MS Removal Tool - MBAM didn't work, currently running OTL.

View previous topic View next topic Go down

MS Removal Tool - MBAM didn't work, currently running OTL.

Post by tjunger on Fri 06 May 2011, 6:09 am

Saw a mod's recommendation in a similar post today, currently running OTL to create the logs you're looking for - is a mod available to help?

Thanks,
t

tjunger

Newbie Surfer
Newbie Surfer

Posts : 10
Joined : 2011-05-06
Operating System : Windows 7

View user profile

Back to top Go down

Re: MS Removal Tool - MBAM didn't work, currently running OTL.

Post by tjunger on Fri 06 May 2011, 6:12 am

OTL.txt:

OTL logfile created on: 5/5/2011 2:11:08 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Tyler\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 77.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.74 Gb Total Space | 23.39 Gb Free Space | 10.50% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 3.41 Gb Free Space | 34.07% Space Free | Partition Type: NTFS

Computer Name: TYLER-LAPTOP | User Name: Tyler | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/05 14:10:42 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Tyler\Desktop\OTL.exe
PRC - [2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/10/22 16:01:50 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2009/10/22 16:01:48 | 002,477,304 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe


========== Modules (SafeList) ==========

MOD - [2011/05/05 14:10:42 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Tyler\Desktop\OTL.exe
MOD - [2010/08/21 00:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/04/27 12:01:38 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/09/11 17:26:52 | 000,052,224 | ---- | M] (Absolute Software Corp.) [Auto | Stopped] -- C:\Windows\System32\rpcnet.exe -- (rpcnet) Remote Procedure Call (RPC)
SRV - [2010/08/28 01:48:15 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/03/03 04:01:01 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/10/22 16:01:50 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2009/10/22 16:01:50 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2009/10/22 16:01:48 | 002,477,304 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2009/10/22 16:01:48 | 001,864,888 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2009/10/22 16:01:48 | 000,341,320 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2009/08/18 03:36:08 | 000,176,128 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/13 13:06:15 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2009/06/17 15:17:05 | 000,434,864 | ---- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2009/01/13 12:28:46 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2007/05/31 16:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 16:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV - [2011/03/31 03:00:00 | 001,393,144 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20110504.019\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/03/31 03:00:00 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20110504.019\NAVENG.SYS -- (NAVENG)
DRV - [2011/01/03 03:38:36 | 000,136,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2011/01/03 03:38:36 | 000,121,192 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV - [2011/01/03 03:38:36 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV - [2010/12/21 00:55:02 | 000,132,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2010/12/21 00:55:02 | 000,104,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2010/12/21 00:55:02 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadadb.sys -- (androidusb)
DRV - [2010/12/21 00:55:02 | 000,014,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2010/11/17 11:42:56 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/07/09 13:18:54 | 000,020,328 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\cpuz134_x32.sys -- (cpuz134)
DRV - [2010/05/27 03:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/01/25 03:47:24 | 000,063,520 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\itecir.sys -- (itecir)
DRV - [2009/11/02 04:12:48 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/10/22 16:01:50 | 000,320,560 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2009/10/22 16:01:50 | 000,281,648 | ---- | M] (Symantec Corporation) [File_System | System | Stopped] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2009/10/22 16:01:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2009/10/22 16:01:44 | 000,421,424 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2009/08/18 04:48:06 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/07/13 19:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009/07/13 18:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 17:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel(R)
DRV - [2009/07/13 17:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink (TM)
DRV - [2009/06/17 15:02:02 | 000,020,152 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpnva.sys -- (vpnva)
DRV - [2009/01/13 12:27:38 | 000,306,811 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2008/08/28 18:17:38 | 000,131,856 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2008/07/24 19:42:48 | 000,170,032 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/08/08 08:03:52 | 000,476,288 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emBDA.sys -- (USB28xxBGA)
DRV - [2007/08/08 08:03:52 | 000,038,656 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emOEM.sys -- (USB28xxOEM)
DRV - [2007/02/27 15:31:28 | 000,021,504 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motmodem.sys -- (motmodem)
DRV - [2007/01/18 20:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006/11/14 18:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/12/22 18:02:22 | 000,051,840 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/11/16 21:28:32 | 000,028,928 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2004/02/04 11:27:56 | 000,049,536 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tiehdusb.sys -- (TIEHDUSB)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E1 50 EB ED F4 0A CC 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.madison.com/wsj/"
FF - prefs.js..extensions.enabledItems: {8b86149f-01fb-4842-9dd8-4d7eb02fd055}:0.20.0
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.29
FF - prefs.js..extensions.enabledItems: {6AC85730-7D0F-4de0-B3FA-21142DD85326}:2.0.2
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:7
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.102
FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.2
FF - prefs.js..extensions.enabledItems: {1a0c9ebe-ddf9-4b76-b8a3-675c77874d37}:2.6.2
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0.10

FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/02 22:04:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/27 13:41:49 | 000,000,000 | ---D | M]

[2009/11/20 23:28:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tyler\AppData\Roaming\Mozilla\Extensions
[2009/11/20 23:28:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tyler\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2010/04/26 02:54:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tyler\AppData\Roaming\Mozilla\Firefox\Profiles\483kpp8j.default\extensions
[2009/11/02 02:53:15 | 000,000,000 | ---D | M] (TwitterBar) -- C:\Users\Tyler\AppData\Roaming\Mozilla\Firefox\Profiles\483kpp8j.default\extensions\{1a0c9ebe-ddf9-4b76-b8a3-675c77874d37}
[2009/11/02 02:53:15 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Tyler\AppData\Roaming\Mozilla\Firefox\Profiles\483kpp8j.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/11/02 02:53:18 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\Tyler\AppData\Roaming\Mozilla\Firefox\Profiles\483kpp8j.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2009/11/02 02:53:19 | 000,000,000 | ---D | M] (All-in-One Gestures) -- C:\Users\Tyler\AppData\Roaming\Mozilla\Firefox\Profiles\483kpp8j.default\extensions\{8b86149f-01fb-4842-9dd8-4d7eb02fd055}
[2009/11/02 02:53:19 | 000,000,000 | ---D | M] ("BetterPrivacy") -- C:\Users\Tyler\AppData\Roaming\Mozilla\Firefox\Profiles\483kpp8j.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2009/11/02 02:53:21 | 000,000,000 | ---D | M] (Torbutton) -- C:\Users\Tyler\AppData\Roaming\Mozilla\Firefox\Profiles\483kpp8j.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2009/11/02 02:53:14 | 000,000,000 | ---D | M] ("Distrust") -- C:\Users\Tyler\AppData\Roaming\Mozilla\Firefox\Profiles\483kpp8j.default\extensions\trustme@gness.com
[2009/11/02 02:53:15 | 000,000,000 | ---D | M] (Zotero) -- C:\Users\Tyler\AppData\Roaming\Mozilla\Firefox\Profiles\483kpp8j.default\extensions\zotero@chnm.gmu.edu
[2011/05/03 00:28:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tyler\AppData\Roaming\Mozilla\Firefox\Profiles\ftc3srmz.default\extensions
[2011/03/27 13:42:50 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\Tyler\AppData\Roaming\Mozilla\Firefox\Profiles\ftc3srmz.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2011/04/28 17:40:52 | 000,000,000 | ---D | M] (All-in-One Gestures) -- C:\Users\Tyler\AppData\Roaming\Mozilla\Firefox\Profiles\ftc3srmz.default\extensions\{8b86149f-01fb-4842-9dd8-4d7eb02fd055}
[2011/04/28 17:40:54 | 000,000,000 | ---D | M] (Cookies Manager+) -- C:\Users\Tyler\AppData\Roaming\Mozilla\Firefox\Profiles\ftc3srmz.default\extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d}
[2010/10/15 14:54:39 | 000,000,000 | ---D | M] (Click&Clean) -- C:\Users\Tyler\AppData\Roaming\Mozilla\Firefox\Profiles\ftc3srmz.default\extensions\clickclean@hotcleaner.com
[2011/04/21 18:27:40 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\Tyler\AppData\Roaming\Mozilla\Firefox\Profiles\ftc3srmz.default\extensions\firefox@ghostery.com
[2011/05/03 00:28:24 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\Tyler\AppData\Roaming\Mozilla\Firefox\Profiles\ftc3srmz.default\extensions\foxyproxy@eric.h.jung
[2010/10/15 14:54:34 | 000,000,000 | ---D | M] (Long URL Please) -- C:\Users\Tyler\AppData\Roaming\Mozilla\Firefox\Profiles\ftc3srmz.default\extensions\longurlplease@darragh.curran
[2011/03/27 13:41:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/12/22 23:27:04 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/10/06 23:15:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{B13721C7-F507-4982-B2E5-502A71474FED}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009/11/02 02:53:08 | 000,000,000 | ---D | M] (Move Media Player) -- C:\USERS\TYLER\APPDATA\ROAMING\MOVE NETWORKS
[2011/05/02 22:04:30 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/01/02 03:32:37 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/05/05 08:09:43 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKCU..\RunOnce: [aA06509BoHjJ06509] C:\ProgramData\aA06509BoHjJ06509\aA06509BoHjJ06509.exe ()
O4 - Startup: C:\Users\Tyler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Tyler\AppData\Roaming\Dropbox\bin\Dropbox.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {700EF03F-A472-4D26-8ACB-300F4D04FD96} [You must be registered and logged in to see this link.] (Recovery ActiveX Control Module)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 144.92.254.254 128.104.254.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/05 14:10:42 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Tyler\Desktop\OTL.exe
[2011/05/05 02:24:55 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/05/05 02:24:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/05 02:24:52 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/05/05 02:24:11 | 007,734,240 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Tyler\Desktop\mbam-setup.exe
[2011/05/05 02:01:37 | 000,000,000 | ---D | C] -- C:\Symantec_Endpoint_Protection11.0.6300
[2011/05/05 01:40:59 | 000,000,000 | ---D | C] -- C:\ProgramData\aA06509BoHjJ06509
[2011/05/04 19:00:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2011/04/26 08:49:16 | 000,000,000 | ---D | C] -- C:\3c8159a9d2ea3d4a0e95ca7e58
[2011/04/23 22:54:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/04/23 22:51:24 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/04/16 12:19:56 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011/04/16 12:19:56 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011/04/16 12:19:21 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011/04/16 12:19:06 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011/04/16 12:19:06 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011/04/16 12:18:24 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/04/16 12:18:24 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011/04/16 12:18:23 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/04/16 12:18:22 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/04/16 12:18:22 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/04/16 12:18:22 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/04/16 12:18:22 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/04/16 12:18:20 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/04/16 12:18:20 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/04/16 12:18:19 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/04/16 12:18:19 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/04/16 12:16:08 | 002,331,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/04/16 12:15:46 | 000,191,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FXSCOVER.exe
[2011/04/16 12:07:54 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2011/04/16 12:07:54 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2011/04/08 15:35:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
[2011/04/08 15:34:53 | 001,416,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WdfCoInstaller01005.dll
[2011/04/08 15:34:53 | 001,416,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfCoInstaller01005.dll
[2011/04/08 15:34:53 | 000,136,680 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ssadmdm.sys
[2011/04/08 15:34:53 | 000,121,192 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ssadbus.sys
[2011/04/08 15:34:53 | 000,030,312 | ---- | C] (Google Inc) -- C:\Windows\System32\drivers\ssadadb.sys
[2011/04/08 15:34:53 | 000,012,776 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ssadmdfl.sys
[2011/04/08 15:34:53 | 000,010,472 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ssadcmnt.sys
[2011/04/08 15:34:53 | 000,010,472 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ssadcm.sys
[2011/04/08 15:34:53 | 000,010,344 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ssadwhnt.sys
[2011/04/08 15:34:53 | 000,010,344 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ssadwh.sys
[2011/04/08 15:34:35 | 000,132,424 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscdmdm.sys
[2011/04/08 15:34:35 | 000,104,648 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscdbus.sys
[2011/04/08 15:34:35 | 000,014,920 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscdmdfl.sys
[2011/04/08 15:34:35 | 000,012,616 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscdcmnt.sys
[2011/04/08 15:34:35 | 000,012,616 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscdcm.sys
[2011/04/08 15:34:35 | 000,012,488 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscdwhnt.sys
[2011/04/08 15:34:35 | 000,012,488 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscdwh.sys
[2011/04/08 15:33:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung
[2011/04/08 15:32:58 | 000,000,000 | ---D | C] -- C:\Program Files\Samsung
[2011/04/08 15:32:56 | 000,000,000 | ---D | C] -- C:\Windows\Fonts\.svn
[2011/04/06 16:20:16 | 000,107,808 | ---- | C] (Apple Inc.) -- C:\Windows\System32\dns-sd.exe
[2011/04/06 16:20:16 | 000,091,424 | ---- | C] (Apple Inc.) -- C:\Windows\System32\dnssd.dll
[2011/04/06 14:10:09 | 000,000,000 | ---D | C] -- C:\Users\Tyler\Kindle Hacks
[2011/04/06 13:09:11 | 000,000,000 | ---D | C] -- C:\Users\Tyler\Calibre Library
[2011/04/06 13:09:05 | 000,000,000 | ---D | C] -- C:\Users\Tyler\AppData\Roaming\calibre
[2011/04/06 13:03:46 | 000,000,000 | ---D | C] -- C:\Program Files\Calibre2
[2011/04/06 13:03:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/05 14:10:42 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Tyler\Desktop\OTL.exe
[2011/05/05 13:56:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/05 13:56:40 | 1606,594,560 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/05 13:49:26 | 000,052,224 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.dll
[2011/05/05 13:49:17 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/05 08:22:31 | 000,622,168 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/05 08:22:31 | 000,106,284 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/05 08:09:43 | 000,000,824 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/05/05 08:09:43 | 000,000,824 | ---- | M] () -- C:\Users\Tyler\Desktop\hosts
[2011/05/05 08:08:02 | 000,000,134 | ---- | M] () -- C:\Users\Tyler\Desktop\hosts-perm.bat
[2011/05/05 08:06:24 | 367,157,534 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/05/05 02:24:55 | 000,001,063 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/05 02:24:41 | 007,734,240 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Tyler\Desktop\mbam-setup.exe
[2011/05/05 02:23:21 | 000,000,139 | ---- | M] () -- C:\Users\Tyler\Desktop\rk-proxy.reg
[2011/05/05 02:22:43 | 001,006,778 | ---- | M] () -- C:\Users\Tyler\Desktop\iExplore.exe
[2011/05/05 02:00:37 | 160,245,248 | ---- | M] () -- C:\Users\Tyler\Desktop\Symantec_Endpoint_Protection11.0.6300-32bit.exe
[2011/05/05 01:34:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-345876769-484115345-786241906-1000UA.job
[2011/05/05 00:54:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/04 21:51:26 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-345876769-484115345-786241906-1000Core.job
[2011/05/02 22:04:45 | 000,001,994 | ---- | M] () -- C:\Users\Tyler\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/04/28 17:42:54 | 000,013,440 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/28 17:42:54 | 000,013,440 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/16 12:26:44 | 003,969,192 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/04/08 15:45:13 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ssadadb_01005.Wdf
[2011/04/08 15:35:25 | 000,002,054 | ---- | M] () -- C:\Users\Tyler\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Kies mini.lnk
[2011/04/06 16:20:16 | 000,107,808 | ---- | M] (Apple Inc.) -- C:\Windows\System32\dns-sd.exe
[2011/04/06 16:20:16 | 000,091,424 | ---- | M] (Apple Inc.) -- C:\Windows\System32\dnssd.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/05 08:09:43 | 000,000,824 | ---- | C] () -- C:\Users\Tyler\Desktop\hosts
[2011/05/05 08:08:02 | 000,000,134 | ---- | C] () -- C:\Users\Tyler\Desktop\hosts-perm.bat
[2011/05/05 02:24:55 | 000,001,063 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/05 02:23:21 | 000,000,139 | ---- | C] () -- C:\Users\Tyler\Desktop\rk-proxy.reg
[2011/05/05 02:22:28 | 001,006,778 | ---- | C] () -- C:\Users\Tyler\Desktop\iExplore.exe
[2011/05/05 01:58:23 | 160,245,248 | ---- | C] () -- C:\Users\Tyler\Desktop\Symantec_Endpoint_Protection11.0.6300-32bit.exe
[2011/04/08 15:45:13 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ssadadb_01005.Wdf
[2011/04/08 15:35:25 | 000,002,054 | ---- | C] () -- C:\Users\Tyler\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Kies mini.lnk
[2010/09/19 21:57:02 | 000,000,063 | ---- | C] () -- C:\Windows\wininit.ini
[2010/08/13 10:55:27 | 000,000,281 | ---- | C] () -- C:\Windows\EReg072.dat
[2010/08/11 16:42:05 | 000,000,409 | ---- | C] () -- C:\Windows\SIERRA.INI
[2010/07/25 14:02:14 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/06/19 18:40:26 | 000,000,132 | ---- | C] () -- C:\Users\Tyler\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010/04/27 17:37:26 | 000,007,272 | -HS- | C] () -- C:\ProgramData\myujs
[2010/04/27 16:28:32 | 000,003,504 | -HS- | C] () -- C:\Users\Tyler\AppData\Local\1BfeNur
[2010/04/27 16:28:32 | 000,003,504 | -HS- | C] () -- C:\ProgramData\1BfeNur
[2010/04/26 01:57:46 | 000,010,858 | -HS- | C] () -- C:\Users\Tyler\AppData\Local\f*** file- Copy
[2010/04/24 13:01:33 | 000,186,280 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2010/04/24 12:02:31 | 000,003,888 | ---- | C] () -- C:\Windows\System32\drivers\NTHANDLE.SYS
[2010/04/19 18:15:05 | 000,015,944 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2010/01/24 14:24:54 | 000,000,022 | ---- | C] () -- C:\Windows\System32\cm.ini
[2010/01/04 19:02:58 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2009/11/20 11:34:06 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009/11/02 04:39:50 | 000,000,256 | ---- | C] () -- C:\Windows\System32\pool.bin
[2009/11/02 04:21:44 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/11/02 02:52:38 | 000,302,277 | ---- | C] () -- C:\Users\Tyler\AppData\Roaming\nvModes.dat
[2009/11/02 02:52:38 | 000,302,277 | ---- | C] () -- C:\Users\Tyler\AppData\Roaming\nvModes.001
[2009/11/02 02:52:38 | 000,023,888 | ---- | C] () -- C:\Users\Tyler\AppData\Roaming\UserTile.png
[2009/11/02 02:52:38 | 000,000,246 | ---- | C] () -- C:\Users\Tyler\AppData\Roaming\wklnhst.dat
[2009/11/02 02:51:24 | 000,010,240 | ---- | C] () -- C:\Users\Tyler\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/02 02:51:24 | 000,000,680 | ---- | C] () -- C:\Users\Tyler\AppData\Local\d3d9caps.dat
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/13 23:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 23:33:53 | 003,969,192 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 21:05:48 | 000,622,168 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 21:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 21:05:48 | 000,106,284 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 21:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 21:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 21:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 18:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/18 20:29:04 | 000,197,654 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009/02/18 18:55:22 | 000,294,912 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2009/02/03 21:52:04 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe
[2009/01/13 12:29:00 | 000,197,408 | ---- | C] () -- C:\Windows\System32\vpnapi.dll
[2008/07/11 21:08:24 | 000,086,016 | ---- | C] () -- C:\Windows\System32\QL57F.DLL
[2007/04/16 04:24:16 | 000,023,752 | ---- | C] () -- C:\Windows\System32\providers.bin
[2007/04/11 18:03:00 | 000,000,971 | ---- | C] () -- C:\Windows\System32\QL57L.INI
[2005/05/06 20:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2001/11/14 14:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
[2001/06/07 13:23:58 | 000,000,211 | ---- | C] () -- C:\Windows\System32\memdil.ini
[2001/02/20 09:02:10 | 000,000,074 | ---- | C] () -- C:\Windows\System32\syscc.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:C895616B

< End of report >


**********************************************


Extras.t
Extras.txt

tjunger

Newbie Surfer
Newbie Surfer

Posts : 10
Joined : 2011-05-06
Operating System : Windows 7

View user profile

Back to top Go down

Re: MS Removal Tool - MBAM didn't work, currently running OTL.

Post by tjunger on Fri 06 May 2011, 6:12 am

Extras.txt

OTL Extras logfile created on: 5/5/2011 2:11:08 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Tyler\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 77.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.74 Gb Total Space | 23.39 Gb Free Space | 10.50% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 3.41 Gb Free Space | 34.07% Space Free | Partition Type: NTFS

Computer Name: TYLER-LAPTOP | User Name: Tyler | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Users\Tyler\ctmweb.exe" = C:\Users\Tyler\ctmweb.exe:*:Enabled:ctmweb Computrace Installation/Management Application -- (Absolute Software Corporation)
"C:\WINDOWS\SYSTEM32\ctmweb.exe" = C:\WINDOWS\SYSTEM32\ctmweb.exe:*:Enabled:ctmweb Computrace Installation/Management Application -- (Absolute Software Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.1.0.4402
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID Sign-in Assistant
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{205A5182-EFC8-4C25-B61D-C164F8FF4048}" = BlackBerry Desktop Software 5.0.1
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{2505571C-03B3-4F9F-AC35-33F1CB4B5E9E}_is1" = RescueTime 2.2.3
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 21
"{27614800-84A9-484E-9CCB-43ED2F1205F5}" = Chessmaster Grandmaster Edition
"{2EFCC193-D915-4CCB-9201-31773A27BC06}" = Symantec Endpoint Protection
"{316B3C3F-6B5A-DBC3-1398-FBE614ECCAA7}" = TweetDeck
"{3360D505-B0AA-4284-92DF-F872AF90A448}" = BlackBerry Device Software Updater
"{353FE16B-30FE-469A-BF55-B978F4218003}" = iTunes
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5F64E152-51C1-47B4-BEA8-007D73C7460F}" = Cisco AnyConnect VPN Client
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ULTIMATER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ULTIMATER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ULTIMATER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ULTIMATER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ULTIMATER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile Device Center
"{91120000-002E-0000-0000-0000000FF1CE}" = Microsoft Office Ultimate 2007
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{99011A6E-5200-11DE-BDB8-7ACD56D89593}" = Rosetta Stone Version 3
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A8B94669-8654-4126-BD28-D0D2412CDED6}" = TI Connect 1.6
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{BCA2295A-035C-460D-9B75-4671518DC000}" = DVD or CD Sharing
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C3450AC6-4FEA-403A-A5C1-678BCDA6AA9F}" = LoJack for Laptops Notifier
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C4972073-2BFE-475D-8441-564EA97DA161}" = QuickSet
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DFF135C9-274E-443B-B2D1-FF0FD93EE790}" = calibre
"{E00EA780-9C24-47BA-B9C8-210316D1C461}_is1" = Auto Mouse Clicker v3.0
"{E3E3C2C5-B78F-560D-01C0-A9F11945D17B}" = Pandora
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EE43894E-FDCF-4A8C-BCD6-3AAA9A48B486}" = Kies mini
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F3C1DE9E-5E16-4BA9-B854-7B53A45E3579}" = Cisco Systems VPN Client 5.0.05.0290
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"AIM_7" = AIM 7
"Amazon Kindle For PC" = Amazon Kindle For PC
"Ascendo Money" = Ascendo Money 3.3.6
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
"BlackBerry_{205A5182-EFC8-4C25-B61D-C164F8FF4048}" = BlackBerry Desktop Software 5.0.1
"CamStudio" = CamStudio
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.pandora.desktop.FB9956FD96E03239939108614098AD95535EE674.1" = Pandora
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.55
"Digital Editions" = Adobe Digital Editions
"doPDF 7 printer_is1" = doPDF 7.1 printer
"File Shredder_is1" = File Shredder 2.0
"FileASSASSIN" = FileASSASSIN
"Free Sound Recorder_is1" = Free Sound Recorder 2010 v9.2.1
"ImgBurn" = ImgBurn
"InstallShield_{27614800-84A9-484E-9CCB-43ED2F1205F5}" = Chessmaster Grandmaster Edition
"InstallShield_{EE43894E-FDCF-4A8C-BCD6-3AAA9A48B486}" = Kies mini
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"LimeWire" = LimeWire 5.3.6
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
"Picasa 3" = Picasa 3
"Privoxy" = Privoxy (remove only)
"RealPlayer 12.0" = RealPlayer
"Steam App 32370" = Star Wars: Knights of the Old Republic
"Steam App 400" = Portal
"Steam App 620" = Portal 2
"Tor" = Tor 0.2.0.34
"TrueCrypt" = TrueCrypt
"TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1" = TweetDeck
"ULTIMATER" = Microsoft Office Ultimate 2007
"uTorrent" = µTorrent
"Vidalia" = Vidalia 0.1.10
"VLC media player" = VLC media player 1.0.2
"WinLiveSuite_Wave3" = Windows Live Essentials
"Write-N-Cite" = Write-N-Cite
"Zero Assumption Recovery_is1" = Zero Assumption Recovery Version 8.4

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"309a46b1dc89b774" = Dell Driver Download Manager
"Dropbox" = Dropbox
"Facebook Plug-In" = Facebook Plug-In
"Google Chrome" = Google Chrome
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/5/2011 2:41:19 AM | Computer Name = Tyler-Laptop | Source = Symantec AntiVirus | ID = 16711754
Description = TruScan has generated an error: code 11: description: Whitelist Failure

Error - 5/5/2011 9:13:53 AM | Computer Name = Tyler-Laptop | Source = Symantec AntiVirus | ID = 16711754
Description = TruScan has generated an error: code 11: description: Whitelist Failure

Error - 5/5/2011 9:21:18 AM | Computer Name = Tyler-Laptop | Source = SescLU | ID = 13
Description = LiveUpdate returned a non-critical error. Available content updates
may have failed to install.

Error - 5/5/2011 9:35:20 AM | Computer Name = Tyler-Laptop | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Tracking Cookies in File: Unavailable by: Manual
scan. Action: Quarantine failed : Leave Alone failed. Action Description: The
file was deleted successfully.

Error - 5/5/2011 9:58:33 AM | Computer Name = Tyler-Laptop | Source = Symantec AntiVirus | ID = 16711731
Description = Risk Found!Trojan.Gen in File: c:\Users\Tyler\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\20db519d-6d70c75e>>vmain.class
by: Manual scan. Action: Quarantine succeeded. Action Description: The file was
quarantined successfully. Security Risk Found!Trojan.Gen in File: c:\Users\Tyler\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\20db519d-6d70c75e>>vmain.class
by: Manual scan. Action: Quarantine succeeded. Action Description: The file was
quarantined successfully. Security Risk Found!Multiple Risks in File: c:\Users\Tyler\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\20db519d-6d70c75e
by: Manual scan. Action: Quarantine succeeded. Action Description: The file was
quarantined successfully. Risk Found!Multiple Risks in File: c:\Users\Tyler\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\20db519d-6d70c75e
by: Manual scan. Action: Quarantine succeeded. Action Description: The file was
quarantined successfully.

Error - 5/5/2011 9:58:47 AM | Computer Name = Tyler-Laptop | Source = Symantec AntiVirus | ID = 16711731
Description = Risk Found!Trojan.Gen in File: c:\Users\Tyler\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\6f69d9da-3714b8ad>>a66d578f084.class
by: Manual scan. Action: Quarantine succeeded. Action Description: The file was
quarantined successfully. Security Risk Found!Trojan.Gen in File: c:\Users\Tyler\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\6f69d9da-3714b8ad>>a66d578f084.class
by: Manual scan. Action: Quarantine succeeded. Action Description: The file was
quarantined successfully. Security Risk Found!Trojan.Gen in File: c:\Users\Tyler\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\6f69d9da-3714b8ad>>aa79d1019d8.class
by: Manual scan. Action: Quarantine succeeded. Action Description: The file was
quarantined successfully. Risk Found!Trojan.Gen in File: c:\Users\Tyler\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\6f69d9da-3714b8ad>>aa79d1019d8.class
by: Manual scan. Action: Quarantine succeeded. Action Description: The file was
quarantined successfully.

Error - 5/5/2011 9:58:48 AM | Computer Name = Tyler-Laptop | Source = Symantec AntiVirus | ID = 16711731
Description = Risk Found!Trojan.Gen in File: c:\Users\Tyler\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\6f69d9da-3714b8ad>>ae28546890f.class
by: Manual scan. Action: Quarantine succeeded. Action Description: The file was
quarantined successfully. Security Risk Found!Trojan.Gen in File: c:\Users\Tyler\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\6f69d9da-3714b8ad>>ae28546890f.class
by: Manual scan. Action: Quarantine succeeded. Action Description: The file was
quarantined successfully. Security Risk Found!Trojan.Gen in File: c:\Users\Tyler\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\6f69d9da-3714b8ad>>af439f03798.class
by: Manual scan. Action: Quarantine succeeded. Action Description: The file was
quarantined successfully. Risk Found!Trojan.Gen in File: c:\Users\Tyler\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\6f69d9da-3714b8ad>>af439f03798.class
by: Manual scan. Action: Quarantine succeeded. Action Description: The file was
quarantined successfully.

Error - 5/5/2011 9:58:56 AM | Computer Name = Tyler-Laptop | Source = Symantec AntiVirus | ID = 16711731
Description = Risk Found!Trojan.Gen in File: c:\Users\Tyler\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\25b32d04-64d20f5f>>vmain.class
by: Manual scan. Action: Quarantine succeeded. Action Description: The file was
quarantined successfully. Security Risk Found!Trojan.Gen in File: c:\Users\Tyler\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\25b32d04-64d20f5f>>vmain.class
by: Manual scan. Action: Quarantine succeeded. Action Description: The file was
quarantined successfully. Security Risk Found!Multiple Risks in File: c:\Users\Tyler\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\25b32d04-64d20f5f
by: Manual scan. Action: Quarantine succeeded. Action Description: The file was
quarantined successfully. Risk Found!Multiple Risks in File: c:\Users\Tyler\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\25b32d04-64d20f5f
by: Manual scan. Action: Quarantine succeeded. Action Description: The file was
quarantined successfully.

Error - 5/5/2011 12:00:49 PM | Computer Name = Tyler-Laptop | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Multiple Risks in File: c:\Users\Tyler\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\25b32d04-64d20f5f
by: Manual scan. Action: Quarantine succeeded. Action Description: The file was
quarantined successfully. Security Risk Found!Trojan.Gen in File: c:\Users\Tyler\Downloads\Adobe.Photoshop.CS5.Extended.v12.Keygen.Only.EMBRACE-Deantjah.rar>>Adobe.Photoshop.CS5.Extended.v12.Keygen.Onl...
by: Manual scan. Action: Quarantine succeeded. Action Description: The file was
quarantined successfully. Risk Found!Trojan.Gen in File: c:\Users\Tyler\Downloads\Adobe.Photoshop.CS5.Extended.v12.Keygen.Only.EMBRACE-Deantjah.rar>>Adobe.Photoshop.CS5.Extended.v12.Keygen.Onl...
by: Manual scan. Action: Quarantine succeeded. Action Description: The file was
quarantined successfully.

Error - 5/5/2011 1:33:40 PM | Computer Name = Tyler-Laptop | Source = Microsoft-Windows-CAPI2 | ID = 512
Description = The Cryptographic Services service failed to initialize the VSS backup
"System Writer" object. Details: Could not query the status of the EventSystem service.

System
Error: A system shutdown is in progress. .

[ Cisco AnyConnect VPN Client Events ]
Error - 4/19/2011 6:40:12 PM | Computer Name = Tyler-Laptop | Source = vpnagent | ID = 50331649
Description = Function: AddRouteChange Return code: 0xFE07000E File: .\ChangeRouteHelper.cpp
Line:
1279 Description: ROUTETABLE_ERROR_DELETEIPFORWARDENTRY_FAILED

Error - 4/19/2011 6:40:12 PM | Computer Name = Tyler-Laptop | Source = vpnagent | ID = 50331669
Description = Failed Route change: Action: DelRoute Destination: 192.168.1.255 Netmask:
255.255.255.255 Gateway: 192.168.1.9 Interface: 192.168.1.9 Metric: 256

Error - 4/19/2011 6:40:12 PM | Computer Name = Tyler-Laptop | Source = vpnagent | ID = 50331649
Description = Function: AddRouteChange Return code: 0xFE07000E File: .\ChangeRouteHelper.cpp
Line:
241 Description: ROUTETABLE_ERROR_DELETEIPFORWARDENTRY_FAILED

Error - 4/19/2011 6:58:05 PM | Computer Name = Tyler-Laptop | Source = vpnagent | ID = 50331650
Description = Termination reason code 23: Client PC is going into suspend mode (Sleep,
Hibernate, etc).

Error - 4/19/2011 11:13:43 PM | Computer Name = Tyler-Laptop | Source = vpnagent | ID = 50331649
Description = Function: AddRouteChange Return code: 0xFE07000D File: .\ChangeRouteHelper.cpp
Line:
1279 Description: ROUTETABLE_ERROR_CREATEIPFORWARDENTRY_FAILED

Error - 4/19/2011 11:13:43 PM | Computer Name = Tyler-Laptop | Source = vpnagent | ID = 50331669
Description = Failed Route change: Action: AddRoute Destination: 0.0.0.0 Netmask:
0.0.0.0 Gateway: 146.151.192.1 Interface: 146.151.196.79 Metric: 1

Error - 4/19/2011 11:13:43 PM | Computer Name = Tyler-Laptop | Source = vpnagent | ID = 50331649
Description = Function: AddRouteChange Return code: 0xFE07000D File: .\ChangeRouteHelper.cpp
Line:
222 Description: ROUTETABLE_ERROR_CREATEIPFORWARDENTRY_FAILED

Error - 4/19/2011 11:13:43 PM | Computer Name = Tyler-Laptop | Source = vpnagent | ID = 50331649
Description = Function: AddRouteChange Return code: 0xFE07000E File: .\ChangeRouteHelper.cpp
Line:
1279 Description: ROUTETABLE_ERROR_DELETEIPFORWARDENTRY_FAILED

Error - 4/19/2011 11:13:43 PM | Computer Name = Tyler-Laptop | Source = vpnagent | ID = 50331669
Description = Failed Route change: Action: DelRoute Destination: 192.168.1.255 Netmask:
255.255.255.255 Gateway: 192.168.1.9 Interface: 192.168.1.9 Metric: 256

Error - 4/19/2011 11:13:43 PM | Computer Name = Tyler-Laptop | Source = vpnagent | ID = 50331649
Description = Function: AddRouteChange Return code: 0xFE07000E File: .\ChangeRouteHelper.cpp
Line:
241 Description: ROUTETABLE_ERROR_DELETEIPFORWARDENTRY_FAILED

[ Media Center Events ]
Error - 1/3/2011 7:21:36 PM | Computer Name = Tyler-Laptop | Source = MCUpdate | ID = 0
Description = 5:21:36 PM - Error connecting to the internet. 5:21:36 PM - Unable
to contact server..

Error - 1/3/2011 7:22:25 PM | Computer Name = Tyler-Laptop | Source = MCUpdate | ID = 0
Description = 5:21:41 PM - Error connecting to the internet. 5:21:41 PM - Unable
to contact server..

Error - 1/3/2011 9:03:51 PM | Computer Name = Tyler-Laptop | Source = MCUpdate | ID = 0
Description = 7:03:51 PM - Error connecting to the internet. 7:03:51 PM - Unable
to contact server..

Error - 1/3/2011 9:04:21 PM | Computer Name = Tyler-Laptop | Source = MCUpdate | ID = 0
Description = 7:03:58 PM - Error connecting to the internet. 7:03:58 PM - Unable
to contact server..

Error - 1/3/2011 11:52:05 PM | Computer Name = Tyler-Laptop | Source = MCUpdate | ID = 0
Description = 9:52:05 PM - Error connecting to the internet. 9:52:05 PM - Unable
to contact server..

Error - 1/3/2011 11:52:40 PM | Computer Name = Tyler-Laptop | Source = MCUpdate | ID = 0
Description = 9:52:10 PM - Error connecting to the internet. 9:52:10 PM - Unable
to contact server..

Error - 2/2/2011 4:22:53 PM | Computer Name = Tyler-Laptop | Source = MCUpdate | ID = 0
Description = 2:22:53 PM - Error connecting to the internet. 2:22:53 PM - Unable
to contact server..

Error - 2/2/2011 4:23:20 PM | Computer Name = Tyler-Laptop | Source = MCUpdate | ID = 0
Description = 2:22:58 PM - Error connecting to the internet. 2:22:58 PM - Unable
to contact server..

Error - 2/5/2011 4:16:01 PM | Computer Name = Tyler-Laptop | Source = MCUpdate | ID = 0
Description = 2:16:01 PM - Error connecting to the internet. 2:16:01 PM - Unable
to contact server..

Error - 2/5/2011 4:16:52 PM | Computer Name = Tyler-Laptop | Source = MCUpdate | ID = 0
Description = 2:16:30 PM - Error connecting to the internet. 2:16:30 PM - Unable
to contact server..

[ OSession Events ]
Error - 4/20/2010 2:05:50 PM | Computer Name = Tyler-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 535
seconds with 0 seconds of active time. This session ended with a crash.

Error - 4/20/2010 2:08:54 PM | Computer Name = Tyler-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 174
seconds with 0 seconds of active time. This session ended with a crash.

Error - 4/20/2010 2:13:37 PM | Computer Name = Tyler-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5
seconds with 0 seconds of active time. This session ended with a crash.

Error - 4/20/2010 2:15:05 PM | Computer Name = Tyler-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 17
seconds with 0 seconds of active time. This session ended with a crash.

Error - 5/4/2010 6:07:49 PM | Computer Name = Tyler-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 11625
seconds with 0 seconds of active time. This session ended with a crash.

Error - 5/17/2010 3:43:38 PM | Computer Name = Tyler-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 389570
seconds with 26580 seconds of active time. This session ended with a crash.

Error - 7/25/2010 6:33:09 PM | Computer Name = Tyler-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6535.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 11828
seconds with 3480 seconds of active time. This session ended with a crash.

Error - 10/21/2010 1:54:30 PM | Computer Name = Tyler-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 251779
seconds with 900 seconds of active time. This session ended with a crash.

Error - 10/25/2010 10:43:02 PM | Computer Name = Tyler-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 81141
seconds with 20640 seconds of active time. This session ended with a crash.

Error - 12/8/2010 12:14:21 AM | Computer Name = Tyler-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2198
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 5/5/2011 3:00:56 PM | Computer Name = Tyler-Laptop | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 5/5/2011 3:05:56 PM | Computer Name = Tyler-Laptop | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 5/5/2011 3:05:56 PM | Computer Name = Tyler-Laptop | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 5/5/2011 3:05:56 PM | Computer Name = Tyler-Laptop | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 5/5/2011 3:08:04 PM | Computer Name = Tyler-Laptop | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 5/5/2011 3:08:04 PM | Computer Name = Tyler-Laptop | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 5/5/2011 3:08:04 PM | Computer Name = Tyler-Laptop | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 5/5/2011 3:13:04 PM | Computer Name = Tyler-Laptop | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 5/5/2011 3:13:04 PM | Computer Name = Tyler-Laptop | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 5/5/2011 3:13:04 PM | Computer Name = Tyler-Laptop | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068


< End of report >

tjunger

Newbie Surfer
Newbie Surfer

Posts : 10
Joined : 2011-05-06
Operating System : Windows 7

View user profile

Back to top Go down

Re: MS Removal Tool - MBAM didn't work, currently running OTL.

Post by Belahzur on Fri 06 May 2011, 6:25 am

Hello.

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :OTL
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
    O4 - HKCU..\RunOnce: [aA06509BoHjJ06509] C:\ProgramData\aA06509BoHjJ06509\aA06509BoHjJ06509.exe ()
    [2011/05/05 01:40:59 | 000,000,000 | ---D | C] -- C:\ProgramData\aA06509BoHjJ06509



  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: MS Removal Tool - MBAM didn't work, currently running OTL.

Post by tjunger on Fri 06 May 2011, 6:28 am

Thank you!


========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\aA06509BoHjJ06509 deleted successfully.
C:\ProgramData\aA06509BoHjJ06509\aA06509BoHjJ06509.exe moved successfully.
Folder C:\ProgramData\aA06509BoHjJ06509\ not found.

OTL by OldTimer - Version 3.2.22.3 log created on 05052011_143235

tjunger

Newbie Surfer
Newbie Surfer

Posts : 10
Joined : 2011-05-06
Operating System : Windows 7

View user profile

Back to top Go down

Re: MS Removal Tool - MBAM didn't work, currently running OTL.

Post by Belahzur on Fri 06 May 2011, 6:50 am

Hello.

Please re-open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan.

Post the new log when done.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: MS Removal Tool - MBAM didn't work, currently running OTL.

Post by tjunger on Fri 06 May 2011, 6:51 am

On it. Thanks.

tjunger

Newbie Surfer
Newbie Surfer

Posts : 10
Joined : 2011-05-06
Operating System : Windows 7

View user profile

Back to top Go down

Re: MS Removal Tool - MBAM didn't work, currently running OTL.

Post by tjunger on Fri 06 May 2011, 7:02 am

Malwarebytes' Anti-Malware 1.50.1.1100
[You must be registered and logged in to see this link.]

Database version: 6515

Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385

5/5/2011 2:59:32 PM
mbam-log-2011-05-05 (14-59-32).txt

Scan type: Quick scan
Objects scanned: 168347
Time elapsed: 3 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

tjunger

Newbie Surfer
Newbie Surfer

Posts : 10
Joined : 2011-05-06
Operating System : Windows 7

View user profile

Back to top Go down

Re: MS Removal Tool - MBAM didn't work, currently running OTL.

Post by Belahzur on Fri 06 May 2011, 7:14 am

Hello.

Please download ComboFix from BleepingComputer.com

Alternate link: GeeksToGo.com


Rename ComboFix.exe to commy.exe before you save it to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
  • Click Start then copy paste the following command into the search box & hit enter: "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. This will not install in Vista. Just continue scanning, and skip the console install.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: MS Removal Tool - MBAM didn't work, currently running OTL.

Post by tjunger on Fri 06 May 2011, 7:27 am

ComboFix 11-05-04.04 - Tyler 05/05/2011 15:25:13.4.2 - x86 NETWORK
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2043.1243 [GMT -5:00]
Running from: c:\users\Tyler\Desktop\commy.exe
Command switches used :: /stepdel
AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Tyler\AppData\Roaming\Microsoft\~DFK29ac4eb6.tmp
c:\users\Tyler\AppData\Roaming\Microsoft\1eaadjc.dll
c:\users\Tyler\AppData\Roaming\Microsoft\bass.dll
c:\users\Tyler\AppData\Roaming\Microsoft\kfgresk.dll
c:\users\Tyler\AppData\Roaming\Microsoft\mjcriu.dll
c:\users\Tyler\AppData\Roaming\Microsoft\peaadje.dll
c:\users\Tyler\AppData\Roaming\Microsoft\qwadjb.dll
c:\users\Tyler\AppData\Roaming\Microsoft\rsaadjd.dll
c:\users\Tyler\javahelper.exe
c:\windows\system32\arp.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-04-05 to 2011-05-05 )))))))))))))))))))))))))))))))
.
.
2011-05-05 20:29 . 2011-05-05 20:29 -------- d-----w- c:\users\Work\AppData\Local\temp
2011-05-05 20:29 . 2011-05-05 20:29 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-05-05 20:29 . 2011-05-05 20:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-05 20:21 . 2011-05-05 20:22 -------- d-----w- C:\32788R22FWJFW
2011-05-05 19:32 . 2011-05-05 19:32 -------- d-----w- C:\_OTL
2011-05-05 07:24 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-05 07:24 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-05 07:01 . 2011-05-05 07:01 -------- d-----w- C:\Symantec_Endpoint_Protection11.0.6300
2011-05-05 06:40 . 2011-05-05 19:32 -------- d-----w- c:\programdata\aA06509BoHjJ06509
2011-05-05 00:00 . 2011-05-05 00:00 -------- d-----w- c:\program files\Common Files\Skype
2011-04-26 13:49 . 2011-04-26 13:49 -------- d-----w- C:\3c8159a9d2ea3d4a0e95ca7e58
2011-04-24 03:51 . 2011-04-24 03:51 -------- d-----w- c:\program files\Bonjour
2011-04-16 17:20 . 2011-02-23 05:06 311296 ----a-w- c:\windows\system32\drivers\srv.sys
2011-04-16 17:20 . 2011-02-23 05:05 309760 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-16 17:20 . 2011-02-23 05:05 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-16 17:19 . 2011-02-18 05:36 428032 ----a-w- c:\windows\system32\vbscript.dll
2011-04-16 17:19 . 2011-03-03 05:29 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-04-16 17:19 . 2011-03-03 05:27 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-04-16 17:19 . 2011-02-19 05:32 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-04-16 17:19 . 2011-02-19 03:37 294912 ----a-w- c:\windows\system32\atmfd.dll
2011-04-16 17:16 . 2011-03-03 03:31 2331136 ----a-w- c:\windows\system32\win32k.sys
2011-04-16 17:15 . 2011-02-12 05:30 191488 ----a-w- c:\windows\system32\FXSCOVER.exe
2011-04-16 17:15 . 2011-03-08 05:38 740864 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-16 17:07 . 2011-03-11 05:40 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2011-04-16 17:07 . 2011-03-11 05:40 1137664 ----a-w- c:\windows\system32\mfc42.dll
2011-04-16 17:07 . 2011-02-23 05:05 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-04-16 17:07 . 2011-02-23 05:05 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-04-16 17:07 . 2011-02-23 05:05 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-16 17:07 . 2011-02-23 05:05 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-04-08 20:33 . 2011-04-08 20:45 -------- d-----w- c:\programdata\Samsung
2011-04-08 20:32 . 2011-04-08 20:34 -------- d-----w- c:\program files\Samsung
2011-04-06 21:20 . 2011-04-06 21:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 21:20 . 2011-04-06 21:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-04-06 19:10 . 2011-04-06 19:10 -------- d-----w- c:\users\Tyler\Kindle Hacks
2011-04-06 18:09 . 2011-05-01 17:59 -------- d-----w- c:\users\Tyler\Calibre Library
2011-04-06 18:09 . 2011-04-06 18:11 -------- d-----w- c:\users\Tyler\AppData\Roaming\calibre
2011-04-06 18:03 . 2011-04-06 18:04 -------- d-----w- c:\program files\Calibre2
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-05 18:49 . 2010-09-11 22:27 52224 ----a-w- c:\windows\system32\rpcnet.dll
2011-03-11 05:14 . 2011-03-11 05:14 821824 ----a-w- c:\windows\system32\dgderapi.dll
2011-03-11 05:14 . 2011-03-11 05:14 20032 ----a-w- c:\windows\system32\drivers\dgderdrv.sys
2011-02-22 14:29 . 2011-02-22 14:29 552 ----a-r- c:\windows\Fonts\.svn\entries
2011-02-22 14:29 . 2011-02-22 14:29 53 ----a-r- c:\windows\Fonts\.svn\prop-base\VodafoneRgBd.ttf.svn-base
2011-02-22 14:29 . 2011-02-22 14:29 53 ----a-r- c:\windows\Fonts\.svn\prop-base\VodafoneRg.ttf.svn-base
2011-02-22 14:29 . 2011-02-22 14:29 424 ----a-r- c:\windows\Fonts\.svn\all-wcprops
2011-02-15 20:33 . 2010-08-20 19:22 34816 ----a-w- c:\windows\system32\identprv.dll
2011-02-05 22:30 . 2010-05-27 19:57 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2011-02-05 22:30 . 2010-05-27 19:56 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-02-05 22:29 . 2010-06-03 01:38 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-02-04 23:34 . 2011-02-04 23:34 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-3\Microsoft.MediaCenter.Sports.UI.dll
2011-05-03 03:04 . 2011-03-27 18:41 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Tyler\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Tyler\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Tyler\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-08-02 200704]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
.
c:\users\Work\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\users\Tyler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Tyler\AppData\Roaming\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-7-31 1616976]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
@="FSFilter System Recovery"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Desktop Manager.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Desktop Manager.lnk
backup=c:\windows\pss\Desktop Manager.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Privoxy.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Privoxy.lnk
backup=c:\windows\pss\Privoxy.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^RescueTime.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\RescueTime.lnk
backup=c:\windows\pss\RescueTime.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
backup=c:\windows\pss\VPN Client.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Tyler^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\Tyler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 04:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 09:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-06 08:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-02-22 09:57 406992 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlackBerryAutoUpdate]
2010-03-11 03:32 648536 ----a-w- c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
2009-10-22 21:01 115560 ----a-w- c:\program files\Common Files\Symantec Shared\ccApp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-09-11 23:40 136176 ----atw- c:\users\Tyler\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 17:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-04-14 16:32 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 23:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-01-26 22:05 15026056 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2011-01-02 02:30 1242448 ----a-w- c:\program files\Steam\steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 16:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 18:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-04-03 17:37 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vidalia]
2009-01-21 02:59 4033618 ----a-w- c:\program files\Vidalia Bundle\Vidalia\vidalia.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile Device Center]
2007-05-31 14:21 648072 ----a-w- c:\windows\WindowsMobile\wmdc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 176128]
R2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [2010-07-09 20328]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-16 135664]
R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2009-06-17 434864]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2010-12-21 30312]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2008-01-30 29736]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-05-27 102448]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-16 135664]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-01-03 121192]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-01-03 12776]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-01-03 136680]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-03 1343400]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2010-01-25 63520]
S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2009-07-13 229888]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-16 19:54]
.
2011-05-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-16 19:54]
.
2011-05-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-345876769-484115345-786241906-1000Core.job
- c:\users\Tyler\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-11 23:40]
.
2011-05-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-345876769-484115345-786241906-1000UA.job
- c:\users\Tyler\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-11 23:40]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = [You must be registered and logged in to see this link.]
uSearchAssistant = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\Tyler\AppData\Roaming\Mozilla\Firefox\Profiles\ftc3srmz.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-RunOnce- - (no file)
MSConfigStartUp-MurGee - c:\program files\Auto Clicker\AutoClicker.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-05-05 15:31:24
ComboFix-quarantined-files.txt 2011-05-05 20:31
.
Pre-Run: 24,994,799,616 bytes free
Post-Run: 29,550,915,584 bytes free
.
- - End Of File - - 652BBDEAA9739A3F09BA8B498810ECE3

tjunger

Newbie Surfer
Newbie Surfer

Posts : 10
Joined : 2011-05-06
Operating System : Windows 7

View user profile

Back to top Go down

Re: MS Removal Tool - MBAM didn't work, currently running OTL.

Post by Belahzur on Fri 06 May 2011, 7:59 am

Hello.

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :OTL
    :files
    c:\programdata\aA06509BoHjJ06509


  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: MS Removal Tool - MBAM didn't work, currently running OTL.

Post by tjunger on Fri 06 May 2011, 8:01 am

========== OTL ==========
========== FILES ==========
c:\programdata\aA06509BoHjJ06509 folder moved successfully.

OTL by OldTimer - Version 3.2.22.3 log created on 05052011_160555

tjunger

Newbie Surfer
Newbie Surfer

Posts : 10
Joined : 2011-05-06
Operating System : Windows 7

View user profile

Back to top Go down

Re: MS Removal Tool - MBAM didn't work, currently running OTL.

Post by Belahzur on Fri 06 May 2011, 8:52 am

Hello.

Run ESET Online Scan
Please do an online scan with ESET Online Scanner. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: MS Removal Tool - MBAM didn't work, currently running OTL.

Post by tjunger on Fri 06 May 2011, 9:49 am

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255)
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=94d7d433b82fba429cb75ba7d73b03f5
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-05-05 10:52:54
# local_time=2011-05-05 05:52:54 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=5893 16776638 100 94 46566423 56177606 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=190183
# found=4
# cleaned=4
# scan_time=3159
C:\Users\Tyler\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\47b837e3-168c588a probably a variant of Win32/Agent.RPSVWU trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Tyler\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51\425fc2f3-7e8356b3 probably a variant of Win32/Agent.RPSVWU trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q2KUAN6G\s00a106201317r0409R1b37bd83Xaeb4fb15Ye563ffd4Z0100f080[1].pdf JS/Exploit.Pdfka.OCR.Gen trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\05052011_143235\C_ProgramData\aA06509BoHjJ06509\aA06509BoHjJ06509.exe a variant of Win32/Kryptik.NJX trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

tjunger

Newbie Surfer
Newbie Surfer

Posts : 10
Joined : 2011-05-06
Operating System : Windows 7

View user profile

Back to top Go down

Re: MS Removal Tool - MBAM didn't work, currently running OTL.

Post by Belahzur on Sat 07 May 2011, 6:40 am

I see that you are running Limewire.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

  • Click Start >> Control Panel.
  • Under the Programs click Uninstall a Program
  • Highlight the following:

    Adobe Reader 9.4.1
    Java(TM) 6 Update 21
    LimeWire 5.3.6
    µTorrent

  • Click on the Uninstall/Change button at the top.

Just need to update a few programs now.

Updating Java:

  • Download the latest version of Java SE Runtime Environment (JRE) 6 Update 25.
  • Click the "Download JRE" button to the right.
  • In the Window that opens, select your platform, check the "agree" box, and click Continue.
  • Click on the link to download Windows Offline Installation and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Then from your desktop double-click on jre-6u25-windows-i586.exe that you downloaded to install the newest version.

Download and install VLC Player 1.1.9
When installing, it will ask if you want to uninstall the old version first before it can install the new version, so please select yes and allow it to install.

Then download and install Adobe Reader X

How is the machine running now?


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: MS Removal Tool - MBAM didn't work, currently running OTL.

Post by tjunger on Sat 07 May 2011, 6:53 am

It's running great! Thanks so much. I was actually able to do the work necessary for me to pass a final exam last night because of your help yesterday.

I'll be updating and uninstalling as you recommend later in the day, but again - thanks so much. People like you are a blessing for the rest of us.

t

tjunger

Newbie Surfer
Newbie Surfer

Posts : 10
Joined : 2011-05-06
Operating System : Windows 7

View user profile

Back to top Go down

Re: MS Removal Tool - MBAM didn't work, currently running OTL.

Post by Belahzur on Sat 07 May 2011, 7:20 am

Once you have follow the instructions in my previous post, give this a read, it will help keep you safe.

Please read the following information that I have provided, which will help you prevent malicious software in the future. Please keep in mind, malware is a continuous danger on the Internet. It is highly important to stay safe while browsing, to prevent re-infection.

Software recommendations

AntiSpyware

  • SpywareBlaster
    SpywareBlaster is a program that prevents spyware from installing on your computer. A tutorial on using SpywareBlaster may be found here.
  • Spybot - Search & Destroy.
    Spybot - Search & Destroy is a spyware and adware removal program. It also has realtime protection, TeaTimer to help safeguard your computer against spyware. (The link for Spybot - Search & Destroy contains a tutorial that will help you download, install, and begin using Spybot).

NOTE: Please keep ALL of these programs up-to-date and run them whenever you suspect a problem to prevent malware problems.

Resident Protection help
A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall, and scanning anti-spyware program at a time. Passive protectors such as SpywareBlaster can be run with any of them.

Rogue programs help
There are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:
[You must be registered and logged in to see this link.]

Securing your computer

  • Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  • hpHosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is your local computer's loopback address, meaning it will be difficult to infect your computer in the future.

Please consider using an alternate browser
Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScript, can make it even more secure. Opera is another good option.

If you are interested:

  • Firefox may be downloaded from here: [You must be registered and logged in to see this link.]
  • Opera is available here: [You must be registered and logged in to see this link.]
  • Google Chrome is available here: Google Chrome
  • SRWare Iron is available here: SRWare Iron

Thank you for choosing GeekPolice. [You must be registered and logged in to see this link.]


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: MS Removal Tool - MBAM didn't work, currently running OTL.

Post by Sponsored content Today at 6:10 am


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum