1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved 'new to me' laptop infected with 'redirects'

Discussion in 'Malware and Virus Removal Archive' started by Bearclaw, 2011/01/19.

Page 2 of 2
  1. 2011/01/21
    Bearclaw

    Bearclaw Well-Known Member Thread Starter

    Joined:
    2010/12/09
    Messages:
    151
    Likes Received:
    0
    OTL logfile created on: 1/22/2011 12:02:05 AM - Run 2
    OTL by OldTimer - Version 3.2.20.3 Folder = C:\Users\Molly Flynn\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18999)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 44.00% Memory free
    4.00 Gb Paging File | 3.00 Gb Available in Paging File | 67.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 220.87 Gb Total Space | 149.70 Gb Free Space | 67.78% Space Free | Partition Type: NTFS
    Drive D: | 12.01 Gb Total Space | 1.85 Gb Free Space | 15.41% Space Free | Partition Type: NTFS

    Computer Name: MOLLYFLYNN-PC | User Name: Molly Flynn | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/01/21 22:01:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Molly Flynn\Desktop\OTL.exe
    PRC - [2011/01/14 19:33:20 | 002,424,560 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    PRC - [2011/01/13 03:47:34 | 003,396,624 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    PRC - [2011/01/13 03:47:33 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    PRC - [2011/01/07 18:11:36 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    PRC - [2011/01/07 18:11:26 | 000,304,304 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
    PRC - [2010/11/11 14:18:29 | 000,297,240 | ---- | M] (Impulse Point, LLC) -- C:\Program Files\SafeConnect\SCClient.exe
    PRC - [2010/11/11 14:18:28 | 000,174,432 | ---- | M] (Impulse Point, LLC) -- C:\Program Files\SafeConnect\scManager.sys
    PRC - [2010/08/16 19:26:37 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    PRC - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2007/09/15 03:29:10 | 000,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPStart.exe
    PRC - [2007/09/05 16:09:54 | 001,620,520 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
    PRC - [2007/09/05 16:09:54 | 000,727,592 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    PRC - [2007/04/03 16:18:08 | 001,516,584 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe


    ========== Modules (SafeList) ==========

    MOD - [2011/01/21 22:01:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Molly Flynn\Desktop\OTL.exe
    MOD - [2011/01/13 03:47:35 | 000,189,728 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
    MOD - [2010/08/31 10:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2011/01/13 03:47:33 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2010/11/11 14:18:28 | 000,174,432 | ---- | M] (Impulse Point, LLC) [Auto | Running] -- C:\Program Files\SafeConnect\scManager.sys -- (SCManager)
    SRV - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
    SRV - [2010/03/18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
    SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/09/24 20:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
    SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2007/04/03 16:18:08 | 001,516,584 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
    SRV - [2007/03/05 13:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)


    ========== Driver Services (SafeList) ==========

    DRV - [2011/01/13 03:41:16 | 000,294,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
    DRV - [2011/01/13 03:40:16 | 000,047,440 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2011/01/13 03:37:30 | 000,023,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
    DRV - [2011/01/13 03:37:19 | 000,051,280 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV - [2011/01/13 03:37:09 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV - [2010/05/10 13:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2010/02/17 13:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
    DRV - [2008/12/04 02:42:00 | 007,606,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
    DRV - [2007/09/18 08:12:28 | 000,080,936 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt)
    DRV - [2007/09/18 08:12:28 | 000,080,424 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwaudio.sys -- (btwaudio)
    DRV - [2007/09/18 08:12:28 | 000,016,168 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwrchid.sys -- (btwrchid)
    DRV - [2007/09/15 03:50:56 | 000,191,408 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
    DRV - [2007/09/09 17:12:28 | 000,176,640 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService)
    DRV - [2007/07/11 13:30:22 | 000,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqRemHid.sys -- (HpqRemHid)
    DRV - [2007/07/10 09:27:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
    DRV - [2007/06/20 06:29:56 | 000,984,064 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
    DRV - [2007/06/20 06:28:34 | 000,208,896 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
    DRV - [2007/06/20 06:28:22 | 000,660,480 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
    DRV - [2007/06/18 20:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
    DRV - [2007/05/30 18:40:42 | 000,735,232 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
    DRV - [2007/04/03 16:17:08 | 000,306,295 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
    DRV - [2007/03/22 01:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
    DRV - [2007/03/06 21:15:58 | 001,059,112 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
    DRV - [2007/02/24 17:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
    DRV - [2007/02/16 16:50:32 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
    DRV - [2007/01/31 13:45:06 | 000,127,376 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
    DRV - [2007/01/23 19:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
    DRV - [2007/01/18 14:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
    DRV - [2006/11/02 04:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
    DRV - [2006/11/02 04:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
    DRV - [2006/11/02 04:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
    DRV - [2006/11/02 04:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
    DRV - [2006/11/02 04:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
    DRV - [2006/11/02 04:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
    DRV - [2006/11/02 04:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
    DRV - [2006/11/02 04:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
    DRV - [2006/11/02 04:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
    DRV - [2006/11/02 04:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
    DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
    DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
    DRV - [2006/11/02 04:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
    DRV - [2006/11/02 04:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
    DRV - [2006/11/02 04:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
    DRV - [2006/11/02 04:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
    DRV - [2006/11/02 04:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
    DRV - [2006/11/02 04:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
    DRV - [2006/11/02 04:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
    DRV - [2006/11/02 04:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
    DRV - [2006/11/02 04:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
    DRV - [2006/11/02 04:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
    DRV - [2006/11/02 04:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
    DRV - [2006/11/02 04:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
    DRV - [2006/11/02 04:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
    DRV - [2006/11/02 04:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
    DRV - [2006/11/02 04:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
    DRV - [2006/11/02 04:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
    DRV - [2006/11/02 04:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
    DRV - [2006/11/02 04:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
    DRV - [2006/11/02 04:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
    DRV - [2006/11/02 04:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
    DRV - [2006/11/02 04:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
    DRV - [2006/11/02 04:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
    DRV - [2006/11/02 04:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
    DRV - [2006/11/02 03:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
    DRV - [2006/11/02 03:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
    DRV - [2006/11/02 03:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
    DRV - [2006/11/02 03:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
    DRV - [2006/11/02 03:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
    DRV - [2006/11/02 03:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
    DRV - [2006/11/02 02:41:49 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
    DRV - [2006/11/02 02:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
    DRV - [2006/11/02 02:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
    DRV - [2006/11/02 02:30:53 | 000,464,384 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XV)
    DRV - [2006/10/18 21:10:57 | 001,380,864 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (ialm)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/08/16 19:32:21 | 000,000,000 | ---D | M]


    O1 HOSTS File: ([2011/01/19 00:13:31 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
    O2 - BHO: (HP Print Clips) - {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
    O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
    O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
    O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
    O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
    O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: UseDefaultTile = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
    O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)
    O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
    O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra Button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
    O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
    O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} http://upload.facebook.com/controls/FacebookPhotoUploader3.cab (Facebook Photo Uploader 4 Control)
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
    O16 - DPF: {925B4A47-7F10-42CC-9934-98F1E078F675} http://www.perfectinterview.com/online/webcap.CAB (WebCap.VidCap)
    O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.109.64.105 213.109.73.9 209.18.47.61
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2007/12/05 23:36:21 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O32 - AutoRun File - [2005/09/11 10:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/01/21 23:48:39 | 000,000,000 | ---D | C] -- C:\_OTL
    [2011/01/21 23:36:24 | 000,000,000 | ---D | C] -- C:\Users\Molly Flynn\Desktop\JavaRa
    [2011/01/21 22:01:43 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Molly Flynn\Desktop\OTL.exe
    [2011/01/21 00:57:06 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2011/01/21 00:55:26 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2011/01/21 00:32:44 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
    [2011/01/20 20:43:17 | 000,000,000 | ---D | C] -- C:\Users\Molly Flynn\Desktop\NTBR_CD
    [2011/01/20 12:18:10 | 000,000,000 | ---D | C] -- C:\Users\Molly Flynn\AppData\Local\QuickStores
    [2011/01/20 12:17:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\aTube Catcher
    [2011/01/20 12:17:47 | 000,000,000 | ---D | C] -- C:\Program Files\aTube Catcher
    [2011/01/20 10:52:49 | 000,083,968 | ---- | C] (eSage Lab) -- C:\Users\Molly Flynn\Desktop\remover.exe
    [2011/01/20 00:38:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
    [2011/01/20 00:38:26 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
    [2011/01/19 20:12:24 | 000,000,000 | ---D | C] -- C:\Users\Molly Flynn\Desktop\BBS Logs
    [2011/01/19 19:54:26 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Molly Flynn\Desktop\TFC.exe
    [2011/01/19 19:09:51 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
    [2011/01/19 19:09:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/01/19 19:09:46 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2011/01/19 19:09:46 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2011/01/19 19:06:52 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Molly Flynn\Desktop\mbam-setup-1.50.1.1100.exe
    [2011/01/18 23:54:57 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2011/01/18 23:54:57 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2011/01/18 23:54:57 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2011/01/18 23:54:42 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2011/01/18 23:53:33 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/01/18 23:51:43 | 000,000,000 | ---D | C] -- C:\Users\Molly Flynn\Desktop\tdsskiller
    [2011/01/16 21:39:46 | 000,000,000 | ---D | C] -- C:\Users\Molly Flynn\{b618461c-11c0-40ff-af83-7f62c6f05cc9}
    [2011/01/16 21:38:22 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
    [2011/01/16 21:38:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Logitech
    [2011/01/13 20:00:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
    [2011/01/08 20:25:38 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
    [2011/01/08 16:54:39 | 000,000,000 | ---D | C] -- C:\Users\Molly Flynn\Documents\My muvees
    [2011/01/08 16:54:36 | 000,000,000 | ---D | C] -- C:\Users\Molly Flynn\AppData\Roaming\muvee Technologies
    [2011/01/08 16:54:14 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
    [2011/01/08 16:53:16 | 000,000,000 | ---D | C] -- C:\Users\Molly Flynn\Documents\CyberLink
    [2011/01/08 14:34:14 | 000,000,000 | ---D | C] -- C:\Users\Molly Flynn\AppData\Roaming\SUPERAntiSpyware.com
    [2011/01/08 14:34:14 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
    [2011/01/08 14:33:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
    [2011/01/08 14:33:53 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
    [2011/01/08 14:33:04 | 009,953,832 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\Molly Flynn\Desktop\SUPERAntiSpyware.exe
    [2011/01/08 12:46:04 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
    [2011/01/08 12:46:04 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
    [2011/01/08 12:46:03 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
    [2011/01/07 17:04:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
    [2011/01/07 17:04:38 | 000,294,608 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
    [2011/01/07 17:04:38 | 000,017,744 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
    [2011/01/07 17:04:37 | 000,023,632 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
    [2011/01/07 17:04:36 | 000,047,440 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
    [2011/01/07 17:04:34 | 000,051,280 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
    [2011/01/07 17:03:22 | 000,038,848 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
    [2011/01/07 17:03:21 | 000,188,216 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
    [2011/01/07 17:03:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
    [2011/01/07 17:03:08 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
    [2011/01/01 14:15:03 | 000,000,000 | --SD | C] -- C:\ProgramData\Memeo
    [2011/01/01 14:02:22 | 000,000,000 | ---D | C] -- C:\Users\Molly Flynn\AppData\Local\{9E5C7B4F-5A46-458E-9BAE-0001A6640C4A}

