zappedbydale

Department of Justice ransomware virus

10 posts in this topic

Welcome to the forum.

Did you scan the system with OTLPE???

If so can you post the log.

MrC

Share this post


Link to post
Share on other sites

Yes I did, and heres the post

OTL logfile created on: 4/6/2013 2:26:44 PM - Run

OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE

Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 86.00% Memory free

2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free

Paging file location(s): [binary data over 100 bytes]

%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files

Drive C: | 232.88 Gb Total Space | 34.65 Gb Free Space | 14.88% Space Free | Partition Type: NTFS

Drive D: | 522.91 Gb Total Space | 70.30 Gb Free Space | 13.44% Space Free | Partition Type: NTFS

Drive E: | 298.09 Gb Total Space | 30.54 Gb Free Space | 10.24% Space Free | Partition Type: NTFS

Drive F: | 131.50 Gb Total Space | 91.25 Gb Free Space | 69.40% Space Free | Partition Type: NTFS

Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

Using ControlSet: ControlSet004

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled] -- -- (HidServ)

SRV - File not found [On_Demand] -- -- (AppMgmt)

SRV - [2013/03/18 21:21:26 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand] -- D:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2013/03/12 15:19:27 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- D:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2013/01/06 18:13:16 | 000,042,504 | ---- | M] (COMPANYVERS_NAME) [Auto] -- D:\Program Files\CouponXplorer_5z\bar\1.bin\5zbarsvc.exe -- (CouponXplorer_5zService)

SRV - [2012/12/23 23:33:29 | 000,144,520 | R--- | M] (Symantec Corporation) [Auto] -- D:\Program Files\Norton Internet Security\Engine\20.3.0.36\ccSvcHst.exe -- (NIS)

SRV - [2012/08/18 23:15:12 | 000,045,056 | ---- | M] (Intuit) [Auto] -- D:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)

SRV - [2012/08/18 20:55:30 | 001,248,256 | ---- | M] (Intuit Inc.) [Auto] -- D:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe -- (QBVSS)

SRV - [2012/08/18 20:55:02 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand] -- D:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)

SRV - [2011/08/07 00:39:01 | 000,435,008 | ---- | M] (TuneUp Software) [On_Demand] -- D:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)

SRV - [2011/05/31 13:04:48 | 001,052,480 | ---- | M] (TuneUp Software) [Auto] -- D:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)

SRV - [2011/05/31 13:01:50 | 000,030,016 | ---- | M] (TuneUp Software) [Auto] -- D:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)

SRV - [2010/03/28 11:49:12 | 002,480,048 | ---- | M] (Acronis) [Auto] -- D:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)

SRV - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto] -- D:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)

SRV - [2009/11/12 04:49:10 | 000,660,664 | ---- | M] (Acronis) [Auto] -- D:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)

SRV - [2009/02/23 12:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto] -- D:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)

SRV - [2007/01/31 15:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto] -- D:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)

SRV - [2004/10/22 15:42:44 | 000,049,152 | ---- | M] (Alpha Networks Inc.) [Auto] -- D:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe -- (ANIWZCSdService)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)

DRV - File not found [Kernel | On_Demand] -- -- (SYMREDRV)

DRV - File not found [Kernel | On_Demand] -- -- (SYMNDIS)

DRV - File not found [Kernel | On_Demand] -- -- (SYMIDS)

DRV - File not found [Kernel | On_Demand] -- -- (SYMFW)

DRV - File not found [Kernel | On_Demand] -- -- (SYMDNS)

DRV - File not found [Kernel | On_Demand] -- -- (StMp3Rec)

DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)

DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)

DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)

DRV - File not found [Kernel | System] -- -- (PCIDump)

DRV - File not found [Kernel | System] -- -- (lbrtfdc)

DRV - File not found [Kernel | System] -- -- (i2omgmt)

DRV - File not found [Kernel | Auto] -- -- (cpuz132)

DRV - File not found [Kernel | System] -- -- (Changer)

DRV - [2013/04/03 15:03:27 | 001,603,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- D:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\VirusDefs\20130405.069\NAVEX15.SYS -- (NAVEX15)

DRV - [2013/04/03 15:03:27 | 000,093,296 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- D:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\VirusDefs\20130405.069\NAVENG.SYS -- (NAVENG)

DRV - [2013/03/21 21:52:23 | 000,997,464 | ---- | M] (Symantec Corporation) [Kernel | System] -- D:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\BASHDefs\20130322.001\BHDrvx86.sys -- (BHDrvx86)

DRV - [2013/03/08 18:22:34 | 000,373,728 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- D:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\IPSDefs\20130405.001\IDSXpx86.sys -- (IDSxpx86)

DRV - [2013/03/07 09:01:25 | 000,142,496 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)

DRV - [2013/03/01 14:53:29 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- D:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)

DRV - [2013/01/30 23:18:18 | 000,394,656 | R--- | M] (Symantec Corporation) [Kernel | System] -- D:\WINDOWS\System32\Drivers\NIS\1403000.024\SYMTDI.SYS -- (SYMTDI)

DRV - [2013/01/30 23:18:06 | 000,934,488 | R--- | M] (Symantec Corporation) [File_System | Boot] -- D:\WINDOWS\system32\drivers\NIS\1403000.024\SymEFA.sys -- (SymEFA)

DRV - [2013/01/28 21:45:18 | 000,602,712 | R--- | M] (Symantec Corporation) [File_System | System] -- D:\WINDOWS\System32\Drivers\NIS\1403000.024\SRTSP.SYS -- (SRTSP)

DRV - [2013/01/28 21:45:18 | 000,032,344 | R--- | M] (Symantec Corporation) [Kernel | System] -- D:\WINDOWS\system32\drivers\NIS\1403000.024\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)

DRV - [2013/01/21 22:15:32 | 000,367,704 | R--- | M] (Symantec Corporation) [Kernel | Boot] -- D:\WINDOWS\system32\drivers\NIS\1403000.024\SymDS.sys -- (SymDS)

DRV - [2012/11/15 22:22:01 | 000,175,264 | R--- | M] (Symantec Corporation) [Kernel | System] -- D:\WINDOWS\system32\drivers\NIS\1403000.024\Ironx86.SYS -- (SymIRON)

DRV - [2012/11/15 22:18:04 | 000,134,304 | R--- | M] (Symantec Corporation) [Kernel | System] -- D:\WINDOWS\system32\drivers\NIS\1403000.024\ccSetx86.sys -- (ccSet_NIS)

DRV - [2012/08/08 23:07:19 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System] -- D:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)

DRV - [2010/05/05 22:29:18 | 001,178,200 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\ha20x2k.sys -- (ha20x2k)

DRV - [2010/05/05 22:29:10 | 000,095,832 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)

DRV - [2010/05/05 22:29:02 | 000,158,808 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)

DRV - [2010/05/05 22:28:54 | 000,014,424 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)

DRV - [2010/05/05 22:24:44 | 000,130,136 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)

DRV - [2010/05/05 22:24:34 | 000,347,144 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)

DRV - [2010/05/05 22:24:24 | 000,526,296 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)

DRV - [2010/05/05 22:24:14 | 000,511,064 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)

DRV - [2010/05/05 22:24:04 | 001,324,120 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- D:\WINDOWS\System32\drivers\CTEXFIFX.SYS -- (CTEXFIFX.SYS)

DRV - [2010/05/05 22:24:04 | 001,324,120 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\CTEXFIFX.sys -- (CTEXFIFX)

DRV - [2010/05/05 22:23:52 | 000,072,792 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- D:\WINDOWS\System32\drivers\CTHWIUT.SYS -- (CTHWIUT.SYS)

DRV - [2010/05/05 22:23:52 | 000,072,792 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\CTHWIUT.sys -- (CTHWIUT)

DRV - [2010/05/05 22:23:46 | 000,171,096 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- D:\WINDOWS\System32\drivers\CT20XUT.SYS -- (CT20XUT.SYS)

DRV - [2010/05/05 22:23:46 | 000,171,096 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\CT20XUT.sys -- (CT20XUT)

DRV - [2010/03/28 11:49:15 | 000,160,288 | ---- | M] (Acronis) [File_System | On_Demand] -- D:\WINDOWS\system32\drivers\afcdp.sys -- (afcdp)

DRV - [2010/03/28 11:49:07 | 000,911,680 | ---- | M] (Acronis) [Kernel | Boot] -- D:\WINDOWS\system32\drivers\tdrpm258.sys -- (tdrpman258) Acronis Try&Decide and Restore Points filter (build 258)

DRV - [2010/03/28 11:49:05 | 000,581,984 | ---- | M] (Acronis) [Kernel | Boot] -- D:\WINDOWS\system32\drivers\timntr.sys -- (timounter)

DRV - [2010/03/28 11:48:55 | 000,158,272 | ---- | M] (Acronis) [Kernel | Boot] -- D:\WINDOWS\system32\drivers\snapman.sys -- (snapman)

DRV - [2009/10/14 10:24:44 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand] -- D:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)

DRV - [2008/10/09 21:40:34 | 000,217,128 | ---- | M] (Silicon Image, Inc) [Kernel | Boot] -- D:\WINDOWS\system32\drivers\Si3132r5.sys -- (Si3132r5)

DRV - [2008/10/09 21:40:34 | 000,017,064 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot] -- D:\WINDOWS\system32\drivers\SiWinAcc.sys -- (SiFilter)

DRV - [2008/10/09 21:40:34 | 000,012,200 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot] -- D:\WINDOWS\system32\drivers\SiRemFil.sys -- (SiRemFil)

DRV - [2008/08/01 19:36:26 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)

DRV - [2008/08/01 19:36:20 | 000,054,784 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)

DRV - [2006/11/10 16:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\afc.sys -- (Afc)

DRV - [2005/07/26 09:01:56 | 000,415,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\nvapu.sys -- (nvnforce) Service for NVIDIA® nForce

DRV - [2005/07/26 08:58:30 | 000,053,376 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\nvax.sys -- (nvax) Service for NVIDIA® nForce

DRV - [2005/03/22 21:17:34 | 000,450,400 | ---- | M] (D-Link Corporation) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\A3AB.sys -- (A3AB) D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB)

DRV - [2004/07/27 13:20:46 | 000,028,205 | ---- | M] (Alpha Networks Inc.) [Kernel | Auto] -- D:\WINDOWS\system32\ANIO.sys -- (ANIO)

DRV - [2003/09/19 16:45:48 | 000,021,248 | ---- | M] (Padus, Inc.) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\pfc.sys -- (pfc)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.coupons.com/

IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage

IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 6A 81 E3 13 36 FA D8 42 8A B6 DF 83 01 09 A0 8D [binary data]

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\easy_logoff_switch_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\LocalService_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage

IE - HKU\LocalService_ON_D\Software\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 6A 81 E3 13 36 FA D8 42 8A B6 DF 83 01 09 A0 8D [binary data]

IE - HKU\LocalService_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\NetworkService_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage

IE - HKU\NetworkService_ON_D\Software\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 6A 81 E3 13 36 FA D8 42 8A B6 DF 83 01 09 A0 8D [binary data]

IE - HKU\NetworkService_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Owner_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page = http://danceart.com/

IE - HKU\Owner_ON_D\..\URLSearchHook: {9b138bf3-1d40-4e7e-84bb-2975198ad938} - Reg Error: Key error. File not found

IE - HKU\Owner_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Owner_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://www.wbrz.com/weather/"

FF - prefs.js..extensions.enabledItems: support@lastpass.com:1.72.0

FF - prefs.js..extensions.enabledItems: {75623d5d-4683-402a-b610-ac4bab767c86}:3.0.6

FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.9

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.8

FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1

FF - prefs.js..extensions.enabledItems: 6

FF - prefs.js..extensions.enabledItems: 2

FF - prefs.js..extensions.enabledItems: 49

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {9CE11043-9A15-4207-A565-0C94C42D590D}:11.3.7.0

FF - prefs.js..extensions.enabledItems: {b1acac2e-22c0-4b57-9dd6-3698d5cfc540}:1.0

FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0

FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.6

FF - prefs.js..extensions.enabledItems: {6D5C8FC4-DE46-41bf-9092-93F0F78E9115}:2.1.0.52

FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.12.2.16749

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: D:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@CouponXplorer_5z.com/Plugin: D:\Program Files\CouponXplorer_5z\bar\1.bin\NP5zStub.dll (MindSpark)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: D:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: D:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: D:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\coFFPlgn\ [2013/04/06 13:57:09 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{6D5C8FC4-DE46-41bf-9092-93F0F78E9115}: C:\Documents and Settings\All Users\Application Data\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.2.0.26\coFFFw\

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}: C:\Program Files\Coupons.com CouponBar\firefox\{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}\Coupons.com.xpi [2012/01/26 15:18:46 | 000,185,164 | ---- | M] ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\5zffxtbr@CouponXplorer_5z.com: C:\Program Files\CouponXplorer_5z\bar\1.bin [2013/01/06 18:13:25 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\IPSFFPlgn\ [2013/03/09 00:24:29 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/03/18 21:21:26 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/03/18 21:21:20 | 000,000,000 | ---D | M]

[2010/05/02 04:11:09 | 000,000,000 | ---D | M] (No name found) -- D:\Documents and Settings\Owner\Application Data\Mozilla\Extensions

[2010/05/02 04:11:09 | 000,000,000 | ---D | M] (No name found) -- D:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\mozswing@mozswing.org

[2013/03/08 23:23:57 | 000,000,000 | ---D | M] (No name found) -- D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\x5uq07o3.default\extensions

[2010/07/11 00:56:53 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\x5uq07o3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2012/08/06 09:25:40 | 000,000,000 | ---D | M] (Fast Search by Surf Canyon) -- D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\x5uq07o3.default\extensions\{75623d5d-4683-402a-b610-ac4bab767c86}

[2010/05/03 08:18:19 | 000,000,000 | ---D | M] (XUL Cache) -- D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\x5uq07o3.default\extensions\{b1acac2e-22c0-4b57-9dd6-3698d5cfc540}

[2009/11/22 11:13:06 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\x5uq07o3.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}

[2013/01/06 18:13:25 | 000,000,000 | ---D | M] (CouponXplorer) -- D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\x5uq07o3.default\extensions\5zffxtbr@CouponXplorer_5z.com

[2012/07/26 22:17:41 | 000,000,000 | ---D | M] (LastPass) -- D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\x5uq07o3.default\extensions\support@lastpass.com

[2012/01/30 00:06:36 | 000,000,000 | ---D | M] (ShopAtHome.com Intelligent Shopping Toolbar) -- D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\x5uq07o3.default\extensions\toolbar@shopathome.com

[2012/01/22 19:45:50 | 000,002,470 | ---- | M] () -- D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\x5uq07o3.default\searchplugins\safesearch.xml

[2013/04/03 21:51:50 | 000,002,282 | ---- | M] () -- D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\x5uq07o3.default\searchplugins\surf-canyon.xml

[2013/03/18 21:21:18 | 000,000,000 | ---D | M] (No name found) -- D:\Program Files\Mozilla Firefox\extensions

[2013/03/18 21:21:18 | 000,000,000 | ---D | M] (Adobe Flash Plugin) -- D:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}

File not found (No name found) --

[2013/04/06 13:57:09 | 000,000,000 | ---D | M] (Norton Toolbar) -- D:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\COFFPLGN

[2013/03/09 00:24:29 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- D:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\IPSFFPLGN

() (No name found) -- D:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\X5UQ07O3.DEFAULT\EXTENSIONS\{A7C6CF7F-112C-4500-A7EA-39801A327E5F}.XPI

[2009/09/12 01:43:23 | 000,000,000 | ---D | M] (Java Quick Starter) -- D:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

[2013/03/18 21:21:26 | 000,263,064 | ---- | M] (Mozilla Foundation) -- D:\Program Files\mozilla firefox\components\browsercomps.dll

[2012/10/19 19:18:49 | 000,248,192 | ---- | M] (Coupons, Inc.) -- D:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll

[2012/10/19 19:18:57 | 000,248,192 | ---- | M] (Coupons, Inc.) -- D:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll

[2012/08/29 16:55:42 | 000,002,465 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\bing.xml

[2013/03/08 23:49:32 | 000,002,086 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2004/08/04 08:00:00 | 000,000,734 | ---- | M]) - D:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Toolbar BHO) - {0297a026-3011-46d3-ad62-bb9a7612aea7} - D:\Program Files\CouponXplorer_5z\bar\1.bin\5zbar.dll (MindSpark)

O2 - BHO: (no name) - {13E3816A-FA36-42D8-8AB6-DF830109A08d} - Reg Error: Value error. File not found

O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - D:\Program Files\Norton Internet Security\Engine\20.3.0.36\CoIEPlg.dll (Symantec Corporation)

O2 - BHO: (ShopAtHome.com Cash Back Helper) - {66516A07-F617-488A-90CF-4E690CFB3C5F} - D:\Documents and Settings\Owner\Application Data\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll (ShopAtHome.com)

O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - D:\Program Files\Norton Internet Security\Engine\20.3.0.36\IPS\IPSBHO.dll (Symantec Corporation)

O2 - BHO: (Search Assistant BHO) - {7d69ed06-0171-4379-9528-08df51092727} - D:\Program Files\CouponXplorer_5z\bar\1.bin\5zSrcAs.dll (MindSpark)

O2 - BHO: (no name) - {818B93D5-A4FA-4488-BF14-C4CB7B54AA0C} - No CLSID value found.

O2 - BHO: (DCA BHO) - {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - D:\Program Files\Common Files\FreeCause\DCA\dca-bho.dll (Compete, Inc.)

O2 - BHO: (no name) - {E8DAAA30-6CAA-4b58-9603-8E54238219E2} - No CLSID value found.

O2 - BHO: (TBSB07898 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - D:\Program Files\Coupons.com CouponBar\tbcore3.dll ()

O3 - HKLM\..\Toolbar: (ShopAtHome.com Toolbar) - {311B58DC-A4DC-4B04-B1B5-60299AD3D803} - D:\Documents and Settings\Owner\Application Data\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll (ShopAtHome.com)

O3 - HKLM\..\Toolbar: (CouponXplorer) - {65c72339-fb1d-4155-84e1-9afacee02d6f} - D:\Program Files\CouponXplorer_5z\bar\1.bin\5zbar.dll (MindSpark)

O3 - HKLM\..\Toolbar: (no name) - {674F9426-E0C0-4BEC-A819-5F57D5A94CB3} - No CLSID value found.

O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - D:\Program Files\Norton Internet Security\Engine\20.3.0.36\CoIEPlg.dll (Symantec Corporation)

O3 - HKLM\..\Toolbar: (Coupons.com CouponBar) - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - D:\Program Files\Coupons.com CouponBar\tbcore3.dll ()

O3 - HKLM\..\Toolbar: (no name) - {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKU\Owner_ON_D\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

O3 - HKU\Owner_ON_D\..\Toolbar\WebBrowser: (ShopAtHome.com Toolbar) - {311B58DC-A4DC-4B04-B1B5-60299AD3D803} - D:\Documents and Settings\Owner\Application Data\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll (ShopAtHome.com)

O3 - HKU\Owner_ON_D\..\Toolbar\WebBrowser: (CouponXplorer) - {65C72339-FB1D-4155-84E1-9AFACEE02D6F} - D:\Program Files\CouponXplorer_5z\bar\1.bin\5zbar.dll (MindSpark)

O3 - HKU\Owner_ON_D\..\Toolbar\WebBrowser: (Coupons.com CouponBar) - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - D:\Program Files\Coupons.com CouponBar\tbcore3.dll ()

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [Acronis Scheduler2 Service] D:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)

O4 - HKLM..\Run: [ANIWZCS2Service] D:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Alpha Networks Inc.)

O4 - HKLM..\Run: [APSDaemon] D:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [AudioDrvEmulator] D:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.)

O4 - HKLM..\Run: [CouponXplorer Search Scope Monitor] D:\Program Files\CouponXplorer_5z\bar\1.bin\5zSrchMn.exe (MindSpark)

O4 - HKLM..\Run: [CouponXplorer_5z Browser Plugin Loader] D:\Program Files\CouponXplorer_5z\bar\1.bin\5zbrmon.exe (VER_COMPANY_NAME)

O4 - HKLM..\Run: [CTHelper] D:\WINDOWS\System32\CtHelper.exe (Creative Technology Ltd)

O4 - HKLM..\Run: [DisplaySwitch] D:\Documents and Settings\All Users\Application Data\DisplaySwitch.exe (Корпорация Майкрософт)

O4 - HKLM..\Run: [D-Link AirPlus XtremeG] D:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe (D-Link)

O4 - HKLM..\Run: [HPDJ Taskbar Utility] D:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe (HP)

O4 - HKLM..\Run: [KernelFaultCheck] File not found

O4 - HKLM..\Run: [NBKeyScan] D:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)

O4 - HKLM..\Run: [NeroFilterCheck] D:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)

O4 - HKLM..\Run: [NvCplDaemon] D:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [TrueImageMonitor.exe] D:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)

O4 - HKLM..\Run: [VolPanel] D:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)

O4 - HKU\easy_logoff_switch_ON_D..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] D:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG)

O4 - HKU\easy_logoff_switch_ON_D..\Run: [ROC_JAN2013_TB] File not found

O4 - HKU\Owner_ON_D..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] D:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG)

O4 - Startup: D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Event Reminder.lnk = D:\Program Files\PrintMaster 16\pmremind.exe (Broderbund Properties LLC)

O4 - Startup: D:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk = D:\Program Files\Intuit\QuickBooks 2013\QBW32.EXE (Intuit Inc.)

O4 - Startup: D:\Documents and Settings\Owner\Start Menu\Programs\Startup\Dropbox.lnk = D:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\easy_logoff_switch_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\LocalService_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\NetworkService_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\Owner_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_01\bin\NPJPI150_01.dll (Sun Microsystems, Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - D:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1252718593542 (WUWebControl Class)

O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab (Creative Software AutoUpdate)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1360042616484 (MUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)

O16 - DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab (Java Plug-in 1.5.0_01)

O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab (Creative Software AutoUpdate 2)

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/15116/CTPID.cab (Creative Software AutoUpdate Support Package 1)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - D:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)

O18 - Protocol\Handler\intu-help-qb6 {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - D:\Program Files\Intuit\QuickBooks 2013\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)

O20 - AppInit_DLLs: (C:\WINDOWS\system32\csrsrv32.dll) - File not found

O20 - AppInit_DLLs: (C:\WINDOWS\system32\d3dpmesh32.dll) - File not found

O20 - AppInit_DLLs: (C:\WINDOWS\system32\ct_oal32.dll) - File not found

O20 - HKLM Winlogon: Shell - (Explorer.exe) - D:\WINDOWS\explorer.exe (Microsoft Corporation)

O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - D:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/09/09 14:56:09 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]

O33 - MountPoints2\{0a7e8a0f-cc49-11de-a6d4-001346e35bdd}\Shell - "" = AutoRun

O33 - MountPoints2\{0a7e8a0f-cc49-11de-a6d4-001346e35bdd}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{0a7e8a0f-cc49-11de-a6d4-001346e35bdd}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found

NetSvcs: AppMgmt - File not found

NetSvcs: HidServ - File not found

NetSvcs: Ias - File not found

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: UxTuneUp - D:\WINDOWS\system32\uxtuneup.dll (TuneUp Software)

NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.l3acm - D:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.sl_anet - D:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)

Drivers32: msacm.trspch - D:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)

Drivers32: MSVideo8 - D:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - D:\WINDOWS\System32\iccvid.dll (Radius Inc.)

Drivers32: vidc.iv31 - D:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv32 - D:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv41 - D:\WINDOWS\System32\ir41_32.ax (Intel Corporation)

Drivers32: vidc.iv50 - D:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

========== Files/Folders - Created Within 7 Days ==========

[2013/04/05 22:44:15 | 000,000,000 | ---D | C] -- D:\Program Files\Dropbox

[2013/04/05 16:45:41 | 000,036,864 | ---- | C] (Корпорация Майкрософт) -- D:\Documents and Settings\All Users\Application Data\DisplaySwitch.exe

[2013/04/03 22:45:21 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Documents\Floppy spare

[2013/04/03 21:59:29 | 000,000,000 | ---D | C] -- D:\Boot Floppy 2

[2013/04/03 21:53:36 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Owner\Desktop\New Folder (2)

[2011/03/08 22:40:50 | 000,360,328 | ---- | C] (SanDisk Corporation) -- D:\Program Files\SansaUpdaterInstall.exe

[2010/09/09 11:26:27 | 048,631,947 | ---- | C] (Flexera Software) -- D:\Program Files\PPTWinInstall.3.0.4.exe

[2006/05/24 00:38:39 | 000,060,928 | ---- | C] ( ) -- D:\WINDOWS\System32\a3d.dll

[2006/05/23 23:33:22 | 000,012,800 | ---- | C] ( ) -- D:\WINDOWS\System32\killapps.exe

[4 D:\WINDOWS\*.tmp files -> D:\WINDOWS\*.tmp -> ]

[11 D:\WINDOWS\System32\*.tmp files -> D:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 7 Days ==========

[2013/04/06 13:58:00 | 000,000,420 | -H-- | M] () -- D:\WINDOWS\tasks\User_Feed_Synchronization-{61B4E9DD-90E9-425C-8E63-E0846AF09692}.job

[2013/04/06 13:57:34 | 000,193,636 | ---- | M] () -- D:\WINDOWS\System32\nvapps.xml

[2013/04/06 13:57:05 | 000,002,048 | --S- | M] () -- D:\WINDOWS\bootstat.dat

[2013/04/06 13:30:13 | 000,000,422 | -H-- | M] () -- D:\WINDOWS\tasks\User_Feed_Synchronization-{AB7E74A9-7650-4151-95B0-9586CA85D4E2}.job

[2013/04/06 09:32:27 | 000,012,540 | ---- | M] () -- D:\WINDOWS\System32\wpa.dbl

[2013/04/06 08:19:15 | 000,000,830 | ---- | M] () -- D:\WINDOWS\tasks\Adobe Flash Player Updater.job

[2013/04/06 07:31:59 | 002,250,054 | ---- | M] () -- D:\Documents and Settings\All Users\Application Data\1.bmp

[2013/04/06 07:31:43 | 000,302,806 | ---- | M] () -- D:\Documents and Settings\All Users\Application Data\1.jpg

[2013/04/06 02:15:59 | 000,012,540 | ---- | M] () -- D:\WINDOWS\System32\wpa.bak

[2013/04/05 22:44:36 | 000,001,047 | ---- | M] () -- D:\Documents and Settings\Owner\Start Menu\Programs\Startup\Dropbox.lnk

[2013/04/05 22:43:48 | 000,001,031 | ---- | M] () -- D:\Documents and Settings\Owner\Desktop\Dropbox.lnk

[2013/04/05 22:26:11 | 000,054,736 | ---- | M] () -- D:\WINDOWS\System32\BMXStateBkp-{00000001-00000000-00000006-00001102-00000005-00311102}.rfx

[2013/04/05 22:26:11 | 000,054,736 | ---- | M] () -- D:\WINDOWS\System32\BMXState-{00000001-00000000-00000006-00001102-00000005-00311102}.rfx

[2013/04/05 22:26:11 | 000,000,788 | ---- | M] () -- D:\WINDOWS\System32\DVCState-{00000001-00000000-00000006-00001102-00000005-00311102}.rfx

[2013/04/05 16:45:28 | 000,036,864 | ---- | M] (Корпорация Майкрософт) -- D:\Documents and Settings\All Users\Application Data\DisplaySwitch.exe

[2013/04/02 22:53:33 | 000,002,229 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\PrintMaster 16.lnk

[2013/04/02 08:41:32 | 000,006,976 | ---- | M] () -- D:\Documents and Settings\Owner\Desktop\smiley face tshirt.jpg

[2013/04/01 08:58:06 | 003,451,492 | ---- | M] () -- D:\Documents and Settings\Owner\Desktop\2013 Summer session TNS pdf.pdf

[4 D:\WINDOWS\*.tmp files -> D:\WINDOWS\*.tmp -> ]

[11 D:\WINDOWS\System32\*.tmp files -> D:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/04/06 07:31:58 | 002,250,054 | ---- | C] () -- D:\Documents and Settings\All Users\Application Data\1.bmp

[2013/04/06 07:31:41 | 000,302,806 | ---- | C] () -- D:\Documents and Settings\All Users\Application Data\1.jpg

[2013/04/02 16:02:13 | 000,143,723 | ---- | C] () -- D:\Documents and Settings\Owner\Desktop\Copy of Christines list of expectations.jpg

[2013/04/02 16:01:12 | 000,143,723 | ---- | C] () -- D:\Documents and Settings\Owner\Desktop\Christines list of expectations.jpg

[2013/04/02 08:41:56 | 000,006,976 | ---- | C] () -- D:\Documents and Settings\Owner\Desktop\smiley face tshirt.jpg

[2013/04/01 08:57:48 | 003,451,492 | ---- | C] () -- D:\Documents and Settings\Owner\Desktop\2013 Summer session TNS pdf.pdf

[2013/02/04 15:54:36 | 000,000,102 | ---- | C] () -- D:\WINDOWS\VSWizard.ini

[2012/12/31 05:44:59 | 000,352,054 | ---- | C] () -- D:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-583907252-602609370-1417001333-1003-0.dat

[2012/12/31 05:44:52 | 000,352,054 | ---- | C] () -- D:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat

[2012/12/30 04:17:25 | 000,000,095 | ---- | C] () -- D:\WINDOWS\QBChanUtil_Trigger.ini

[2012/08/18 20:49:04 | 000,667,280 | ---- | C] () -- D:\WINDOWS\System32\tx12.dll

[2012/08/18 20:49:04 | 000,000,530 | ---- | C] () -- D:\WINDOWS\System32\tx12_ic.ini

[2012/08/18 20:49:04 | 000,000,186 | ---- | C] () -- D:\WINDOWS\System32\Gsw32.exe.config

[2012/02/15 02:41:24 | 000,003,072 | ---- | C] () -- D:\WINDOWS\System32\iacenc.dll

[2011/06/07 21:51:20 | 000,000,008 | ---- | C] () -- D:\WINDOWS\System32\nvModes.dat

[2011/03/19 05:52:43 | 000,000,286 | ---- | C] () -- D:\WINDOWS\reimage.ini

[2011/01/12 16:43:17 | 000,001,940 | ---- | C] () -- D:\Documents and Settings\LocalService\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini

[2010/05/05 21:37:52 | 000,021,204 | ---- | C] () -- D:\WINDOWS\System32\instwdm.ini

[2010/05/05 21:37:50 | 000,000,054 | ---- | C] () -- D:\WINDOWS\System32\ctzapxx.ini

[2010/05/05 20:56:46 | 000,002,560 | ---- | C] () -- D:\WINDOWS\System32\CtxfiRes.dll

[2010/05/05 20:56:46 | 000,002,560 | ---- | C] () -- D:\WINDOWS\CTXFIRES.DLL

[2010/05/02 22:19:05 | 000,001,908 | ---- | C] () -- D:\WINDOWS\GnuHashes.ini

[2010/05/02 22:10:29 | 000,203,776 | -HS- | C] () -- D:\WINDOWS\System32\unrar.exe

[2010/04/03 18:48:36 | 000,004,984 | ---- | C] () -- D:\WINDOWS\System32\drivers\nvphy.bin

[2010/01/06 13:28:42 | 000,000,029 | ---- | C] () -- D:\WINDOWS\DEBUGSM.INI

[2009/11/22 20:09:30 | 000,105,444 | -H-- | C] () -- D:\WINDOWS\System32\mlfcache.dat

[2009/09/13 17:11:43 | 000,001,755 | ---- | C] () -- D:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

[2009/09/12 23:21:07 | 000,156,160 | ---- | C] () -- D:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/09/12 21:12:52 | 000,000,158 | ---- | C] () -- D:\Documents and Settings\Owner\default.pls

[2009/09/12 21:07:37 | 000,000,182 | ---- | C] () -- D:\WINDOWS\NeroDigital.ini

[2009/09/12 12:51:06 | 000,057,836 | ---- | C] () -- D:\WINDOWS\System32\EPPICPrinterDB.dat

[2009/09/12 12:51:06 | 000,000,097 | ---- | C] () -- D:\WINDOWS\System32\PICSDK.ini

[2009/09/12 12:51:05 | 000,029,114 | ---- | C] () -- D:\WINDOWS\System32\EPPICPattern1.dat

[2009/09/12 12:51:05 | 000,021,021 | ---- | C] () -- D:\WINDOWS\System32\EPPICPattern3.dat

[2009/09/12 12:51:05 | 000,015,670 | ---- | C] () -- D:\WINDOWS\System32\EPPICPattern5.dat

[2009/09/12 12:51:05 | 000,013,280 | ---- | C] () -- D:\WINDOWS\System32\EPPICPattern2.dat

[2009/09/12 12:51:05 | 000,010,673 | ---- | C] () -- D:\WINDOWS\System32\EPPICPattern4.dat

[2009/09/12 12:51:05 | 000,004,943 | ---- | C] () -- D:\WINDOWS\System32\EPPICPattern6.dat

[2009/09/12 12:51:05 | 000,001,140 | ---- | C] () -- D:\WINDOWS\System32\EPPICPresetData_PT.dat

[2009/09/12 12:51:05 | 000,001,140 | ---- | C] () -- D:\WINDOWS\System32\EPPICPresetData_BP.dat

[2009/09/12 12:51:05 | 000,001,137 | ---- | C] () -- D:\WINDOWS\System32\EPPICPresetData_ES.dat

[2009/09/12 12:51:05 | 000,001,130 | ---- | C] () -- D:\WINDOWS\System32\EPPICPresetData_FR.dat

[2009/09/12 12:51:05 | 000,001,130 | ---- | C] () -- D:\WINDOWS\System32\EPPICPresetData_CF.dat

[2009/09/12 12:51:05 | 000,001,104 | ---- | C] () -- D:\WINDOWS\System32\EPPICPresetData_EN.dat

[2009/09/12 12:48:06 | 000,064,000 | ---- | C] () -- D:\WINDOWS\System32\esfw52.bin

[2009/09/12 01:50:58 | 000,000,000 | ---- | C] () -- D:\WINDOWS\nsreg.dat

[2009/09/11 23:53:40 | 000,012,017 | ---- | C] () -- D:\WINDOWS\hpdj5700.ini

[2009/09/09 14:57:42 | 000,002,048 | --S- | C] () -- D:\WINDOWS\bootstat.dat

[2009/09/09 14:53:56 | 000,021,640 | ---- | C] () -- D:\WINDOWS\System32\emptyregdb.dat

[2009/09/09 09:31:46 | 000,004,319 | ---- | C] () -- D:\WINDOWS\ODBCINST.INI

[2009/09/09 09:30:35 | 000,415,064 | ---- | C] () -- D:\WINDOWS\System32\FNTCACHE.DAT

[2008/05/26 22:59:42 | 000,018,904 | ---- | C] () -- D:\WINDOWS\System32\structuredqueryschematrivial.bin

[2008/05/26 22:59:40 | 000,106,605 | ---- | C] () -- D:\WINDOWS\System32\structuredqueryschema.bin

[2008/04/14 07:55:28 | 000,001,804 | ---- | C] () -- D:\WINDOWS\System32\Dcache.bin

[2007/09/27 11:51:02 | 000,020,698 | ---- | C] () -- D:\WINDOWS\System32\idxcntrs.ini

[2007/09/27 11:48:48 | 000,030,628 | ---- | C] () -- D:\WINDOWS\System32\gsrvctr.ini

[2007/09/27 11:48:28 | 000,031,698 | ---- | C] () -- D:\WINDOWS\System32\gthrctr.ini

[2006/12/31 09:57:08 | 000,004,569 | ---- | C] () -- D:\WINDOWS\System32\secupd.dat

[2006/05/24 01:00:48 | 000,043,520 | ---- | C] () -- D:\WINDOWS\System32\CTBurst.dll

[2006/05/24 00:20:42 | 000,034,304 | ---- | C] () -- D:\WINDOWS\PSCONV.EXE

[2006/05/23 23:49:25 | 000,321,512 | ---- | C] () -- D:\WINDOWS\System32\ctdlang.dat

[2006/05/23 23:49:25 | 000,056,509 | ---- | C] () -- D:\WINDOWS\System32\ctdnlstr.dat

[2006/05/23 23:37:56 | 000,016,384 | ---- | C] () -- D:\WINDOWS\System32\regplib.exe

[2006/05/23 23:37:12 | 000,140,643 | ---- | C] () -- D:\WINDOWS\System32\CTBAS2W.DAT

[2006/05/23 23:34:34 | 000,264,526 | ---- | C] () -- D:\WINDOWS\System32\CTSBAS2W.DAT

[2006/05/23 23:34:14 | 000,113,221 | ---- | C] () -- D:\WINDOWS\System32\CTBASICW.DAT

[2006/05/23 23:34:13 | 000,231,281 | ---- | C] () -- D:\WINDOWS\System32\CTSBASW.DAT

[2006/05/23 23:33:34 | 000,053,932 | ---- | C] () -- D:\WINDOWS\System32\ctdaught.dat

[2006/05/23 23:33:33 | 000,313,207 | ---- | C] () -- D:\WINDOWS\System32\ctstatic.dat

[2006/05/23 23:33:29 | 000,007,680 | ---- | C] () -- D:\WINDOWS\System32\enlocstr.exe

[2006/02/09 10:06:00 | 001,724,416 | ---- | C] () -- D:\WINDOWS\System32\nvwdmcpl.dll

[2006/02/09 10:06:00 | 001,657,376 | ---- | C] () -- D:\WINDOWS\System32\nwiz.exe

[2006/02/09 10:06:00 | 001,503,232 | ---- | C] () -- D:\WINDOWS\System32\nview.dll

[2006/02/09 10:06:00 | 001,346,080 | ---- | C] () -- D:\WINDOWS\System32\nvdspsch.exe

[2006/02/09 10:06:00 | 001,101,824 | ---- | C] () -- D:\WINDOWS\System32\nvwimg.dll

[2006/02/09 10:06:00 | 000,573,440 | ---- | C] () -- D:\WINDOWS\System32\nvhwvid.dll

[2006/02/09 10:06:00 | 000,466,944 | ---- | C] () -- D:\WINDOWS\System32\nvshell.dll

[2006/02/09 10:06:00 | 000,449,056 | ---- | C] () -- D:\WINDOWS\System32\nvappbar.exe

[2006/02/09 10:06:00 | 000,436,768 | ---- | C] () -- D:\WINDOWS\System32\keystone.exe

[2006/02/09 10:06:00 | 000,286,720 | ---- | C] () -- D:\WINDOWS\System32\nvnt4cpl.dll

[2005/07/26 17:13:12 | 000,000,285 | ---- | C] () -- D:\WINDOWS\System32\kill.ini

[2005/06/07 09:10:50 | 000,070,656 | ---- | C] () -- D:\WINDOWS\System32\CTMMACTL.DLL

[2004/08/04 08:00:00 | 013,107,200 | ---- | C] () -- D:\WINDOWS\System32\oembios.bin

[2004/08/04 08:00:00 | 000,673,088 | ---- | C] () -- D:\WINDOWS\System32\mlang.dat

[2004/08/04 08:00:00 | 000,526,280 | ---- | C] () -- D:\WINDOWS\System32\perfh009.dat

[2004/08/04 08:00:00 | 000,272,128 | ---- | C] () -- D:\WINDOWS\System32\perfi009.dat

[2004/08/04 08:00:00 | 000,218,003 | ---- | C] () -- D:\WINDOWS\System32\dssec.dat

[2004/08/04 08:00:00 | 000,096,136 | ---- | C] () -- D:\WINDOWS\System32\perfc009.dat

[2004/08/04 08:00:00 | 000,046,258 | ---- | C] () -- D:\WINDOWS\System32\mib.bin

[2004/08/04 08:00:00 | 000,028,626 | ---- | C] () -- D:\WINDOWS\System32\perfd009.dat

[2004/08/04 08:00:00 | 000,004,461 | ---- | C] () -- D:\WINDOWS\System32\oembios.dat

[2004/08/04 08:00:00 | 000,000,741 | ---- | C] () -- D:\WINDOWS\System32\noise.dat

[2004/03/17 09:12:48 | 000,000,362 | ---- | C] () -- D:\WINDOWS\hpfins_s04_main.dat

[2004/03/17 09:11:51 | 000,005,428 | ---- | C] () -- D:\WINDOWS\hpfmdl_s04_main.dat

========== LOP Check ==========

[2010/03/28 15:44:33 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Owner\Application Data\Acronis

[2010/09/05 01:54:47 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Owner\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

[2013/01/06 18:13:46 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Owner\Application Data\CouponXplorer_5z

[2013/02/06 21:39:15 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Owner\Application Data\DisplayTune

[2013/04/06 13:59:40 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Owner\Application Data\Dropbox

[2010/02/21 07:51:05 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Owner\Application Data\EPSON

[2010/07/14 13:57:21 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Owner\Application Data\FCTB000062219

[2009/09/12 12:58:08 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Owner\Application Data\Leadertech

[2012/03/23 23:53:05 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Owner\Application Data\Nova Development

[2009/09/12 18:36:37 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Owner\Application Data\Publish Providers

[2013/03/02 01:19:09 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Owner\Application Data\SanDisk

[2013/01/06 15:48:12 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Owner\Application Data\ShopAtHome

[2009/09/12 18:33:40 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Owner\Application Data\Sony

[2012/01/28 15:07:57 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Owner\Application Data\start

[2010/05/03 08:21:07 | 000,000,000 | -HSD | M] -- D:\Documents and Settings\Owner\Application Data\SystemProc

[2013/01/06 15:28:51 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Owner\Application Data\Toolbar4

[2011/03/04 18:31:58 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Owner\Application Data\TuneUp Software

[2011/02/20 21:09:15 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Owner\Application Data\Uniblue

[2011/03/16 22:58:43 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Owner\Application Data\Windows Desktop Search

[2009/09/12 16:46:24 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Owner\Application Data\Windows Search

[2013/03/01 23:19:43 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1

[2010/03/28 11:53:03 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Acronis

[2009/09/14 09:25:55 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Broderbund Software

[2012/12/30 04:17:14 | 000,000,000 | -H-D | M] -- D:\Documents and Settings\All Users\Application Data\Common Files

[2013/01/06 15:10:50 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Coupon Savings

[2011/03/19 06:15:14 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Driver Whiz

[2011/03/08 22:34:28 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Easy Driver Pro

[2012/12/30 04:20:00 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Nuance

[2009/09/14 09:31:25 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Riverdeep Interactive Learning Limited

[2012/12/30 04:46:29 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\SQL Anywhere 11

[2011/03/04 18:29:51 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\TuneUp Software

[2009/09/13 11:30:35 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\YAHOO

[2010/07/05 08:19:10 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2009/09/13 17:26:00 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

[2013/04/06 13:58:00 | 000,000,420 | -H-- | M] () -- D:\WINDOWS\Tasks\User_Feed_Synchronization-{61B4E9DD-90E9-425C-8E63-E0846AF09692}.job

[2013/04/06 13:30:13 | 000,000,422 | -H-- | M] () -- D:\WINDOWS\Tasks\User_Feed_Synchronization-{AB7E74A9-7650-4151-95B0-9586CA85D4E2}.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >

[2009/09/09 14:56:09 | 000,000,000 | ---- | M] () -- D:\AUTOEXEC.BAT

[2012/05/12 08:19:35 | 000,000,389 | RHS- | M] () -- D:\boot.ini

[2009/09/09 14:56:09 | 000,000,000 | ---- | M] () -- D:\CONFIG.SYS

[2011/03/19 08:26:39 | 000,280,074 | ---- | M] () -- D:\CTSUFile.txt

[2012/08/23 16:17:47 | 000,034,856 | ---- | M] () -- D:\drwtsn32.log

[2011/11/19 00:01:55 | 003,028,918 | ---- | M] () -- D:\GetSupportFiles.zip

[2013/02/04 01:29:51 | 002,000,000 | ---- | M] () -- D:\hpfr5700.log

[2009/09/09 14:56:09 | 000,000,000 | RHS- | M] () -- D:\IO.SYS

[2009/09/09 14:56:09 | 000,000,000 | RHS- | M] () -- D:\MSDOS.SYS

[2008/04/14 00:13:04 | 000,047,564 | RHS- | M] () -- D:\NTDETECT.COM

[2008/04/14 02:01:44 | 000,250,048 | RHS- | M] () -- D:\ntldr

[2013/04/06 13:57:01 | 1610,612,736 | -HS- | M] () -- D:\pagefile.sys

[2009/09/13 15:07:04 | 000,001,658 | ---- | M] () -- D:\Performance.lnk

[2012/04/15 23:12:49 | 000,003,096 | ---- | M] () -- D:\TotalA_log.txt

[2012/08/07 23:59:00 | 000,000,054 | ---- | M] () -- D:\twacker.log

< MD5 for: EXPLORER.EXE >

[2008/04/14 07:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- D:\WINDOWS\explorer.exe

[2008/04/14 07:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- D:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: SERVICES.EXE >

[2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- D:\WINDOWS\system32\dllcache\services.exe

[2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- D:\WINDOWS\system32\services.exe

< MD5 for: USERINIT.EXE >

[2008/04/14 07:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- D:\WINDOWS\system32\dllcache\userinit.exe

[2008/04/14 07:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- D:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >

[2008/04/14 07:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- D:\WINDOWS\system32\dllcache\winlogon.exe

[2008/04/14 07:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- D:\WINDOWS\system32\winlogon.exe

< End of report >

Share this post


Link to post
Share on other sites

This should get you going:

OK, basically what we want to do is copy the text that's in BOLD into the Custom Scans/Fixes box of OTLPE

Here's how to do that:

Copy the text in BOLD into notepad and save it:

:OTL

O4 - HKLM..\Run: [DisplaySwitch] D:\Documents and Settings\All Users\Application Data\DisplaySwitch.exe (Корпорация Майкрософт)

[2013/04/05 16:45:28 | 000,036,864 | ---- | M] (Корпорация Майкрософт) -- D:\Documents and Settings\All Users\Application Data\DisplaySwitch.exe

Copy it to your flash drive

Boot the computer up using the OTLPE disk

Run OTLPE

Plug in the flash drive

Drag the notepad text to the desktop

Open it up and copy and paste the text into Custom Scans/Fixes

Then click the Run Fix button at the top

Copy and paste the log back here. MrC

Share this post


Link to post
Share on other sites

========== OTL ==========

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DisplaySwitch not found.

File D:\Documents and Settings\All Users\Application Data\DisplaySwitch.exe not found.

File D:\Documents and Settings\All Users\Application Data\DisplaySwitch.exe not found.

OTLPE by OldTimer - Version 3.1.48.0 log created on 04062013_153143

Share this post


Link to post
Share on other sites

Still not able to run any safe modes, but the message hasn't popped up

Share this post


Link to post
Share on other sites

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller to your desktop.

RogueKiller<---use this one for 64 bit systems

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes)

MrC

Share this post


Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.