Page 1 of 3 123 LastLast
Results 1 to 10 of 25

Thread: "Security Shield was installed successfully" Huh?

  1. #1
    Member
    Join Date
    Mar 2006
    Location
    USA
    Posts
    50

    Default "Security Shield was installed successfully" Huh?

    Here is what happened and what I've done so far:

    I clicked on a webpage while browsing and a box opened saying [Security Shield has installed successfully!]. Suspicious, I didn't dare click anywhere in the box, my delete key is not working so I could not ctrl+alt+delete it either, so I right clicked on the task bar to 'close' it. That prompted a "system check scan" (fake I'm sure) so I quickly turned my computer off. I restarted it a few minutes later, and disabled my wireless connection. I tried to run free AVG 2012 but a message appeared stating [AVG failed to start because the application configuration is incorrect. Reinstalling the application may fix this problem.] I didn't reinstall, figuring it had been disabled by the malware. Um, do I have to be connected to run AVG??

    At this point I should admit that I am not very tech savvy, so the following may seem somewhat...'naive' too. I then opened msconfig to see if any new boxes had been checked in startup and it didn't seem so. (I hate anything running in startup that doesn't have too, so I disable the obvious) I then started a search (including hidden files) for files named or with, "security" in them that was modified today 1.26.12. The search produced two files found in C:windows/system32/config - both named "Security". One was a 1K text file and the other a 256K "file." There was a warning before opening the Windows folder basically warning 'dumbies' like me not to mess around in there if you don't know what you are doing. So I resisted the temptation to drag those two files out to a new folder on the desktop and exited before touching anything.

    Still scrambling for something that might help, I started S&D even though I was not going to be able to update it first (still worried about connecting to the internet, unless you say I can). S&D found about five things and fixed them (mostly cookies, I wrote them down, jic). Interestingly, before the scan started, a screen came up saying the scan would go faster if I allowed it to delete the files in the temporary folder, and I did so. It then came up saying [Spybot removed ? files, 2 files are still running and cannot be removed].

    Knowing I needed help, I got out an old laptop and came here looking for assistance. I read Tashi's stickey notes and followed the directions. I did have to save ERUNT and DDS to a thumb drive first, then move and save it to the desktop on the affected pc (an Asus eee netbook, btw). Running ERUNT I didn't get the last "file>exit" window, but something a bit different. It created and saved something to a folder in C:windows/ERUNT (I assume it was a backup of the registry...it had today's date). Running DDS, I got as far as the black screen, it then flashed a blue screen quickly (with lots of white writing), then proceeded to restart itself. I now have a "Activate Desktop Recovery" screen (with options. It's hard to read them as the icons are jumbled with the writing), one however is a button [Restore My Desktop]. After a moment another window popped up with [An error has occurred in the script on this page, ...continue.....Yes / No]? I am out of my league, and this is where I am, and also why I'm on a different computer.

    This wonderful forum helped me a several years ago and I hope you can "save" me again! I would sure appreciate any help you could offer.

    Many thanks. for what you do.
    Robin

  2. #2
    Security Expert oldman960's Avatar
    Join Date
    Sep 2010
    Posts
    631

    Default

    Hi MTnestRobin, welcome to the forum.

    To make cleaning this machine easier
    • Please do not uninstall/install any programs unless asked to
      It is more difficult when files/programs are appearing in/disappearing from the logs.
    • Please do not run any scans other than those requested
    • Please follow all instructions in the order posted
    • All logs/reports, etc.. must be posted in Notepad. Please ensure that word wrap is unchecked. In notepad click format, uncheck word wrap if it is checked.
    • Do not attach any logs/reports, etc.. unless specifically requested to do so.
    • If you have problems with or do not understand the instructions, Please ask before continuing.
    • Please stay with this thread until given the All Clear. A absence of symptoms does not mean a clean machine.


    Basically your system crashed. Click the restore button to restore your desktop then reboot the computer.

    The crash could have been an interaction between the malware and DDS or just the malware.

    Next
    Download aswMBR.exe to your desktop.

    Double click the aswMBR.exe to run it

    Click the "Scan" button to start scan


    On completion of the scan click save log, save it to your desktop and post in your next reply


    There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

    Next

    Download OTL to your desktop.
    • Double click on OTL.exe to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • When the window appears, underneath Output at the top change it to Minimal Output
    • Check the boxes beside LOP Check and Purity Check.
    • In the window under Custom Scans/Fixes copy and paste the following


      netsvcs
      %SYSTEMDRIVE%\*.*
      %systemroot%\Fonts\*.com
      %systemroot%\Fonts\*.dll
      %systemroot%\Fonts\*.ini
      %systemroot%\Fonts\*.ini2
      %systemroot%\Fonts\*.exe
      %systemroot%\system32\spool\prtprocs\w32x86\*.*
      %systemroot%\REPAIR\*.bak1
      %systemroot%\REPAIR\*.ini
      %systemroot%\system32\*.jpg
      %systemroot%\*.jpg
      %systemroot%\*.png
      %systemroot%\*.scr
      %systemroot%\*._sy
      %APPDATA%\Adobe\Update\*.*
      %ALLUSERSPROFILE%\Favorites\*.*
      %APPDATA%\Microsoft\*.*
      %PROGRAMFILES%\*.*
      %APPDATA%\Update\*.*
      %systemroot%\*. /mp /s
      CREATERESTOREPOINT
      %systemroot%\System32\config\*.sav
      %PROGRAMFILES%\bak. /s
      %systemroot%\system32\bak. /s
      %ALLUSERSPROFILE%\Start Menu\*.lk /x
      %systemroot%\system32\config\systemprofile\*.dat /x
      %systemroot%\*.config
      %systemroot%\system32\*.db
      %PROGRAMFILES%\Internet Explorer\*.dat
      %APPDATA%\Mikzosoft\Internet Explorer\Quick Launch\*.lnk /x
      %USERPROFILE%\Desktop\*.exe
      %PROGRAMFILES%\Common Files\*.*
      %systemroot%\*.src
      %systemroot%\install\*.*
      %systemroot%\system32\DLL\*.*
      %systemroot%\system32\HelpFiles\*.*
      %systemroot%\system32\rundll\*.*
      %systemroot%\winn32\*.*
      %systemroot%\Java\*.*
      %systemroot%\system32\test\*.*
      %systemroot%\system32\Rundll32\*.*
      HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
      %USERPROFILE%\..|smtmp;true;true;true /FP
      %temp%\smtmp\*.* /s
      /md5start
      iexplore.*
      explorer.*
      winlogon.*
      dll
      zx.dll
      hlp.dat
      consrv.dll
      /md5stop

    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

    When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

    Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

    Please post back with
    • aswMBR log
    • both OTL logs
    Member of UNITE and ASAP
    Threads will be closed if no response after 5 days.

  3. #3
    Member
    Join Date
    Mar 2006
    Location
    USA
    Posts
    50

    Default

    Thank you, thank you, thank you Oldman960 for coming to my rescue!

    I can't get the 'restore the active desktop' to work. When I push the button I get this message again, [An error has occurred in the script on this page, ...continue.....Yes / No]. When I push yes (or no) nothing happens other than the message goes away.

    I have the aswMBR.exe downloaded to a thumb drive. Should I insert it into the usb of the infected machine and see if it does anything?

    Much appreciation,
    Robin

  4. #4
    Security Expert oldman960's Avatar
    Join Date
    Sep 2010
    Posts
    631

    Default

    Hi MTnestRobin,

    Move both OTL and aswMBR to the desktop of the infected computer if possible. If not move them to C:\ and run them from there. These are scantools and will not fix anything when ran. The fixin' comes after we gather the information we need.
    Member of UNITE and ASAP
    Threads will be closed if no response after 5 days.

  5. #5
    Member
    Join Date
    Mar 2006
    Location
    USA
    Posts
    50

    Default aswMBR and Extras Reports

    Hello Oldman960,

    I was able to successfully move those files onto the desktop of the infected computer using the thumb drive.

    After the scan there was no .dat file file on the desktop, only a .txt file. I right clicked and zipped that one. Let me know if you want me to try again.

    Question: Can I (or should I,) reconnect the infected computer to the internet?

    Here is the Extras Report (OTL Report to follow in separate post):

    OTL Extras logfile created on: 2/2/2012 10:24:56 PM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Robin\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1015.17 Mb Total Physical Memory | 612.46 Mb Available Physical Memory | 60.33% Memory free
    2.38 Gb Paging File | 1.97 Gb Available in Paging File | 82.60% Paging File free
    Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 72.06 Gb Total Space | 38.45 Gb Free Space | 53.36% Space Free | Partition Type: NTFS
    Drive D: | 72.05 Gb Total Space | 71.75 Gb Free Space | 99.58% Space Free | Partition Type: NTFS

    Computer Name: ROBINSNETBOOK | User Name: Robin | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 1
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
    "139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\WINDOWS\system32\lxbucoms.exe" = C:\WINDOWS\system32\lxbucoms.exe:*:Disabled:6200 Series Server -- (Lexmark International, Inc.)
    "C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
    "C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer
    "C:\Program Files\AVG\AVG2012\avgmfapx.exe" = C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
    "C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
    "C:\Documents and Settings\Robin\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\Robin\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
    "C:\Program Files\AVG\AVG2012\avgnsx.exe" = C:\Program Files\AVG\AVG2012\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
    "C:\Program Files\AVG\AVG2012\avgdiagex.exe" = C:\Program Files\AVG\AVG2012\avgdiagex.exe:*:Enabled:AVG Diagnostics 2012 -- (AVG Technologies CZ, s.r.o.)
    "C:\Program Files\AVG\AVG2012\avgemcx.exe" = C:\Program Files\AVG\AVG2012\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0FABD3D7-3036-4e78-B29D-58957ADB0A12}" = HP PSC & OfficeJet 3.5
    "{11728A17-412A-4A08-91C4-ACD8ADEDCE82}" = Angry Birds
    "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
    "{19F5658D-92E8-4A08-8657-D38ABB1574B2}" = Asus ACPI Driver
    "{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP
    "{24C8FBF7-26C6-48ca-834B-A4E5C09E362F}" = AiO_Scan
    "{257EC58E-03FD-472B-A9B6-93F23A3C4CB0}" = Scan
    "{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 21
    "{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
    "{300D9EF4-2721-4cb4-A6C3-FB2337CFEA2D}" = AIOMinimal
    "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
    "{3127F76D-5335-4AC7-BD1E-2F5247A23C24}" = iTunes
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{3FB39BED-37C8-4E60-8E02-315B8C2B07E3}" = USB2.0 UVC Camera Device
    "{47BACF74-5A07-48BD-BADB-A769550F0F5A}" = FontResizer
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate for Eee PC
    "{6333FC29-BFE5-4024-AC78-958A1A7555D1}" = EeeSplendid
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
    "{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
    "{8398852A-7B61-4808-8F58-D0A40D1B2CB6}" = AVG 2012
    "{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
    "{88F08F98-12BC-4613-81A2-8F9B88CFC73E}" = Super Hybrid Engine
    "{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Azurewave Wireless LAN Card
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
    "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype 5.5
    "{AC76BA86-7AD7-1033-7B44-A81100000003}" = Adobe Reader 8.1.1
    "{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint Plus
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B9BDA46B-2E17-4F43-9D7A-9B1E09A0A4D8}" = Data Sync
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C72CA49A-9237-4810-8449-45DA3BD26D64}" = EzMessenger
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D186329B-1B4D-408D-ABEC-EA5CE1F182C9}" = Overland
    "{D647F06F-2908-487E-9CDA-DE52148CBF49}" = OverDrive Media Console
    "{E171F5DA-6F17-472D-A223-92468142C5E8}" = AVG 2012
    "{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
    "{EBB7C1C1-D439-4D9B-9FDC-954C10F266B0}" = Adobe Photoshop Elements 4.0
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe Photoshop Elements 4" = Adobe Photoshop Elements 4.0
    "AudibleManager" = AudibleManager
    "AVG" = AVG 2012
    "Cisco Connect" = Cisco Connect
    "CutePDF Writer Installation" = CutePDF Writer 2.8
    "DX-Ball 1.09" = DX-Ball 1.09
    "Eee Docking_is1" = Eee Docking 1.3.1.0
    "EeePC_1005HA" = EeePC_1005HA Screen Saver
    "ERUNT_is1" = ERUNT 1.1j
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "Hoyle Puzzle and Board Games Classic" = Hoyle Puzzle and Board Games Classic
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie7" = Windows Internet Explorer 7
    "ie8" = Windows Internet Explorer 8
    "Lexmark 6200 Series" = Lexmark 6200 Series
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "MSPUB5" = Microsoft Publisher 98
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "SCRABBLE" = SCRABBLE
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "VLC media player" = VLC media player 1.1.11
    "Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "WinZip" = WinZip
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Dropbox" = Dropbox

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 9/30/2011 5:02:17 PM | Computer Name = YOUR-E9ZDEK3JF1 | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 15734

    Error - 9/30/2011 5:02:33 PM | Computer Name = YOUR-E9ZDEK3JF1 | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 9/30/2011 5:02:33 PM | Computer Name = YOUR-E9ZDEK3JF1 | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 31469

    Error - 9/30/2011 5:02:33 PM | Computer Name = YOUR-E9ZDEK3JF1 | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 31469

    Error - 9/30/2011 5:02:48 PM | Computer Name = YOUR-E9ZDEK3JF1 | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 9/30/2011 5:02:48 PM | Computer Name = YOUR-E9ZDEK3JF1 | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 47078

    Error - 9/30/2011 5:02:48 PM | Computer Name = YOUR-E9ZDEK3JF1 | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 47078

    Error - 9/30/2011 5:11:11 PM | Computer Name = YOUR-E9ZDEK3JF1 | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 9/30/2011 5:11:11 PM | Computer Name = YOUR-E9ZDEK3JF1 | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 549812

    Error - 9/30/2011 5:11:11 PM | Computer Name = YOUR-E9ZDEK3JF1 | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 549812

    [ System Events ]
    Error - 2/2/2012 9:58:42 PM | Computer Name = ROBINSNETBOOK | Source = SideBySide | ID = 16842811
    Description = Generate Activation Context failed for C:\Program Files\AVG\AVG2012\avgtray.exe.
    Reference
    error message: The operation completed successfully. .

    Error - 2/2/2012 10:04:29 PM | Computer Name = ROBINSNETBOOK | Source = SideBySide | ID = 16842784
    Description = Dependent Assembly Microsoft.VC90.MFC could not be found and Last
    Error was The referenced assembly is not installed on your system.

    Error - 2/2/2012 10:04:29 PM | Computer Name = ROBINSNETBOOK | Source = SideBySide | ID = 16842811
    Description = Resolve Partial Assembly failed for Microsoft.VC90.MFC. Reference error
    message: The referenced assembly is not installed on your system. .

    Error - 2/2/2012 10:04:29 PM | Computer Name = ROBINSNETBOOK | Source = SideBySide | ID = 16842811
    Description = Generate Activation Context failed for C:\Program Files\AVG\AVG2012\avgse.dll.
    Reference
    error message: The operation completed successfully. .

    Error - 2/2/2012 10:31:17 PM | Computer Name = ROBINSNETBOOK | Source = SideBySide | ID = 16842784
    Description = Dependent Assembly Microsoft.VC90.MFC could not be found and Last
    Error was The referenced assembly is not installed on your system.

    Error - 2/2/2012 10:31:17 PM | Computer Name = ROBINSNETBOOK | Source = SideBySide | ID = 16842811
    Description = Resolve Partial Assembly failed for Microsoft.VC90.MFC. Reference error
    message: The referenced assembly is not installed on your system. .

    Error - 2/2/2012 10:31:17 PM | Computer Name = ROBINSNETBOOK | Source = SideBySide | ID = 16842811
    Description = Generate Activation Context failed for C:\Program Files\AVG\AVG2012\avgse.dll.
    Reference
    error message: The operation completed successfully. .

    Error - 2/2/2012 10:36:56 PM | Computer Name = ROBINSNETBOOK | Source = SideBySide | ID = 16842784
    Description = Dependent Assembly Microsoft.VC90.MFC could not be found and Last
    Error was The referenced assembly is not installed on your system.

    Error - 2/2/2012 10:36:56 PM | Computer Name = ROBINSNETBOOK | Source = SideBySide | ID = 16842811
    Description = Resolve Partial Assembly failed for Microsoft.VC90.MFC. Reference error
    message: The referenced assembly is not installed on your system. .

    Error - 2/2/2012 10:36:56 PM | Computer Name = ROBINSNETBOOK | Source = SideBySide | ID = 16842811
    Description = Generate Activation Context failed for C:\Program Files\AVG\AVG2012\avgse.dll.
    Reference
    error message: The operation completed successfully. .


    < End of report >
    Attached Files Attached Files

  6. #6
    Member
    Join Date
    Mar 2006
    Location
    USA
    Posts
    50

    Default OTL Report

    OTL logfile created on: 2/2/2012 10:24:56 PM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Robin\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1015.17 Mb Total Physical Memory | 612.46 Mb Available Physical Memory | 60.33% Memory free
    2.38 Gb Paging File | 1.97 Gb Available in Paging File | 82.60% Paging File free
    Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 72.06 Gb Total Space | 38.45 Gb Free Space | 53.36% Space Free | Partition Type: NTFS
    Drive D: | 72.05 Gb Total Space | 71.75 Gb Free Space | 99.58% Space Free | Partition Type: NTFS

    Computer Name: ROBINSNETBOOK | User Name: Robin | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Documents and Settings\Robin\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Documents and Settings\Robin\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    PRC - C:\Program Files\AVG\AVG2012\avgnsx.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\AVG\AVG2012\avgemcx.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\AVG\AVG2012\avgrsx.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\AVG\AVG2012\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe (ASUSTeK Computer Inc.)
    PRC - C:\Program Files\EeePC\ACPI\AsTray.exe (ASUSTeK Computer Inc.)
    PRC - C:\Program Files\EeePC\ACPI\AsEPCMon.exe (ASUSTeK Computer Inc.)
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    PRC - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe ()


    ========== Modules (No Company Name) ==========

    MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
    MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
    MOD - C:\WINDOWS\system32\cpwmon2k.dll ()
    MOD - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe ()
    MOD - C:\WINDOWS\system32\spool\prtprocs\w32x86\lxbuPP5C.DLL ()


    ========== Win32 Services (SafeList) ==========

    SRV - (AppMgmt) -- File not found
    SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
    SRV - (avgwd) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
    SRV - (AdobeActiveFileMonitor4.0) -- C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe ()
    SRV - (lxbu_device) -- C:\WINDOWS\System32\lxbucoms.exe (Lexmark International, Inc.)


    ========== Driver Services (SafeList) ==========

    DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
    DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
    DRV - (Avgrkx86) -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
    DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
    DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
    DRV - (AVGIDSFilter) -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
    DRV - (AVGIDSEH) -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys (AVG Technologies CZ, s.r.o. )
    DRV - (AVGIDSDriver) -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
    DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
    DRV - (SRS_PremiumSound_Service) -- C:\WINDOWS\system32\drivers\SRS_PremiumSound_i386.sys ()
    DRV - (AR5416) -- C:\WINDOWS\system32\drivers\athw.sys (Atheros Communications, Inc.)
    DRV - (L1c) -- C:\WINDOWS\system32\drivers\l1c51x86.sys (Atheros Communications, Inc.)
    DRV - (uvclf) -- C:\WINDOWS\system32\drivers\uvclf.sys (GenesysLogic Technologies, Inc.)
    DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)
    DRV - (AsusACPI) -- C:\WINDOWS\system32\drivers\ASUSACPI.SYS (ASUSTeK Computer Inc.)
    DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========


    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.facebook.com/home.php? [binary data]
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "http://my.yahoo.com/|http://www.facebook.com/home.php?"
    FF - prefs.js..extensions.enabledItems: :1.0
    FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:12.0.0.1865
    FF - prefs.js..network.proxy.no_proxies_on: "*.local"
    FF - prefs.js..network.proxy.type: 0

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2011/12/23 08:07:03 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/24 11:54:18 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

    [2011/02/04 13:09:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Robin\Application Data\Mozilla\Extensions
    [2011/12/09 21:10:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Robin\Application Data\Mozilla\Firefox\Profiles\50spamrh.default\extensions
    [2011/02/04 13:57:07 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Robin\Application Data\Mozilla\Firefox\Profiles\50spamrh.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2011/12/09 21:27:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2012/01/24 11:54:18 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2012/01/24 11:54:11 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2012/01/24 11:54:11 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

    O1 HOSTS File: ([2008/04/14 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O4 - HKLM..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe (ASUSTeK Computer Inc.)
    O4 - HKLM..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe (ASUSTeK Computer Inc.)
    O4 - HKLM..\Run: [AsusTray] C:\Program Files\EeePC\ACPI\AsTray.exe (ASUSTeK Computer Inc.)
    O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [LXBUCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBUtime.DLL ()
    O4 - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
    O4 - Startup: C:\Documents and Settings\Robin\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Robin\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    O4 - Startup: C:\Documents and Settings\Robin\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm File not found
    O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm File not found
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
    O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/04/28 00:03:59 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O33 - MountPoints2\{8a0813e0-6c1e-11e0-bc51-0025d35f1262}\Shell - "" = AutoRun
    O33 - MountPoints2\{8a0813e0-6c1e-11e0-bc51-0025d35f1262}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{8a0813e0-6c1e-11e0-bc51-0025d35f1262}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
    O34 - HKLM BootExecute: (autocheck autochk *)
    O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: AppMgmt - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/02/02 21:38:01 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Robin\Desktop\OTL.exe
    [2012/02/02 21:00:31 | 004,733,440 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Robin\Desktop\aswMBR.exe
    [2012/01/26 22:27:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
    [2012/01/26 22:26:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robin\Desktop\help
    [2012/01/26 22:25:39 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Robin\Start Menu\Programs\Administrative Tools
    [2012/01/26 22:22:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2012/01/26 22:18:03 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
    [2012/01/26 22:18:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
    [2012/01/26 22:15:27 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Robin\Desktop\dds.com
    [2012/01/26 22:14:57 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Robin\Desktop\erunt-setup.exe
    [2012/01/18 14:22:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robin\My Documents\My Media
    [2012/01/18 14:19:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robin\Application Data\OverDrive
    [2012/01/18 14:18:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\OverDrive Media Console
    [2012/01/18 14:18:26 | 000,000,000 | ---D | C] -- C:\Program Files\OverDrive Media Console
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/02/02 21:35:02 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Robin\Desktop\OTL.exe
    [2012/02/02 20:58:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2012/02/02 14:16:57 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{C1482AEE-FC7E-4A82-BD0A-2B591FC95935}.job
    [2012/02/02 14:10:57 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2012/02/02 13:57:08 | 004,733,440 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Robin\Desktop\aswMBR.exe
    [2012/01/27 20:13:59 | 000,000,211 | RHS- | M] () -- C:\boot.ini
    [2012/01/26 22:19:30 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\Robin\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
    [2012/01/26 22:18:09 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Robin\Desktop\ERUNT.lnk
    [2012/01/26 22:11:32 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Robin\Desktop\dds.com
    [2012/01/26 22:04:52 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Robin\Desktop\erunt-setup.exe
    [2012/01/26 21:42:34 | 001,402,880 | ---- | M] () -- C:\Documents and Settings\Robin\Desktop\HijackThis.msi
    [2012/01/26 19:44:09 | 000,326,656 | ---- | M] () -- C:\Documents and Settings\Robin\Local Settings\Application Data\jvlogkoegl.exe
    [2012/01/26 18:44:38 | 087,515,122 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
    [2012/01/25 18:43:12 | 000,212,052 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
    [2012/01/18 14:18:27 | 000,001,888 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\OverDrive Media Console.lnk
    [2012/01/16 09:32:56 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
    [2012/01/15 12:55:46 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2012/01/15 12:49:19 | 000,442,140 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2012/01/15 12:49:19 | 000,071,910 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2012/01/15 12:44:59 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Robin\Desktop\Word.lnk
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/01/26 22:19:30 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Robin\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
    [2012/01/26 22:18:09 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Robin\Desktop\ERUNT.lnk
    [2012/01/26 22:15:21 | 001,402,880 | ---- | C] () -- C:\Documents and Settings\Robin\Desktop\HijackThis.msi
    [2012/01/26 19:44:09 | 000,326,656 | ---- | C] () -- C:\Documents and Settings\Robin\Local Settings\Application Data\jvlogkoegl.exe
    [2012/01/18 14:18:27 | 000,001,888 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\OverDrive Media Console.lnk
    [2011/11/26 12:27:13 | 000,063,792 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
    [2011/07/28 14:25:04 | 000,000,239 | ---- | C] () -- C:\WINDOWS\thumbs.ini
    [2011/02/04 13:09:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
    [2010/10/05 22:36:33 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
    [2010/10/05 21:13:15 | 000,000,160 | ---- | C] () -- C:\WINDOWS\EPSON RX500 Installer.ini
    [2010/05/13 12:38:01 | 000,029,467 | ---- | C] () -- C:\WINDOWS\hpoins03.dat.temp
    [2010/05/13 12:38:00 | 000,038,867 | ---- | C] () -- C:\WINDOWS\hpomdl03.dat.temp
    [2010/05/07 15:34:56 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2010/04/30 23:10:11 | 000,029,440 | ---- | C] () -- C:\WINDOWS\hpoins03.dat
    [2010/04/30 23:10:10 | 000,038,867 | ---- | C] () -- C:\WINDOWS\hpomdl03.dat
    [2010/04/29 22:07:07 | 000,001,746 | ---- | C] () -- C:\WINDOWS\Language_trs.ini
    [2010/04/29 22:06:47 | 000,028,372 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
    [2010/04/29 22:06:46 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
    [2010/04/26 00:50:11 | 005,254,656 | ---- | C] () -- C:\Program Files\converter.exe
    [2010/04/26 00:13:24 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
    [2010/04/25 21:24:47 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxbuvs.dll
    [2010/04/25 20:40:09 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Robin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/04/25 17:30:45 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2010/03/11 20:30:08 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
    [2009/12/20 15:54:54 | 000,001,848 | ---- | C] () -- C:\Documents and Settings\Robin\Application Data\wklnhst.dat
    [2009/05/05 13:13:43 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2009/05/05 12:16:46 | 000,232,872 | R--- | C] () -- C:\WINDOWS\System32\drivers\SRS_PremiumSound_i386.sys
    [2009/05/05 11:03:49 | 000,021,864 | ---- | C] () -- C:\WINDOWS\AsAcpiSvrLang.ini
    [2009/05/05 11:03:49 | 000,012,208 | ---- | C] () -- C:\WINDOWS\AsTrayLang.ini
    [2009/05/05 11:02:03 | 000,013,650 | ---- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
    [2009/05/05 11:00:13 | 000,000,712 | ---- | C] () -- C:\WINDOWS\System32\drivers\SamSfPa.dat
    [2009/05/05 11:00:13 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\drivers\rtkhdaud.dat
    [2009/05/05 10:52:19 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4906.dll
    [2009/04/28 00:06:09 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2009/04/28 00:02:07 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2009/04/27 23:51:49 | 000,005,312 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
    [2009/04/27 23:51:38 | 000,442,140 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
    [2009/04/27 23:51:38 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
    [2009/04/27 23:51:38 | 000,071,910 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
    [2009/04/27 23:51:38 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
    [2009/04/27 23:51:38 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
    [2009/04/27 23:51:37 | 000,004,562 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
    [2009/04/27 23:51:36 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
    [2009/04/27 23:51:36 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
    [2009/04/27 23:51:34 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
    [2009/04/27 23:51:34 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
    [2009/04/27 23:51:32 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
    [2009/04/27 23:51:29 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
    [2009/04/27 16:58:42 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2009/04/27 16:58:00 | 000,330,960 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2004/01/05 02:30:18 | 000,565,248 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll

    ========== LOP Check ==========

    [2011/10/12 10:01:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
    [2010/11/27 10:36:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
    [2010/05/05 17:34:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco Systems
    [2010/11/27 10:41:24 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
    [2010/10/27 11:49:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
    [2012/01/26 18:45:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
    [2010/12/25 19:11:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
    [2009/05/05 11:02:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wireless LAN Card
    [2010/04/26 02:44:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2011/10/12 09:49:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin\Application Data\AVG2012
    [2012/02/02 20:59:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin\Application Data\Dropbox
    [2010/04/25 20:24:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin\Application Data\Hoyle FaceCreator
    [2011/08/17 15:02:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin\Application Data\Hoyle Puzzle and Board Games
    [2010/10/05 21:15:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin\Application Data\Leadertech
    [2012/01/18 14:19:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin\Application Data\OverDrive
    [2011/12/04 09:44:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin\Application Data\Rovio
    [2009/12/20 15:54:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin\Application Data\Template
    [2012/02/02 14:16:57 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{C1482AEE-FC7E-4A82-BD0A-2B591FC95935}.job

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < >

    < %SYSTEMDRIVE%\*.* >
    [2010/10/27 11:49:55 | 000,000,000 | ---- | M] () -- C:\AdobeDebug.txt
    [2009/04/28 00:03:59 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2012/01/27 20:13:59 | 000,000,211 | RHS- | M] () -- C:\boot.ini
    [2009/04/28 00:03:59 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2009/04/28 00:03:59 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2011/03/09 18:27:36 | 000,001,243 | ---- | M] () -- C:\lxbu.log
    [2011/02/27 15:31:05 | 000,002,172 | ---- | M] () -- C:\lxbuscan.log
    [2009/04/28 00:03:59 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2008/04/14 07:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2008/04/14 07:00:00 | 000,250,048 | RHS- | M] () -- C:\ntldr
    [2012/02/02 20:58:24 | 1598,029,824 | -HS- | M] () -- C:\pagefile.sys

    < %systemroot%\Fonts\*.com >
    [2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
    [2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
    [2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
    [2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009/04/28 00:03:31 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    [2004/09/14 08:42:04 | 000,073,728 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lxbuPP5C.DLL
    [2003/06/18 16:31:48 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
    [2006/10/26 18:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll
    [2008/07/06 05:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2010/04/26 00:50:21 | 005,254,656 | ---- | M] () -- C:\Program Files\converter.exe

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2009/04/27 16:57:35 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
    [2009/04/27 16:57:35 | 001,064,960 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
    [2009/04/27 16:57:35 | 000,909,312 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lk /x >
    [2011/12/04 09:43:54 | 000,001,737 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Angry Birds.lnk
    [2009/04/28 00:04:00 | 000,000,294 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini
    [2009/12/06 11:45:57 | 000,001,607 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Set Program Access and Defaults.lnk
    [2009/04/28 00:04:00 | 000,000,398 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Windows Catalog.lnk
    [2009/04/28 00:04:00 | 000,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Windows Update.lnk

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >
    [2008/06/25 06:18:46 | 000,004,608 | ---- | M] () -- C:\WINDOWS\system32\THUMBS.DB
    [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %APPDATA%\Mikzosoft\Internet Explorer\Quick Launch\*.lnk /x >

    < %USERPROFILE%\Desktop\*.exe >
    [2012/02/02 13:57:08 | 004,733,440 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Robin\Desktop\aswMBR.exe
    [2012/01/26 22:04:52 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Robin\Desktop\erunt-setup.exe
    [2012/02/02 21:35:02 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Robin\Desktop\OTL.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-01-15 17:55:54

    < %USERPROFILE%\..|smtmp;true;true;true /FP >

    < %temp%\smtmp\*.* /s >


    < MD5 for: EXPLORER.EX_ >
    [2008/04/14 07:00:00 | 000,356,615 | ---- | M] () MD5=D7B59A7EC9CB1429FDCEC84A22228555 -- C:\WINDOWS\I386\EXPLORER.EX_

    < MD5 for: EXPLORER.EXE >
    [2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
    [2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe

    < MD5 for: EXPLORER.SC_ >
    [2008/04/14 07:00:00 | 000,000,181 | ---- | M] () MD5=BC5B38879C56DFBC05C8B5C43AC4D739 -- C:\WINDOWS\I386\EXPLORER.SC_

    < MD5 for: EXPLORER.SCF >
    [2008/04/14 07:00:00 | 000,000,080 | ---- | M] () MD5=A3975A7D2C98B30A2AE010754FFB9392 -- C:\WINDOWS\explorer.scf

    < MD5 for: IEXPLORE.CH_ >
    [2008/04/14 07:00:00 | 000,199,077 | ---- | M] () MD5=1D662719AB9BB40BA7526B3973D3F626 -- C:\WINDOWS\I386\IEXPLORE.CH_

    < MD5 for: IEXPLORE.CHM >
    [2009/02/21 01:21:24 | 000,529,818 | ---- | M] () MD5=1435F4731719DF5F57D17DC38196245D -- C:\WINDOWS\Help\iexplore.chm
    [2008/04/14 07:00:00 | 000,204,810 | ---- | M] () MD5=60858526AAD1CC55F5F0055B8E3B66FE -- C:\WINDOWS\ie7\iexplore.chm
    [2006/09/01 07:43:50 | 000,503,758 | ---- | M] () MD5=652E46500C149D1DC948BF9CEA8C4933 -- C:\WINDOWS\ie8\iexplore.chm

    < MD5 for: IEXPLORE.CHW >
    [2010/04/25 14:28:30 | 000,157,092 | ---- | M] () MD5=3741E9A8312CD758C9EF6E0E42370214 -- C:\WINDOWS\Help\iexplore.chw

    < MD5 for: IEXPLORE.EX_ >
    [2008/04/14 07:00:00 | 000,037,887 | ---- | M] () MD5=2B46169148FFD81CAE84572CD32BDF86 -- C:\WINDOWS\I386\IEXPLORE.EX_

    < MD5 for: IEXPLORE.EXE >
    [2008/12/19 00:25:25 | 000,634,024 | ---- | M] (Microsoft Corporation) MD5=030D78FE84A086ED376EFCBD2D72C522 -- C:\WINDOWS\ie7updates\KB963027-IE7\iexplore.exe
    [2008/10/15 01:34:58 | 000,633,632 | ---- | M] (Microsoft Corporation) MD5=056C927CF7207857E8B34F7A8FFD9B9E -- C:\WINDOWS\$hf_mig$\KB958215-IE7\SP2QFE\iexplore.exe
    [2008/12/19 00:25:30 | 000,634,024 | ---- | M] (Microsoft Corporation) MD5=15E8A89499741D5CF59A9CF6463A4339 -- C:\WINDOWS\$hf_mig$\KB961260-IE7\SP2QFE\iexplore.exe
    [2008/08/23 00:56:15 | 000,635,848 | ---- | M] (Microsoft Corporation) MD5=1F03216084447F990AE797317D0A6E70 -- C:\WINDOWS\ie7updates\KB958215-IE7\iexplore.exe
    [2008/02/29 03:55:46 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=2D0E5592AB5A46C27DAF7CCAFF4F5B59 -- C:\WINDOWS\ie7updates\KB956390-IE7\iexplore.exe
    [2008/04/14 07:00:00 | 000,093,184 | ---- | M] (Microsoft Corporation) MD5=55794B97A7FAABD2910873C85274F409 -- C:\WINDOWS\ie7\iexplore.exe
    [2008/02/22 04:40:22 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=6E0888626E0CAC79F57149814E22DB4D -- C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\iexplore.exe
    [2010/10/18 06:07:43 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=72D1F43C4146D312B0DB6AB98C21340E -- C:\WINDOWS\ie8\iexplore.exe
    [2007/01/08 17:08:42 | 000,623,616 | ---- | M] (Microsoft Corporation) MD5=93A6A4F5293AE19E3B37021AABCF0902 -- C:\WINDOWS\ie7updates\KB947864-IE7\iexplore.exe
    [2008/10/15 02:06:26 | 000,633,632 | ---- | M] (Microsoft Corporation) MD5=9D3DB9ADFABD2F0BC778EC03250A3ABB -- C:\WINDOWS\ie7updates\KB961260-IE7\iexplore.exe
    [2009/02/27 23:54:41 | 000,636,072 | ---- | M] (Microsoft Corporation) MD5=A251068640DDB69FD7805B57D89D7FF7 -- C:\WINDOWS\ie7updates\KB2416400-IE7\iexplore.exe
    [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) MD5=B60DDDD2D63CE41CB8C487FCFBB6419E -- C:\Program Files\Internet Explorer\iexplore.exe
    [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) MD5=B60DDDD2D63CE41CB8C487FCFBB6419E -- C:\WINDOWS\system32\dllcache\iexplore.exe
    [2009/02/27 23:54:44 | 000,636,088 | ---- | M] (Microsoft Corporation) MD5=BCD8E48709BE4A79606F0B6E8E9A6162 -- C:\WINDOWS\$hf_mig$\KB963027-IE7\SP3QFE\iexplore.exe
    [2010/10/18 05:36:30 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=DA6E1F0F1932B62DD2F6ED05541C555C -- C:\WINDOWS\$hf_mig$\KB2416400-IE7\SP3QFE\iexplore.exe
    [2007/08/13 17:43:56 | 000,622,080 | ---- | M] (Microsoft Corporation) MD5=DE49B348A18369B4626FBA1D49B07FB4 -- C:\WINDOWS\ie7updates\KB928090-IE7\iexplore.exe
    [2008/08/23 00:56:16 | 000,635,848 | ---- | M] (Microsoft Corporation) MD5=E8305C30D35E85D6657ED3E9934CB302 -- C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\iexplore.exe

    < MD5 for: IEXPLORE.EXE.MUI >
    [2009/03/08 14:21:44 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=943030B55FDB56FB8B8FCC086071E119 -- C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui
    [2009/03/08 14:21:44 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=943030B55FDB56FB8B8FCC086071E119 -- C:\Program Files\Internet Explorer\iexplore.exe.mui
    [2007/08/13 17:43:36 | 000,573,440 | ---- | M] (Microsoft Corporation) MD5=B58D8A1C7EE0E922EC7D2616DA136FC3 -- C:\WINDOWS\ie8\iexplore.exe.mui

    < MD5 for: IEXPLORE.EXE-27122324.PF >
    [2012/01/11 14:06:20 | 000,093,036 | ---- | M] () MD5=8CB3C3054B381CD8CCF65C1A40A10A87 -- C:\WINDOWS\Prefetch\IEXPLORE.EXE-27122324.pf

    < MD5 for: IEXPLORE.HL_ >
    [2008/04/14 07:00:00 | 000,059,881 | ---- | M] () MD5=D23388C8D5D82D4D1C3B0B6A256E3CB7 -- C:\WINDOWS\I386\IEXPLORE.HL_

    < MD5 for: IEXPLORE.HLP >
    [2008/04/14 07:00:00 | 000,180,335 | ---- | M] () MD5=3F19AF1B745140DAFAC6F78F561A3C62 -- C:\WINDOWS\Help\iexplore.hlp

    < MD5 for: WINLOGON.EX_ >
    [2008/04/14 07:00:00 | 000,265,069 | ---- | M] () MD5=063EF1A46C58A731F78AE5AF47070D65 -- C:\WINDOWS\I386\WINLOGON.EX_

    < MD5 for: WINLOGON.EXE >
    [2008/04/14 07:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe
    [2008/04/14 07:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

    < End of report >

  7. #7
    Security Expert oldman960's Avatar
    Join Date
    Sep 2010
    Posts
    631

    Default

    Hi MTnestRobin,

    Try this for your desktop.
    • rightclick on the desktop
    • click properties
    • click the Settings tab
    • use the slider to change your screen resolution
    • click apply, click ok
    • right click the desktop again and click refresh
    [*]Did that resolve the problem?

    You can set the resolution at whatever your preference.


    aswMBR didn't run correctly. We'll try a different tool. You should be able to use the sick computer.

    Download Rogue Killerand save it to your desktop.
    • double click the Rogue Killer icon to run it
    • After it has completed it's prescan click scan
    • When the scan is complete click report
    Please post the log.
    Member of UNITE and ASAP
    Threads will be closed if no response after 5 days.

  8. #8
    Member
    Join Date
    Mar 2006
    Location
    USA
    Posts
    50

    Default

    Hi Oldman960!

    I am doing a happy dance , my desk top is back! Thank you!

    Robin


    RogueKiller V7.0.2 [01/30/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files...3-roguekiller/
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
    Started in : Normal mode
    User: Robin [Admin rights]
    Mode: Scan -- Date : 02/03/2012 14:08:47

    Bad processes: 0

    Registry Entries: 3
    [HJ] HKLM\[...]\Security Center : UpdatesDisableNotify (1) -> FOUND
    [HJ] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND
    [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    Particular Files / Folders:

    Driver: [LOADED]

    Infection :

    HOSTS File:
    127.0.0.1 localhost


    MBR Check:

    +++++ PhysicalDrive0: ST9160314AS +++++
    --- User ---
    [MBR] 04fd081331b27c922c1e9be073c1eb55
    [BSP] 92710b27dc83f01f72d41137bbcc549d : Windows XP MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 73790 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 151123455 | Size: 73782 Mo
    2 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 302230845 | Size: 5004 Mo
    3 - [XXXXXX] UNKNOWN (0xef) [VISIBLE] Offset (sectors): 312480315 | Size: 47 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[1].txt >>
    RKreport[1].txt

  9. #9
    Security Expert oldman960's Avatar
    Join Date
    Sep 2010
    Posts
    631

    Default

    Hi MTnestRobin,

    Are you experiencing any problems? Any redirects?


    Your java is out of date. Click your start button, open Control panel.
    • Locate the Java icon (it looks like a coffee cup)
    • double click it to open it
    • click the Update tab
    • Click update now



    Next, Double click on OTL.exe
    • Under the Custom Scans/Fixes box at the bottom, paste in the following
    • Do Not copy the word CODE
    • please note the fix starts with the :

    Code:
    :Services
    
    :Files
    C:\Documents and Settings\Robin\Local Settings\Application Data\jvlogkoegl.exe
    ipconfig /flushdns /c
    
    :Commands
    [purity]
    [emptytemp]
    [createrestorepoint]
    Then click the Run Fix button at the top
    • Let the program run unhindered
    • Please save the resulting log to be posted in your next reply.
    Please post the OTL fix log.


    Next

    Download and save to your desktop Malwarebytes Anti-Malware

    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.

    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.


    Please post back with
    • OTL fix log
    • MBAM log
    Member of UNITE and ASAP
    Threads will be closed if no response after 5 days.

  10. #10
    Member
    Join Date
    Mar 2006
    Location
    USA
    Posts
    50

    Default

    Hi Oldman960,

    The computer seems to be running okay. It sure isn't doing what is was before. AVG updated it self, so that is back operating too.

    I ran the OTL and now that the scan is over it wants to restart my machine to 'finishing removing files". Do I okay that before it gives me a report? (I don't dare make that call on my own and ruin any info). Is the program going to reopen on its own and provide the report after the reboot?

    Robin

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •