Jump to content


Photo
- - - - -

Department of Justice ransomware virus


  • This topic is locked This topic is locked
9 replies to this topic

#1 zappedbydale

zappedbydale

    New Member

  • Members
  • Pip
  • 5 posts

Posted 06 April 2013 - 01:59 PM

Hi, recently my computer has come under attack from the DoJ virus, and I've gone through several of the steps indicated by Mr Charlie a few months back

http://forums.malwar...89

I've stopped at OTL.txt and have no idea what to do next.

#2 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,173 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 06 April 2013 - 02:13 PM

Welcome to the forum.

Did you scan the system with OTLPE???

If so can you post the log.

MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#3 zappedbydale

zappedbydale

    New Member

  • Members
  • Pip
  • 5 posts

Posted 06 April 2013 - 02:17 PM

Yes I did, and heres the post

OTL logfile created on: 4/6/2013 2:26:44 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 86.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files
Drive C: | 232.88 Gb Total Space | 34.65 Gb Free Space | 14.88% Space Free | Partition Type: NTFS
Drive D: | 522.91 Gb Total Space | 70.30 Gb Free Space | 13.44% Space Free | Partition Type: NTFS
Drive E: | 298.09 Gb Total Space | 30.54 Gb Free Space | 10.24% Space Free | Partition Type: NTFS
Drive F: | 131.50 Gb Total Space | 91.25 Gb Free Space | 69.40% Space Free | Partition Type: NTFS
Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days
Using ControlSet: ControlSet004

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled] -- -- (HidServ)
SRV - File not found [On_Demand] -- -- (AppMgmt)
SRV - [2013/03/18 21:21:26 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand] -- D:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/03/12 15:19:27 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- D:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/01/06 18:13:16 | 000,042,504 | ---- | M] (COMPANYVERS_NAME) [Auto] -- D:\Program Files\CouponXplorer_5z\bar\1.bin\5zbarsvc.exe -- (CouponXplorer_5zService)
SRV - [2012/12/23 23:33:29 | 000,144,520 | R--- | M] (Symantec Corporation) [Auto] -- D:\Program Files\Norton Internet Security\Engine\20.3.0.36\ccSvcHst.exe -- (NIS)
SRV - [2012/08/18 23:15:12 | 000,045,056 | ---- | M] (Intuit) [Auto] -- D:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2012/08/18 20:55:30 | 001,248,256 | ---- | M] (Intuit Inc.) [Auto] -- D:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe -- (QBVSS)
SRV - [2012/08/18 20:55:02 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand] -- D:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2011/08/07 00:39:01 | 000,435,008 | ---- | M] (TuneUp Software) [On_Demand] -- D:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2011/05/31 13:04:48 | 001,052,480 | ---- | M] (TuneUp Software) [Auto] -- D:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011/05/31 13:01:50 | 000,030,016 | ---- | M] (TuneUp Software) [Auto] -- D:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2010/03/28 11:49:12 | 002,480,048 | ---- | M] (Acronis) [Auto] -- D:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto] -- D:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/11/12 04:49:10 | 000,660,664 | ---- | M] (Acronis) [Auto] -- D:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2009/02/23 12:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto] -- D:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2007/01/31 15:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto] -- D:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2004/10/22 15:42:44 | 000,049,152 | ---- | M] (Alpha Networks Inc.) [Auto] -- D:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe -- (ANIWZCSdService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (SYMREDRV)
DRV - File not found [Kernel | On_Demand] -- -- (SYMNDIS)
DRV - File not found [Kernel | On_Demand] -- -- (SYMIDS)
DRV - File not found [Kernel | On_Demand] -- -- (SYMFW)
DRV - File not found [Kernel | On_Demand] -- -- (SYMDNS)
DRV - File not found [Kernel | On_Demand] -- -- (StMp3Rec)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | Auto] -- -- (cpuz132)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2013/04/03 15:03:27 | 001,603,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- D:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\VirusDefs\20130405.069\NAVEX15.SYS -- (NAVEX15)
DRV - [2013/04/03 15:03:27 | 000,093,296 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- D:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\VirusDefs\20130405.069\NAVENG.SYS -- (NAVENG)
DRV - [2013/03/21 21:52:23 | 000,997,464 | ---- | M] (Symantec Corporation) [Kernel | System] -- D:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\BASHDefs\20130322.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2013/03/08 18:22:34 | 000,373,728 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- D:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\IPSDefs\20130405.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2013/03/07 09:01:25 | 000,142,496 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2013/03/01 14:53:29 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- D:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013/01/30 23:18:18 | 000,394,656 | R--- | M] (Symantec Corporation) [Kernel | System] -- D:\WINDOWS\System32\Drivers\NIS\1403000.024\SYMTDI.SYS -- (SYMTDI)
DRV - [2013/01/30 23:18:06 | 000,934,488 | R--- | M] (Symantec Corporation) [File_System | Boot] -- D:\WINDOWS\system32\drivers\NIS\1403000.024\SymEFA.sys -- (SymEFA)
DRV - [2013/01/28 21:45:18 | 000,602,712 | R--- | M] (Symantec Corporation) [File_System | System] -- D:\WINDOWS\System32\Drivers\NIS\1403000.024\SRTSP.SYS -- (SRTSP)
DRV - [2013/01/28 21:45:18 | 000,032,344 | R--- | M] (Symantec Corporation) [Kernel | System] -- D:\WINDOWS\system32\drivers\NIS\1403000.024\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2013/01/21 22:15:32 | 000,367,704 | R--- | M] (Symantec Corporation) [Kernel | Boot] -- D:\WINDOWS\system32\drivers\NIS\1403000.024\SymDS.sys -- (SymDS)
DRV - [2012/11/15 22:22:01 | 000,175,264 | R--- | M] (Symantec Corporation) [Kernel | System] -- D:\WINDOWS\system32\drivers\NIS\1403000.024\Ironx86.SYS -- (SymIRON)
DRV - [2012/11/15 22:18:04 | 000,134,304 | R--- | M] (Symantec Corporation) [Kernel | System] -- D:\WINDOWS\system32\drivers\NIS\1403000.024\ccSetx86.sys -- (ccSet_NIS)
DRV - [2012/08/08 23:07:19 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System] -- D:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/05/05 22:29:18 | 001,178,200 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\ha20x2k.sys -- (ha20x2k)
DRV - [2010/05/05 22:29:10 | 000,095,832 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2010/05/05 22:29:02 | 000,158,808 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2010/05/05 22:28:54 | 000,014,424 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2010/05/05 22:24:44 | 000,130,136 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2010/05/05 22:24:34 | 000,347,144 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2010/05/05 22:24:24 | 000,526,296 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2010/05/05 22:24:14 | 000,511,064 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2010/05/05 22:24:04 | 001,324,120 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- D:\WINDOWS\System32\drivers\CTEXFIFX.SYS -- (CTEXFIFX.SYS)
DRV - [2010/05/05 22:24:04 | 001,324,120 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV - [2010/05/05 22:23:52 | 000,072,792 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- D:\WINDOWS\System32\drivers\CTHWIUT.SYS -- (CTHWIUT.SYS)
DRV - [2010/05/05 22:23:52 | 000,072,792 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV - [2010/05/05 22:23:46 | 000,171,096 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- D:\WINDOWS\System32\drivers\CT20XUT.SYS -- (CT20XUT.SYS)
DRV - [2010/05/05 22:23:46 | 000,171,096 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\CT20XUT.sys -- (CT20XUT)
DRV - [2010/03/28 11:49:15 | 000,160,288 | ---- | M] (Acronis) [File_System | On_Demand] -- D:\WINDOWS\system32\drivers\afcdp.sys -- (afcdp)
DRV - [2010/03/28 11:49:07 | 000,911,680 | ---- | M] (Acronis) [Kernel | Boot] -- D:\WINDOWS\system32\drivers\tdrpm258.sys -- (tdrpman258) Acronis Try&Decide and Restore Points filter (build 258)
DRV - [2010/03/28 11:49:05 | 000,581,984 | ---- | M] (Acronis) [Kernel | Boot] -- D:\WINDOWS\system32\drivers\timntr.sys -- (timounter)
DRV - [2010/03/28 11:48:55 | 000,158,272 | ---- | M] (Acronis) [Kernel | Boot] -- D:\WINDOWS\system32\drivers\snapman.sys -- (snapman)
DRV - [2009/10/14 10:24:44 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand] -- D:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2008/10/09 21:40:34 | 000,217,128 | ---- | M] (Silicon Image, Inc) [Kernel | Boot] -- D:\WINDOWS\system32\drivers\Si3132r5.sys -- (Si3132r5)
DRV - [2008/10/09 21:40:34 | 000,017,064 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot] -- D:\WINDOWS\system32\drivers\SiWinAcc.sys -- (SiFilter)
DRV - [2008/10/09 21:40:34 | 000,012,200 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot] -- D:\WINDOWS\system32\drivers\SiRemFil.sys -- (SiRemFil)
DRV - [2008/08/01 19:36:26 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2008/08/01 19:36:20 | 000,054,784 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006/11/10 16:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2005/07/26 09:01:56 | 000,415,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\nvapu.sys -- (nvnforce) Service for NVIDIA® nForce™
DRV - [2005/07/26 08:58:30 | 000,053,376 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\nvax.sys -- (nvax) Service for NVIDIA® nForce™
DRV - [2005/03/22 21:17:34 | 000,450,400 | ---- | M] (D-Link Corporation) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\A3AB.sys -- (A3AB) D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB)
DRV - [2004/07/27 13:20:46 | 000,028,205 | ---- | M] (Alpha Networks Inc.) [Kernel | Auto] -- D:\WINDOWS\system32\ANIO.sys -- (ANIO)
DRV - [2003/09/19 16:45:48 | 000,021,248 | ---- | M] (Padus, Inc.) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\pfc.sys -- (pfc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.coupons.com/


IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...er/fix_homepage
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 6A 81 E3 13 36 FA D8 42 8A B6 DF 83 01 09 A0 8D [binary data]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\easy_logoff_switch_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\LocalService_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...er/fix_homepage
IE - HKU\LocalService_ON_D\Software\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 6A 81 E3 13 36 FA D8 42 8A B6 DF 83 01 09 A0 8D [binary data]
IE - HKU\LocalService_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\NetworkService_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...er/fix_homepage
IE - HKU\NetworkService_ON_D\Software\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 6A 81 E3 13 36 FA D8 42 8A B6 DF 83 01 09 A0 8D [binary data]
IE - HKU\NetworkService_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Owner_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page = http://danceart.com/
IE - HKU\Owner_ON_D\..\URLSearchHook: {9b138bf3-1d40-4e7e-84bb-2975198ad938} - Reg Error: Key error. File not found
IE - HKU\Owner_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Owner_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.wbrz.com/weather/"
FF - prefs.js..extensions.enabledItems: support@lastpass.com:1.72.0
FF - prefs.js..extensions.enabledItems: {75623d5d-4683-402a-b610-ac4bab767c86}:3.0.6
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.9
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.8
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 49
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {9CE11043-9A15-4207-A565-0C94C42D590D}:11.3.7.0
FF - prefs.js..extensions.enabledItems: {b1acac2e-22c0-4b57-9dd6-3698d5cfc540}:1.0
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.6
FF - prefs.js..extensions.enabledItems: {6D5C8FC4-DE46-41bf-9092-93F0F78E9115}:2.1.0.52
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.12.2.16749


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: D:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@CouponXplorer_5z.com/Plugin: D:\Program Files\CouponXplorer_5z\bar\1.bin\NP5zStub.dll (MindSpark)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: D:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: D:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: D:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\coFFPlgn\ [2013/04/06 13:57:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{6D5C8FC4-DE46-41bf-9092-93F0F78E9115}: C:\Documents and Settings\All Users\Application Data\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.2.0.26\coFFFw\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}: C:\Program Files\Coupons.com CouponBar\firefox\{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}\Coupons.com.xpi [2012/01/26 15:18:46 | 000,185,164 | ---- | M] ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\5zffxtbr@CouponXplorer_5z.com: C:\Program Files\CouponXplorer_5z\bar\1.bin [2013/01/06 18:13:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\IPSFFPlgn\ [2013/03/09 00:24:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/03/18 21:21:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/03/18 21:21:20 | 000,000,000 | ---D | M]

[2010/05/02 04:11:09 | 000,000,000 | ---D | M] (No name found) -- D:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2010/05/02 04:11:09 | 000,000,000 | ---D | M] (No name found) -- D:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2013/03/08 23:23:57 | 000,000,000 | ---D | M] (No name found) -- D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\x5uq07o3.default\extensions
[2010/07/11 00:56:53 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\x5uq07o3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/08/06 09:25:40 | 000,000,000 | ---D | M] (Fast Search by Surf Canyon) -- D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\x5uq07o3.default\extensions\{75623d5d-4683-402a-b610-ac4bab767c86}
[2010/05/03 08:18:19 | 000,000,000 | ---D | M] (XUL Cache) -- D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\x5uq07o3.default\extensions\{b1acac2e-22c0-4b57-9dd6-3698d5cfc540}
[2009/11/22 11:13:06 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\x5uq07o3.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2013/01/06 18:13:25 | 000,000,000 | ---D | M] (CouponXplorer) -- D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\x5uq07o3.default\extensions\5zffxtbr@CouponXplorer_5z.com
[2012/07/26 22:17:41 | 000,000,000 | ---D | M] (LastPass) -- D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\x5uq07o3.default\extensions\support@lastpass.com
[2012/01/30 00:06:36 | 000,000,000 | ---D | M] (ShopAtHome.com Intelligent Shopping Toolbar) -- D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\x5uq07o3.default\extensions\toolbar@shopathome.com
[2012/01/22 19:45:50 | 000,002,470 | ---- | M] () -- D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\x5uq07o3.default\searchplugins\safesearch.xml
[2013/04/03 21:51:50 | 000,002,282 | ---- | M] () -- D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\x5uq07o3.default\searchplugins\surf-canyon.xml
[2013/03/18 21:21:18 | 000,000,000 | ---D | M] (No name found) -- D:\Program Files\Mozilla Firefox\extensions
[2013/03/18 21:21:18 | 000,000,000 | ---D | M] (Adobe Flash Plugin) -- D:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}
File not found (No name found) --
[2013/04/06 13:57:09 | 000,000,000 | ---D | M] (Norton Toolbar) -- D:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\COFFPLGN
[2013/03/09 00:24:29 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- D:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\IPSFFPLGN
() (No name found) -- D:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\X5UQ07O3.DEFAULT\EXTENSIONS\{A7C6CF7F-112C-4500-A7EA-39801A327E5F}.XPI
[2009/09/12 01:43:23 | 000,000,000 | ---D | M] (Java Quick Starter) -- D:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2013/03/18 21:21:26 | 000,263,064 | ---- | M] (Mozilla Foundation) -- D:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/10/19 19:18:49 | 000,248,192 | ---- | M] (Coupons, Inc.) -- D:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2012/10/19 19:18:57 | 000,248,192 | ---- | M] (Coupons, Inc.) -- D:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2012/08/29 16:55:42 | 000,002,465 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013/03/08 23:49:32 | 000,002,086 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2004/08/04 08:00:00 | 000,000,734 | ---- | M]) - D:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Toolbar BHO) - {0297a026-3011-46d3-ad62-bb9a7612aea7} - D:\Program Files\CouponXplorer_5z\bar\1.bin\5zbar.dll (MindSpark)
O2 - BHO: (no name) - {13E3816A-FA36-42D8-8AB6-DF830109A08d} - Reg Error: Value error. File not found
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - D:\Program Files\Norton Internet Security\Engine\20.3.0.36\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (ShopAtHome.com Cash Back Helper) - {66516A07-F617-488A-90CF-4E690CFB3C5F} - D:\Documents and Settings\Owner\Application Data\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll (ShopAtHome.com)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - D:\Program Files\Norton Internet Security\Engine\20.3.0.36\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Search Assistant BHO) - {7d69ed06-0171-4379-9528-08df51092727} - D:\Program Files\CouponXplorer_5z\bar\1.bin\5zSrcAs.dll (MindSpark)
O2 - BHO: (no name) - {818B93D5-A4FA-4488-BF14-C4CB7B54AA0C} - No CLSID value found.
O2 - BHO: (DCA BHO) - {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - D:\Program Files\Common Files\FreeCause\DCA\dca-bho.dll (Compete, Inc.)
O2 - BHO: (no name) - {E8DAAA30-6CAA-4b58-9603-8E54238219E2} - No CLSID value found.
O2 - BHO: (TBSB07898 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - D:\Program Files\Coupons.com CouponBar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (ShopAtHome.com Toolbar) - {311B58DC-A4DC-4B04-B1B5-60299AD3D803} - D:\Documents and Settings\Owner\Application Data\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll (ShopAtHome.com)
O3 - HKLM\..\Toolbar: (CouponXplorer) - {65c72339-fb1d-4155-84e1-9afacee02d6f} - D:\Program Files\CouponXplorer_5z\bar\1.bin\5zbar.dll (MindSpark)
O3 - HKLM\..\Toolbar: (no name) - {674F9426-E0C0-4BEC-A819-5F57D5A94CB3} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - D:\Program Files\Norton Internet Security\Engine\20.3.0.36\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Coupons.com CouponBar) - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - D:\Program Files\Coupons.com CouponBar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (no name) - {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\Owner_ON_D\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\Owner_ON_D\..\Toolbar\WebBrowser: (ShopAtHome.com Toolbar) - {311B58DC-A4DC-4B04-B1B5-60299AD3D803} - D:\Documents and Settings\Owner\Application Data\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll (ShopAtHome.com)
O3 - HKU\Owner_ON_D\..\Toolbar\WebBrowser: (CouponXplorer) - {65C72339-FB1D-4155-84E1-9AFACEE02D6F} - D:\Program Files\CouponXplorer_5z\bar\1.bin\5zbar.dll (MindSpark)
O3 - HKU\Owner_ON_D\..\Toolbar\WebBrowser: (Coupons.com CouponBar) - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - D:\Program Files\Coupons.com CouponBar\tbcore3.dll ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acronis Scheduler2 Service] D:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [ANIWZCS2Service] D:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Alpha Networks Inc.)
O4 - HKLM..\Run: [APSDaemon] D:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AudioDrvEmulator] D:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [CouponXplorer Search Scope Monitor] D:\Program Files\CouponXplorer_5z\bar\1.bin\5zSrchMn.exe (MindSpark)
O4 - HKLM..\Run: [CouponXplorer_5z Browser Plugin Loader] D:\Program Files\CouponXplorer_5z\bar\1.bin\5zbrmon.exe (VER_COMPANY_NAME)
O4 - HKLM..\Run: [CTHelper] D:\WINDOWS\System32\CtHelper.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DisplaySwitch] D:\Documents and Settings\All Users\Application Data\DisplaySwitch.exe (Корпорация Майкрософт)
O4 - HKLM..\Run: [D-Link AirPlus XtremeG] D:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe (D-Link)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] D:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe (HP)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [NBKeyScan] D:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] D:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] D:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [TrueImageMonitor.exe] D:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [VolPanel] D:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKU\easy_logoff_switch_ON_D..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] D:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\easy_logoff_switch_ON_D..\Run: [ROC_JAN2013_TB] File not found
O4 - HKU\Owner_ON_D..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] D:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG)
O4 - Startup: D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Event Reminder.lnk = D:\Program Files\PrintMaster 16\pmremind.exe (Broderbund Properties LLC)
O4 - Startup: D:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk = D:\Program Files\Intuit\QuickBooks 2013\QBW32.EXE (Intuit Inc.)
O4 - Startup: D:\Documents and Settings\Owner\Start Menu\Programs\Startup\Dropbox.lnk = D:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\easy_logoff_switch_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Owner_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_01\bin\NPJPI150_01.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - D:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1252718593542 (WUWebControl Class)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creat...101/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1360042616484 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creat...13/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creat...015/CTSUEng.cab (Creative Software AutoUpdate 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creat...15116/CTPID.cab (Creative Software AutoUpdate Support Package 1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - D:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\intu-help-qb6 {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - D:\Program Files\Intuit\QuickBooks 2013\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\csrsrv32.dll) - File not found
O20 - AppInit_DLLs: (C:\WINDOWS\system32\d3dpmesh32.dll) - File not found
O20 - AppInit_DLLs: (C:\WINDOWS\system32\ct_oal32.dll) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - D:\WINDOWS\explorer.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - D:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/09/09 14:56:09 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{0a7e8a0f-cc49-11de-a6d4-001346e35bdd}\Shell - "" = AutoRun
O33 - MountPoints2\{0a7e8a0f-cc49-11de-a6d4-001346e35bdd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0a7e8a0f-cc49-11de-a6d4-001346e35bdd}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: UxTuneUp - D:\WINDOWS\system32\uxtuneup.dll (TuneUp Software)
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.l3acm - D:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - D:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - D:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - D:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - D:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - D:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - D:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - D:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - D:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

========== Files/Folders - Created Within 7 Days ==========

[2013/04/05 22:44:15 | 000,000,000 | ---D | C] -- D:\Program Files\Dropbox
[2013/04/05 16:45:41 | 000,036,864 | ---- | C] (Корпорация Майкрософт) -- D:\Documents and Settings\All Users\Application Data\DisplaySwitch.exe
[2013/04/03 22:45:21 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Documents\Floppy spare
[2013/04/03 21:59:29 | 000,000,000 | ---D | C] -- D:\Boot Floppy 2
[2013/04/03 21:53:36 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Owner\Desktop\New Folder (2)
[2011/03/08 22:40:50 | 000,360,328 | ---- | C] (SanDisk Corporation) -- D:\Program Files\SansaUpdaterInstall.exe
[2010/09/09 11:26:27 | 048,631,947 | ---- | C] (Flexera Software) -- D:\Program Files\PPTWinInstall.3.0.4.exe
[2006/05/24 00:38:39 | 000,060,928 | ---- | C] ( ) -- D:\WINDOWS\System32\a3d.dll
[2006/05/23 23:33:22 | 000,012,800 | ---- | C] ( ) -- D:\WINDOWS\System32\killapps.exe
[4 D:\WINDOWS\*.tmp files -> D:\WINDOWS\*.tmp -> ]
[11 D:\WINDOWS\System32\*.tmp files -> D:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 7 Days ==========

[2013/04/06 13:58:00 | 000,000,420 | -H-- | M] () -- D:\WINDOWS\tasks\User_Feed_Synchronization-{61B4E9DD-90E9-425C-8E63-E0846AF09692}.job
[2013/04/06 13:57:34 | 000,193,636 | ---- | M] () -- D:\WINDOWS\System32\nvapps.xml
[2013/04/06 13:57:05 | 000,002,048 | --S- | M] () -- D:\WINDOWS\bootstat.dat
[2013/04/06 13:30:13 | 000,000,422 | -H-- | M] () -- D:\WINDOWS\tasks\User_Feed_Synchronization-{AB7E74A9-7650-4151-95B0-9586CA85D4E2}.job
[2013/04/06 09:32:27 | 000,012,540 | ---- | M] () -- D:\WINDOWS\System32\wpa.dbl
[2013/04/06 08:19:15 | 000,000,830 | ---- | M] () -- D:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/04/06 07:31:59 | 002,250,054 | ---- | M] () -- D:\Documents and Settings\All Users\Application Data\1.bmp
[2013/04/06 07:31:43 | 000,302,806 | ---- | M] () -- D:\Documents and Settings\All Users\Application Data\1.jpg
[2013/04/06 02:15:59 | 000,012,540 | ---- | M] () -- D:\WINDOWS\System32\wpa.bak
[2013/04/05 22:44:36 | 000,001,047 | ---- | M] () -- D:\Documents and Settings\Owner\Start Menu\Programs\Startup\Dropbox.lnk
[2013/04/05 22:43:48 | 000,001,031 | ---- | M] () -- D:\Documents and Settings\Owner\Desktop\Dropbox.lnk
[2013/04/05 22:26:11 | 000,054,736 | ---- | M] () -- D:\WINDOWS\System32\BMXStateBkp-{00000001-00000000-00000006-00001102-00000005-00311102}.rfx
[2013/04/05 22:26:11 | 000,054,736 | ---- | M] () -- D:\WINDOWS\System32\BMXState-{00000001-00000000-00000006-00001102-00000005-00311102}.rfx
[2013/04/05 22:26:11 | 000,000,788 | ---- | M] () -- D:\WINDOWS\System32\DVCState-{00000001-00000000-00000006-00001102-00000005-00311102}.rfx
[2013/04/05 16:45:28 | 000,036,864 | ---- | M] (Корпорация Майкрософт) -- D:\Documents and Settings\All Users\Application Data\DisplaySwitch.exe
[2013/04/02 22:53:33 | 000,002,229 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\PrintMaster 16.lnk
[2013/04/02 08:41:32 | 000,006,976 | ---- | M] () -- D:\Documents and Settings\Owner\Desktop\smiley face tshirt.jpg
[2013/04/01 08:58:06 | 003,451,492 | ---- | M] () -- D:\Documents and Settings\Owner\Desktop\2013 Summer session TNS pdf.pdf
[4 D:\WINDOWS\*.tmp files -> D:\WINDOWS\*.tmp -> ]
[11 D:\WINDOWS\System32\*.tmp files -> D:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/04/06 07:31:58 | 002,250,054 | ---- | C] () -- D:\Documents and Settings\All Users\Application Data\1.bmp
[2013/04/06 07:31:41 | 000,302,806 | ---- | C] () -- D:\Documents and Settings\All Users\Application Data\1.jpg
[2013/04/02 16:02:13 | 000,143,723 | ---- | C] () -- D:\Documents and Settings\Owner\Desktop\Copy of Christines list of expectations.jpg
[2013/04/02 16:01:12 | 000,143,723 | ---- | C] () -- D:\Documents and Settings\Owner\Desktop\Christines list of expectations.jpg
[2013/04/02 08:41:56 | 000,006,976 | ---- | C] () -- D:\Documents and Settings\Owner\Desktop\smiley face tshirt.jpg
[2013/04/01 08:57:48 | 003,451,492 | ---- | C] () -- D:\Documents and Settings\Owner\Desktop\2013 Summer session TNS pdf.pdf
[2013/02/04 15:54:36 | 000,000,102 | ---- | C] () -- D:\WINDOWS\VSWizard.ini
[2012/12/31 05:44:59 | 000,352,054 | ---- | C] () -- D:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-583907252-602609370-1417001333-1003-0.dat
[2012/12/31 05:44:52 | 000,352,054 | ---- | C] () -- D:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/12/30 04:17:25 | 000,000,095 | ---- | C] () -- D:\WINDOWS\QBChanUtil_Trigger.ini
[2012/08/18 20:49:04 | 000,667,280 | ---- | C] () -- D:\WINDOWS\System32\tx12.dll
[2012/08/18 20:49:04 | 000,000,530 | ---- | C] () -- D:\WINDOWS\System32\tx12_ic.ini
[2012/08/18 20:49:04 | 000,000,186 | ---- | C] () -- D:\WINDOWS\System32\Gsw32.exe.config
[2012/02/15 02:41:24 | 000,003,072 | ---- | C] () -- D:\WINDOWS\System32\iacenc.dll
[2011/06/07 21:51:20 | 000,000,008 | ---- | C] () -- D:\WINDOWS\System32\nvModes.dat
[2011/03/19 05:52:43 | 000,000,286 | ---- | C] () -- D:\WINDOWS\reimage.ini
[2011/01/12 16:43:17 | 000,001,940 | ---- | C] () -- D:\Documents and Settings\LocalService\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/05/05 21:37:52 | 000,021,204 | ---- | C] () -- D:\WINDOWS\System32\instwdm.ini
[2010/05/05 21:37:50 | 000,000,054 | ---- | C] () -- D:\WINDOWS\System32\ctzapxx.ini
[2010/05/05 20:56:46 | 000,002,560 | ---- | C] () -- D:\WINDOWS\System32\CtxfiRes.dll
[2010/05/05 20:56:46 | 000,002,560 | ---- | C] () -- D:\WINDOWS\CTXFIRES.DLL
[2010/05/02 22:19:05 | 000,001,908 | ---- | C] () -- D:\WINDOWS\GnuHashes.ini
[2010/05/02 22:10:29 | 000,203,776 | -HS- | C] () -- D:\WINDOWS\System32\unrar.exe
[2010/04/03 18:48:36 | 000,004,984 | ---- | C] () -- D:\WINDOWS\System32\drivers\nvphy.bin
[2010/01/06 13:28:42 | 000,000,029 | ---- | C] () -- D:\WINDOWS\DEBUGSM.INI
[2009/11/22 20:09:30 | 000,105,444 | -H-- | C] () -- D:\WINDOWS\System32\mlfcache.dat
[2009/09/13 17:11:43 | 000,001,755 | ---- | C] () -- D:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2009/09/12 23:21:07 | 000,156,160 | ---- | C] () -- D:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/12 21:12:52 | 000,000,158 | ---- | C] () -- D:\Documents and Settings\Owner\default.pls
[2009/09/12 21:07:37 | 000,000,182 | ---- | C] () -- D:\WINDOWS\NeroDigital.ini
[2009/09/12 12:51:06 | 000,057,836 | ---- | C] () -- D:\WINDOWS\System32\EPPICPrinterDB.dat
[2009/09/12 12:51:06 | 000,000,097 | ---- | C] () -- D:\WINDOWS\System32\PICSDK.ini
[2009/09/12 12:51:05 | 000,029,114 | ---- | C] () -- D:\WINDOWS\System32\EPPICPattern1.dat
[2009/09/12 12:51:05 | 000,021,021 | ---- | C] () -- D:\WINDOWS\System32\EPPICPattern3.dat
[2009/09/12 12:51:05 | 000,015,670 | ---- | C] () -- D:\WINDOWS\System32\EPPICPattern5.dat
[2009/09/12 12:51:05 | 000,013,280 | ---- | C] () -- D:\WINDOWS\System32\EPPICPattern2.dat
[2009/09/12 12:51:05 | 000,010,673 | ---- | C] () -- D:\WINDOWS\System32\EPPICPattern4.dat
[2009/09/12 12:51:05 | 000,004,943 | ---- | C] () -- D:\WINDOWS\System32\EPPICPattern6.dat
[2009/09/12 12:51:05 | 000,001,140 | ---- | C] () -- D:\WINDOWS\System32\EPPICPresetData_PT.dat
[2009/09/12 12:51:05 | 000,001,140 | ---- | C] () -- D:\WINDOWS\System32\EPPICPresetData_BP.dat
[2009/09/12 12:51:05 | 000,001,137 | ---- | C] () -- D:\WINDOWS\System32\EPPICPresetData_ES.dat
[2009/09/12 12:51:05 | 000,001,130 | ---- | C] () -- D:\WINDOWS\System32\EPPICPresetData_FR.dat
[2009/09/12 12:51:05 | 000,001,130 | ---- | C] () -- D:\WINDOWS\System32\EPPICPresetData_CF.dat
[2009/09/12 12:51:05 | 000,001,104 | ---- | C] () -- D:\WINDOWS\System32\EPPICPresetData_EN.dat
[2009/09/12 12:48:06 | 000,064,000 | ---- | C] () -- D:\WINDOWS\System32\esfw52.bin
[2009/09/12 01:50:58 | 000,000,000 | ---- | C] () -- D:\WINDOWS\nsreg.dat
[2009/09/11 23:53:40 | 000,012,017 | ---- | C] () -- D:\WINDOWS\hpdj5700.ini
[2009/09/09 14:57:42 | 000,002,048 | --S- | C] () -- D:\WINDOWS\bootstat.dat
[2009/09/09 14:53:56 | 000,021,640 | ---- | C] () -- D:\WINDOWS\System32\emptyregdb.dat
[2009/09/09 09:31:46 | 000,004,319 | ---- | C] () -- D:\WINDOWS\ODBCINST.INI
[2009/09/09 09:30:35 | 000,415,064 | ---- | C] () -- D:\WINDOWS\System32\FNTCACHE.DAT
[2008/05/26 22:59:42 | 000,018,904 | ---- | C] () -- D:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 22:59:40 | 000,106,605 | ---- | C] () -- D:\WINDOWS\System32\structuredqueryschema.bin
[2008/04/14 07:55:28 | 000,001,804 | ---- | C] () -- D:\WINDOWS\System32\Dcache.bin
[2007/09/27 11:51:02 | 000,020,698 | ---- | C] () -- D:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 11:48:48 | 000,030,628 | ---- | C] () -- D:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 11:48:28 | 000,031,698 | ---- | C] () -- D:\WINDOWS\System32\gthrctr.ini
[2006/12/31 09:57:08 | 000,004,569 | ---- | C] () -- D:\WINDOWS\System32\secupd.dat
[2006/05/24 01:00:48 | 000,043,520 | ---- | C] () -- D:\WINDOWS\System32\CTBurst.dll
[2006/05/24 00:20:42 | 000,034,304 | ---- | C] () -- D:\WINDOWS\PSCONV.EXE
[2006/05/23 23:49:25 | 000,321,512 | ---- | C] () -- D:\WINDOWS\System32\ctdlang.dat
[2006/05/23 23:49:25 | 000,056,509 | ---- | C] () -- D:\WINDOWS\System32\ctdnlstr.dat
[2006/05/23 23:37:56 | 000,016,384 | ---- | C] () -- D:\WINDOWS\System32\regplib.exe
[2006/05/23 23:37:12 | 000,140,643 | ---- | C] () -- D:\WINDOWS\System32\CTBAS2W.DAT
[2006/05/23 23:34:34 | 000,264,526 | ---- | C] () -- D:\WINDOWS\System32\CTSBAS2W.DAT
[2006/05/23 23:34:14 | 000,113,221 | ---- | C] () -- D:\WINDOWS\System32\CTBASICW.DAT
[2006/05/23 23:34:13 | 000,231,281 | ---- | C] () -- D:\WINDOWS\System32\CTSBASW.DAT
[2006/05/23 23:33:34 | 000,053,932 | ---- | C] () -- D:\WINDOWS\System32\ctdaught.dat
[2006/05/23 23:33:33 | 000,313,207 | ---- | C] () -- D:\WINDOWS\System32\ctstatic.dat
[2006/05/23 23:33:29 | 000,007,680 | ---- | C] () -- D:\WINDOWS\System32\enlocstr.exe
[2006/02/09 10:06:00 | 001,724,416 | ---- | C] () -- D:\WINDOWS\System32\nvwdmcpl.dll
[2006/02/09 10:06:00 | 001,657,376 | ---- | C] () -- D:\WINDOWS\System32\nwiz.exe
[2006/02/09 10:06:00 | 001,503,232 | ---- | C] () -- D:\WINDOWS\System32\nview.dll
[2006/02/09 10:06:00 | 001,346,080 | ---- | C] () -- D:\WINDOWS\System32\nvdspsch.exe
[2006/02/09 10:06:00 | 001,101,824 | ---- | C] () -- D:\WINDOWS\System32\nvwimg.dll
[2006/02/09 10:06:00 | 000,573,440 | ---- | C] () -- D:\WINDOWS\System32\nvhwvid.dll
[2006/02/09 10:06:00 | 000,466,944 | ---- | C] () -- D:\WINDOWS\System32\nvshell.dll
[2006/02/09 10:06:00 | 000,449,056 | ---- | C] () -- D:\WINDOWS\System32\nvappbar.exe
[2006/02/09 10:06:00 | 000,436,768 | ---- | C] () -- D:\WINDOWS\System32\keystone.exe
[2006/02/09 10:06:00 | 000,286,720 | ---- | C] () -- D:\WINDOWS\System32\nvnt4cpl.dll
[2005/07/26 17:13:12 | 000,000,285 | ---- | C] () -- D:\WINDOWS\System32\kill.ini
[2005/06/07 09:10:50 | 000,070,656 | ---- | C] () -- D:\WINDOWS\System32\CTMMACTL.DLL
[2004/08/04 08:00:00 | 013,107,200 | ---- | C] () -- D:\WINDOWS\System32\oembios.bin
[2004/08/04 08:00:00 | 000,673,088 | ---- | C] () -- D:\WINDOWS\System32\mlang.dat
[2004/08/04 08:00:00 | 000,526,280 | ---- | C] () -- D:\WINDOWS\System32\perfh009.dat
[2004/08/04 08:00:00 | 000,272,128 | ---- | C] () -- D:\WINDOWS\System32\perfi009.dat
[2004/08/04 08:00:00 | 000,218,003 | ---- | C] () -- D:\WINDOWS\System32\dssec.dat
[2004/08/04 08:00:00 | 000,096,136 | ---- | C] () -- D:\WINDOWS\System32\perfc009.dat
[2004/08/04 08:00:00 | 000,046,258 | ---- | C] () -- D:\WINDOWS\System32\mib.bin
[2004/08/04 08:00:00 | 000,028,626 | ---- | C] () -- D:\WINDOWS\System32\perfd009.dat
[2004/08/04 08:00:00 | 000,004,461 | ---- | C] () -- D:\WINDOWS\System32\oembios.dat
[2004/08/04 08:00:00 | 000,000,741 | ---- | C] () -- D:\WINDOWS\System32\noise.dat
[2004/03/17 09:12:48 | 000,000,362 | ---- | C] () -- D:\WINDOWS\hpfins_s04_main.dat
[2004/03/17 09:11:51 | 000,005,428 | ---- | C] () -- D:\WINDOWS\hpfmdl_s04_main.dat

========== LOP Check ==========

[2010/03/28 15:44:33 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Owner\Application Data\Acronis
[2010/09/05 01:54:47 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Owner\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2013/01/06 18:13:46 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Owner\Application Data\CouponXplorer_5z
[2013/02/06 21:39:15 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Owner\Application Data\DisplayTune
[2013/04/06 13:59:40 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Owner\Application Data\Dropbox
[2010/02/21 07:51:05 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Owner\Application Data\EPSON
[2010/07/14 13:57:21 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Owner\Application Data\FCTB000062219
[2009/09/12 12:58:08 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Owner\Application Data\Leadertech
[2012/03/23 23:53:05 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Owner\Application Data\Nova Development
[2009/09/12 18:36:37 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Owner\Application Data\Publish Providers
[2013/03/02 01:19:09 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Owner\Application Data\SanDisk
[2013/01/06 15:48:12 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Owner\Application Data\ShopAtHome
[2009/09/12 18:33:40 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Owner\Application Data\Sony
[2012/01/28 15:07:57 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Owner\Application Data\start
[2010/05/03 08:21:07 | 000,000,000 | -HSD | M] -- D:\Documents and Settings\Owner\Application Data\SystemProc
[2013/01/06 15:28:51 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Owner\Application Data\Toolbar4
[2011/03/04 18:31:58 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Owner\Application Data\TuneUp Software
[2011/02/20 21:09:15 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Owner\Application Data\Uniblue
[2011/03/16 22:58:43 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Owner\Application Data\Windows Desktop Search
[2009/09/12 16:46:24 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Owner\Application Data\Windows Search
[2013/03/01 23:19:43 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2010/03/28 11:53:03 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Acronis
[2009/09/14 09:25:55 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Broderbund Software
[2012/12/30 04:17:14 | 000,000,000 | -H-D | M] -- D:\Documents and Settings\All Users\Application Data\Common Files
[2013/01/06 15:10:50 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Coupon Savings
[2011/03/19 06:15:14 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Driver Whiz
[2011/03/08 22:34:28 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Easy Driver Pro
[2012/12/30 04:20:00 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Nuance
[2009/09/14 09:31:25 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Riverdeep Interactive Learning Limited
[2012/12/30 04:46:29 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\SQL Anywhere 11
[2011/03/04 18:29:51 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\TuneUp Software
[2009/09/13 11:30:35 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\YAHOO
[2010/07/05 08:19:10 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/13 17:26:00 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2013/04/06 13:58:00 | 000,000,420 | -H-- | M] () -- D:\WINDOWS\Tasks\User_Feed_Synchronization-{61B4E9DD-90E9-425C-8E63-E0846AF09692}.job
[2013/04/06 13:30:13 | 000,000,422 | -H-- | M] () -- D:\WINDOWS\Tasks\User_Feed_Synchronization-{AB7E74A9-7650-4151-95B0-9586CA85D4E2}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/09/09 14:56:09 | 000,000,000 | ---- | M] () -- D:\AUTOEXEC.BAT
[2012/05/12 08:19:35 | 000,000,389 | RHS- | M] () -- D:\boot.ini
[2009/09/09 14:56:09 | 000,000,000 | ---- | M] () -- D:\CONFIG.SYS
[2011/03/19 08:26:39 | 000,280,074 | ---- | M] () -- D:\CTSUFile.txt
[2012/08/23 16:17:47 | 000,034,856 | ---- | M] () -- D:\drwtsn32.log
[2011/11/19 00:01:55 | 003,028,918 | ---- | M] () -- D:\GetSupportFiles.zip
[2013/02/04 01:29:51 | 002,000,000 | ---- | M] () -- D:\hpfr5700.log
[2009/09/09 14:56:09 | 000,000,000 | RHS- | M] () -- D:\IO.SYS
[2009/09/09 14:56:09 | 000,000,000 | RHS- | M] () -- D:\MSDOS.SYS
[2008/04/14 00:13:04 | 000,047,564 | RHS- | M] () -- D:\NTDETECT.COM
[2008/04/14 02:01:44 | 000,250,048 | RHS- | M] () -- D:\ntldr
[2013/04/06 13:57:01 | 1610,612,736 | -HS- | M] () -- D:\pagefile.sys
[2009/09/13 15:07:04 | 000,001,658 | ---- | M] () -- D:\Performance.lnk
[2012/04/15 23:12:49 | 000,003,096 | ---- | M] () -- D:\TotalA_log.txt
[2012/08/07 23:59:00 | 000,000,054 | ---- | M] () -- D:\twacker.log


< MD5 for: EXPLORER.EXE >
[2008/04/14 07:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- D:\WINDOWS\explorer.exe
[2008/04/14 07:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- D:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: SERVICES.EXE >
[2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- D:\WINDOWS\system32\dllcache\services.exe
[2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- D:\WINDOWS\system32\services.exe

< MD5 for: USERINIT.EXE >
[2008/04/14 07:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- D:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/14 07:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- D:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2008/04/14 07:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- D:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/14 07:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- D:\WINDOWS\system32\winlogon.exe
< End of report >

#4 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,173 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 06 April 2013 - 02:31 PM

This should get you going:
OK, basically what we want to do is copy the text that's in BOLD into the Custom Scans/Fixes box of OTLPE
Here's how to do that:
Copy the text in BOLD into notepad and save it:


:OTL
O4 - HKLM..\Run: [DisplaySwitch] D:\Documents and Settings\All Users\Application Data\DisplaySwitch.exe (Корпорация Майкрософт)
[2013/04/05 16:45:28 | 000,036,864 | ---- | M] (Корпорация Майкрософт) -- D:\Documents and Settings\All Users\Application Data\DisplaySwitch.exe



Copy it to your flash drive
Boot the computer up using the OTLPE disk
Run OTLPE
Plug in the flash drive
Drag the notepad text to the desktop
Open it up and copy and paste the text into Custom Scans/Fixes
Then click the Run Fix button at the top
Copy and paste the log back here. MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#5 zappedbydale

zappedbydale

    New Member

  • Members
  • Pip
  • 5 posts

Posted 06 April 2013 - 02:40 PM

========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DisplaySwitch not found.
File D:\Documents and Settings\All Users\Application Data\DisplaySwitch.exe not found.
File D:\Documents and Settings\All Users\Application Data\DisplaySwitch.exe not found.

OTLPE by OldTimer - Version 3.1.48.0 log created on 04062013_153143

#6 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,173 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 06 April 2013 - 02:46 PM

Does it boot?? MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#7 zappedbydale

zappedbydale

    New Member

  • Members
  • Pip
  • 5 posts

Posted 06 April 2013 - 02:52 PM

Still not able to run any safe modes, but the message hasn't popped up

#8 zappedbydale

zappedbydale

    New Member

  • Members
  • Pip
  • 5 posts

Posted 06 April 2013 - 03:01 PM

Message still hasn't popped up in normal mode, seems good so far

#9 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,173 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 06 April 2013 - 03:21 PM

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller to your desktop.

RogueKiller<---use this one for 64 bit systems

Quit all running programs.

For Windows XP, double-click to start.
For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.


Click Scan to scan the system.
When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.
(please don't put logs in code or quotes)

MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#10 LDTate

LDTate

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 21,126 posts
  • Gender:Male
  • Location:Missouri, USA

Posted 10 April 2013 - 07:28 AM

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!
Larry Tate
Product Support

Posted Image

Follow us: Twitter, Become a fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users