[Solved] Laptop freezes in normal mode after virus removal, need help

Broni · Jan 3, 2012

I need you to restart in normal mode, see how things are and post new OTL log from normal mode (only one log will be produced).

Scarlet52698 · Jan 3, 2012

So far so good in normal mode. I do keep getting the following message when I logon to normal windows:

The Recycle Bin on C:\ is corrupted. Do you want to empty the Recycle Bin for this drive? Yes No I have been selecting no, is there a way to make this go away?

OTL logfile created on: 1/3/2012 5:51:58 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\David\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 1.11 Gb Available Physical Memory | 59.41% Memory free
3.99 Gb Paging File | 3.16 Gb Available in Paging File | 79.21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220.32 Gb Total Space | 57.67 Gb Free Space | 26.18% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.63 Gb Free Space | 56.32% Space Free | Partition Type: NTFS

Computer Name: DAVID-PC | User Name: David | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/03 06:19:45 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\David\Downloads\OTL.exe
PRC - [2011/11/16 07:15:27 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2011/07/28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/12/15 15:41:26 | 000,477,080 | ---- | M] () -- C:\Users\David\AppData\Roaming\HP SimpleSave Application\StartHelper.exe
PRC - [2010/07/01 10:38:26 | 000,083,512 | ---- | M] (ArcSoft, Inc.) -- C:\Users\David\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe
PRC - [2009/11/11 16:17:02 | 000,771,360 | ---- | M] (Apple Inc.) -- C:\Program Files\AirPort\APAgent.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/09/27 23:54:44 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe
PRC - [2007/08/29 00:54:58 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\OEM02Mon.exe
PRC - [2006/12/14 18:04:04 | 000,135,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\ATI\WebPAM\_jvm\bin\java.exe
PRC - [2003/09/29 09:30:08 | 000,110,592 | ---- | M] () -- C:\Program Files\ATI\WebPAM\jetty\extra\win32\Wrapper.exe

========== Modules (No Company Name) ==========

MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/07/28 18:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2010/12/15 15:41:26 | 000,477,080 | ---- | M] () -- C:\Users\David\AppData\Roaming\HP SimpleSave Application\StartHelper.exe
MOD - [2007/08/14 03:40:54 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
MOD - [2007/05/10 23:50:00 | 000,017,024 | ---- | M] () -- C:\Program Files\Adobe\Reader 8.0\Reader\ViewerPS.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Running] -- -- (ATIWebPAM)
SRV - [2011/11/16 07:15:27 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/12/13 09:05:18 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2010/07/01 10:38:26 | 000,083,512 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Users\David\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe -- (BackupService)
SRV - [2009/01/11 01:56:15 | 000,020,376 | ---- | M] (WebEx Communications, Inc.) [On_Demand | Stopped] -- C:\Windows\System32\atashost.exe -- (atashost)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/09/27 23:54:44 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
SRV - [2007/05/31 10:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 10:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/03/19 13:44:44 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)

========== Driver Services (SafeList) ==========

DRV - [2012/01/01 08:12:50 | 000,029,904 | ---- | M] () [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5C819794-BFAE-4CD4-8674-14DCDD75197B}\MpKsl5dbfd56c.sys -- (MpKsl5dbfd56c)
DRV - [2011/07/22 11:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 16:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/04/27 15:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2008/03/05 14:41:58 | 000,164,480 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SWNC5E00.sys -- (SWNC5E00) Sierra Wireless MUX NDIS Driver (#00)
DRV - [2008/03/05 14:41:58 | 000,149,000 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swmx00.sys -- (swmx00) Sierra Wireless USB MUX Driver (#00)
DRV - [2008/03/05 14:41:58 | 000,024,840 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swmsflt.sys -- (swmsflt)
DRV - [2008/03/05 14:41:48 | 000,038,680 | ---- | M] (PCTEL Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pctnullport.sys -- (Nmea)
DRV - [2007/10/12 16:04:40 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2007/10/10 17:03:00 | 000,235,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2007/09/27 23:54:56 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/09/26 00:34:20 | 000,122,880 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ahcix86s.sys -- (ahcix86s)
DRV - [2007/09/24 04:27:26 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/08/29 00:55:06 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2007/08/14 03:40:52 | 002,593,280 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2007/08/14 03:40:52 | 002,593,280 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2007/02/25 13:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/11/21 07:25:44 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/11/15 03:16:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/11/14 22:42:46 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/14 20:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006/11/02 02:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2006/10/30 11:23:12 | 000,007,680 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV - [2006/10/05 18:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/08/04 19:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-3286522710-1611807909-2191120409-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3286522710-1611807909-2191120409-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5.0.429
FF - prefs.js..extensions.enabledItems: {fa8cb1bd-1442-439c-8225-b8b16983d9b7}:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: runtime@panda3d.org:1.0.1
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.5.4.20081105

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\David\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer: C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\David\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\David\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\David\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/11 16:55:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/11 16:55:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Users\David\AppData\Roaming\Move Networks [2010/04/19 14:31:27 | 000,000,000 | ---D | M]

[2008/09/05 14:35:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\David\AppData\Roaming\Mozilla\Extensions
[2011/05/13 05:33:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\92jow1s1.default\extensions
[2009/08/26 18:35:50 | 000,000,000 | ---D | M] (Charter Toolbar) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\92jow1s1.default\extensions\{2104C0F5-952D-443c-AFCD-8F892F991F55}
[2009/08/26 18:35:49 | 000,000,000 | ---D | M] (Charter Update) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\92jow1s1.default\extensions\{fa8cb1bd-1442-439c-8225-b8b16983d9b7}
[2010/05/07 14:34:50 | 000,000,000 | ---D | M] (Panda3D Game Engine Plug-In) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\92jow1s1.default\extensions\runtime@panda3d.org
[2009/09/25 05:54:37 | 000,009,949 | ---- | M] () -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\92jow1s1.default\searchplugins\mywebsearch.xml
[2011/11/11 08:06:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/12/13 07:47:26 | 000,000,000 | ---D | M] (The Browser Highlighter) -- C:\Program Files\Mozilla Firefox\extensions\browserhighlighter@ebay.com
[2011/11/11 08:06:42 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/09/12 15:23:07 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/04/30 00:49:27 | 000,221,184 | ---- | M] (CNN) -- C:\Program Files\mozilla firefox\plugins\NPTURNMED.dll
[2011/12/02 08:29:48 | 000,003,766 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/11 08:06:42 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\David\AppData\Local\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\David\AppData\Local\Google\Chrome\Application\16.0.912.63\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\David\AppData\Local\Google\Chrome\Application\16.0.912.63\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.210.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U21 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Turner Media Plugin 1.0.0.10 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Unity Player (Enabled) = C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Users\David\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.2_0\
CHR - Extension: Google Search = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: Gmail = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.4_0\

O1 HOSTS File: ([2010/02/13 13:02:34 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O4 - HKLM..\Run: [AirPort Base Station Agent] C:\Program Files\AirPort\APAgent.exe (Apple Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKU\S-1-5-21-3286522710-1611807909-2191120409-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HP SimpleSave Monitor.lnk = C:\Users\David\AppData\Roaming\HP SimpleSave Application\StartHelper.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3286522710-1611807909-2191120409-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3286522710-1611807909-2191120409-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3286522710-1611807909-2191120409-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3286522710-1611807909-2191120409-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-3286522710-1611807909-2191120409-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.178.162.3 66.189.0.100 24.217.201.67
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7C063DF4-A690-45C3-AEE0-224B822DE4FA}: DhcpNameServer = 24.178.162.3 66.189.0.100 24.217.201.67
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - File not found
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/02 21:28:43 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/01/02 20:13:18 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/01/02 17:47:54 | 000,000,000 | ---D | C] -- C:\Users\David\Desktop\BK
[2011/12/31 19:23:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/31 19:22:39 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/12/31 18:25:47 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/12/31 10:22:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011/12/31 07:53:27 | 000,000,000 | ---D | C] -- C:\Users\David\Documents\Autoruns
[2011/12/18 21:34:47 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/12/07 20:09:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\David\Desktop\*.tmp files -> C:\Users\David\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/03 17:49:02 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/03 17:42:22 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/03 17:41:20 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/03 17:41:20 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/03 17:40:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/03 17:40:22 | 2011,172,864 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/03 17:13:38 | 000,007,944 | ---- | M] () -- C:\Users\David\AppData\Local\d3d9caps.dat
[2012/01/02 20:28:17 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3286522710-1611807909-2191120409-1000UA.job
[2012/01/02 16:30:01 | 000,000,512 | ---- | M] () -- C:\Users\David\Desktop\MBR.dat
[2012/01/02 15:12:04 | 143,560,598 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/12/31 23:07:59 | 000,074,460 | ---- | M] () -- C:\Users\David\Documents\cc_20111231_230724.reg
[2011/12/31 18:28:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3286522710-1611807909-2191120409-1000Core.job
[2011/12/31 18:25:52 | 000,002,084 | ---- | M] () -- C:\Users\David\Desktop\Google Chrome.lnk
[2011/12/31 18:25:52 | 000,002,046 | ---- | M] () -- C:\Users\David\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/12/31 12:31:51 | 000,000,905 | ---- | M] () -- C:\Users\David\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/12/31 11:50:42 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2011/12/31 11:50:42 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2011/12/31 11:49:49 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011/12/31 01:09:14 | 000,606,602 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/12/31 01:09:14 | 000,105,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/19 21:02:05 | 000,080,314 | ---- | M] () -- C:\Users\David\Documents\Equifax_FACT_Rpt_12192011.pdf
[2011/12/19 20:02:49 | 000,002,587 | ---- | M] () -- C:\Users\David\Desktop\Microsoft Office Word 2007.lnk
[2011/12/18 21:38:06 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/12/18 21:37:37 | 000,002,154 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/12/16 08:13:15 | 000,000,000 | ---- | M] () -- C:\Users\David\AppData\Local\prvlcl.dat
[2011/12/15 03:51:06 | 000,429,216 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\David\Desktop\*.tmp files -> C:\Users\David\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/03 17:40:22 | 2011,172,864 | -HS- | C] () -- C:\hiberfil.sys
[2012/01/02 16:30:01 | 000,000,512 | ---- | C] () -- C:\Users\David\Desktop\MBR.dat
[2012/01/01 08:12:05 | 143,560,598 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/12/31 23:07:31 | 000,074,460 | ---- | C] () -- C:\Users\David\Documents\cc_20111231_230724.reg
[2011/12/31 18:25:52 | 000,002,084 | ---- | C] () -- C:\Users\David\Desktop\Google Chrome.lnk
[2011/12/31 18:25:52 | 000,002,046 | ---- | C] () -- C:\Users\David\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/12/31 18:23:27 | 000,000,908 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3286522710-1611807909-2191120409-1000UA.job
[2011/12/31 18:23:26 | 000,000,856 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3286522710-1611807909-2191120409-1000Core.job
[2011/12/31 11:49:49 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011/12/19 21:02:05 | 000,080,314 | ---- | C] () -- C:\Users\David\Documents\Equifax_FACT_Rpt_12192011.pdf
[2011/12/18 21:37:37 | 000,002,154 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/12/18 21:35:23 | 000,001,770 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2010/12/13 09:07:44 | 000,016,968 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2010/11/25 12:20:48 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/10/22 17:29:33 | 000,000,184 | ---- | C] () -- C:\Users\David\AppData\Roaming\29857.bat
[2010/04/04 08:45:16 | 000,000,000 | ---- | C] () -- C:\Users\David\AppData\Local\prvlcl.dat
[2010/02/13 12:07:35 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2010/02/13 12:07:35 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2010/02/13 12:07:35 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/02/13 12:07:35 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/02/13 12:07:35 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2009/08/18 15:40:55 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/08/18 15:40:54 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/06/10 02:03:12 | 000,000,127 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2009/03/13 20:24:07 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/02/04 00:00:07 | 000,011,264 | ---- | C] () -- C:\Windows\System32\atimuixx.dll
[2009/01/28 03:01:10 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/01/17 00:12:44 | 000,007,944 | ---- | C] () -- C:\Users\David\AppData\Local\d3d9caps.dat
[2008/12/27 19:05:08 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2008/08/09 12:49:38 | 000,000,000 | ---- | C] () -- C:\Windows\SETUP32.INI
[2008/06/26 12:08:04 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/06/13 17:33:21 | 000,040,960 | ---- | C] () -- C:\Users\David\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/06/13 17:20:57 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008/03/05 14:41:58 | 000,024,840 | ---- | C] () -- C:\Windows\System32\drivers\swmsflt.sys
[2007/12/28 12:39:02 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2007/12/28 12:39:02 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2007/12/28 12:39:02 | 000,145,050 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2007/12/28 12:39:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2007/12/28 05:05:50 | 000,065,536 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2007/12/28 05:05:47 | 000,024,064 | ---- | C] () -- C:\Windows\System32\WLTRYSVC.EXE
[2007/12/28 04:47:51 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2007/01/29 13:59:56 | 000,516,096 | ---- | C] () -- C:\Windows\System32\libxml2.dll
[2006/11/07 14:25:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/03 18:25:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,429,216 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,606,602 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,105,170 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/09/17 00:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/17 00:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

========== LOP Check ==========

[2009/03/16 10:45:52 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Acreon
[2011/08/31 20:51:45 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Audacity
[2009/11/22 09:06:14 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\DriverCure
[2011/06/26 18:24:31 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\GameMaker
[2009/10/01 17:26:57 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\GetRightToGo
[2011/05/26 04:49:20 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\RIFT
[2009/06/07 16:34:36 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Unity
[2012/01/02 19:05:56 | 000,032,576 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

Broni · Jan 3, 2012

Good news

The Recycle Bin on C:\ is corrupted. Do you want to empty the Recycle Bin for this drive?

Say "Yes" next time around.
I believe Combofix was asking you very same question?

============================================================

OTL log looks perfectly clean.

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.

Accept any prompts.

===========================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe

Follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.

Click on Start button to begin cleaning process.

TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program

Tick the box next to YES, I accept the Terms of Use

Click Start

Accept any security warnings from your browser.

Check Scan archives

Click Start

ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

When the scan completes, click on List of found threats

Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

NOTE. If Eset won't find any threats, it won't produce any log.

Scarlet52698 · Jan 3, 2012

Results of screen317's Security Check version 0.99.24
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
ESET Online Scanner v3
Microsoft Security Essentials
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
SUPERAntiSpyware
CCleaner
Java(TM) 6 Update 30
Adobe Flash Player 11.1.102.55
````````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSMpEng.exe
Microsoft Security Essentials msseces.exe
Microsoft Security Client Antimalware MsMpEng.exe
``````````End of Log````````````

Getting ready to run TFC and then ESET. So far so good.

Broni · Jan 3, 2012

Cool ...........

Scarlet52698 · Jan 3, 2012

ESET froze up the laptop so I couldn't complete it. It did tell me that Windows Defender was still on but when I checked it, it said that it was off. Could this be freezing it up during scans?

I'm in safe mode w/networking now, should I run ESET from that? Thanks!

Broni · Jan 3, 2012

Yes you can.

Scarlet52698 · Jan 4, 2012

ESET took a while and it said it found 2 threats. Here is the exported text file info:

C:\Users\David\AppData\Local\TempImages\CheckVer104.exe a variant of Win32/Agent.SZW trojan cleaned by deleting - quarantined
C:\Users\David\Downloads\iTunesMusictoMP3ConverterSetup.exe a variant of Win32/Agent.SZW trojan deleted - quarantined

Broni · Jan 4, 2012

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following:
Code:
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]
Then click the Run Fix button at the top

Let the program run unhindered, reboot the PC when it is done

Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

Double-click OTL.exe to start the program.

Close all other programs apart from OTL as this step will require a reboot

On the OTL main screen, press the CLEANUP button

Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. (Windows XP only) Run defrag at your convenience.

11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

13. Please, let me know, how your computer is doing.

Scarlet52698 · Jan 4, 2012

Thanks so much Broni! Here is the log after running OTL

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: David
->Temp folder emptied: 110818 bytes
->Temporary Internet Files folder emptied: 33237 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 5640781 bytes
->Google Chrome cache emptied: 39127480 bytes
->Flash cache emptied: 456 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4051765 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 47.00 mb

[EMPTYFLASH]

User: All Users

User: David
->Flash cache emptied: 0 bytes

User: Default

User: Default User

User: Public

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.31.0 log created on 01042012_173639

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Broni · Jan 4, 2012

Way to go!!
Good luck and stay safe

Scarlet52698 · Jan 4, 2012

it won't let me run Malwarebytes in normal mode however I ran it in safe mode and it scanned fine. No threats were found. I then rebooted into normal mode to update my microsoft security essentials and it gives me an error message that it can't connect to the internet. I then get a Java error box that pops up asking me to install latest version however I have the latest version already.

Aye Carumba!

Broni · Jan 4, 2012

Possibly some MSE files got corrupted.
Reinstall it.

As for Java....

Go here: http://www.java.com/en/download/manual.jsp
Download standalone installer: Windows Offline
See if it'll install.
Then got to Add\Remove and uninstall any other Java versions (if listed).

Scarlet52698 · Jan 4, 2012

That's what I was thinking. I'll do that. Thanks.

Broni · Jan 4, 2012

Let me know...

Scarlet52698 · Jan 4, 2012

I keep getting an update error when I try to use Windows Update

error: 0x80096001 Update Fail

I uninstalled MSE and when I tried to reinstall the laptop froze up again. For some reason it is freezing in normal mode still.

Broni · Jan 4, 2012

In this forum, we make sure, your computer is free of malware and your computer is clean
Because the access to malware forum is very limited, your best option is to create new topic about your current issue, at Windows section.
You'll get more attention.

Scarlet52698 · Jan 4, 2012

No problem, will do. Thanks for your help, much appreciated!

Broni · Jan 4, 2012

You're very welcome

TechSpot

[Solved] Laptop freezes in normal mode after virus removal, need help

Broni Malware Annihilator

Scarlet52698 Newcomer, in training

Broni Malware Annihilator

Scarlet52698 Newcomer, in training

Broni Malware Annihilator

Scarlet52698 Newcomer, in training

Broni Malware Annihilator

Scarlet52698 Newcomer, in training

Broni Malware Annihilator

Scarlet52698 Newcomer, in training

Broni Malware Annihilator

Scarlet52698 Newcomer, in training

Broni Malware Annihilator

Scarlet52698 Newcomer, in training

Broni Malware Annihilator

Scarlet52698 Newcomer, in training

Broni Malware Annihilator

Scarlet52698 Newcomer, in training

Broni Malware Annihilator