    ========== Files - Modified Within 30 Days ==========

    [2011/01/22 00:10:00 | 000,000,430 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{B3670ADD-923C-4517-B4CF-2A549BC92919}.job
    [2011/01/21 23:55:18 | 000,000,162 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
    [2011/01/21 23:54:45 | 000,028,409 | ---- | M] () -- C:\ProgramData\nvModes.001
    [2011/01/21 23:54:05 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2011/01/21 23:52:29 | 000,004,736 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/01/21 23:52:29 | 000,004,736 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/01/21 23:52:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/01/21 23:52:10 | 2079,199,232 | -HS- | M] () -- C:\hiberfil.sys
    [2011/01/21 23:51:11 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
    [2011/01/21 23:35:41 | 000,159,757 | ---- | M] () -- C:\Users\Molly Flynn\Desktop\JavaRa.zip
    [2011/01/21 23:32:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2011/01/21 22:01:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Molly Flynn\Desktop\OTL.exe
    [2011/01/21 21:47:28 | 161,494,286 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2011/01/21 14:13:11 | 000,027,136 | ---- | M] () -- C:\Users\Molly Flynn\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/01/21 00:32:30 | 004,158,707 | R--- | M] () -- C:\Users\Molly Flynn\Desktop\ComboFix.exe
    [2011/01/21 00:31:52 | 000,028,409 | ---- | M] () -- C:\ProgramData\nvModes.dat
    [2011/01/20 23:25:14 | 000,133,632 | ---- | M] () -- C:\Users\Molly Flynn\Desktop\RKUnhookerLE.EXE
    [2011/01/20 20:36:39 | 002,565,432 | ---- | M] () -- C:\Users\Molly Flynn\Desktop\NTBR_CD.exe
    [2011/01/20 12:18:09 | 000,000,808 | ---- | M] () -- C:\Users\Public\Desktop\aTube Catcher.lnk
    [2011/01/20 00:36:20 | 001,110,476 | ---- | M] () -- C:\Users\Molly Flynn\Desktop\7z920.exe
    [2011/01/20 00:31:06 | 000,039,605 | ---- | M] () -- C:\Users\Molly Flynn\Desktop\bootkit_remover.rar
    [2011/01/19 20:02:56 | 000,624,128 | ---- | M] () -- C:\Users\Molly Flynn\Desktop\dds.scr
    [2011/01/19 19:54:30 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Molly Flynn\Desktop\TFC.exe
    [2011/01/19 19:26:37 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
    [2011/01/19 19:09:51 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/01/19 19:06:53 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Molly Flynn\Desktop\mbam-setup-1.50.1.1100.exe
    [2011/01/19 10:58:08 | 000,083,233 | ---- | M] () -- C:\Users\Molly Flynn\Desktop\Andi-2010 Christmas.jpg
    [2011/01/19 00:13:31 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2011/01/18 22:54:27 | 001,236,025 | ---- | M] () -- C:\Users\Molly Flynn\Desktop\tdsskiller.zip
    [2011/01/18 22:53:19 | 000,080,384 | ---- | M] () -- C:\Users\Molly Flynn\Desktop\MBRCheck.exe
    [2011/01/18 22:52:39 | 000,296,448 | ---- | M] () -- C:\Users\Molly Flynn\Desktop\gmer2.exe
    [2011/01/17 14:53:06 | 000,615,496 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2011/01/17 14:53:06 | 000,107,652 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2011/01/16 21:52:20 | 000,002,627 | ---- | M] () -- C:\Users\Molly Flynn\Desktop\Microsoft Office Word 2007.lnk
    [2011/01/13 10:30:16 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
    [2011/01/13 03:47:32 | 000,188,216 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
    [2011/01/13 03:41:16 | 000,294,608 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
    [2011/01/13 03:40:16 | 000,047,440 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
    [2011/01/13 03:37:30 | 000,023,632 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
    [2011/01/13 03:37:19 | 000,051,280 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
    [2011/01/13 03:37:09 | 000,017,744 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
    [2011/01/08 20:09:22 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
    [2011/01/08 20:07:51 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
    [2011/01/08 14:33:58 | 000,001,800 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2011/01/08 14:33:10 | 009,953,832 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Molly Flynn\Desktop\SUPERAntiSpyware.exe
    [2011/01/08 12:51:20 | 000,312,248 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2011/01/07 17:04:39 | 000,001,840 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2011/01/07 17:01:27 | 051,515,288 | ---- | M] () -- C:\Users\Molly Flynn\Desktop\setup_av_free.exe
    [2011/01/07 13:12:31 | 000,017,240 | ---- | M] () -- C:\Windows\cfgall.ini
    [2011/01/07 12:26:18 | 000,000,680 | ---- | M] () -- C:\Users\Molly Flynn\AppData\Local\d3d9caps.dat
    [2010/12/31 15:06:36 | 000,038,848 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr

    ========== Files Created - No Company Name ==========

    [2011/01/21 23:35:38 | 000,159,757 | ---- | C] () -- C:\Users\Molly Flynn\Desktop\JavaRa.zip
    [2011/01/20 23:25:01 | 000,133,632 | ---- | C] () -- C:\Users\Molly Flynn\Desktop\RKUnhookerLE.EXE
    [2011/01/20 20:36:35 | 002,565,432 | ---- | C] () -- C:\Users\Molly Flynn\Desktop\NTBR_CD.exe
    [2011/01/20 12:18:09 | 000,000,808 | ---- | C] () -- C:\Users\Public\Desktop\aTube Catcher.lnk
    [2011/01/20 00:36:16 | 001,110,476 | ---- | C] () -- C:\Users\Molly Flynn\Desktop\7z920.exe
    [2011/01/20 00:31:05 | 000,039,605 | ---- | C] () -- C:\Users\Molly Flynn\Desktop\bootkit_remover.rar
    [2011/01/19 20:27:54 | 161,494,286 | ---- | C] () -- C:\Windows\MEMORY.DMP
    [2011/01/19 20:02:47 | 000,624,128 | ---- | C] () -- C:\Users\Molly Flynn\Desktop\dds.scr
    [2011/01/19 19:09:51 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/01/19 10:59:43 | 000,083,233 | ---- | C] () -- C:\Users\Molly Flynn\Desktop\Andi-2010 Christmas.jpg
    [2011/01/18 23:54:57 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
    [2011/01/18 23:54:57 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2011/01/18 23:54:57 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
    [2011/01/18 23:54:57 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2011/01/18 23:54:57 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2011/01/18 22:57:27 | 004,158,707 | R--- | C] () -- C:\Users\Molly Flynn\Desktop\ComboFix.exe
    [2011/01/18 22:54:13 | 001,236,025 | ---- | C] () -- C:\Users\Molly Flynn\Desktop\tdsskiller.zip
    [2011/01/18 22:53:18 | 000,080,384 | ---- | C] () -- C:\Users\Molly Flynn\Desktop\MBRCheck.exe
    [2011/01/18 22:52:32 | 000,296,448 | ---- | C] () -- C:\Users\Molly Flynn\Desktop\gmer2.exe
    [2011/01/08 20:09:22 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
    [2011/01/08 20:07:51 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
    [2011/01/08 14:33:58 | 000,001,800 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2011/01/07 17:04:39 | 000,001,840 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2011/01/07 17:01:22 | 051,515,288 | ---- | C] () -- C:\Users\Molly Flynn\Desktop\setup_av_free.exe
    [2010/04/30 11:29:22 | 000,000,680 | ---- | C] () -- C:\Users\Molly Flynn\AppData\Local\d3d9caps.dat
    [2009/11/15 12:42:47 | 000,000,018 | ---- | C] () -- C:\Users\Molly Flynn\AppData\Local\msesbucf.txt
    [2009/10/05 17:56:27 | 000,000,000 | ---- | C] () -- C:\Users\Molly Flynn\AppData\Local\FnF4.txt
    [2009/09/21 11:00:26 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
    [2009/09/14 15:41:58 | 000,017,240 | ---- | C] () -- C:\Windows\cfgall.ini
    [2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
    [2009/02/16 09:22:05 | 000,028,409 | ---- | C] () -- C:\ProgramData\nvModes.001
    [2009/02/16 09:22:04 | 000,028,409 | ---- | C] () -- C:\ProgramData\nvModes.dat
    [2008/01/21 13:56:27 | 000,027,136 | ---- | C] () -- C:\Users\Molly Flynn\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2008/01/21 13:23:10 | 000,027,905 | ---- | C] () -- C:\Users\Molly Flynn\AppData\Roaming\nvModes.001
    [2008/01/21 00:57:04 | 000,027,905 | ---- | C] () -- C:\Users\Molly Flynn\AppData\Roaming\nvModes.dat
    [2008/01/20 18:01:23 | 000,000,000 | ---- | C] () -- C:\Users\Molly Flynn\AppData\Local\QSwitch.txt
    [2008/01/20 18:01:23 | 000,000,000 | ---- | C] () -- C:\Users\Molly Flynn\AppData\Local\DSwitch.txt
    [2008/01/20 18:01:23 | 000,000,000 | ---- | C] () -- C:\Users\Molly Flynn\AppData\Local\AtStart.txt
    [2007/12/15 01:08:09 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
    [2007/12/05 23:51:03 | 000,001,394 | ---- | C] () -- C:\ProgramData\hpzinstall.log
    [2007/09/05 15:52:04 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
    [2007/04/03 16:18:26 | 000,197,672 | ---- | C] () -- C:\Windows\System32\vpnapi.dll
    [2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
    [2006/11/02 05:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
    [2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
    [2006/03/09 17:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
    [2001/11/14 16:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

    ========== LOP Check ==========

    [2011/01/08 16:54:44 | 000,000,000 | ---D | M] -- C:\Users\Molly Flynn\AppData\Roaming\muvee Technologies
    [2008/01/28 18:54:42 | 000,000,000 | ---D | M] -- C:\Users\Molly Flynn\AppData\Roaming\PlayFirst
    [2008/01/27 13:32:44 | 000,000,000 | ---D | M] -- C:\Users\Molly Flynn\AppData\Roaming\WildTangent
    [2011/01/21 23:51:14 | 000,032,580 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
    [2011/01/22 00:10:00 | 000,000,430 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{B3670ADD-923C-4517-B4CF-2A549BC92919}.job

    ========== Purity Check ==========



    < End of report >
     
    Bearclaw,
    #21
  2. 2011/01/21
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    OK, the bad entry is still there.
    We need to reset your router.

    Go Start>Run (Start search in Vista), type in:
    cmd
    Click OK (in Vista and Windows 7, while holding CTRL, and SHIFT, press Enter).

    In Command Prompt window, type in following commands, and hit Enter after each one:
    ipconfig /flushdns
    ipconfig /registerdns
    ipconfig /release
    ipconfig /renew
    net stop "dns client "
    net start "dns client "


    Turn the computer off.

    On your router, you'll find a pinhole marked "Reset ".
    Keep pushing the hole, using a pencil, or a paperclip until all lights briefly come off and on.
    NOTE. Simple router disconnecting from a power source will NOT do.
    Restart computer and check for redirections.

    NOTE. You may need to re-check your router security settings, as described HERE

    Post fresh OTL "Quick scan" log.
     
    broni,
    #22


  3. to hide this advert.

  4. 2011/01/22
    Bearclaw

    Bearclaw Well-Known Member Thread Starter

    Joined:
    2010/12/09
    Messages:
    151
    Likes Received:
    0
    OK, this may be important! The router (wireless) that is used for this laptop to connect over is also hardwired to a desktop compuer (eMachine running XP). This desktop has been having the same difficulty with the redirects. As we have been working only with the laptop I have done nothing at all with the desktop eMachine, UNTIL just recently... I ran the same command-prompts on the desktop that were provided to run on the laptop. I did so as I thought that there might be some gremlins hidden away on the desktop and did not want to re-infect both machines back through the router.

    Now, there have been not redirects showing up on either unit so far. The OTL scan log is below for your viewing pleasure. :)

    Thanks for your patience and help. I am not sure of the desktop machine. I think it might need to be cleaned up too, your thoughts on that are most welcome.

    OTL Log

    OTL logfile created on: 1/22/2011 2:27:59 PM - Run 3
    OTL by OldTimer - Version 3.2.20.3 Folder = C:\Users\Molly Flynn\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18999)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 61.00% Memory free
    4.00 Gb Paging File | 3.00 Gb Available in Paging File | 77.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 220.87 Gb Total Space | 149.71 Gb Free Space | 67.78% Space Free | Partition Type: NTFS
    Drive D: | 12.01 Gb Total Space | 1.85 Gb Free Space | 15.41% Space Free | Partition Type: NTFS

    Computer Name: MOLLYFLYNN-PC | User Name: Molly Flynn | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/01/21 22:01:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Molly Flynn\Desktop\OTL.exe
    PRC - [2011/01/14 19:33:20 | 002,424,560 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    PRC - [2011/01/13 03:47:34 | 003,396,624 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    PRC - [2011/01/13 03:47:33 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    PRC - [2011/01/07 18:11:36 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    PRC - [2010/11/11 14:18:29 | 000,297,240 | ---- | M] (Impulse Point, LLC) -- C:\Program Files\SafeConnect\SCClient.exe
    PRC - [2010/11/11 14:18:28 | 000,174,432 | ---- | M] (Impulse Point, LLC) -- C:\Program Files\SafeConnect\scManager.sys
    PRC - [2010/08/16 19:26:37 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    PRC - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2007/09/15 03:29:10 | 000,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPStart.exe
    PRC - [2007/09/05 16:09:54 | 001,620,520 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
    PRC - [2007/09/05 16:09:54 | 000,727,592 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    PRC - [2007/04/03 16:18:08 | 001,516,584 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe


    ========== Modules (SafeList) ==========

    MOD - [2011/01/21 22:01:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Molly Flynn\Desktop\OTL.exe
    MOD - [2011/01/13 03:47:35 | 000,189,728 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
    MOD - [2010/08/31 10:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2011/01/13 03:47:33 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2010/11/11 14:18:28 | 000,174,432 | ---- | M] (Impulse Point, LLC) [Auto | Running] -- C:\Program Files\SafeConnect\scManager.sys -- (SCManager)
    SRV - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
    SRV - [2010/03/18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
    SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/09/24 20:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
    SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2007/04/03 16:18:08 | 001,516,584 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
    SRV - [2007/03/05 13:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)


    ========== Driver Services (SafeList) ==========

    DRV - [2011/01/13 03:41:16 | 000,294,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
    DRV - [2011/01/13 03:40:16 | 000,047,440 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2011/01/13 03:37:30 | 000,023,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
    DRV - [2011/01/13 03:37:19 | 000,051,280 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV - [2011/01/13 03:37:09 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV - [2010/05/10 13:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2010/02/17 13:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
    DRV - [2008/12/04 02:42:00 | 007,606,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
    DRV - [2007/09/18 08:12:28 | 000,080,936 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt)
    DRV - [2007/09/18 08:12:28 | 000,080,424 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwaudio.sys -- (btwaudio)
    DRV - [2007/09/18 08:12:28 | 000,016,168 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwrchid.sys -- (btwrchid)
    DRV - [2007/09/15 03:50:56 | 000,191,408 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
    DRV - [2007/09/09 17:12:28 | 000,176,640 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService)
    DRV - [2007/07/11 13:30:22 | 000,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqRemHid.sys -- (HpqRemHid)
    DRV - [2007/07/10 09:27:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
    DRV - [2007/06/20 06:29:56 | 000,984,064 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
    DRV - [2007/06/20 06:28:34 | 000,208,896 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
    DRV - [2007/06/20 06:28:22 | 000,660,480 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
    DRV - [2007/06/18 20:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
    DRV - [2007/05/30 18:40:42 | 000,735,232 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
    DRV - [2007/04/03 16:17:08 | 000,306,295 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
    DRV - [2007/03/22 01:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
    DRV - [2007/03/06 21:15:58 | 001,059,112 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
    DRV - [2007/02/24 17:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
    DRV - [2007/02/16 16:50:32 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
    DRV - [2007/01/31 13:45:06 | 000,127,376 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
    DRV - [2007/01/23 19:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
    DRV - [2007/01/18 14:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
    DRV - [2006/11/02 04:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
    DRV - [2006/11/02 04:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
    DRV - [2006/11/02 04:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
    DRV - [2006/11/02 04:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
    DRV - [2006/11/02 04:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
    DRV - [2006/11/02 04:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
    DRV - [2006/11/02 04:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
    DRV - [2006/11/02 04:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
    DRV - [2006/11/02 04:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
    DRV - [2006/11/02 04:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
    DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
    DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
    DRV - [2006/11/02 04:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
    DRV - [2006/11/02 04:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
    DRV - [2006/11/02 04:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
    DRV - [2006/11/02 04:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
    DRV - [2006/11/02 04:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
    DRV - [2006/11/02 04:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
    DRV - [2006/11/02 04:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
    DRV - [2006/11/02 04:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
    DRV - [2006/11/02 04:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
    DRV - [2006/11/02 04:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
    DRV - [2006/11/02 04:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
    DRV - [2006/11/02 04:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
    DRV - [2006/11/02 04:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
    DRV - [2006/11/02 04:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
    DRV - [2006/11/02 04:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
    DRV - [2006/11/02 04:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
    DRV - [2006/11/02 04:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
    DRV - [2006/11/02 04:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
    DRV - [2006/11/02 04:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
    DRV - [2006/11/02 04:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
    DRV - [2006/11/02 04:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
    DRV - [2006/11/02 04:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
    DRV - [2006/11/02 04:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
    DRV - [2006/11/02 03:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
    DRV - [2006/11/02 03:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
    DRV - [2006/11/02 03:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
    DRV - [2006/11/02 03:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
    DRV - [2006/11/02 03:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
    DRV - [2006/11/02 03:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
    DRV - [2006/11/02 02:41:49 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
    DRV - [2006/11/02 02:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
    DRV - [2006/11/02 02:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
    DRV - [2006/11/02 02:30:53 | 000,464,384 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XV)
    DRV - [2006/10/18 21:10:57 | 001,380,864 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (ialm)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/08/16 19:32:21 | 000,000,000 | ---D | M]


    O1 HOSTS File: ([2011/01/19 00:13:31 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
    O2 - BHO: (HP Print Clips) - {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
    O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
    O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
    O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
    O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
    O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: UseDefaultTile = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
    O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)
    O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
    O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra Button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
    O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
    O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} http://upload.facebook.com/controls/FacebookPhotoUploader3.cab (Facebook Photo Uploader 4 Control)
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
    O16 - DPF: {925B4A47-7F10-42CC-9934-98F1E078F675} http://www.perfectinterview.com/online/webcap.CAB (WebCap.VidCap)
    O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2007/12/05 23:36:21 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O32 - AutoRun File - [2005/09/11 10:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/01/21 23:48:39 | 000,000,000 | ---D | C] -- C:\_OTL
    [2011/01/21 23:36:24 | 000,000,000 | ---D | C] -- C:\Users\Molly Flynn\Desktop\JavaRa
    [2011/01/21 22:01:43 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Molly Flynn\Desktop\OTL.exe
    [2011/01/21 00:57:06 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2011/01/21 00:55:26 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2011/01/21 00:32:44 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
    [2011/01/20 20:43:17 | 000,000,000 | ---D | C] -- C:\Users\Molly Flynn\Desktop\NTBR_CD
    [2011/01/20 12:18:10 | 000,000,000 | ---D | C] -- C:\Users\Molly Flynn\AppData\Local\QuickStores
    [2011/01/20 12:17:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\aTube Catcher
    [2011/01/20 12:17:47 | 000,000,000 | ---D | C] -- C:\Program Files\aTube Catcher
    [2011/01/20 10:52:49 | 000,083,968 | ---- | C] (eSage Lab) -- C:\Users\Molly Flynn\Desktop\remover.exe
    [2011/01/20 00:38:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
    [2011/01/20 00:38:26 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
    [2011/01/19 20:12:24 | 000,000,000 | ---D | C] -- C:\Users\Molly Flynn\Desktop\BBS Logs
    [2011/01/19 19:54:26 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Molly Flynn\Desktop\TFC.exe
    [2011/01/19 19:09:51 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
    [2011/01/19 19:09:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/01/19 19:09:46 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2011/01/19 19:09:46 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2011/01/19 19:06:52 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Molly Flynn\Desktop\mbam-setup-1.50.1.1100.exe
    [2011/01/18 23:54:57 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2011/01/18 23:54:57 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2011/01/18 23:54:57 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2011/01/18 23:54:42 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2011/01/18 23:53:33 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/01/18 23:51:43 | 000,000,000 | ---D | C] -- C:\Users\Molly Flynn\Desktop\tdsskiller
    [2011/01/16 21:39:46 | 000,000,000 | ---D | C] -- C:\Users\Molly Flynn\{b618461c-11c0-40ff-af83-7f62c6f05cc9}
    [2011/01/16 21:38:22 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
    [2011/01/16 21:38:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Logitech
    [2011/01/13 20:00:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
    [2011/01/08 20:25:38 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
    [2011/01/08 16:54:39 | 000,000,000 | ---D | C] -- C:\Users\Molly Flynn\Documents\My muvees
    [2011/01/08 16:54:36 | 000,000,000 | ---D | C] -- C:\Users\Molly Flynn\AppData\Roaming\muvee Technologies
    [2011/01/08 16:54:14 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
    [2011/01/08 16:53:16 | 000,000,000 | ---D | C] -- C:\Users\Molly Flynn\Documents\CyberLink
    [2011/01/08 14:34:14 | 000,000,000 | ---D | C] -- C:\Users\Molly Flynn\AppData\Roaming\SUPERAntiSpyware.com
    [2011/01/08 14:34:14 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
    [2011/01/08 14:33:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
    [2011/01/08 14:33:53 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
    [2011/01/08 14:33:04 | 009,953,832 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\Molly Flynn\Desktop\SUPERAntiSpyware.exe
    [2011/01/08 12:46:04 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
    [2011/01/08 12:46:04 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
    [2011/01/08 12:46:03 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
    [2011/01/07 17:04:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
    [2011/01/07 17:04:38 | 000,294,608 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
    [2011/01/07 17:04:38 | 000,017,744 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
    [2011/01/07 17:04:37 | 000,023,632 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
    [2011/01/07 17:04:36 | 000,047,440 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
    [2011/01/07 17:04:34 | 000,051,280 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
    [2011/01/07 17:03:22 | 000,038,848 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
    [2011/01/07 17:03:21 | 000,188,216 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
    [2011/01/07 17:03:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
    [2011/01/07 17:03:08 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
    [2011/01/01 14:15:03 | 000,000,000 | --SD | C] -- C:\ProgramData\Memeo
    [2011/01/01 14:02:22 | 000,000,000 | ---D | C] -- C:\Users\Molly Flynn\AppData\Local\{9E5C7B4F-5A46-458E-9BAE-0001A6640C4A}

