1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Little brother's laptop is slow....help?

Discussion in 'Virus & Other Malware Removal' started by 12FindersKeepers, Jul 4, 2012.

Thread Status:
Not open for further replies.
Advertisement
  1. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    28,800
    The fix that I posted with OTL removes malware that is in the registry. I just post the erunt backup tool as a precaution, but 99.999% of the time nothing bad happens, with the fixes ;)

    Also, you're not going into the Registry yourself, OTL does it all for you. You only need to run the tool as I posted, and then post the logs :)
     
  2. 12FindersKeepers

    12FindersKeepers Thread Starter

    Joined:
    Apr 27, 2012
    Messages:
    84
    Okay well OTL on the first run froze on me and I don't think it produced a log....perhaps it was because I had to leave the laptop for awhile to eat and the screen went on standby....so I ran it again and it all went through okay. The computer seems faster on internet loading and everything. :) Thanks a ton!

    Here is the OTL fix log:

    All processes killed
    ========== OTL ==========
    Error: No service named NwlnkFwd was found to stop!
    Service\Driver key NwlnkFwd not found.
    File system32\DRIVERS\nwlnkfwd.sys not found.
    Error: No service named NwlnkFlt was found to stop!
    Service\Driver key NwlnkFlt not found.
    File system32\DRIVERS\nwlnkflt.sys not found.
    Error: No service named MpKslff758f63 was found to stop!
    Service\Driver key MpKslff758f63 not found.
    File c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7894F71F-D515-458F-B13B-9BF0133C217E}\MpKslff758f63.sys not found.
    Error: No service named MpKsld9296210 was found to stop!
    Service\Driver key MpKsld9296210 not found.
    File c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D3D075CE-D7A4-4EAC-AE07-AEC9B4F294D7}\MpKsld9296210.sys not found.
    Error: No service named MpKslca246bd7 was found to stop!
    Service\Driver key MpKslca246bd7 not found.
    File c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A33D4720-FDDD-4B65-A78A-FD16A480B7CA}\MpKslca246bd7.sys not found.
    Error: No service named MpKslb7bc710a was found to stop!
    Service\Driver key MpKslb7bc710a not found.
    File c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{43D05BE9-72A0-4739-88E0-12F3AD0ECC63}\MpKslb7bc710a.sys not found.
    Error: No service named MpKsla11cf7bb was found to stop!
    Service\Driver key MpKsla11cf7bb not found.
    File c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E7A4B302-B307-46FF-9DDE-5E80ED987E5C}\MpKsla11cf7bb.sys not found.
    Error: No service named MpKsl9cac146f was found to stop!
    Service\Driver key MpKsl9cac146f not found.
    File c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{89D6808A-FFA3-47E4-B581-E2514B65866E}\MpKsl9cac146f.sys not found.
    Error: No service named MpKsl955ee223 was found to stop!
    Service\Driver key MpKsl955ee223 not found.
    File c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E7A4B302-B307-46FF-9DDE-5E80ED987E5C}\MpKsl955ee223.sys not found.
    Error: No service named MpKsl8bef60fb was found to stop!
    Service\Driver key MpKsl8bef60fb not found.
    File c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{89D6808A-FFA3-47E4-B581-E2514B65866E}\MpKsl8bef60fb.sys not found.
    Error: No service named MpKsl83e5224d was found to stop!
    Service\Driver key MpKsl83e5224d not found.
    File c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0B2DA231-BCA7-4A76-9E20-FE44FD63B2DB}\MpKsl83e5224d.sys not found.
    Error: No service named MpKsl77c355e6 was found to stop!
    Service\Driver key MpKsl77c355e6 not found.
    File c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E051CFA5-5372-49EC-BCA0-0B9DFCEBF0BB}\MpKsl77c355e6.sys not found.
    Error: No service named MpKsl67f629ec was found to stop!
    Service\Driver key MpKsl67f629ec not found.
    File c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{97C81E7B-C351-497D-8D50-3F333AB423DE}\MpKsl67f629ec.sys not found.
    Error: No service named MpKsl604f3001 was found to stop!
    Service\Driver key MpKsl604f3001 not found.
    File c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E38FDB35-2EF7-4757-A1E0-14BE3863BF68}\MpKsl604f3001.sys not found.
    Error: No service named MpKsl5b54688f was found to stop!
    Service\Driver key MpKsl5b54688f not found.
    File c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B386422E-F992-4A2D-B625-21ABA1BFC034}\MpKsl5b54688f.sys not found.
    Error: No service named MpKsl49269eae was found to stop!
    Service\Driver key MpKsl49269eae not found.
    File c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1765BF74-4FCC-4740-80D5-583D0DF1D262}\MpKsl49269eae.sys not found.
    Error: No service named MpKsl4520ecbb was found to stop!
    Service\Driver key MpKsl4520ecbb not found.
    File c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{96E1E807-24E6-4013-8DDE-9ABF565F3404}\MpKsl4520ecbb.sys not found.
    Error: No service named MpKsl3fb4efde was found to stop!
    Service\Driver key MpKsl3fb4efde not found.
    File c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{661FE33E-1DD1-4924-9BA1-82928B858F84}\MpKsl3fb4efde.sys not found.
    Error: No service named MpKsl33da49c2 was found to stop!
