Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Solved: Little brother's laptop is slow....help?


(!)

eddie5659's Avatar
Computer Specs
Moderator & Malware Removal Specialist with 28,353 posts.
 
Join Date: Mar 2001
Location: Bradford, England
15-Jul-2012, 12:23 PM #16
The fix that I posted with OTL removes malware that is in the registry. I just post the erunt backup tool as a precaution, but 99.999% of the time nothing bad happens, with the fixes

Also, you're not going into the Registry yourself, OTL does it all for you. You only need to run the tool as I posted, and then post the logs
__________________
Just go with the flow, like a twig on the shoulders of a mighty stream

MVP in Consumer Security
12FindersKeepers's Avatar
12FindersKeepers 12FindersKeepers is offline
Computer Specs
Member with 75 posts.
THREAD STARTER
 
Join Date: Apr 2012
Location: California
Experience: Beginner
15-Jul-2012, 04:59 PM #17
Okay well OTL on the first run froze on me and I don't think it produced a log....perhaps it was because I had to leave the laptop for awhile to eat and the screen went on standby....so I ran it again and it all went through okay. The computer seems faster on internet loading and everything. Thanks a ton!

Here is the OTL fix log:

All processes killed
========== OTL ==========
Error: No service named NwlnkFwd was found to stop!
Service\Driver key NwlnkFwd not found.
File system32\DRIVERS\nwlnkfwd.sys not found.
Error: No service named NwlnkFlt was found to stop!
Service\Driver key NwlnkFlt not found.
File system32\DRIVERS\nwlnkflt.sys not found.
Error: No service named MpKslff758f63 was found to stop!
Service\Driver key MpKslff758f63 not found.
File c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7894F71F-D515-458F-B13B-9BF0133C217E}\MpKslff758f63.sys not found.
Error: No service named MpKsld9296210 was found to stop!
Service\Driver key MpKsld9296210 not found.
File c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D3D075CE-D7A4-4EAC-AE07-AEC9B4F294D7}\MpKsld9296210.sys not found.
Error: No service named MpKslca246bd7 was found to stop!
Service\Driver key MpKslca246bd7 not found.
File c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A33D4720-FDDD-4B65-A78A-FD16A480B7CA}\MpKslca246bd7.sys not found.
Error: No service named MpKslb7bc710a was found to stop!
Service\Driver key MpKslb7bc710a not found.
File c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{43D05BE9-72A0-4739-88E0-12F3AD0ECC63}\MpKslb7bc710a.sys not found.
Error: No service named MpKsla11cf7bb was found to stop!
Service\Driver key MpKsla11cf7bb not found.
File c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E7A4B302-B307-46FF-9DDE-5E80ED987E5C}\MpKsla11cf7bb.sys not found.
Error: No service named MpKsl9cac146f was found to stop!
Service\Driver key MpKsl9cac146f not found.
File c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{89D6808A-FFA3-47E4-B581-E2514B65866E}\MpKsl9cac146f.sys not found.
Error: No service named MpKsl955ee223 was found to stop!
Service\Driver key MpKsl955ee223 not found.
File c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E7A4B302-B307-46FF-9DDE-5E80ED987E5C}\MpKsl955ee223.sys not found.
Error: No service named MpKsl8bef60fb was found to stop!
Service\Driver key MpKsl8bef60fb not found.
File c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{89D6808A-FFA3-47E4-B581-E2514B65866E}\MpKsl8bef60fb.sys not found.
Error: No service named MpKsl83e5224d was found to stop!
Service\Driver key MpKsl83e5224d not found.
File c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0B2DA231-BCA7-4A76-9E20-FE44FD63B2DB}\MpKsl83e5224d.sys not found.
Error: No service named MpKsl77c355e6 was found to stop!
Service\Driver key MpKsl77c355e6 not found.
File c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E051CFA5-5372-49EC-BCA0-0B9DFCEBF0BB}\MpKsl77c355e6.sys not found.
Error: No service named MpKsl67f629ec was found to stop!
Service\Driver key MpKsl67f629ec not found.
File c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{97C81E7B-C351-497D-8D50-3F333AB423DE}\MpKsl67f629ec.sys not found.
Error: No service named MpKsl604f3001 was found to stop!
Service\Driver key MpKsl604f3001 not found.
File c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E38FDB35-2EF7-4757-A1E0-14BE3863BF68}\MpKsl604f3001.sys not found.
Error: No service named MpKsl5b54688f was found to stop!
Service\Driver key MpKsl5b54688f not found.
File c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B386422E-F992-4A2D-B625-21ABA1BFC034}\MpKsl5b54688f.sys not found.
Error: No service named MpKsl49269eae was found to stop!
Service\Driver key MpKsl49269eae not found.
File c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1765BF74-4FCC-4740-80D5-583D0DF1D262}\MpKsl49269eae.sys not found.
Error: No service named MpKsl4520ecbb was found to stop!
Service\Driver key MpKsl4520ecbb not found.
File c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{96E1E807-24E6-4013-8DDE-9ABF565F3404}\MpKsl4520ecbb.sys not found.
Error: No service named MpKsl3fb4efde was found to stop!
Service\Driver key MpKsl3fb4efde not found.
File c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{661FE33E-1DD1-4924-9BA1-82928B858F84}\MpKsl3fb4efde.sys not found.
Error: No service named MpKsl33da49c2 was found to stop!
Service\Driver key MpKsl33da49c2 not found.
File c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{97C81E7B-C351-497D-8D50-3F333AB423DE}\MpKsl33da49c2.sys not found.
Error: No service named MpKsl328be7e7 was found to stop!
Service\Driver key MpKsl328be7e7 not found.
File c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{43D05BE9-72A0-4739-88E0-12F3AD0ECC63}\MpKsl328be7e7.sys not found.
Error: No service named MpKsl3232f0b3 was found to stop!
Service\Driver key MpKsl3232f0b3 not found.
File c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{96E1E807-24E6-4013-8DDE-9ABF565F3404}\MpKsl3232f0b3.sys not found.
Error: No service named MpKsl11b72986 was found to stop!
Service\Driver key MpKsl11b72986 not found.
File c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2B0EAF3B-B431-47F1-AC51-533F80A9D8A9}\MpKsl11b72986.sys not found.
Error: No service named MpKsl0c27eaf7 was found to stop!
Service\Driver key MpKsl0c27eaf7 not found.
File c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1765BF74-4FCC-4740-80D5-583D0DF1D262}\MpKsl0c27eaf7.sys not found.
Error: No service named IpInIp was found to stop!
Service\Driver key IpInIp not found.
File system32\DRIVERS\ipinip.sys not found.
Error: No service named EagleXNt was found to stop!
Service\Driver key EagleXNt not found.
File C:\Windows\system32\drivers\EagleXNt.sys not found.
Error: No service named EagleNT was found to stop!
Service\Driver key EagleNT not found.
File C:\Windows\system32\drivers\EagleNT.sys not found.
Error: No service named catchme was found to stop!
Service\Driver key catchme not found.
File C:\Users\SBETV4~1\AppData\Local\Temp\catchme.sys not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default| /E : value set successfully!
HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default| /E : value set successfully!
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default| /E : value set successfully!
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default| /E : value set successfully!
HKU\S-1-5-21-646801015-3057517687-3105904186-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CD292324-974F-4224-D074-CACA427AA030} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CD292324-974F-4224-D074-CACA427AA030}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CD292324-974F-4224-D074-CACA427AA030} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CD292324-974F-4224-D074-CACA427AA030}\ not found.
Registry value HKEY_USERS\S-1-5-21-646801015-3057517687-3105904186-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ not found.
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-21-646801015-3057517687-3105904186-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{1803B9EF-9905-4F34-AFC4-05D1BAB28801}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1803B9EF-9905-4F34-AFC4-05D1BAB28801}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{1803B9EF-9905-4F34-AFC4-05D1BAB28801}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1803B9EF-9905-4F34-AFC4-05D1BAB28801}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{4EC8E993-32C1-47F5-A07A-5B0574655AD4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4EC8E993-32C1-47F5-A07A-5B0574655AD4}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{4EC8E993-32C1-47F5-A07A-5B0574655AD4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4EC8E993-32C1-47F5-A07A-5B0574655AD4}\ not found.
File/Folder C:\Windows\*.tmp not found.
Unable to delete ADS C:\ProgramData\TEMP:5D432CE3 .
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\sbetv 45\Desktop\cmd.bat deleted successfully.
C:\Users\sbetv 45\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: sbetv 45
->Temp folder emptied: 32201 bytes
->Temporary Internet Files folder emptied: 380547937 bytes
->Java cache emptied: 1 bytes
->Google Chrome cache emptied: 346496031 bytes
->Flash cache emptied: 11984 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 17799840 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 104 bytes

Total Files Cleaned = 710.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Public

User: sbetv 45
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Public

User: sbetv 45
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.53.1 log created on 07152012_134559
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
12FindersKeepers's Avatar
12FindersKeepers 12FindersKeepers is offline
Computer Specs
Member with 75 posts.
THREAD STARTER
 
Join Date: Apr 2012
Location: California
Experience: Beginner
15-Jul-2012, 05:15 PM #18
Here is the final OTL scan Log:

OTL logfile created on: 7/15/2012 2:02:01 PM - Run 2
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\sbetv 45\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19272)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.96 Gb Total Physical Memory | 0.97 Gb Available Physical Memory | 49.61% Memory free
4.16 Gb Paging File | 2.92 Gb Available in Paging File | 70.20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 134.36 Gb Total Space | 46.53 Gb Free Space | 34.63% Space Free | Partition Type: NTFS
Drive E: | 14.65 Gb Total Space | 9.52 Gb Free Space | 65.00% Space Free | Partition Type: NTFS

Computer Name: SBETV45-PC | User Name: sbetv 45 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/09 21:14:18 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\sbetv 45\Desktop\OTL.exe
PRC - [2012/06/19 17:32:30 | 003,048,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012/04/16 17:49:06 | 000,193,616 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\7.1.382.0\BBSvc.EXE
PRC - [2010/11/11 12:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2009/11/13 14:15:00 | 001,807,600 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
PRC - [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/01/05 15:19:10 | 000,824,560 | ---- | M] (Dell Inc.) -- c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
PRC - [2009/01/05 15:19:10 | 000,480,496 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell Remote Access\ezi_ra.exe
PRC - [2008/12/14 21:13:50 | 000,483,420 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2008/12/14 21:13:46 | 000,241,746 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\stacsv.ex e
PRC - [2008/12/14 21:13:30 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\AEstSrv.e xe
PRC - [2008/09/23 20:09:52 | 001,295,656 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DellDock.exe
PRC - [2008/09/23 20:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/09/03 22:29:18 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2008/09/03 22:29:10 | 000,200,704 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2008/09/03 22:29:10 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2008/09/03 22:29:10 | 000,046,376 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2008/05/23 12:06:08 | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2008/05/07 15:41:14 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/05/07 15:41:12 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/19 20:23:36 | 015,880,192 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MenuSkinning\e4ead33e7390326 a9814a511c566054b\MenuSkinning.ni.dll
MOD - [2012/06/19 20:23:11 | 000,284,160 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\VistaBridgeLibrary\53ff6fb64 982a15d164f25e727be6bb4\VistaBridgeLibrary.ni.dll
MOD - [2012/06/19 20:23:10 | 002,500,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\DellDock\a2117f9d2b967019388 9149f0ec777d5\DellDock.ni.exe
MOD - [2012/06/19 20:23:07 | 000,274,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MyDock.Util\d8dfd44874319430 9366caa97c215c21\MyDock.Util.ni.dll
MOD - [2012/06/19 20:23:03 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\508b444db523c5cf2 0ff12c7f440837b\System.Web.ni.dll
MOD - [2012/06/19 20:22:47 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\663112d3 002034cf5126be253efff60d\System.Web.Services.ni.dll
MOD - [2012/06/19 19:35:49 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cf a7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll
MOD - [2012/06/19 19:35:29 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c 657113e676b3a9015aa\System.Drawing.ni.dll
MOD - [2012/05/12 11:04:03 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f3d4d5fe5a b848fbfcf91a49960dc8ae\System.Management.ni.dll
MOD - [2012/05/12 11:03:50 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf 2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll
MOD - [2012/05/12 11:03:26 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaa a03ddc15d1840207b5a480644\System.Configuration.ni.dll
MOD - [2012/05/12 11:03:01 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\1b337cf9a03114 5849bc48c11b2cfe58\Accessibility.ni.dll
MOD - [2012/05/12 09:07:20 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9 056d9eb6157687a\System.Xml.ni.dll
MOD - [2012/05/12 09:04:24 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31 935ef7d001b\System.ni.dll
MOD - [2012/05/12 09:03:28 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444 f8b551baa9cbf\mscorlib.ni.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/11/13 14:15:00 | 001,807,600 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
MOD - [2009/11/13 14:15:00 | 000,275,696 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\SdbShared.dll
MOD - [2009/11/13 14:15:00 | 000,152,816 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\SdbShared.XmlSerializers.dll
MOD - [2009/11/13 14:15:00 | 000,095,472 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\SdbUI.dll
MOD - [2009/11/13 14:15:00 | 000,017,648 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\CppUtils.dll
MOD - [2008/12/22 03:32:38 | 000,054,784 | ---- | M] () -- C:\Windows\System32\bcmwlrmt.dll
MOD - [2008/11/03 07:54:00 | 000,058,608 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\BalloonWindow.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/07/11 13:31:02 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/06/19 17:32:30 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/06/07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/04/16 17:49:06 | 000,240,208 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files\Microsoft\BingBar\7.1.382.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012/04/16 17:49:06 | 000,193,616 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\7.1.382.0\BBSvc.EXE -- (BBSvc)
SRV - [2010/11/11 12:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/04/16 21:34:18 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2009/01/05 15:19:10 | 000,824,560 | ---- | M] (Dell Inc.) [Auto | Running] -- c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe -- (hnmsvc)
SRV - [2008/12/14 21:13:46 | 000,241,746 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\stacsv.ex e -- (STacSV)
SRV - [2008/12/14 21:13:30 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\AEstSrv.e xe -- (AESTFilters)
SRV - [2008/09/23 20:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008/05/07 15:41:14 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2008/01/20 19:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2005/11/17 12:18:52 | 001,527,900 | ---- | M] (MAGIX) [On_Demand | Stopped] -- C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)


========== Driver Services (SafeList) ==========

DRV - [2012/03/17 12:12:45 | 000,028,752 | ---- | M] () [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CFCE5504-FD48-408D-B6C6-6439EF4FCC56}\MpKsl0cd16913.sys -- (MpKsl0cd16913)
DRV - [2012/03/17 11:57:20 | 000,028,752 | ---- | M] () [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CFCE5504-FD48-408D-B6C6-6439EF4FCC56}\MpKsl7816b24b.sys -- (MpKsl7816b24b)
DRV - [2012/03/17 11:54:04 | 000,028,752 | ---- | M] () [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CFCE5504-FD48-408D-B6C6-6439EF4FCC56}\MpKsl930dc5f4.sys -- (MpKsl930dc5f4)
DRV - [2012/03/17 11:51:09 | 000,028,752 | ---- | M] () [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CFCE5504-FD48-408D-B6C6-6439EF4FCC56}\MpKsle7ee57eb.sys -- (MpKsle7ee57eb)
DRV - [2012/03/17 11:44:00 | 000,028,752 | ---- | M] () [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CFCE5504-FD48-408D-B6C6-6439EF4FCC56}\MpKslfb2b28ba.sys -- (MpKslfb2b28ba)
DRV - [2010/10/24 21:25:38 | 000,054,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010/10/24 21:25:38 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2008/12/22 03:32:18 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2008/12/14 21:13:54 | 000,393,216 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2008/09/03 22:29:08 | 000,170,032 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/06/17 09:01:06 | 000,022,016 | ---- | M] (SingleClick Systems) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\packet.sys -- (Packet)
DRV - [2008/01/20 19:32:51 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2007/02/08 06:45:00 | 000,029,184 | ---- | M] (Thesycon GmbH, Germany) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ActionReplayDS.sys -- (ActionReplayDS)
DRV - [2006/11/02 00:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2005/09/23 21:18:32 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MarvinBus.sys -- (MarvinBus)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {B4118B76-F97B-48CC-9434-DA4FDC84418F}
IE - HKLM\..\SearchScopes\{B4118B76-F97B-48CC-9434-DA4FDC84418F}: "URL" = http://search.live.com/results.aspx?...eferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=WLEM&ocid=bb7hp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default =
IE - HKCU\..\SearchScopes,DefaultScope = {B4118B76-F97B-48CC-9434-DA4FDC84418F}
IE - HKCU\..\SearchScopes\{4E47B125-89B0-4A39-9168-29C00A325047}: "URL" = http://delicious.com/search?p={searchTerms}
IE - HKCU\..\SearchScopes\{B4118B76-F97B-48CC-9434-DA4FDC84418F}: "URL" = http://www.bing.com/search?FORM=WLET...c=IE-SearchBox
IE - HKCU\..\SearchScopes\{B72064A2-D918-4327-BF34-3831077DA775}: "URL" = http://www.flickr.com/search/?q={searchTerms}
IE - HKCU\..\SearchScopes\{E2DBB9B9-497D-4FC4-9A34-D2DB5486C5CC}: "URL" = http://search.yahoo.com/search?p={se...-8&fr=chr-yie8
IE - HKCU\..\SearchScopes\{EFE6E0A4-2238-49EF-9CA2-70690D61F601}: "URL" = http://rover.ebay.com/rover/1/711-43...e={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Program Files\Sony Online Entertainment\npsoe.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\sbetv 45\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\sbetv 45\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)



========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googlerigi nalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFiel dTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:ins tantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms},
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\sbetv 45\AppData\Local\Google\Chrome\Application\20.0.1132.47\ppGoogleNaClPluginC hrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\sbetv 45\AppData\Local\Google\Chrome\Application\20.0.1132.47\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\sbetv 45\AppData\Local\Google\Chrome\Application\20.0.1132.47\gcswf32.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Free Realms Installer (Enabled) = C:\Program Files\Sony Online Entertainment\npsoe.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: Google Update (Enabled) = C:\Users\sbetv 45\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\sbetv 45\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\sbetv 45\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Skype Click to Call = C:\Users\sbetv 45\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.0.0.10297_0\
CHR - Extension: Gmail = C:\Users\sbetv 45\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/07/15 13:46:03 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.382.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.382.0\BingExt.dll (Microsoft Corporation.)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - Startup: C:\Users\sbetv 45\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.7.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{43932D4B-2172-4F15-B7AD-BFE8C82A04B1}: DhcpNameServer = 192.168.7.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EE670C0D-A501-449F-B31D-1BEF95EEF805}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Dock.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Dock.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/15 13:24:26 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/07/15 13:20:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2012/07/15 13:20:53 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2012/07/11 12:57:56 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/07/10 21:39:29 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2012/07/09 21:14:15 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\sbetv 45\Desktop\OTL.exe
[2012/07/07 12:25:21 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/07/07 12:25:21 | 000,000,000 | ---D | C] -- C:\Users\sbetv 45\AppData\Local\temp
[2012/07/07 12:24:27 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/07/07 12:12:11 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/07/07 12:12:11 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/07/07 12:12:11 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/07/07 12:12:02 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/07/07 12:11:31 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/07/07 12:09:12 | 004,574,136 | R--- | C] (Swearware) -- C:\Users\sbetv 45\Desktop\alexis123.exe
[2012/07/07 11:54:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012/07/07 11:54:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/07/07 11:53:10 | 000,687,600 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2012/07/07 11:53:09 | 000,772,592 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2012/07/07 11:53:09 | 000,227,824 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012/07/07 11:52:48 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/07/07 11:52:48 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/07/04 19:49:17 | 000,000,000 | ---D | C] -- C:\Users\sbetv 45\AppData\Roaming\Skype
[2012/07/04 19:48:51 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2012/07/04 19:48:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/07/04 19:48:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012/07/04 19:48:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2012/07/04 17:08:51 | 000,000,000 | ---D | C] -- C:\Users\sbetv 45\AppData\Roaming\SUPERAntiSpyware.com
[2012/07/04 17:08:25 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/07/04 12:04:47 | 000,000,000 | ---D | C] -- C:\Users\sbetv 45\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/07/04 12:02:45 | 000,000,000 | ---D | C] -- C:\Users\sbetv 45\AppData\Local\Apps
[2012/07/04 12:02:44 | 000,000,000 | ---D | C] -- C:\Users\sbetv 45\AppData\Local\Deployment
[2012/06/21 11:02:47 | 000,000,000 | ---D | C] -- C:\Nexon
[2012/06/20 19:01:47 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012/06/20 19:01:47 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012/06/20 19:01:06 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012/06/20 19:01:06 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012/06/20 19:01:05 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012/06/20 19:00:50 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012/06/20 19:00:50 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2012/06/17 13:56:21 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/06/17 13:56:21 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/06/17 13:56:18 | 000,629,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/06/17 13:56:17 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/06/17 13:56:17 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2012/06/17 13:56:16 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2012/06/17 13:56:16 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2012/06/17 13:56:16 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/06/17 13:56:15 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/06/17 13:56:15 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2012/06/17 13:56:15 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2012/06/17 13:56:15 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/06/17 13:56:15 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2012/06/17 13:56:15 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2012/06/17 13:56:15 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2012/06/17 13:56:15 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2012/06/17 13:56:15 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2012/06/17 13:56:15 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2009/07/31 15:13:02 | 008,653,312 | ---- | C] (Dell, Inc. ) -- C:\Users\sbetv 45\AppData\Roaming\DataSafeDotNet.exe

========== Files - Modified Within 30 Days ==========

[2012/07/15 13:51:22 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/15 13:51:22 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/15 13:51:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/15 13:46:03 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2012/07/15 13:27:11 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/15 13:20:55 | 000,000,735 | ---- | M] () -- C:\Users\sbetv 45\Desktop\NTREGOPT.lnk
[2012/07/15 13:20:55 | 000,000,716 | ---- | M] () -- C:\Users\sbetv 45\Desktop\ERUNT.lnk
[2012/07/15 13:14:22 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{F2018F0D-A0FB-46E3-9DF5-F15EB19FD11C}.job
[2012/07/15 13:13:06 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-646801015-3057517687-3105904186-1000UA.job
[2012/07/15 13:13:03 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-646801015-3057517687-3105904186-1000Core.job
[2012/07/14 18:00:02 | 000,000,448 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration.job
[2012/07/11 14:14:34 | 000,002,059 | ---- | M] () -- C:\Users\sbetv 45\Desktop\Google Chrome.lnk
[2012/07/11 13:31:01 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/07/11 13:31:01 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/07/11 13:23:59 | 000,369,656 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/07/11 13:04:07 | 211,352,611 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/07/09 21:14:18 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\sbetv 45\Desktop\OTL.exe
[2012/07/07 12:09:33 | 004,574,136 | R--- | M] (Swearware) -- C:\Users\sbetv 45\Desktop\alexis123.exe
[2012/07/07 12:08:51 | 000,000,512 | ---- | M] () -- C:\Users\sbetv 45\Desktop\MBR.dat
[2012/07/07 11:52:18 | 000,772,592 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2012/07/07 11:52:18 | 000,227,824 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012/07/07 11:52:18 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/07/07 11:52:18 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/07/07 11:52:17 | 000,687,600 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2012/07/04 19:48:51 | 000,001,878 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/07/04 17:35:44 | 000,002,642 | ---- | M] () -- C:\Users\sbetv 45\AppData\Roaming\wklnhst.dat
[2012/07/04 15:20:11 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/04 12:12:18 | 000,000,104 | ---- | M] () -- C:\Users\sbetv 45\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet - Shortcut.lnk
[2012/06/21 11:11:50 | 000,000,204 | ---- | M] () -- C:\Users\Public\Desktop\MapleStory.url
[2012/06/17 15:08:15 | 000,606,602 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/06/17 15:08:15 | 000,105,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat

========== Files Created - No Company Name ==========

[2012/07/15 13:20:55 | 000,000,735 | ---- | C] () -- C:\Users\sbetv 45\Desktop\NTREGOPT.lnk
[2012/07/15 13:20:55 | 000,000,716 | ---- | C] () -- C:\Users\sbetv 45\Desktop\ERUNT.lnk
[2012/07/08 20:42:29 | 000,002,059 | ---- | C] () -- C:\Users\sbetv 45\Desktop\Google Chrome.lnk
[2012/07/07 12:12:11 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/07/07 12:12:11 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/07/07 12:12:11 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/07/07 12:12:11 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/07/07 12:12:11 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/07/07 12:08:51 | 000,000,512 | ---- | C] () -- C:\Users\sbetv 45\Desktop\MBR.dat
[2012/07/04 19:48:51 | 000,001,878 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/07/04 12:12:18 | 000,000,104 | ---- | C] () -- C:\Users\sbetv 45\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet - Shortcut.lnk
[2012/07/04 12:03:13 | 000,000,920 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-646801015-3057517687-3105904186-1000UA.job
[2012/07/04 12:03:12 | 000,000,868 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-646801015-3057517687-3105904186-1000Core.job
[2012/06/21 11:11:49 | 000,000,204 | ---- | C] () -- C:\Users\Public\Desktop\MapleStory.url
[2010/09/01 19:44:07 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2010/09/01 19:44:06 | 000,073,220 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2010/09/01 19:44:06 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2010/09/01 19:44:06 | 000,029,114 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2010/09/01 19:44:06 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2010/09/01 19:44:06 | 000,021,021 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2010/09/01 19:44:06 | 000,015,670 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2010/09/01 19:44:06 | 000,013,280 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2010/09/01 19:44:06 | 000,010,673 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2010/09/01 19:44:06 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2010/09/01 19:44:06 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2010/09/01 19:44:06 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2010/09/01 19:44:06 | 000,001,137 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2010/09/01 19:44:06 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2010/09/01 19:44:06 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2010/09/01 19:44:06 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2010/09/01 19:43:02 | 000,000,053 | ---- | C] () -- C:\Windows\EPSCX7400.ini
[2010/06/30 13:21:31 | 000,000,552 | ---- | C] () -- C:\Users\sbetv 45\AppData\Local\d3d8caps.dat
[2009/08/09 11:57:37 | 000,006,756 | ---- | C] () -- C:\Users\sbetv 45\AppData\Local\d3d9caps.dat
[2009/05/06 18:47:04 | 000,002,642 | ---- | C] () -- C:\Users\sbetv 45\AppData\Roaming\wklnhst.dat
[2009/04/21 21:13:58 | 000,014,336 | ---- | C] () -- C:\Users\sbetv 45\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Custom Scans ==========

< type C:\Windows\system32\tasks\{532D699D-35A7-4501-85CC-EE8A4685288C} /c >
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo />
<Triggers>
<RegistrationTrigger>
<Enabled>true</Enabled>
</RegistrationTrigger>
</Triggers>
<Settings>
<IdleSettings>
<Duration>PT10M</Duration>
<WaitTimeout>PT1H</WaitTimeout>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\Windows\system32\pcalua.exe</Command>
<Arguments>-a F:\setup.exe -d F:\</Arguments>
</Exec>
</Actions>
<Principals>
<Principal id="Author">
<UserId>sbetv45-PC\sbetv 45</UserId>
<LogonType>InteractiveToken</LogonType>
</Principal>
</Principals>
</Task>

========== Alternate Data Streams ==========

@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:5D432CE3
< End of report >
eddie5659's Avatar
Computer Specs
Moderator & Malware Removal Specialist with 28,353 posts.
 
Join Date: Mar 2001
Location: Bradford, England
16-Jul-2012, 02:53 PM #19
Good to hear its a lot faster

Can you run a scan here for me:

Please go to here to run an online scannner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is ticked, and the option Scan unwanted applications is checked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.



On a side note, since the Eset scanner is a 32-bit applcation, If you're running a 64-bit system you have to choose the 32-bit option in IE when running the scan
12FindersKeepers's Avatar
12FindersKeepers 12FindersKeepers is offline
Computer Specs
Member with 75 posts.
THREAD STARTER
 
Join Date: Apr 2012
Location: California
Experience: Beginner
18-Jul-2012, 04:54 PM #20
I ran a scan and it said it was clean.....but I had windows defender enabled without knowing it....how do I go about disabling it, since I'm not sure how to?

This could've affected the scan.... :/
eddie5659's Avatar
Computer Specs
Moderator & Malware Removal Specialist with 28,353 posts.
 
Join Date: Mar 2001
Location: Bradford, England
19-Jul-2012, 03:57 PM #21
It shouldn't cause any problems, but just to be sure, you can disable it as follows:

Open Windows Defender by clicking the Start button. In the search box, type Defender, and then, in the list of results, click Windows Defender.
Click Tools, and then click Options.
Click Real-time protection, and then un-tick the Use real-time protection (recommended) check box.
Select the options you want, and then click Save. If you're prompted for an administrator password or confirmation, type the password or provide confirmation.

Afterwards, to re-enable the protection, go back and tick the box for Use real-time protection (recommended) and Save.

eddie
12FindersKeepers's Avatar
12FindersKeepers 12FindersKeepers is offline
Computer Specs
Member with 75 posts.
THREAD STARTER
 
Join Date: Apr 2012
Location: California
Experience: Beginner
25-Jul-2012, 02:53 AM #22
Alright ran a scan again and said it was clean.

Sorry for the late reply, I was on vacation with my folks.
eddie5659's Avatar
Computer Specs
Moderator & Malware Removal Specialist with 28,353 posts.
 
Join Date: Mar 2001
Location: Bradford, England
26-Jul-2012, 03:03 PM #23
That's okay, we all need holidays away, hope you had a nice time

Good to see the scan was clean, how's the computer running now?

You may want to try these for a bit more of a cleanup:

Clear Cache/Temp Files
Download TFC by OldTimer to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.


Also, its a good idea to keep on top of removing any Temp files etc every month or so. To do this, Windows has a pretty good tool.
  • Go to Start | Programs | Accessories | System Tools | Disk Cleanup
  • It should start straight away, but if you have to select a drive, click on the C-drive.
  • Let it run, and at the end it will give you some boxes to tick.
  • All are okay to enable, then press OK and then Yes to the question after.
  • It will close after its completed.
12FindersKeepers's Avatar
12FindersKeepers 12FindersKeepers is offline
Computer Specs
Member with 75 posts.
THREAD STARTER
 
Join Date: Apr 2012
Location: California
Experience: Beginner
11-Aug-2012, 08:20 PM #24
Alright ran it sorry for the late reply again ^^

Just one quick question...for some reason microsoft security essentials is turned off and I'm not quite sure how to get it back on again...I don't know if its installed or not. Also, at times it takes awhile for the laptop to shut off is that normal?

Also what do I do about the other programs I installed, do I uninstall them?

Thanks so much for helping out!
eddie5659's Avatar
Computer Specs
Moderator & Malware Removal Specialist with 28,353 posts.
 
Join Date: Mar 2001
Location: Bradford, England
14-Aug-2012, 03:12 PM #25
Its okay about the lateness

For the shutting down, does it say any particular program is stopping it, or is it happening when you're on the Desktop and nothing else is running?

For MSE, do you have an icon in your taskbar, near your clock? If so, do this to re-enable it for scanning:

Open MSE and go to Settings > Real Time Protection.
Then uncheck "Turn on real time protection".
Exit MSE when done.

If its not there, have a look in the AddRemove Programs via the Control Panel to see if it is still installed:

Microsoft Security Essentials


We'll remove the other tools we've used, if you're okay, as all the malware has gone. I tend to wait until the original person comes back to say its all clear before we remove them

------------

You can mark this thread Solved at the top of this page, if its all running okay


Any questions about the following, just ask


We have a couple of last steps to perform and then you're all set.

Firstly, lets uninstall the tools we've used:

Follow these steps to uninstall Combofix and tools used in the removal of malware

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /Uninstall



Then, run this:
  • Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.

======================
Uninstall SUPERAntiSpyware and ERUNT from AddRemove Programs.

Also, remove the following from the Desktop, if still there after doing the above:


Security Check
TDSSKiller
aswMBR

==============================

Create Restore Point (Win7)
  • Select Start > Control Panel then double-click on the System icon in the Control Panel.
  • In the left-hand pane click on the System Protection option.
  • When the Dialog comes up, click on the System Protection tab.
  • Check that the drive letter where Windows is located (usually C indicates System protection ON.
    (This indicates System restore is turned ON for the Windows drive).
  • Click on the Create button to create a new restore point. In the Name dialog, type a descriptive name and then click on the Create button.
  • You will get a message that the Restore Point was created successfully. Click on the Close button.
  • Click on the OK button and close the System window in the Control Panel.


Making Internet Explorer More Secure


Go to Control Panel and open the Internet Options. Click on the Advanced tab and do the following:
  • Tick Empty Temporary Internet Files When Browser is Closed under Security. Apply


Then, click on the Security tab and do the following:
  • Make sure the Internet icon is selected.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt.
  • Change the Download unsigned ActiveX controls to Disable.
  • Change the Initialise and script ActiveX controls not marked as safe to Disable.
  • Change the Installation of desktop items to Prompt.
  • Change the Launching programs and files in an IFRAME to Prompt.
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.

Then click on the Advanced tab and do the following:
  • Scroll down to Security section.
  • Tick the box for Empty Tempory Internet Files when Browser is Closed
  • Next press the Apply button and then the OK to exit the Internet Properties page.



Makeing FireFox More Secure

Please visit this page to explain how to make Firefox more secure - How to Secure Firefox


Other Software Updates
It is very important to update the other software on your computer to patch up any security issues you may have. Go HERE to scan your computer for any out of date software. In particular make sure you download the updates for Java and Adobe as these are subject to many security vulnerabilities.

Now that you are clean, to help protect your computer in the future I recommend that you get the following free program:
  • SpywareBlaster to help prevent spyware from installing in the first place.
You should also have a good firewall. You can either use Microsoft Windows Firewall which is good, or a free one available for personal use.

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visitmonthly. And to keep your system clean run this free malware scannerweekly, and be aware of what emails you open and websites you visit.

To learn more about how to protect yourself while on the internet read this about Security online: General Security Information, How to tighten Security Settings and Warnings

Have a safe and happy computing day!

eddie
12FindersKeepers's Avatar
12FindersKeepers 12FindersKeepers is offline
Computer Specs
Member with 75 posts.
THREAD STARTER
 
Join Date: Apr 2012
Location: California
Experience: Beginner
14-Aug-2012, 05:41 PM #26
Yup when shutting down its only the desktop and no other programs running, it takes a couple of minutes rather than a couple of seconds. On opening up the internet too it takes awhile to load and then once its loaded it runs fine.

Also MSE seems to be missing...I don't remember uninstalling it. Could it have been caused by the infection?

Thanks for the help
eddie5659's Avatar
Computer Specs
Moderator & Malware Removal Specialist with 28,353 posts.
 
Join Date: Mar 2001
Location: Bradford, England
19-Aug-2012, 02:14 PM #27
Well, at the beginning it just says its disabled, but then when I checked some of the later logs, its missing, which is strange.

So, what we can do is re-install it. If it is still installed, but not showing fully, you can normally install again over the top, which will replace any corrupted files.

Before doing so, lets create a restore point:
  • Select Start > Control Panel then double-click on the System icon in the Control Panel.
  • In the left-hand pane click on the System Protection option.
  • When the Dialog comes up, click on the System Protection tab.
  • Check that the drive letter where Windows is located (usually C indicates System protection ON.
    (This indicates System restore is turned ON for the Windows drive).
  • Click on the Create button to create a new restore point. In the Name dialog, type a descriptive name and then click on the Create button.
  • You will get a message that the Restore Point was created successfully. Click on the Close button.
  • Click on the OK button and close the System window in the Control Panel.

Then, download MSE from here:

http://windows.microsoft.com/en-US/w...als?SignedIn=1

And install as normal.

Reboot and see if it worked okay.

eddie
12FindersKeepers's Avatar
12FindersKeepers 12FindersKeepers is offline
Computer Specs
Member with 75 posts.
THREAD STARTER
 
Join Date: Apr 2012
Location: California
Experience: Beginner
30-Aug-2012, 01:46 AM #28
Okie dokie, downloaded it and I got security essentials back

Thanks for all of your help! Closing the log now.
eddie5659's Avatar
Computer Specs
Moderator & Malware Removal Specialist with 28,353 posts.
 
Join Date: Mar 2001
Location: Bradford, England
30-Aug-2012, 05:18 PM #29
Excellent

Good to hear its all working okay

eddie
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


Tags
essentials, microsoft, security, slow, vista

(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