    ========== Files - Modified Within 30 Days ==========

    [2011/01/22 14:35:00 | 000,000,430 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{B3670ADD-923C-4517-B4CF-2A549BC92919}.job
    [2011/01/22 14:32:01 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2011/01/22 14:32:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2011/01/22 14:14:51 | 000,000,162 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
    [2011/01/22 14:13:47 | 000,028,409 | ---- | M] () -- C:\ProgramData\nvModes.001
    [2011/01/22 14:12:51 | 000,004,736 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/01/22 14:12:51 | 000,004,736 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/01/22 14:12:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/01/22 14:12:32 | 2079,236,096 | -HS- | M] () -- C:\hiberfil.sys
    [2011/01/22 11:48:17 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
    [2011/01/21 23:35:41 | 000,159,757 | ---- | M] () -- C:\Users\Molly Flynn\Desktop\JavaRa.zip
    [2011/01/21 22:01:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Molly Flynn\Desktop\OTL.exe
    [2011/01/21 21:47:28 | 161,494,286 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2011/01/21 14:13:11 | 000,027,136 | ---- | M] () -- C:\Users\Molly Flynn\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/01/21 00:32:30 | 004,158,707 | R--- | M] () -- C:\Users\Molly Flynn\Desktop\ComboFix.exe
    [2011/01/21 00:31:52 | 000,028,409 | ---- | M] () -- C:\ProgramData\nvModes.dat
    [2011/01/20 23:25:14 | 000,133,632 | ---- | M] () -- C:\Users\Molly Flynn\Desktop\RKUnhookerLE.EXE
    [2011/01/20 20:36:39 | 002,565,432 | ---- | M] () -- C:\Users\Molly Flynn\Desktop\NTBR_CD.exe
    [2011/01/20 12:18:09 | 000,000,808 | ---- | M] () -- C:\Users\Public\Desktop\aTube Catcher.lnk
    [2011/01/20 00:36:20 | 001,110,476 | ---- | M] () -- C:\Users\Molly Flynn\Desktop\7z920.exe
    [2011/01/20 00:31:06 | 000,039,605 | ---- | M] () -- C:\Users\Molly Flynn\Desktop\bootkit_remover.rar
    [2011/01/19 20:02:56 | 000,624,128 | ---- | M] () -- C:\Users\Molly Flynn\Desktop\dds.scr
    [2011/01/19 19:54:30 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Molly Flynn\Desktop\TFC.exe
    [2011/01/19 19:26:37 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
    [2011/01/19 19:09:51 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/01/19 19:06:53 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Molly Flynn\Desktop\mbam-setup-1.50.1.1100.exe
    [2011/01/19 10:58:08 | 000,083,233 | ---- | M] () -- C:\Users\Molly Flynn\Desktop\Andi-2010 Christmas.jpg
    [2011/01/19 00:13:31 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2011/01/18 22:54:27 | 001,236,025 | ---- | M] () -- C:\Users\Molly Flynn\Desktop\tdsskiller.zip
    [2011/01/18 22:53:19 | 000,080,384 | ---- | M] () -- C:\Users\Molly Flynn\Desktop\MBRCheck.exe
    [2011/01/18 22:52:39 | 000,296,448 | ---- | M] () -- C:\Users\Molly Flynn\Desktop\gmer2.exe
    [2011/01/17 14:53:06 | 000,615,496 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2011/01/17 14:53:06 | 000,107,652 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2011/01/16 21:52:20 | 000,002,627 | ---- | M] () -- C:\Users\Molly Flynn\Desktop\Microsoft Office Word 2007.lnk
    [2011/01/13 10:30:16 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
    [2011/01/13 03:47:32 | 000,188,216 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
    [2011/01/13 03:41:16 | 000,294,608 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
    [2011/01/13 03:40:16 | 000,047,440 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
    [2011/01/13 03:37:30 | 000,023,632 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
    [2011/01/13 03:37:19 | 000,051,280 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
    [2011/01/13 03:37:09 | 000,017,744 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
    [2011/01/08 20:09:22 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
    [2011/01/08 20:07:51 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
    [2011/01/08 14:33:58 | 000,001,800 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2011/01/08 14:33:10 | 009,953,832 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Molly Flynn\Desktop\SUPERAntiSpyware.exe
    [2011/01/08 12:51:20 | 000,312,248 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2011/01/07 17:04:39 | 000,001,840 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2011/01/07 17:01:27 | 051,515,288 | ---- | M] () -- C:\Users\Molly Flynn\Desktop\setup_av_free.exe
    [2011/01/07 13:12:31 | 000,017,240 | ---- | M] () -- C:\Windows\cfgall.ini
    [2011/01/07 12:26:18 | 000,000,680 | ---- | M] () -- C:\Users\Molly Flynn\AppData\Local\d3d9caps.dat
    [2010/12/31 15:06:36 | 000,038,848 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr

    ========== Files Created - No Company Name ==========

    [2011/01/21 23:35:38 | 000,159,757 | ---- | C] () -- C:\Users\Molly Flynn\Desktop\JavaRa.zip
    [2011/01/20 23:25:01 | 000,133,632 | ---- | C] () -- C:\Users\Molly Flynn\Desktop\RKUnhookerLE.EXE
    [2011/01/20 20:36:35 | 002,565,432 | ---- | C] () -- C:\Users\Molly Flynn\Desktop\NTBR_CD.exe
    [2011/01/20 12:18:09 | 000,000,808 | ---- | C] () -- C:\Users\Public\Desktop\aTube Catcher.lnk
    [2011/01/20 00:36:16 | 001,110,476 | ---- | C] () -- C:\Users\Molly Flynn\Desktop\7z920.exe
    [2011/01/20 00:31:05 | 000,039,605 | ---- | C] () -- C:\Users\Molly Flynn\Desktop\bootkit_remover.rar
    [2011/01/19 20:27:54 | 161,494,286 | ---- | C] () -- C:\Windows\MEMORY.DMP
    [2011/01/19 20:02:47 | 000,624,128 | ---- | C] () -- C:\Users\Molly Flynn\Desktop\dds.scr
    [2011/01/19 19:09:51 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/01/19 10:59:43 | 000,083,233 | ---- | C] () -- C:\Users\Molly Flynn\Desktop\Andi-2010 Christmas.jpg
    [2011/01/18 23:54:57 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
    [2011/01/18 23:54:57 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2011/01/18 23:54:57 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
    [2011/01/18 23:54:57 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2011/01/18 23:54:57 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2011/01/18 22:57:27 | 004,158,707 | R--- | C] () -- C:\Users\Molly Flynn\Desktop\ComboFix.exe
    [2011/01/18 22:54:13 | 001,236,025 | ---- | C] () -- C:\Users\Molly Flynn\Desktop\tdsskiller.zip
    [2011/01/18 22:53:18 | 000,080,384 | ---- | C] () -- C:\Users\Molly Flynn\Desktop\MBRCheck.exe
    [2011/01/18 22:52:32 | 000,296,448 | ---- | C] () -- C:\Users\Molly Flynn\Desktop\gmer2.exe
    [2011/01/08 20:09:22 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
    [2011/01/08 20:07:51 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
    [2011/01/08 14:33:58 | 000,001,800 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2011/01/07 17:04:39 | 000,001,840 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2011/01/07 17:01:22 | 051,515,288 | ---- | C] () -- C:\Users\Molly Flynn\Desktop\setup_av_free.exe
    [2010/04/30 11:29:22 | 000,000,680 | ---- | C] () -- C:\Users\Molly Flynn\AppData\Local\d3d9caps.dat
    [2009/11/15 12:42:47 | 000,000,018 | ---- | C] () -- C:\Users\Molly Flynn\AppData\Local\msesbucf.txt
    [2009/10/05 17:56:27 | 000,000,000 | ---- | C] () -- C:\Users\Molly Flynn\AppData\Local\FnF4.txt
    [2009/09/21 11:00:26 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
    [2009/09/14 15:41:58 | 000,017,240 | ---- | C] () -- C:\Windows\cfgall.ini
    [2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
    [2009/02/16 09:22:05 | 000,028,409 | ---- | C] () -- C:\ProgramData\nvModes.001
    [2009/02/16 09:22:04 | 000,028,409 | ---- | C] () -- C:\ProgramData\nvModes.dat
    [2008/01/21 13:56:27 | 000,027,136 | ---- | C] () -- C:\Users\Molly Flynn\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2008/01/21 13:23:10 | 000,027,905 | ---- | C] () -- C:\Users\Molly Flynn\AppData\Roaming\nvModes.001
    [2008/01/21 00:57:04 | 000,027,905 | ---- | C] () -- C:\Users\Molly Flynn\AppData\Roaming\nvModes.dat
    [2008/01/20 18:01:23 | 000,000,000 | ---- | C] () -- C:\Users\Molly Flynn\AppData\Local\QSwitch.txt
    [2008/01/20 18:01:23 | 000,000,000 | ---- | C] () -- C:\Users\Molly Flynn\AppData\Local\DSwitch.txt
    [2008/01/20 18:01:23 | 000,000,000 | ---- | C] () -- C:\Users\Molly Flynn\AppData\Local\AtStart.txt
    [2007/12/15 01:08:09 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
    [2007/12/05 23:51:03 | 000,001,394 | ---- | C] () -- C:\ProgramData\hpzinstall.log
    [2007/09/05 15:52:04 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
    [2007/04/03 16:18:26 | 000,197,672 | ---- | C] () -- C:\Windows\System32\vpnapi.dll
    [2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
    [2006/11/02 05:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
    [2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
    [2006/03/09 17:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
    [2001/11/14 16:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

    ========== LOP Check ==========

    [2011/01/08 16:54:44 | 000,000,000 | ---D | M] -- C:\Users\Molly Flynn\AppData\Roaming\muvee Technologies
    [2008/01/28 18:54:42 | 000,000,000 | ---D | M] -- C:\Users\Molly Flynn\AppData\Roaming\PlayFirst
    [2008/01/27 13:32:44 | 000,000,000 | ---D | M] -- C:\Users\Molly Flynn\AppData\Roaming\WildTangent
    [2011/01/22 11:48:17 | 000,032,580 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
    [2011/01/22 14:35:00 | 000,000,430 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{B3670ADD-923C-4517-B4CF-2A549BC92919}.job

    ========== Purity Check ==========



    < End of report >
     
    Bearclaw,
    #23
  5. 2011/01/22
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Good news :)
    OTL log looks good.
    As for your desktop, we can surely check it too, but you'll need to create new topic.

    Now....last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
    broni,
    #24
  6. 2011/01/22
    Bearclaw

    Bearclaw Well-Known Member Thread Starter

    Joined:
    2010/12/09
    Messages:
    151
    Likes Received:
    0
    Results of screen317's Security Check version 0.99.7
    Windows Vista Service Pack 2 (UAC is enabled)
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:
    Windows Firewall Enabled!
    avast! Free Antivirus
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:
    Malwarebytes' Anti-Malware
    CCleaner
    Java(TM) 6 Update 23
    Java(TM) 6 Update 2
    Out of date Java installed!
    Adobe Flash Player
    Adobe Reader 8.2.5
    Out of date Adobe Reader installed!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent
    Alwil Software Avast5 AvastSvc.exe
    Alwil Software Avast5 AvastUI.exe
    ``````````End of Log````````````
     
    Bearclaw,
    #25
  7. 2011/01/22
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Uninstall Java(TM) 6 Update 2 .

    Update Adobe Reader

    You can download it from http://www.adobe.com/products/acrobat/readstep2.html
    After installing the latest Adobe Reader, uninstall all previous versions.
    Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

    Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
    It's a much smaller file to download and uses a lot less resources than Adobe Reader.
    Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or other garbage.

    ...and Eset scan....
     
    broni,
    #26
  8. 2011/01/22
    Bearclaw

    Bearclaw Well-Known Member Thread Starter

    Joined:
    2010/12/09
    Messages:
    151
    Likes Received:
    0
    ESET online scanner produced no report... when it was through it had a 'finish' button as the only option for me, I hit that and the next screen was a solicitation to buy their software. I assume that is all normal. ESET has been kept on my system in the event it needs to be used again the files are already there. :)

    Java 6 Update 2 has been removed.

    My system indicates that I already have Adobe X, which the link given offers to download. As to trashing outdated files, I don't think I know how to do that.
     
    Bearclaw,
    #27
  9. 2011/01/23
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. Run defrag at your convenience.

    11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    12. Please, let me know, how your computer is doing.
     
    broni,
    #28
  10. 2011/01/23
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    I didn't ask for a new OTL log.
    It looks like you clicked on "Scan" button instead of "Fix" button.
    Please, redo.
     
    broni,
    #29
  11. 2011/01/23
    Bearclaw

    Bearclaw Well-Known Member Thread Starter

    Joined:
    2010/12/09
    Messages:
    151
    Likes Received:
    0
    OK, I have REALLY ******* up! In the last set of instructions I did err in running a 'scan' rather than a 'fix'... unfortunately I also proceeded to try the 'cleanup' steps once the errant files were forwarded to you. :(

    Now the OTL cannot find what it is suppossed to fix. SOooo where do I go from here, I don't mind going back to whatever 'step' and going from there.

    Sorry for my boo-boo, guess old age is catching up to me...
     
    Bearclaw,
    #30
  12. 2011/01/23
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    broni,
    #31
  13. 2011/01/25
    Bearclaw

    Bearclaw Well-Known Member Thread Starter

    Joined:
    2010/12/09
    Messages:
    151
    Likes Received:
    0
    Everything seems to be cleaned out and the little machine is running happily and faster than I have seen her before!

    Thank you kindly for all the help! The 'associated desktop' might be a new project, don't know yet. No matter, it will be a separate thread.

    As far as I can tell everything is 'done' on this end, accomplished the deletion of previous restore points and established a new one as per 'suggested'. Unless there is more goodies to deal with, I think we have been successful and can consider this one 'resolved'! :)
     
    Bearclaw,
    #32
  14. 2011/01/25
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Well done :)

    Good luck and stay safe :)
     
    broni,
    #33
Page 2 of 2

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...