    Service\Driver key MpKsl33da49c2 not found.
    File c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{97C81E7B-C351-497D-8D50-3F333AB423DE}\MpKsl33da49c2.sys not found.
    Error: No service named MpKsl328be7e7 was found to stop!
    Service\Driver key MpKsl328be7e7 not found.
    File c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{43D05BE9-72A0-4739-88E0-12F3AD0ECC63}\MpKsl328be7e7.sys not found.
    Error: No service named MpKsl3232f0b3 was found to stop!
    Service\Driver key MpKsl3232f0b3 not found.
    File c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{96E1E807-24E6-4013-8DDE-9ABF565F3404}\MpKsl3232f0b3.sys not found.
    Error: No service named MpKsl11b72986 was found to stop!
    Service\Driver key MpKsl11b72986 not found.
    File c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2B0EAF3B-B431-47F1-AC51-533F80A9D8A9}\MpKsl11b72986.sys not found.
    Error: No service named MpKsl0c27eaf7 was found to stop!
    Service\Driver key MpKsl0c27eaf7 not found.
    File c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1765BF74-4FCC-4740-80D5-583D0DF1D262}\MpKsl0c27eaf7.sys not found.
    Error: No service named IpInIp was found to stop!
    Service\Driver key IpInIp not found.
    File system32\DRIVERS\ipinip.sys not found.
    Error: No service named EagleXNt was found to stop!
    Service\Driver key EagleXNt not found.
    File C:\Windows\system32\drivers\EagleXNt.sys not found.
    Error: No service named EagleNT was found to stop!
    Service\Driver key EagleNT not found.
    File C:\Windows\system32\drivers\EagleNT.sys not found.
    Error: No service named catchme was found to stop!
    Service\Driver key catchme not found.
    File C:\Users\SBETV4~1\AppData\Local\Temp\catchme.sys not found.
    HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default| /E : value set successfully!
    HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default| /E : value set successfully!
    HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default| /E : value set successfully!
    HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default| /E : value set successfully!
    HKU\S-1-5-21-646801015-3057517687-3105904186-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default| /E : value set successfully!
    Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
    Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CD292324-974F-4224-D074-CACA427AA030} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CD292324-974F-4224-D074-CACA427AA030}\ not found.
    Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CD292324-974F-4224-D074-CACA427AA030} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CD292324-974F-4224-D074-CACA427AA030}\ not found.
    Registry value HKEY_USERS\S-1-5-21-646801015-3057517687-3105904186-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ not found.
    Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
    Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
    Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
    Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
    Registry key HKEY_USERS\S-1-5-21-646801015-3057517687-3105904186-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
    Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{1803B9EF-9905-4F34-AFC4-05D1BAB28801}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1803B9EF-9905-4F34-AFC4-05D1BAB28801}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{1803B9EF-9905-4F34-AFC4-05D1BAB28801}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1803B9EF-9905-4F34-AFC4-05D1BAB28801}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{4EC8E993-32C1-47F5-A07A-5B0574655AD4}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4EC8E993-32C1-47F5-A07A-5B0574655AD4}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{4EC8E993-32C1-47F5-A07A-5B0574655AD4}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4EC8E993-32C1-47F5-A07A-5B0574655AD4}\ not found.
    File/Folder C:\Windows\*.tmp not found.
    Unable to delete ADS C:\ProgramData\TEMP:5D432CE3 .
    ========== FILES ==========
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\Users\sbetv 45\Desktop\cmd.bat deleted successfully.
    C:\Users\sbetv 45\Desktop\cmd.txt deleted successfully.
    ========== COMMANDS ==========
    C:\Windows\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: sbetv 45
    ->Temp folder emptied: 32201 bytes
    ->Temporary Internet Files folder emptied: 380547937 bytes
    ->Java cache emptied: 1 bytes
    ->Google Chrome cache emptied: 346496031 bytes
    ->Flash cache emptied: 11984 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 17799840 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 104 bytes

    Total Files Cleaned = 710.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Default

    User: Default User

    User: Public

    User: sbetv 45
    ->Java cache emptied: 0 bytes

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default

    User: Default User

    User: Public

    User: sbetv 45
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb

    Restore point Set: OTL Restore Point

    OTL by OldTimer - Version 3.2.53.1 log created on 07152012_134559
    Files\Folders moved on Reboot...
    PendingFileRenameOperations files...
    Registry entries deleted on Reboot...
     
  3. 12FindersKeepers

    12FindersKeepers Thread Starter

    Joined:
    Apr 27, 2012
    Messages:
    84
    Here is the final OTL scan Log:

    OTL logfile created on: 7/15/2012 2:02:01 PM - Run 2
    OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\sbetv 45\Desktop
    Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.19272)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.96 Gb Total Physical Memory | 0.97 Gb Available Physical Memory | 49.61% Memory free
    4.16 Gb Paging File | 2.92 Gb Available in Paging File | 70.20% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 134.36 Gb Total Space | 46.53 Gb Free Space | 34.63% Space Free | Partition Type: NTFS
    Drive E: | 14.65 Gb Total Space | 9.52 Gb Free Space | 65.00% Space Free | Partition Type: NTFS

    Computer Name: SBETV45-PC | User Name: sbetv 45 | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/07/09 21:14:18 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\sbetv 45\Desktop\OTL.exe
    PRC - [2012/06/19 17:32:30 | 003,048,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    PRC - [2012/04/16 17:49:06 | 000,193,616 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\7.1.382.0\BBSvc.EXE
    PRC - [2010/11/11 12:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
    PRC - [2009/11/13 14:15:00 | 001,807,600 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
    PRC - [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2009/01/05 15:19:10 | 000,824,560 | ---- | M] (Dell Inc.) -- c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
    PRC - [2009/01/05 15:19:10 | 000,480,496 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell Remote Access\ezi_ra.exe
    PRC - [2008/12/14 21:13:50 | 000,483,420 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
    PRC - [2008/12/14 21:13:46 | 000,241,746 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\stacsv.exe
    PRC - [2008/12/14 21:13:30 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\AEstSrv.exe
    PRC - [2008/09/23 20:09:52 | 001,295,656 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DellDock.exe
    PRC - [2008/09/23 20:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
    PRC - [2008/09/03 22:29:18 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
    PRC - [2008/09/03 22:29:10 | 000,200,704 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
    PRC - [2008/09/03 22:29:10 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
    PRC - [2008/09/03 22:29:10 | 000,046,376 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
    PRC - [2008/05/23 12:06:08 | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    PRC - [2008/05/07 15:41:14 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    PRC - [2008/05/07 15:41:12 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/06/19 20:23:36 | 015,880,192 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MenuSkinning\e4ead33e7390326a9814a511c566054b\MenuSkinning.ni.dll
    MOD - [2012/06/19 20:23:11 | 000,284,160 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\VistaBridgeLibrary\53ff6fb64982a15d164f25e727be6bb4\VistaBridgeLibrary.ni.dll
    MOD - [2012/06/19 20:23:10 | 002,500,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\DellDock\a2117f9d2b9670193889149f0ec777d5\DellDock.ni.exe
    MOD - [2012/06/19 20:23:07 | 000,274,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MyDock.Util\d8dfd448743194309366caa97c215c21\MyDock.Util.ni.dll
    MOD - [2012/06/19 20:23:03 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\508b444db523c5cf20ff12c7f440837b\System.Web.ni.dll
    MOD - [2012/06/19 20:22:47 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\663112d3002034cf5126be253efff60d\System.Web.Services.ni.dll
    MOD - [2012/06/19 19:35:49 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll
    MOD - [2012/06/19 19:35:29 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll
    MOD - [2012/05/12 11:04:03 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f3d4d5fe5ab848fbfcf91a49960dc8ae\System.Management.ni.dll
    MOD - [2012/05/12 11:03:50 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll
    MOD - [2012/05/12 11:03:26 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll
    MOD - [2012/05/12 11:03:01 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\1b337cf9a031145849bc48c11b2cfe58\Accessibility.ni.dll
    MOD - [2012/05/12 09:07:20 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll
    MOD - [2012/05/12 09:04:24 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
    MOD - [2012/05/12 09:03:28 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
    MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2009/11/13 14:15:00 | 001,807,600 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
    MOD - [2009/11/13 14:15:00 | 000,275,696 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\SdbShared.dll
    MOD - [2009/11/13 14:15:00 | 000,152,816 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\SdbShared.XmlSerializers.dll
    MOD - [2009/11/13 14:15:00 | 000,095,472 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\SdbUI.dll
    MOD - [2009/11/13 14:15:00 | 000,017,648 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\CppUtils.dll
    MOD - [2008/12/22 03:32:38 | 000,054,784 | ---- | M] () -- C:\Windows\System32\bcmwlrmt.dll
    MOD - [2008/11/03 07:54:00 | 000,058,608 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\BalloonWindow.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2012/07/11 13:31:02 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/06/19 17:32:30 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
    SRV - [2012/06/07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2012/04/16 17:49:06 | 000,240,208 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files\Microsoft\BingBar\7.1.382.0\SeaPort.EXE -- (BBUpdate)
    SRV - [2012/04/16 17:49:06 | 000,193,616 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\7.1.382.0\BBSvc.EXE -- (BBSvc)
    SRV - [2010/11/11 12:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
    SRV - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
    SRV - [2009/04/16 21:34:18 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
    SRV - [2009/01/05 15:19:10 | 000,824,560 | ---- | M] (Dell Inc.) [Auto | Running] -- c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe -- (hnmsvc)
    SRV - [2008/12/14 21:13:46 | 000,241,746 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\stacsv.exe -- (STacSV)
    SRV - [2008/12/14 21:13:30 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\AEstSrv.exe -- (AESTFilters)
    SRV - [2008/09/23 20:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
    SRV - [2008/05/07 15:41:14 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
    SRV - [2008/01/20 19:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2005/11/17 12:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)


    ========== Driver Services (SafeList) ==========

    DRV - [2012/03/17 12:12:45 | 000,028,752 | ---- | M] () [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CFCE5504-FD48-408D-B6C6-6439EF4FCC56}\MpKsl0cd16913.sys -- (MpKsl0cd16913)
    DRV - [2012/03/17 11:57:20 | 000,028,752 | ---- | M] () [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CFCE5504-FD48-408D-B6C6-6439EF4FCC56}\MpKsl7816b24b.sys -- (MpKsl7816b24b)
    DRV - [2012/03/17 11:54:04 | 000,028,752 | ---- | M] () [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CFCE5504-FD48-408D-B6C6-6439EF4FCC56}\MpKsl930dc5f4.sys -- (MpKsl930dc5f4)
    DRV - [2012/03/17 11:51:09 | 000,028,752 | ---- | M] () [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CFCE5504-FD48-408D-B6C6-6439EF4FCC56}\MpKsle7ee57eb.sys -- (MpKsle7ee57eb)
    DRV - [2012/03/17 11:44:00 | 000,028,752 | ---- | M] () [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CFCE5504-FD48-408D-B6C6-6439EF4FCC56}\MpKslfb2b28ba.sys -- (MpKslfb2b28ba)
    DRV - [2010/10/24 21:25:38 | 000,054,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV - [2010/10/24 21:25:38 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
    DRV - [2008/12/22 03:32:18 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
    DRV - [2008/12/14 21:13:54 | 000,393,216 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
    DRV - [2008/09/03 22:29:08 | 000,170,032 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
    DRV - [2008/06/17 09:01:06 | 000,022,016 | ---- | M] (SingleClick Systems) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\packet.sys -- (Packet)
    DRV - [2008/01/20 19:32:51 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
    DRV - [2007/02/08 06:45:00 | 000,029,184 | ---- | M] (Thesycon GmbH, Germany) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ActionReplayDS.sys -- (ActionReplayDS)
    DRV - [2006/11/02 00:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
    DRV - [2005/09/23 21:18:32 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MarvinBus.sys -- (MarvinBus)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\SearchScopes,DefaultScope = {B4118B76-F97B-48CC-9434-DA4FDC84418F}
    IE - HKLM\..\SearchScopes\{B4118B76-F97B-48CC-9434-DA4FDC84418F}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&Form=DLCDF7&pc=MDDC&src={referrer:source?}

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=WLEM&ocid=bb7hp
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default =
    IE - HKCU\..\SearchScopes,DefaultScope = {B4118B76-F97B-48CC-9434-DA4FDC84418F}
    IE - HKCU\..\SearchScopes\{4E47B125-89B0-4A39-9168-29C00A325047}: "URL" = http://delicious.com/search?p={searchTerms}
    IE - HKCU\..\SearchScopes\{B4118B76-F97B-48CC-9434-DA4FDC84418F}: "URL" = http://www.bing.com/search?FORM=WLETDF&PC=WLEM&q={searchTerms}&src=IE-SearchBox
    IE - HKCU\..\SearchScopes\{B72064A2-D918-4327-BF34-3831077DA775}: "URL" = http://www.flickr.com/search/?q={searchTerms}
    IE - HKCU\..\SearchScopes\{E2DBB9B9-497D-4FC4-9A34-D2DB5486C5CC}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie8
    IE - HKCU\..\SearchScopes\{EFE6E0A4-2238-49EF-9CA2-70690D61F601}: "URL" = http://rover.ebay.com/rover/1/711-43047-14818-1/4?satitle={searchTerms}
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


    ========== FireFox ==========

    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
    FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
    FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Program Files\Sony Online Entertainment\npsoe.dll ()
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\sbetv 45\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\sbetv 45\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)



    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms},
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Users\sbetv 45\AppData\Local\Google\Chrome\Application\20.0.1132.47\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\sbetv 45\AppData\Local\Google\Chrome\Application\20.0.1132.47\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\sbetv 45\AppData\Local\Google\Chrome\Application\20.0.1132.47\gcswf32.dll
    CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
    CHR - plugin: Free Realms Installer (Enabled) = C:\Program Files\Sony Online Entertainment\npsoe.dll
    CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
    CHR - plugin: Google Update (Enabled) = C:\Users\sbetv 45\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - Extension: YouTube = C:\Users\sbetv 45\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: Google Search = C:\Users\sbetv 45\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: Skype Click to Call = C:\Users\sbetv 45\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.0.0.10297_0\
    CHR - Extension: Gmail = C:\Users\sbetv 45\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2012/07/15 13:46:03 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.382.0\BingExt.dll (Microsoft Corporation.)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.382.0\BingExt.dll (Microsoft Corporation.)
    O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe ()
    O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
    O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
    O4 - Startup: C:\Users\sbetv 45\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.7.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{43932D4B-2172-4F15-B7AD-BFE8C82A04B1}: DhcpNameServer = 192.168.7.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EE670C0D-A501-449F-B31D-1BEF95EEF805}: DhcpNameServer = 192.168.1.254
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
    O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Dock.jpg
    O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Dock.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/07/15 13:24:26 | 000,000,000 | ---D | C] -- C:\_OTL
    [2012/07/15 13:20:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
    [2012/07/15 13:20:53 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
    [2012/07/11 12:57:56 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
    [2012/07/10 21:39:29 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
    [2012/07/09 21:14:15 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\sbetv 45\Desktop\OTL.exe
    [2012/07/07 12:25:21 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/07/07 12:25:21 | 000,000,000 | ---D | C] -- C:\Users\sbetv 45\AppData\Local\temp
    [2012/07/07 12:24:27 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/07/07 12:12:11 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/07/07 12:12:11 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/07/07 12:12:11 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/07/07 12:12:02 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/07/07 12:11:31 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/07/07 12:09:12 | 004,574,136 | R--- | C] (Swearware) -- C:\Users\sbetv 45\Desktop\alexis123.exe
    [2012/07/07 11:54:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
    [2012/07/07 11:54:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
    [2012/07/07 11:53:10 | 000,687,600 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
    [2012/07/07 11:53:09 | 000,772,592 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
    [2012/07/07 11:53:09 | 000,227,824 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
    [2012/07/07 11:52:48 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
    [2012/07/07 11:52:48 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
    [2012/07/04 19:49:17 | 000,000,000 | ---D | C] -- C:\Users\sbetv 45\AppData\Roaming\Skype
    [2012/07/04 19:48:51 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
    [2012/07/04 19:48:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
    [2012/07/04 19:48:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
    [2012/07/04 19:48:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
    [2012/07/04 17:08:51 | 000,000,000 | ---D | C] -- C:\Users\sbetv 45\AppData\Roaming\SUPERAntiSpyware.com
    [2012/07/04 17:08:25 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
    [2012/07/04 12:04:47 | 000,000,000 | ---D | C] -- C:\Users\sbetv 45\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
    [2012/07/04 12:02:45 | 000,000,000 | ---D | C] -- C:\Users\sbetv 45\AppData\Local\Apps
    [2012/07/04 12:02:44 | 000,000,000 | ---D | C] -- C:\Users\sbetv 45\AppData\Local\Deployment
    [2012/06/21 11:02:47 | 000,000,000 | ---D | C] -- C:\Nexon
    [2012/06/20 19:01:47 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
    [2012/06/20 19:01:47 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
    [2012/06/20 19:01:06 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
    [2012/06/20 19:01:06 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
    [2012/06/20 19:01:05 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
    [2012/06/20 19:00:50 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
    [2012/06/20 19:00:50 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
    [2012/06/17 13:56:21 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
    [2012/06/17 13:56:21 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
    [2012/06/17 13:56:18 | 000,629,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
    [2012/06/17 13:56:17 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
    [2012/06/17 13:56:17 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
    [2012/06/17 13:56:16 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
    [2012/06/17 13:56:16 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
    [2012/06/17 13:56:16 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
    [2012/06/17 13:56:15 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
    [2012/06/17 13:56:15 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
    [2012/06/17 13:56:15 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
    [2012/06/17 13:56:15 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
    [2012/06/17 13:56:15 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
    [2012/06/17 13:56:15 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
    [2012/06/17 13:56:15 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
    [2012/06/17 13:56:15 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
    [2012/06/17 13:56:15 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
    [2012/06/17 13:56:15 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
    [2009/07/31 15:13:02 | 008,653,312 | ---- | C] (Dell, Inc. ) -- C:\Users\sbetv 45\AppData\Roaming\DataSafeDotNet.exe

    ========== Files - Modified Within 30 Days ==========

    [2012/07/15 13:51:22 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/07/15 13:51:22 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/07/15 13:51:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/07/15 13:46:03 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
    [2012/07/15 13:27:11 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/07/15 13:20:55 | 000,000,735 | ---- | M] () -- C:\Users\sbetv 45\Desktop\NTREGOPT.lnk
    [2012/07/15 13:20:55 | 000,000,716 | ---- | M] () -- C:\Users\sbetv 45\Desktop\ERUNT.lnk
    [2012/07/15 13:14:22 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{F2018F0D-A0FB-46E3-9DF5-F15EB19FD11C}.job
    [2012/07/15 13:13:06 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-646801015-3057517687-3105904186-1000UA.job
    [2012/07/15 13:13:03 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-646801015-3057517687-3105904186-1000Core.job
    [2012/07/14 18:00:02 | 000,000,448 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration.job
    [2012/07/11 14:14:34 | 000,002,059 | ---- | M] () -- C:\Users\sbetv 45\Desktop\Google Chrome.lnk
    [2012/07/11 13:31:01 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
    [2012/07/11 13:31:01 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
    [2012/07/11 13:23:59 | 000,369,656 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2012/07/11 13:04:07 | 211,352,611 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2012/07/09 21:14:18 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\sbetv 45\Desktop\OTL.exe
    [2012/07/07 12:09:33 | 004,574,136 | R--- | M] (Swearware) -- C:\Users\sbetv 45\Desktop\alexis123.exe
    [2012/07/07 12:08:51 | 000,000,512 | ---- | M] () -- C:\Users\sbetv 45\Desktop\MBR.dat
    [2012/07/07 11:52:18 | 000,772,592 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
    [2012/07/07 11:52:18 | 000,227,824 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
    [2012/07/07 11:52:18 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
    [2012/07/07 11:52:18 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
    [2012/07/07 11:52:17 | 000,687,600 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
    [2012/07/04 19:48:51 | 000,001,878 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
    [2012/07/04 17:35:44 | 000,002,642 | ---- | M] () -- C:\Users\sbetv 45\AppData\Roaming\wklnhst.dat
    [2012/07/04 15:20:11 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/07/04 12:12:18 | 000,000,104 | ---- | M] () -- C:\Users\sbetv 45\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet - Shortcut.lnk
    [2012/06/21 11:11:50 | 000,000,204 | ---- | M] () -- C:\Users\Public\Desktop\MapleStory.url
    [2012/06/17 15:08:15 | 000,606,602 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2012/06/17 15:08:15 | 000,105,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat

    ========== Files Created - No Company Name ==========

    [2012/07/15 13:20:55 | 000,000,735 | ---- | C] () -- C:\Users\sbetv 45\Desktop\NTREGOPT.lnk
    [2012/07/15 13:20:55 | 000,000,716 | ---- | C] () -- C:\Users\sbetv 45\Desktop\ERUNT.lnk
    [2012/07/08 20:42:29 | 000,002,059 | ---- | C] () -- C:\Users\sbetv 45\Desktop\Google Chrome.lnk
    [2012/07/07 12:12:11 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/07/07 12:12:11 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/07/07 12:12:11 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/07/07 12:12:11 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/07/07 12:12:11 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/07/07 12:08:51 | 000,000,512 | ---- | C] () -- C:\Users\sbetv 45\Desktop\MBR.dat
    [2012/07/04 19:48:51 | 000,001,878 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
    [2012/07/04 12:12:18 | 000,000,104 | ---- | C] () -- C:\Users\sbetv 45\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet - Shortcut.lnk
    [2012/07/04 12:03:13 | 000,000,920 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-646801015-3057517687-3105904186-1000UA.job
    [2012/07/04 12:03:12 | 000,000,868 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-646801015-3057517687-3105904186-1000Core.job
    [2012/06/21 11:11:49 | 000,000,204 | ---- | C] () -- C:\Users\Public\Desktop\MapleStory.url
    [2010/09/01 19:44:07 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
    [2010/09/01 19:44:06 | 000,073,220 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
    [2010/09/01 19:44:06 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
    [2010/09/01 19:44:06 | 000,029,114 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
    [2010/09/01 19:44:06 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
    [2010/09/01 19:44:06 | 000,021,021 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
    [2010/09/01 19:44:06 | 000,015,670 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
    [2010/09/01 19:44:06 | 000,013,280 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
    [2010/09/01 19:44:06 | 000,010,673 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
    [2010/09/01 19:44:06 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
    [2010/09/01 19:44:06 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
    [2010/09/01 19:44:06 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
    [2010/09/01 19:44:06 | 000,001,137 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
    [2010/09/01 19:44:06 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
    [2010/09/01 19:44:06 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
    [2010/09/01 19:44:06 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
    [2010/09/01 19:43:02 | 000,000,053 | ---- | C] () -- C:\Windows\EPSCX7400.ini
    [2010/06/30 13:21:31 | 000,000,552 | ---- | C] () -- C:\Users\sbetv 45\AppData\Local\d3d8caps.dat
    [2009/08/09 11:57:37 | 000,006,756 | ---- | C] () -- C:\Users\sbetv 45\AppData\Local\d3d9caps.dat
    [2009/05/06 18:47:04 | 000,002,642 | ---- | C] () -- C:\Users\sbetv 45\AppData\Roaming\wklnhst.dat
    [2009/04/21 21:13:58 | 000,014,336 | ---- | C] () -- C:\Users\sbetv 45\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    ========== Custom Scans ==========

    < type C:\Windows\system32\tasks\{532D699D-35A7-4501-85CC-EE8A4685288C} /c >
    <?xml version="1.0" encoding="UTF-16"?>
    <Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
    <RegistrationInfo />
    <Triggers>
    <RegistrationTrigger>
    <Enabled>true</Enabled>
    </RegistrationTrigger>
    </Triggers>
    <Settings>
    <IdleSettings>
    <Duration>PT10M</Duration>
    <WaitTimeout>PT1H</WaitTimeout>
    <StopOnIdleEnd>true</StopOnIdleEnd>
    <RestartOnIdle>false</RestartOnIdle>
    </IdleSettings>
    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
    <DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>
    <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
    <AllowHardTerminate>true</AllowHardTerminate>
    <StartWhenAvailable>false</StartWhenAvailable>
    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
    <AllowStartOnDemand>true</AllowStartOnDemand>
    <Enabled>true</Enabled>
    <Hidden>false</Hidden>
    <RunOnlyIfIdle>false</RunOnlyIfIdle>
    <WakeToRun>false</WakeToRun>
    <ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
    <Priority>7</Priority>
    </Settings>
    <Actions Context="Author">
    <Exec>
    <Command>C:\Windows\system32\pcalua.exe</Command>
    <Arguments>-a F:\setup.exe -d F:\</Arguments>
    </Exec>
    </Actions>
    <Principals>
    <Principal id="Author">
    <UserId>sbetv45-PC\sbetv 45</UserId>
    <LogonType>InteractiveToken</LogonType>
    </Principal>
    </Principals>
    </Task>

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:5D432CE3
    < End of report >
     
  4. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    28,800
    Good to hear its a lot faster :)

    Can you run a scan here for me:

    Please go to here to run an online scannner from ESET.
    • Turn off the real time scanner of any existing antivirus program while performing the online scan
    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the activex control to install
    • Click Start
    • Make sure that the option Remove found threats is ticked, and the option Scan unwanted applications is checked
    • Click on Advanced Settings and ensure these options are ticked:
      • Scan for potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth Technology
    • Click Scan
    • Wait for the scan to finish
    • If any threats were found, click the 'List of found threats' , then click Export to text file....
    • Save it to your desktop, then please copy and paste that log as a reply to this topic.



    On a side note, since the Eset scanner is a 32-bit applcation, If you're running a 64-bit system you have to choose the 32-bit option in IE when running the scan
     
  5. 12FindersKeepers

    12FindersKeepers Thread Starter

    Joined:
    Apr 27, 2012
    Messages:
    84
    I ran a scan and it said it was clean.....but I had windows defender enabled without knowing it....how do I go about disabling it, since I'm not sure how to?

    This could've affected the scan.... :/
     
  6. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    28,800
    It shouldn't cause any problems, but just to be sure, you can disable it as follows:

    Open Windows Defender by clicking the Start button. In the search box, type Defender, and then, in the list of results, click Windows Defender.
    Click Tools, and then click Options.
    Click Real-time protection, and then un-tick the Use real-time protection (recommended) check box.
    Select the options you want, and then click Save. If you're prompted for an administrator password or confirmation, type the password or provide confirmation.

    Afterwards, to re-enable the protection, go back and tick the box for Use real-time protection (recommended) and Save.

    eddie
     
  7. 12FindersKeepers

    12FindersKeepers Thread Starter

    Joined:
    Apr 27, 2012
    Messages:
    84
    Alright ran a scan again and said it was clean.

    Sorry for the late reply, I was on vacation with my folks. :)
     
  8. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    28,800
    That's okay, we all need holidays away, hope you had a nice time :)

    Good to see the scan was clean, how's the computer running now?

    You may want to try these for a bit more of a cleanup:

    Clear Cache/Temp Files
    Download TFC by OldTimer to your desktop
    • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
    • It will close all programs when run, so make sure you have saved all your work before you begin.
    • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
    • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.


    Also, its a good idea to keep on top of removing any Temp files etc every month or so. To do this, Windows has a pretty good tool.
    • Go to Start | Programs | Accessories | System Tools | Disk Cleanup
    • It should start straight away, but if you have to select a drive, click on the C-drive.
    • Let it run, and at the end it will give you some boxes to tick.
    • All are okay to enable, then press OK and then Yes to the question after.
    • It will close after its completed.
     
  9. 12FindersKeepers

    12FindersKeepers Thread Starter

    Joined:
    Apr 27, 2012
    Messages:
    84
    Alright ran it sorry for the late reply again ^^

    Just one quick question...for some reason microsoft security essentials is turned off and I'm not quite sure how to get it back on again...I don't know if its installed or not. Also, at times it takes awhile for the laptop to shut off is that normal? :)

    Also what do I do about the other programs I installed, do I uninstall them?

    Thanks so much for helping out!
     
  10. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    28,800
    Its okay about the lateness :)

    For the shutting down, does it say any particular program is stopping it, or is it happening when you're on the Desktop and nothing else is running?

    For MSE, do you have an icon in your taskbar, near your clock? If so, do this to re-enable it for scanning:

    Open MSE and go to Settings > Real Time Protection.
    Then uncheck "Turn on real time protection".
    Exit MSE when done.

    If its not there, have a look in the AddRemove Programs via the Control Panel to see if it is still installed:

    Microsoft Security Essentials


    We'll remove the other tools we've used, if you're okay, as all the malware has gone. I tend to wait until the original person comes back to say its all clear before we remove them ;)

    ------------

    You can mark this thread Solved at the top of this page, if its all running okay :)


    Any questions about the following, just ask ;)


    We have a couple of last steps to perform and then you're all set.

    Firstly, lets uninstall the tools we've used:

    Follow these steps to uninstall Combofix and tools used in the removal of malware

    The following will implement some cleanup procedures as well as reset System Restore points:

    Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

    ComboFix /Uninstall



    Then, run this:

    • Download OTC to your desktop and run it
    • Click Yes to beginning the Cleanup process and remove these components, including this application.
    • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.

    ======================
    Uninstall SUPERAntiSpyware and ERUNT from AddRemove Programs.

    Also, remove the following from the Desktop, if still there after doing the above:


    Security Check
    TDSSKiller
    aswMBR

    ==============================

    Create Restore Point (Win7)

    • Select Start > Control Panel then double-click on the System icon in the Control Panel.
    • In the left-hand pane click on the System Protection option.
    • When the Dialog comes up, click on the System Protection tab.
    • Check that the drive letter where Windows is located (usually C:) indicates System protection ON.
      (This indicates System restore is turned ON for the Windows drive).
    • Click on the Create button to create a new restore point. In the Name dialog, type a descriptive name and then click on the Create button.
    • You will get a message that the Restore Point was created successfully. Click on the Close button.
    • Click on the OK button and close the System window in the Control Panel.


    Making Internet Explorer More Secure


    Go to Control Panel and open the Internet Options. Click on the Advanced tab and do the following:
    • Tick Empty Temporary Internet Files When Browser is Closed under Security. Apply


    Then, click on the Security tab and do the following:
    • Make sure the Internet icon is selected.
    • Click once on the Custom Level button.
    • Change the Download signed ActiveX controls to Prompt.
    • Change the Download unsigned ActiveX controls to Disable.
    • Change the Initialise and script ActiveX controls not marked as safe to Disable.
    • Change the Installation of desktop items to Prompt.
    • Change the Launching programs and files in an IFRAME to Prompt.
    • When all these settings have been made, click on the OK button.
    • If it prompts you as to whether or not you want to save the settings, press the Yes button.

    Then click on the Advanced tab and do the following:

    • Scroll down to Security section.
    • Tick the box for Empty Tempory Internet Files when Browser is Closed
    • Next press the Apply button and then the OK to exit the Internet Properties page.



    Makeing FireFox More Secure

    Please visit this page to explain how to make Firefox more secure - How to Secure Firefox


    Other Software Updates
    It is very important to update the other software on your computer to patch up any security issues you may have. Go HERE to scan your computer for any out of date software. In particular make sure you download the updates for Java and Adobe as these are subject to many security vulnerabilities.

    Now that you are clean, to help protect your computer in the future I recommend that you get the following free program:
    • SpywareBlaster to help prevent spyware from installing in the first place.
    You should also have a good firewall. You can either use Microsoft Windows Firewall which is good, or a free one available for personal use.

    It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

    To keep your operating system up to date visit monthly. And to keep your system clean run this free malware scanner
    weekly, and be aware of what emails you open and websites you visit.

    To learn more about how to protect yourself while on the internet read this about Security online: General Security Information, How to tighten Security Settings and Warnings

    Have a safe and happy computing day!

    eddie
     
  11. 12FindersKeepers

    12FindersKeepers Thread Starter

    Joined:
    Apr 27, 2012
    Messages:
    84
    Yup when shutting down its only the desktop and no other programs running, it takes a couple of minutes rather than a couple of seconds. On opening up the internet too it takes awhile to load and then once its loaded it runs fine.

    Also MSE seems to be missing...I don't remember uninstalling it. Could it have been caused by the infection?

    Thanks for the help :)
     
  12. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    28,800
    Well, at the beginning it just says its disabled, but then when I checked some of the later logs, its missing, which is strange.

    So, what we can do is re-install it. If it is still installed, but not showing fully, you can normally install again over the top, which will replace any corrupted files.

    Before doing so, lets create a restore point:

    • Select Start > Control Panel then double-click on the System icon in the Control Panel.
    • In the left-hand pane click on the System Protection option.
    • When the Dialog comes up, click on the System Protection tab.
    • Check that the drive letter where Windows is located (usually C:) indicates System protection ON.
      (This indicates System restore is turned ON for the Windows drive).
    • Click on the Create button to create a new restore point. In the Name dialog, type a descriptive name and then click on the Create button.
    • You will get a message that the Restore Point was created successfully. Click on the Close button.
    • Click on the OK button and close the System window in the Control Panel.

    Then, download MSE from here:

    http://windows.microsoft.com/en-US/windows/products/security-essentials?SignedIn=1

    And install as normal.

    Reboot and see if it worked okay.

    eddie
     
  13. 12FindersKeepers

    12FindersKeepers Thread Starter

    Joined:
    Apr 27, 2012
    Messages:
    84
    Okie dokie, downloaded it and I got security essentials back :)

    Thanks for all of your help! Closing the log now.
     
  14. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    28,800
    Excellent (y)

    Good to hear its all working okay :)

    eddie
     
  15. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1059687