | 000,106,708 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 21:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 21:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 21:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 18:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

< End of report >




OTL Extras logfile created on: 2/1/2012 1:13:46 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Jason\Downloads
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.42 Mb Total Physical Memory | 405.04 Mb Available Physical Memory | 39.97% Memory free
1.99 Gb Paging File | 1.29 Gb Available in Paging File | 64.88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.19 Gb Total Space | 118.09 Gb Free Space | 84.84% Space Free | Partition Type: NTFS

Computer Name: JASON-PC | User Name: Jason | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3780860486-297848617-718311817-1000\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{053E51D3-885D-425C-9586-EA5183C4C688}" = Function Keys
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{2DA5F129-11AC-4F11-8188-B2F07EAAC20A}" = Cozi
"{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{543A4F31-9590-416A-A621-42CEB4C6A694}" = Battery Meter
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90140000-006D-0409-0000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{90578106-70AF-4198-B9DE-1924FA83B03A}" = CapsLKNotify
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{984C17AB-A38C-4F0F-B6D3-075854886884}" = Macrium Reflect Free Edition
"{9D3D8C60-A55F-4123-B2B9-173F09590E16}" = REALTEK PCIE Wireless LAN Driver
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.0
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C73A3942-84C8-4597-9F9B-EE227DCBA758}" = Dell Dock
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E6CB6126-D120-4FB5-9D1B-E2E19003E66C}" = WSED
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FEF06E73-A519-4510-8CF3-B66041B91D8A}" = EMSC
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"avast" = avast! Free Antivirus
"Dell Dock" = Dell Dock
"Dell Webcam Central" = Dell Webcam Central
"GoToAssist" = GoToAssist 8.0.0.514
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{543A4F31-9590-416A-A621-42CEB4C6A694}" = Battery Meter
"InstallShield_{90578106-70AF-4198-B9DE-1924FA83B03A}" = CapsLKNotify
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Revo Uninstaller" = Revo Uninstaller 1.93
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinLiveSuite_Wave3" = Windows Live Essentials

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/19/2012 3:45:13 PM | Computer Name = Jason-PC | Source = Application Error | ID = 1000
Description = Faulting application name: ping.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc964 Faulting module name: apphelp.dll, version: 6.1.7600.16481, time
stamp: 0x4b1e3784 Exception code: 0xc00000fd Fault offset: 0x0000c44d Faulting process
id: 0x16c0 Faulting application start time: 0x01ccd6e2b2e5154f Faulting application
path: C:\Windows\System32\ping.exe Faulting module path: C:\Windows\system32\apphelp.dll
Report
Id: 19eb9532-42d6-11e1-9e1b-5c260a0e0ee8

Error - 1/19/2012 5:43:01 PM | Computer Name = Jason-PC | Source = Application Error | ID = 1000
Description = Faulting application name: ping.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc964 Faulting module name: apphelp.dll, version: 6.1.7600.16481, time
stamp: 0x4b1e3784 Exception code: 0xc00000fd Fault offset: 0x0000c44d Faulting process
id: 0x250 Faulting application start time: 0x01ccd6f3156fef73 Faulting application
path: C:\Windows\System32\ping.exe Faulting module path: C:\Windows\system32\apphelp.dll
Report
Id: 8ee6451a-42e6-11e1-9e1b-5c260a0e0ee8

Error - 1/19/2012 5:45:28 PM | Computer Name = Jason-PC | Source = Application Error | ID = 1000
Description = Faulting application name: ping.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc964 Faulting module name: apphelp.dll, version: 6.1.7600.16481, time
stamp: 0x4b1e3784 Exception code: 0xc00000fd Fault offset: 0x0000c44d Faulting process
id: 0x12f0 Faulting application start time: 0x01ccd6f37e5fcdae Faulting application
path: C:\Windows\System32\ping.exe Faulting module path: C:\Windows\system32\apphelp.dll
Report
Id: e6b66d2e-42e6-11e1-9e1b-5c260a0e0ee8

Error - 1/19/2012 5:47:38 PM | Computer Name = Jason-PC | Source = Application Error | ID = 1000
Description = Faulting application name: ping.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc964 Faulting module name: apphelp.dll, version: 6.1.7600.16481, time
stamp: 0x4b1e3784 Exception code: 0xc00000fd Fault offset: 0x0000c44d Faulting process
id: 0x970 Faulting application start time: 0x01ccd6f3cd9d0f70 Faulting application
path: C:\Windows\System32\ping.exe Faulting module path: C:\Windows\system32\apphelp.dll
Report
Id: 33f55d3f-42e7-11e1-9e1b-5c260a0e0ee8

Error - 1/19/2012 6:21:52 PM | Computer Name = Jason-PC | Source = Application Error | ID = 1000
Description = Faulting application name: ping.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc964 Faulting module name: apphelp.dll, version: 6.1.7600.16481, time
stamp: 0x4b1e3784 Exception code: 0xc00000fd Fault offset: 0x0000c44d Faulting process
id: 0x145c Faulting application start time: 0x01ccd6f892ecef56 Faulting application
path: C:\Windows\System32\ping.exe Faulting module path: C:\Windows\system32\apphelp.dll
Report
Id: fc59e977-42eb-11e1-9e1b-5c260a0e0ee8

Error - 1/19/2012 6:56:14 PM | Computer Name = Jason-PC | Source = Application Error | ID = 1000
Description = Faulting application name: ping.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc964 Faulting module name: apphelp.dll, version: 6.1.7600.16481, time
stamp: 0x4b1e3784 Exception code: 0xc00000fd Fault offset: 0x0000c44d Faulting process
id: 0x604 Faulting application start time: 0x01ccd6fd60fcf7c9 Faulting application
path: C:\Windows\System32\ping.exe Faulting module path: C:\Windows\system32\apphelp.dll
Report
Id: c984a8f8-42f0-11e1-9e1b-5c260a0e0ee8

Error - 1/19/2012 6:58:26 PM | Computer Name = Jason-PC | Source = Application Error | ID = 1000
Description = Faulting application name: ping.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc964 Faulting module name: apphelp.dll, version: 6.1.7600.16481, time
stamp: 0x4b1e3784 Exception code: 0xc00000fd Fault offset: 0x0000c44d Faulting process
id: 0x1208 Faulting application start time: 0x01ccd6fdb0cbba99 Faulting application
path: C:\Windows\System32\ping.exe Faulting module path: C:\Windows\system32\apphelp.dll
Report
Id: 17ef5799-42f1-11e1-9e1b-5c260a0e0ee8

Error - 1/19/2012 7:00:36 PM | Computer Name = Jason-PC | Source = Application Error | ID = 1000
Description = Faulting application name: ping.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc964 Faulting module name: apphelp.dll, version: 6.1.7600.16481, time
stamp: 0x4b1e3784 Exception code: 0xc00000fd Fault offset: 0x0000c44d Faulting process
id: 0xf00 Faulting application start time: 0x01ccd6fdfe63897b Faulting application
path: C:\Windows\System32\ping.exe Faulting module path: C:\Windows\system32\apphelp.dll
Report
Id: 65921322-42f1-11e1-9e1b-5c260a0e0ee8

Error - 1/19/2012 7:02:46 PM | Computer Name = Jason-PC | Source = Application Error | ID = 1000
Description = Faulting application name: ping.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc964 Faulting module name: apphelp.dll, version: 6.1.7600.16481, time
stamp: 0x4b1e3784 Exception code: 0xc00000fd Fault offset: 0x0000c44d Faulting process
id: 0x1444 Faulting application start time: 0x01ccd6fe4c243c2e Faulting application
path: C:\Windows\System32\ping.exe Faulting module path: C:\Windows\system32\apphelp.dll
Report
Id: b2ea0949-42f1-11e1-9e1b-5c260a0e0ee8

Error - 1/19/2012 7:04:54 PM | Computer Name = Jason-PC | Source = Application Error | ID = 1000
Description = Faulting application name: ping.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc964 Faulting module name: apphelp.dll, version: 6.1.7600.16481, time
stamp: 0x4b1e3784 Exception code: 0xc00000fd Fault offset: 0x0000c44d Faulting process
id: 0x590 Faulting application start time: 0x01ccd6fe99494b14 Faulting application
path: C:\Windows\System32\ping.exe Faulting module path: C:\Windows\system32\apphelp.dll
Report
Id: ff373740-42f1-11e1-9e1b-5c260a0e0ee8

[ System Events ]
Error - 1/18/2012 4:43:34 PM | Computer Name = Jason-PC | Source = Service Control Manager | ID = 7003
Description = The McAfee Personal Firewall Service service depends the following
service: MpsSvc. This service might not be installed.

Error - 1/18/2012 4:43:34 PM | Computer Name = Jason-PC | Source = Service Control Manager | ID = 7003
Description = The McAfee Personal Firewall Service service depends the following
service: MpsSvc. This service might not be installed.

Error - 1/18/2012 9:11:59 PM | Computer Name = Jason-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the SftService service.

Error - 1/18/2012 9:12:19 PM | Computer Name = Jason-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 1/18/2012 11:19:34 PM | Computer Name = Jason-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 1/18/2012 11:19:46 PM | Computer Name = Jason-PC | Source = Service Control Manager | ID = 7031
Description = The McShield service terminated unexpectedly. It has done this 1
time(s). The following corrective action will be taken in 5000 milliseconds: Restart
the service.

Error - 1/19/2012 1:42:40 AM | Computer Name = Jason-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Netman service.

Error - 1/19/2012 1:42:54 AM | Computer Name = Jason-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 1/19/2012 1:43:22 AM | Computer Name = Jason-PC | Source = Service Control Manager | ID = 7003
Description = The McAfee Personal Firewall Service service depends the following
service: MpsSvc. This service might not be installed.

Error - 1/19/2012 1:43:22 AM | Computer Name = Jason-PC | Source = Service Control Manager | ID = 7003
Description = The McAfee Personal Firewall Service service depends the following
service: MpsSvc. This service might not be installed.


< End of report >
ejames82
Regular Member
 
Posts: 54
Joined: December 2nd, 2007, 4:34 pm
Location: syracuse, new york

Re: mouse trap. more windows than one can close

Unread postby ejames82 » February 1st, 2012, 6:09 pm

torreattack,

just dropping in quickly to say that I appear to have provided everything you have required from me so far. I keep checking in to see if there is anything else you require (maybe that I missed something).
thank you for your time.
ejames82
Regular Member
 
Posts: 54
Joined: December 2nd, 2007, 4:34 pm
Location: syracuse, new york

Re: mouse trap. more windows than one can close

Unread postby torreattack » February 2nd, 2012, 5:11 am

Hi ejames82 :

It really hurts not being able to get a text scan report. I like avast, but other AVs provide one automatically.

You can create a text scan report with AVAST automatically with this method:

1. Create report of AVAST automatically
  • Open Avast!Free Antivirus.
  • Click Scan Computer and then click on Scan Now.
  • Click More details which are some row as Full system scan
  • Click Setting > Report file
  • Tick Generate report file and click OK.
  • Repeat the above steps for other type of scan method.
Note:
a. When you run a "new" scan, the report will create automatically.
b. Your version of Avast might be different from mine, but the method to create the text report should be almost the same.


2. Unhide.exe
Please download Unhide.exe and save it to your Desktop.
  • Right-click on the Unhide.exe and select " Run as administrator " to run it.
  • This program will remove the +H, or hidden, attribute from all the files on your hard drives.
  • Please note that this will unhide files that are purposely hidden.
  • Please let me know whether those "hidden" folder had showed or not.


3. TDSSKiller
Please download TDSSKiller.exe and save it to your Desktop.
  • Right click on TDSSKiller.exe and select "Run As Administrator" to run it. If prompted by UAC, please allow it.
  • Click on Start Scan, the scan will run.
  • When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
  • Now click on Report to open the log file created by TDSSKiller in your root directory C:\
  • To find the log go to Start > Computer > C:
  • Post the contents of that log in your next reply please.
  • DO NOT TRY TO FIX ANYTHING AT THIS POINT


4. Checklist
Please post:
  • Avast log
  • TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt
  • Result of running Unhide.exe

Thanks,
torreattack
torreattack
Retired Graduate
 
Posts: 940
Joined: July 27th, 2008, 1:36 am

Re: mouse trap. more windows than one can close

Unread postby ejames82 » February 2nd, 2012, 11:01 am

torreattack,

Hello,

I just logged in and have seen your instructions. I am very grateful for the info about the avast text report. :) it's highly likely that there were discrepancies in the report that I provided to you. this should give us the 'perfection' that we need.

:oops:

how could I have missed that? I also asked this question at wilderssecurity (nobody ever replied, now I can reply with the answer, thanks to you).

my version of avast MAY be different from yours, but your instructions worked to a Tee.
I have the scan running right now.
since most of the infections were quarantined, won't that 'tarnish' the report somewhat? will the report still provide the useful info that you're hoping for?
everything else you require will follow.

thank you torreattack
ejames82
Regular Member
 
Posts: 54
Joined: December 2nd, 2007, 4:34 pm
Location: syracuse, new york

Re: mouse trap. more windows than one can close

Unread postby ejames82 » February 2nd, 2012, 1:21 pm

*
* avast! Scan Report
* This file is generated automatically
*
* Scan name: Full system scan
* Started on: Thursday, February 02, 2012 9:43:45 AM
* VPS: 120202-1, 02/02/2012
*

C:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\Updates\DataSafe_LGG_Tag_ini_Update.exe|>DataSafe_Green.ico [E] Archive is password protected. (42056)
C:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\Updates\DataSafe_LGG_Tag_ini_Update.exe|>diff_000001.dif [E] Archive is password protected. (42056)
C:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\Updates\DataSafe_LGG_Tag_ini_Update.exe|>IRIMG1.BMP [E] Archive is password protected. (42056)
C:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\Updates\DataSafe_LGG_Tag_ini_Update.exe|>IRIMG1.JPG [E] Archive is password protected. (42056)
Infected files: 0
Total files: 197147
Total folders: 20585
Total size: 41.7 GB

*
* Scan stopped: Thursday, February 02, 2012 11:16:00 AM
* Run-time was 1 hour(s), 32 minute(s), 15 second(s)
*
ejames82
Regular Member
 
Posts: 54
Joined: December 2nd, 2007, 4:34 pm
Location: syracuse, new york

Re: mouse trap. more windows than one can close

Unread postby ejames82 » February 2nd, 2012, 2:24 pm

torreattack,

the unhide program didn't provide any error message when I used it. I am 99.9% certain it worked as it was supposed to. the message given in a command-line type box was 'all folders unhid successfully'. something to that effect. I think it worked. :)
TDSSkiller found nothing. I am unable to copy and paste from the report. it was version 2.7.9.0
I ran the program about an hour ago

this is just a thought:
would I be able to help you if I could get the contents of what is in avast quarantine? it seems an AV should provide a list for the user. with so much happening this slipped my mind. even if it would help, there probably isn't even a way to acquire it.

thank you torreattack. let me know if I have skipped anything.
ejames82
Regular Member
 
Posts: 54
Joined: December 2nd, 2007, 4:34 pm
Location: syracuse, new york

Re: mouse trap. more windows than one can close

Unread postby ejames82 » February 4th, 2012, 2:24 pm

Hello,

I am just politely checking in.

I keep watching the thread and my email for a response.

I am trying to prevent the thread from being closed from inactivity.

Thank you.
ejames82
Regular Member
 
Posts: 54
Joined: December 2nd, 2007, 4:34 pm
Location: syracuse, new york

Re: mouse trap. more windows than one can close

Unread postby torreattack » February 4th, 2012, 11:36 pm

Hi ejames82 :

Sorry for being late.

it's highly likely that there were discrepancies in the report that I provided to you

No, the log that you typed out was the key that help me to identify the infection. With the log, we knew the infection of your system was the SystemCheck infection. Because of that, I don't need the avast log anymore.


I also asked this question at wilderssecurity (nobody ever replied, now I can reply with the answer, thanks to you).

I need to remind you that, my teacher and I will deal with your problem here. If you have any problem or question, please wait for us to guide you but not post at other forum like WilderSecurity. By posting to multiple forum regarding the same problem, you are utilising the time of two (or more) trained helpers. Beside that, sometime advice from two separate helpers may cause problems.

I want you to read our forum policy regarding multiple forum posting:
http://malwareremoval.com/forum/viewtopic.php?p=491396#p491396

I also want to remind you about my first post to you:
Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the Malware Removal forum and wait for help.


All the instructions that I gave to you are for you computer ONLY. Similar problem is just similar, they are likely to have some differences. In some cases, the "FIX" for you will cause problem in another user computer. ;)

Let's continue,

1. Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware and save to your desktop.
  • Right-click mbam-setup.exe And select " Run as administrator " then follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to:
    Update Malwarebytes' Anti-Malware
    Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
    Note: If MBAM doesn't return after an update, please start it again.
  • Once the program has loaded, select Perform Quick Scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Check all items except items in the C:\System Volume Information folder... and click Remove Selected.
    Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
  • When completed, a log will open in Notepad. Please copy and paste the log back into your next reply


2. Checklist
Please post:
  • mbam-log-date (time).txt
  • An update on your problems

Please follow the instructions and do not do anything else besides those that I request you to. Please do them in the order they are presented to you.

Thanks,
torreattack
torreattack
Retired Graduate
 
Posts: 940
Joined: July 27th, 2008, 1:36 am

Re: mouse trap. more windows than one can close

Unread postby ejames82 » February 5th, 2012, 3:21 pm

torreattack,

Hello,

I should not have gone over to wilderssecurity and asked for help finding the scan log.
my fault.

for the most part, the computer behaves very good. the touchpad/mouse does seem to be very sensitive in that it 'enter's on everything, and turns into a sideway double arrow. I have to be very light with it. I know laptops are supposed to do this, and I am not a laptop person, so maybe this is inherant. I can't say for sure how bad this problem is.
I did notice the other day when I pasted the results of the avast scan that the keyboard would not type whatsoever. My apologies for forgetting to tell you about that.

right now the keyboard is doing fine.


here is the malwarebytes log
thanks torreattack:

Malwarebytes Anti-Malware 1.60.1.1000
http://www.malwarebytes.org

Database version: v2012.02.05.01

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Jason :: JASON-PC [administrator]

2/5/2012 4:58:32 AM
mbam-log-2012-02-05 (04-58-32).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 174341
Time elapsed: 12 minute(s),

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command| (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Jason\AppData\Local\ohp.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Users\Jason\AppData\Local\Temp\Install.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Jason\AppData\Local\Temp\D71B.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

(end)
ejames82
Regular Member
 
Posts: 54
Joined: December 2nd, 2007, 4:34 pm
Location: syracuse, new york

Re: mouse trap. more windows than one can close

Unread postby torreattack » February 6th, 2012, 6:48 am

Hi ejames82 :

Glad to hear that the keyboard function again.


1.
the touchpad/mouse does seem to be very sensitive in that it 'enter's on everything, and turns into a sideway double arrow. I have to be very light with it. I know laptops are supposed to do this, and I am not a laptop person, so maybe this is inherant. I can't say for sure how bad this problem is.
I did notice the other day when I pasted the results of the avast scan that the keyboard would not type whatsoever.

I think it is related to Touchpad Sensitivity.

Please read this article: http://support.dell.com/support/topics/ ... egacy=true

You may adjust your touchpad according to the instruction under Adjusting Touchpad Sensitivity



2. ESET online scannner
Note: You can use either Internet Explorer or Mozilla FireFox for this scan.
Note: If you are using Windows Vista or Windows 7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
  • First please Disable any Antivirus you have active, as shown in This topic.
  • Note: Don't forget to re-enable it after the scan.
  • Next hold down Control then click on the following link to open a new window to ESET online scannner
  • Then click on Run ESET Online Scanner
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on Start.
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on Start.
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on Finish.
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.


3. re-scan with OTL
Please make sure OTL is on your Desktop.
  • Right click on OTL.exe and select "run as administrator" to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Click the Scan All Users checkbox.
    Leave the remaining selections to the default settings.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened, maximized
    • Extras.txt <-- Will be minimized on task bar.
  • Please post the contents of ONLY OTL.txt in your next reply.


4. Checklist
Please post:
  • how the touchpad/mouse working?
  • Eset scanning result
  • OTL.txt only
  • An update on your problems
note: These logs can be lengthy, please post in several replies if needed. Please ensure you post COMPLETE log.

Thanks,
torreattack
torreattack
Retired Graduate
 
Posts: 940
Joined: July 27th, 2008, 1:36 am

Re: mouse trap. more windows than one can close

Unread postby ejames82 » February 6th, 2012, 8:47 pm

C:\Program Files\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A application
C:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application
C:\Users\Jason\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\2688b442-48617f8a Java/Exploit.CVE-2011-3544.Y trojan
C:\Users\Jason\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\70e83d9f-4dc1eca6 a variant of Java/TrojanDownloader.Agent.NDJ trojan
C:\Users\Jason\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\2ac74c85-46862f60 multiple threats
ejames82
Regular Member
 
Posts: 54
Joined: December 2nd, 2007, 4:34 pm
Location: syracuse, new york

Re: mouse trap. more windows than one can close

Unread postby ejames82 » February 6th, 2012, 9:54 pm

torreattack,

once again the keyboard wouldn't work when I tried to paste a scan. I don't know if it is the clipboard function that is interfering with the keyboard or what, but as soon as I clicked on submit and submitted the scan report, I was able to type again in the quick reply.

also the info given here:
C:\Program Files\ESET\EsetOnlineScanner\log.txt.
is this:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK

not what you're after. in the eset nod32 gui it says 'txt report' I just clicked on it. ;) copied and pasted it.

also, on a side note, It seemed like I was booted off the website (malwareremoval) and unable to get back on from approx 8:30 eastern time US til 8:40

OTL report on the way

thank you
ejames82
Regular Member
 
Posts: 54
Joined: December 2nd, 2007, 4:34 pm
Location: syracuse, new york

Re: mouse trap. more windows than one can close

Unread postby ejames82 » February 6th, 2012, 10:21 pm

OTL logfile created on: 2/6/2012 8:57:15 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Jason\Desktop
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.42 Mb Total Physical Memory | 344.60 Mb Available Physical Memory | 34.00% Memory free
1.99 Gb Paging File | 1.22 Gb Available in Paging File | 61.40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.19 Gb Total Space | 116.72 Gb Free Space | 83.86% Space Free | Partition Type: NTFS

Computer Name: JASON-PC | User Name: Jason | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Jason\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil11e_ActiveX.exe (Adobe Systems, Inc.)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe ()
PRC - C:\Program Files\Dell DataSafe Local Backup\Toaster.exe (SoftThinks - Dell)
PRC - C:\Program Files\Dell DataSafe Local Backup\Components\Scheduler\STService.exe ()
PRC - C:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe (SoftThinks - Dell)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\WSED\WSED.exe (Dell)
PRC - C:\Program Files\Battery Meter\BTMeter.exe (Dell)
PRC - C:\Program Files\CapsLKNotify\CapsLKNotify.exe (Compal Electronics, Inc)


========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dd56ffc9d534de278c79420dcce058a4\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\07cdef1a740151932dcf161f3306bd9c\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\70e2ca33ffa52c743285dc5b4910a229\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7c94a121334aeca7553c7f01290740f0\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll ()
MOD - C:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe ()
MOD - C:\Program Files\Dell DataSafe Local Backup\Components\Scheduler\STService.exe ()
MOD - C:\Windows\System32\EMSC.DLL ()


========== Win32 Services (SafeList) ==========

SRV - (ReflectService.exe) -- C:\Program Files\Macrium\Reflect\ReflectService.exe ()
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (BBUpdate) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (SftService) -- C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks SAS)
SRV - (GoToAssist) -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (sftvsa) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (AERTFilters) -- C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe (Andrea Electronics Corporation)
SRV - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV - (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)


========== Driver Services (SafeList) ==========

DRV - (pssnap) -- C:\Windows\system32\DRIVERS\pssnap.sys (Macrium Software)
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (Sftvol) -- C:\Windows\System32\drivers\Sftvollh.sys (Microsoft Corporation)
DRV - (Sftredir) -- C:\Windows\System32\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV - (Sftplay) -- C:\Windows\System32\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV - (Sftfs) -- C:\Windows\System32\drivers\Sftfslh.sys (Microsoft Corporation)
DRV - (RTL8192Ce) -- C:\Windows\System32\drivers\rtl8192ce.sys (Realtek Semiconductor Corporation )
DRV - (RSUSBSTOR) -- C:\Windows\System32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (EMSC) -- C:\Windows\system32\DRIVERS\EMSC.SYS (Windows (R) Win 7 DDK provider)
DRV - (CtClsFlt) -- C:\Windows\System32\drivers\CtClsFlt.sys (Creative Technology Ltd.)
DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========




IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3780860486-297848617-718311817-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKU\S-1-5-21-3780860486-297848617-718311817-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3780860486-297848617-718311817-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



Hosts file not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3780860486-297848617-718311817-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BTMeter] C:\Program Files\Battery Meter\BTMeter.exe (Dell)
O4 - HKLM..\Run: [CapsLKNotify] C:\Program Files\CapsLKNotify\CapsLKNotify.exe (Compal Electronics, Inc)
O4 - HKLM..\Run: [WSED] C:\Program Files\WSED\WSED.exe (Dell)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{294B54CD-9A79-442E-9C06-427C363FA3D1}: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F9F4F60C-45F4-43F2-A5B5-4D1E1EC7566A}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{385a522a-21c8-11e1-af7d-5c260a0e0ee8}\Shell - "" = AutoRun
O33 - MountPoints2\{385a522a-21c8-11e1-af7d-5c260a0e0ee8}\Shell\AutoRun\command - "" = D:\TL-Bootstrap.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-3780860486-297848617-718311817-1000\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/02/06 20:48:54 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Jason\Desktop\OTL.exe
[2012/02/06 09:30:16 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/02/05 04:55:32 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\Malwarebytes
[2012/02/05 04:55:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/02/05 04:55:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/02/05 04:55:21 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/02/05 04:55:21 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/02/02 09:35:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (English)
[2012/01/30 01:09:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/01/29 11:41:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/01/29 11:41:34 | 000,314,456 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012/01/29 11:41:34 | 000,020,568 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012/01/29 11:41:30 | 000,052,952 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012/01/29 11:41:30 | 000,034,392 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2012/01/29 11:41:29 | 000,435,032 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012/01/29 11:41:25 | 000,055,128 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012/01/29 11:40:07 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/01/29 11:40:06 | 000,199,816 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012/01/29 11:39:52 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/01/29 11:39:52 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/01/27 18:54:31 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webio.dll
[2012/01/27 18:54:31 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sspisrv.dll
[2012/01/27 17:45:07 | 000,000,000 | ---D | C] -- C:\Users\Jason\Documents\Reflect
[2012/01/27 17:37:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Macrium
[2012/01/27 17:31:50 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Macrium
[2012/01/27 17:31:49 | 000,000,000 | ---D | C] -- C:\Program Files\Macrium
[2012/01/27 17:26:08 | 000,000,000 | ---D | C] -- C:\ProgramData\VirtualizedApplications
[2012/01/26 02:52:57 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\SoftGrid Client
[2012/01/26 02:52:53 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\SoftGrid Client
[2012/01/26 02:51:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2012/01/26 02:51:15 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Application Virtualization Client
[2012/01/26 02:50:46 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\TP
[2012/01/26 00:28:48 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2012/01/26 00:28:47 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2012/01/21 18:29:16 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2012/01/21 18:29:16 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2012/01/21 18:29:16 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2012/01/21 18:29:16 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2012/01/21 18:29:16 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2012/01/21 18:29:16 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2012/01/21 18:29:16 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/01/21 18:29:16 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2012/01/21 18:29:16 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2012/01/21 18:29:16 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2012/01/21 18:29:15 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/01/21 18:29:15 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2012/01/21 18:29:14 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2012/01/21 18:29:14 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2012/01/21 18:29:14 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2012/01/21 18:29:14 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2012/01/21 18:29:14 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2012/01/21 18:29:14 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/01/21 18:29:14 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2012/01/21 18:29:14 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2012/01/21 18:29:14 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2012/01/21 18:29:14 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2012/01/21 18:29:12 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/01/21 18:29:12 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/01/21 18:29:12 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2012/01/21 18:29:12 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2012/01/21 18:29:12 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2012/01/21 18:29:12 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2012/01/21 18:29:11 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/01/21 18:29:11 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/01/21 18:29:10 | 001,798,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/01/21 18:29:10 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2012/01/21 18:29:10 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2012/01/21 18:29:10 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2012/01/21 18:29:10 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2012/01/21 18:29:10 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2012/01/21 18:29:10 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2012/01/21 17:01:47 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview
[2012/01/21 16:39:33 | 000,000,000 | -HSD | C] -- C:\found.000
[2012/01/19 00:49:45 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2012/01/17 10:39:08 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
[2012/01/11 16:41:43 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll
[2012/01/11 16:41:40 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2012/01/11 16:41:39 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2012/01/11 05:11:16 | 000,000,000 | ---D | C] -- C:\437f678f23918983676b9187

========== Files - Modified Within 30 Days ==========

[2012/02/06 20:15:26 | 000,624,622 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/02/06 20:15:26 | 000,106,708 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/02/06 20:14:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/06 19:38:28 | 000,000,734 | ---- | M] () -- C:\Users\Jason\Desktop\MalWare Removal • Malware Removal - Website Home Page..website
[2012/02/06 09:19:18 | 000,009,696 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/06 09:19:18 | 000,009,696 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/06 09:10:42 | 796,987,392 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/05 04:55:24 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/01 13:07:16 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Jason\Desktop\OTL.exe
[2012/01/30 00:05:49 | 000,000,408 | ---- | M] () -- C:\Users\Jason\Desktop\VirusTotal - Free Online Virus, Malware and URL Scanner.website
[2012/01/29 11:41:35 | 000,001,996 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/01/29 11:41:25 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/01/27 17:31:50 | 000,002,929 | ---- | M] () -- C:\Users\Jason\Desktop\Reflect.lnk
[2012/01/26 00:28:48 | 000,001,224 | ---- | M] () -- C:\Users\Jason\Desktop\Revo Uninstaller.lnk
[2012/01/22 18:29:53 | 000,257,736 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/01/22 16:55:14 | 000,000,272 | ---- | M] () -- C:\ProgramData\~5DrSpjUPng4J6D
[2012/01/21 20:12:21 | 000,001,409 | ---- | M] () -- C:\Users\Jason\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/01/21 18:29:16 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2012/01/21 18:29:16 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2012/01/21 18:29:16 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2012/01/21 18:29:16 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2012/01/21 18:29:16 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2012/01/21 18:29:16 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2012/01/21 18:29:16 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2012/01/21 18:29:16 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/01/21 18:29:16 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2012/01/21 18:29:16 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2012/01/21 18:29:16 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2012/01/21 18:29:15 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/01/21 18:29:14 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2012/01/21 18:29:14 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/01/21 18:29:14 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2012/01/21 18:29:14 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2012/01/21 18:29:14 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2012/01/21 18:29:14 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2012/01/21 18:29:14 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/01/21 18:29:14 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2012/01/21 18:29:14 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2012/01/21 18:29:14 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2012/01/21 18:29:14 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2012/01/21 18:29:14 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2012/01/21 18:29:12 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/01/21 18:29:12 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2012/01/21 18:29:12 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2012/01/21 18:29:12 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2012/01/21 18:29:12 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2012/01/21 18:29:11 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/01/21 18:29:11 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/01/21 18:29:10 | 001,798,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/01/21 18:29:10 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2012/01/21 18:29:10 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2012/01/21 18:29:10 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2012/01/21 18:29:10 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2012/01/21 18:29:10 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2012/01/21 18:29:10 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2012/01/21 17:41:43 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msclmd.dll
[2012/01/21 16:40:31 | 000,003,368 | ---- | M] () -- C:\bootsqm.dat
[2012/01/17 11:49:26 | 000,001,986 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/01/17 10:39:13 | 000,000,176 | ---- | M] () -- C:\ProgramData\~5DrSpjUPng4J6Dr
[2012/01/17 10:39:09 | 000,000,679 | ---- | M] () -- C:\Users\Jason\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk

========== Files Created - No Company Name ==========

[2012/02/05 04:55:24 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/01 10:45:01 | 000,000,734 | ---- | C] () -- C:\Users\Jason\Desktop\MalWare Removal • Malware Removal - Website Home Page..website
[2012/01/30 00:05:49 | 000,000,408 | ---- | C] () -- C:\Users\Jason\Desktop\VirusTotal - Free Online Virus, Malware and URL Scanner.website
[2012/01/29 11:41:35 | 000,001,996 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/01/27 17:31:50 | 000,002,929 | ---- | C] () -- C:\Users\Jason\Desktop\Reflect.lnk
[2012/01/26 00:28:48 | 000,001,224 | ---- | C] () -- C:\Users\Jason\Desktop\Revo Uninstaller.lnk
[2012/01/22 16:55:13 | 000,000,272 | ---- | C] () -- C:\ProgramData\~5DrSpjUPng4J6D
[2012/01/21 20:12:20 | 000,001,415 | ---- | C] () -- C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/01/21 18:29:14 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2012/01/21 16:40:31 | 000,003,368 | ---- | C] () -- C:\bootsqm.dat
[2012/01/17 11:49:26 | 000,001,986 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/01/17 11:49:25 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2012/01/17 10:39:13 | 000,000,176 | ---- | C] () -- C:\ProgramData\~5DrSpjUPng4J6Dr
[2012/01/17 10:39:09 | 000,000,679 | ---- | C] () -- C:\Users\Jason\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2011/12/23 04:12:34 | 000,013,262 | -HS- | C] () -- C:\Users\Jason\AppData\Local\137132d1d242g542m314v1qhj6n6
[2011/12/23 04:12:34 | 000,013,262 | -HS- | C] () -- C:\ProgramData\137132d1d242g542m314v1qhj6n6
[2010/09/30 04:25:14 | 000,000,076 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2010/09/30 04:12:21 | 000,451,072 | ---- | C] () -- C:\Windows\System32\ISSRemoveSP.exe
[2010/09/30 04:11:02 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009/09/09 20:18:28 | 000,577,536 | ---- | C] () -- C:\Windows\System32\EMSC.DLL
[2009/07/13 23:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 23:33:53 | 000,257,736 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 21:05:48 | 000,624,622 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 21:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 21:05:48 | 000,106,708 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 21:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 21:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 21:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 18:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

< End of report >
OTL Extras logfile created on: 2/6/2012 8:57:15 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Jason\Desktop
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.42 Mb Total Physical Memory | 344.60 Mb Available Physical Memory | 34.00% Memory free
1.99 Gb Paging File | 1.22 Gb Available in Paging File | 61.40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.19 Gb Total Space | 116.72 Gb Free Space | 83.86% Space Free | Partition Type: NTFS

Computer Name: JASON-PC | User Name: Jason | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3780860486-297848617-718311817-1000\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{053E51D3-885D-425C-9586-EA5183C4C688}" = Function Keys
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{2DA5F129-11AC-4F11-8188-B2F07EAAC20A}" = Cozi
"{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{543A4F31-9590-416A-A621-42CEB4C6A694}" = Battery Meter
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90140000-006D-0409-0000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{90578106-70AF-4198-B9DE-1924FA83B03A}" = CapsLKNotify
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{984C17AB-A38C-4F0F-B6D3-075854886884}" = Macrium Reflect Free Edition
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D3D8C60-A55F-4123-B2B9-173F09590E16}" = REALTEK PCIE Wireless LAN Driver
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.0
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C73A3942-84C8-4597-9F9B-EE227DCBA758}" = Dell Dock
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E6CB6126-D120-4FB5-9D1B-E2E19003E66C}" = WSED
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FEF06E73-A519-4510-8CF3-B66041B91D8A}" = EMSC
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"avast" = avast! Free Antivirus
"Dell Dock" = Dell Dock
"Dell Webcam Central" = Dell Webcam Central
"ESET Online Scanner" = ESET Online Scanner v3
"GoToAssist" = GoToAssist 8.0.0.514
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{543A4F31-9590-416A-A621-42CEB4C6A694}" = Battery Meter
"InstallShield_{90578106-70AF-4198-B9DE-1924FA83B03A}" = CapsLKNotify
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Revo Uninstaller" = Revo Uninstaller 1.93
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinLiveSuite_Wave3" = Windows Live Essentials

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/20/2012 1:43:27 AM | Computer Name = Jason-PC | Source = Application Error | ID = 1000
Description = Faulting application name: ping.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc964 Faulting module name: apphelp.dll, version: 6.1.7600.16481, time
stamp: 0x4b1e3784 Exception code: 0xc00000fd Fault offset: 0x0000c44d Faulting process
id: 0x173c Faulting application start time: 0x01ccd736467c91cc Faulting application
path: C:\Windows\System32\ping.exe Faulting module path: C:\Windows\system32\apphelp.dll
Report
Id: ac775ea2-4329-11e1-9e1b-5c260a0e0ee8

Error - 1/20/2012 1:45:37 AM | Computer Name = Jason-PC | Source = Application Error | ID = 1000
Description = Faulting application name: ping.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc964 Faulting module name: apphelp.dll, version: 6.1.7600.16481, time
stamp: 0x4b1e3784 Exception code: 0xc00000fd Fault offset: 0x0000c44d Faulting process
id: 0x1324 Faulting application start time: 0x01ccd73692f90ca5 Faulting application
path: C:\Windows\System32\ping.exe Faulting module path: C:\Windows\system32\apphelp.dll
Report
Id: f9f59967-4329-11e1-9e1b-5c260a0e0ee8

Error - 1/20/2012 1:47:45 AM | Computer Name = Jason-PC | Source = Application Error | ID = 1000
Description = Faulting application name: ping.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc964 Faulting module name: apphelp.dll, version: 6.1.7600.16481, time
stamp: 0x4b1e3784 Exception code: 0xc00000fd Fault offset: 0x0000c44d Faulting process
id: 0x1414 Faulting application start time: 0x01ccd736e05826ed Faulting application
path: C:\Windows\System32\ping.exe Faulting module path: C:\Windows\system32\apphelp.dll
Report
Id: 46370e8e-432a-11e1-9e1b-5c260a0e0ee8

Error - 1/20/2012 1:49:53 AM | Computer Name = Jason-PC | Source = Application Error | ID = 1000
Description = Faulting application name: ping.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc964 Faulting module name: apphelp.dll, version: 6.1.7600.16481, time
stamp: 0x4b1e3784 Exception code: 0xc00000fd Fault offset: 0x0000c44d Faulting process
id: 0xfec Faulting application start time: 0x01ccd7372c973ab4 Faulting application
path: C:\Windows\System32\ping.exe Faulting module path: C:\Windows\system32\apphelp.dll
Report
Id: 92820936-432a-11e1-9e1b-5c260a0e0ee8

Error - 1/20/2012 1:52:03 AM | Computer Name = Jason-PC | Source = Application Error | ID = 1000
Description = Faulting application name: ping.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc964 Faulting module name: apphelp.dll, version: 6.1.7600.16481, time
stamp: 0x4b1e3784 Exception code: 0xc00000fd Fault offset: 0x0000c44d Faulting process
id: 0x1194 Faulting application start time: 0x01ccd73778ebbadd Faulting application
path: C:\Windows\System32\ping.exe Faulting module path: C:\Windows\system32\apphelp.dll
Report
Id: e0001561-432a-11e1-9e1b-5c260a0e0ee8

Error - 1/20/2012 2:26:13 AM | Computer Name = Jason-PC | Source = Application Error | ID = 1000
Description = Faulting application name: ping.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc964 Faulting module name: apphelp.dll, version: 6.1.7600.16481, time
stamp: 0x4b1e3784 Exception code: 0xc00000fd Fault offset: 0x0000c44d Faulting process
id: 0x1118 Faulting application start time: 0x01ccd73c3ee95612 Faulting application
path: C:\Windows\System32\ping.exe Faulting module path: C:\Windows\system32\apphelp.dll
Report
Id: a6099777-432f-11e1-9e1b-5c260a0e0ee8

Error - 1/20/2012 2:28:23 AM | Computer Name = Jason-PC | Source = Application Error | ID = 1000
Description = Faulting application name: ping.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc964 Faulting module name: apphelp.dll, version: 6.1.7600.16481, time
stamp: 0x4b1e3784 Exception code: 0xc00000fd Fault offset: 0x0000c44d Faulting process
id: 0xdec Faulting application start time: 0x01ccd73c8ccdbd69 Faulting application
path: C:\Windows\System32\ping.exe Faulting module path: C:\Windows\system32\apphelp.dll
Report
Id: f35f2c3e-432f-11e1-9e1b-5c260a0e0ee8

Error - 1/20/2012 2:30:31 AM | Computer Name = Jason-PC | Source = Application Error | ID = 1000
Description = Faulting application name: ping.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc964 Faulting module name: apphelp.dll, version: 6.1.7600.16481, time
stamp: 0x4b1e3784 Exception code: 0xc00000fd Fault offset: 0x0000c44d Faulting process
id: 0x10dc Faulting application start time: 0x01ccd73cd9c41b25 Faulting application
path: C:\Windows\System32\ping.exe Faulting module path: C:\Windows\system32\apphelp.dll
Report
Id: 3faee9a7-4330-11e1-9e1b-5c260a0e0ee8

Error - 1/20/2012 2:32:39 AM | Computer Name = Jason-PC | Source = Application Error | ID = 1000
Description = Faulting application name: ping.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc964 Faulting module name: apphelp.dll, version: 6.1.7600.16481, time
stamp: 0x4b1e3784 Exception code: 0xc00000fd Fault offset: 0x0000c44d Faulting process
id: 0x970 Faulting application start time: 0x01ccd73d261639ee Faulting application
path: C:\Windows\System32\ping.exe Faulting module path: C:\Windows\system32\apphelp.dll
Report
Id: 8bf5218f-4330-11e1-9e1b-5c260a0e0ee8

Error - 1/20/2012 2:35:15 AM | Computer Name = Jason-PC | Source = Application Error | ID = 1000
Description = Faulting application name: ping.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc964 Faulting module name: apphelp.dll, version: 6.1.7600.16481, time
stamp: 0x4b1e3784 Exception code: 0xc00000fd Fault offset: 0x0000c44d Faulting process
id: 0xf54 Faulting application start time: 0x01ccd73d725d5d99 Faulting application
path: C:\Windows\System32\ping.exe Faulting module path: C:\Windows\system32\apphelp.dll
Report
Id: e8ce1967-4330-11e1-9e1b-5c260a0e0ee8

[ System Events ]
Error - 1/20/2012 11:33:45 PM | Computer Name = Jason-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 3:35:24 PM on ?1/?20/?2012 was unexpected.

Error - 1/20/2012 11:33:52 PM | Computer Name = Jason-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 1/20/2012 11:33:53 PM | Computer Name = Jason-PC | Source = Service Control Manager | ID = 7003
Description = The IKE and AuthIP IPsec Keying Modules service depends the following
service: BFE. This service might not be installed.

Error - 1/20/2012 11:33:53 PM | Computer Name = Jason-PC | Source = Service Control Manager | ID = 7003
Description = The McAfee Personal Firewall Service service depends the following
service: MpsSvc. This service might not be installed.

Error - 1/20/2012 11:33:55 PM | Computer Name = Jason-PC | Source = Service Control Manager | ID = 7003
Description = The IPsec Policy Agent service depends the following service: BFE.
This service might not be installed.

Error - 1/20/2012 11:33:55 PM | Computer Name = Jason-PC | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1060

Error - 1/20/2012 11:34:01 PM | Computer Name = Jason-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom

Error - 1/20/2012 11:34:06 PM | Computer Name = Jason-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 1/20/2012 11:38:23 PM | Computer Name = Jason-PC | Source = Service Control Manager | ID = 7003
Description = The McAfee Personal Firewall Service service depends the following
service: MpsSvc. This service might not be installed.

Error - 1/20/2012 11:38:23 PM | Computer Name = Jason-PC | Source = Service Control Manager | ID = 7003
Description = The McAfee Personal Firewall Service service depends the following
service: MpsSvc. This service might not be installed.


< End of report >
ejames82
Regular Member
 
Posts: 54
Joined: December 2nd, 2007, 4:34 pm
Location: syracuse, new york

Re: mouse trap. more windows than one can close

Unread postby torreattack » February 7th, 2012, 12:21 pm

Hi ejames82 :

once again the keyboard wouldn't work when I tried to paste a scan. I don't know if it is the clipboard function that is interfering with the keyboard or what, but as soon as I clicked on submit and submitted the scan report, I was able to type again in the quick reply. also, on a side note, It seemed like I was booted off the website (malwareremoval) and unable to get back on from approx 8:30 eastern time US til 8:40

Thanks for the info, I will keep an eye on it.


Let's continue,

1. Back Up registry with ERUNT

  • Please download ERUNT and save it to your desktop.
  • Alternate Download
  • Right-click on erunt_setup.exe and select "run as administrator" to install the program
  • Untick the NTREGOPT desktop shortcut option
  • Click No when you get the option to run Erunt at Windows startup.
  • During the installation, tick Launch Erunt.
  • Accept the default options for running a backup.
  • Erunt will then backup your registry.
  • Click OK to finish.
  • If you are unable to back up your Registry with ERUNT ....
    • Let me know.
    • Do not follow any further instructions until I tell you to.


2. OTL fix
Please make sure OTL.exe is on your Desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop
  • Right click on OTL.exe select "Run As Administrator" to run it. If prompted by UAC, please allow it.
  • Copy the following text... do not include the quote box title "Quote'
    :OTL
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKU\S-1-5-21-3780860486-297848617-718311817-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O4 - HKLM..\Run: [] File not found
    [2012/01/17 10:39:08 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
    [2012/01/22 16:55:14 | 000,000,272 | ---- | M] () -- C:\ProgramData\~5DrSpjUPng4J6D
    [2012/01/17 10:39:13 | 000,000,176 | ---- | M] () -- C:\ProgramData\~5DrSpjUPng4J6Dr
    [2012/01/17 10:39:09 | 000,000,679 | ---- | M] () -- C:\Users\Jason\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
    [2011/12/23 04:12:34 | 000,013,262 | -HS- | C] () -- C:\Users\Jason\AppData\Local\137132d1d242g542m314v1qhj6n6
    [2011/12/23 04:12:34 | 000,013,262 | -HS- | C] () -- C:\ProgramData\137132d1d242g542m314v1qhj6n6

    :Files
    C:\Users\Jason\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\2688b442-48617f8a
    C:\Users\Jason\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\70e83d9f-4dc1eca6
    C:\Users\Jason\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\2ac74c85-46862f60
    ipconfig /flushdns /c

    :Commands
    [CreateRestorePoint]
    [ResetHosts]
    [Reboot]
  • Click under the Custom Scan/Fixes box and paste the copied text.
  • Click the Run Fix button. If prompted... click OK.
  • When the scan completes, Notepad will open with the scan results.
  • Please post the contents of report in your next reply.
note: The OTL fix log was located at c:\_OTL\MovedFiles with the format MMDDYYY_HHMMSS.log.


3. OTL re-scan
Please make sure OTL is on your Desktop.
  • Right click on OTL.exe select "Run As Administrator" to run it. If prompted by UAC, please allow it.
  • Under Output, ensure that Minimal Output is selected.
  • Click the Scan All Users checkbox.
    Leave the remaining selections to the default settings.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
  • Please post the contents of OTL.txt only in your next reply.


4. Checklist
Please post:
  • OTL fix result
  • OTL.txt
note: These logs can be lengthy, please post in several replies if needed. Please ensure you post COMPLETE log.

Thanks,
torreattack
torreattack
Retired Graduate
 
Posts: 940
Joined: July 27th, 2008, 1:36 am

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 25 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware