Jump to content


Photo

System Check hijacker


  • Please log in to reply
19 replies to this topic

#16 jackger

jackger

    Adv. Member

  • Active Members
  • 77 posts

Posted 13 February 2012 - 04:57 AM

ran OTL with your custom code in Scan mode, not fix, and all default settings.

I was not asked to change any settings.

Full copy of the log is attached below.

As an fyi, I have turned off on-access scanning whenever I have run OTL.

System Check is still visible in my "Quick Start" bar as well as all other previously stated issues.

Thanks for your help.

OTL Scan log

OTL logfile created on: 2/12/2012 11:31:12 PM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Jack\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 1.39 Gb Available Physical Memory | 46.59% Memory free
6.18 Gb Paging File | 4.63 Gb Available in Paging File | 74.92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220.32 Gb Total Space | 116.10 Gb Free Space | 52.69% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.73 Gb Free Space | 57.30% Space Free | Partition Type: NTFS

Computer Name: KERMIT | User Name: Jack | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/02 02:44:30 | 003,329,824 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\Jack\AppData\Local\Akamai\netsession_win.exe
PRC - [2012/01/31 10:24:24 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Jack\Desktop\OTL.exe
PRC - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/01/13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/05/24 14:38:12 | 000,240,288 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10q_ActiveX.exe
PRC - [2011/01/05 12:11:04 | 004,321,112 | ---- | M] (AOL Inc.) -- C:\Program Files\AIM\aim.exe
PRC - [2010/10/27 19:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/10/08 10:15:18 | 001,541,360 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
PRC - [2010/10/08 10:15:13 | 000,163,056 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
PRC - [2010/09/21 11:16:17 | 000,439,536 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\AutoUpdate\ALMon.exe
PRC - [2010/09/21 11:16:17 | 000,230,640 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
PRC - [2010/08/25 10:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010/06/04 06:23:16 | 000,097,520 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
PRC - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/02/06 00:00:00 | 000,843,776 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe
PRC - [2009/01/12 09:54:02 | 000,669,520 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe
PRC - [2008/03/04 00:05:24 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\OEM02Mon.exe
PRC - [2008/01/25 00:42:18 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2008/01/25 00:42:14 | 000,167,936 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2008/01/25 00:42:14 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2008/01/25 00:42:14 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2007/12/21 10:58:06 | 000,184,320 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\MediaDirect\PCMService.exe
PRC - [2007/12/03 10:03:54 | 000,679,936 | ---- | M] (Logitech Inc.) -- C:\Program Files\SetPoint\SetPoint.exe
PRC - [2007/11/12 06:07:24 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
PRC - [2007/11/12 06:07:20 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007/11/12 06:07:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe
PRC - [2007/10/09 08:09:06 | 000,100,888 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.exe
PRC - [2007/09/07 16:27:08 | 001,180,952 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2007/07/27 16:43:34 | 000,118,784 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
PRC - [2007/05/11 02:06:38 | 000,341,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
PRC - [2007/03/21 13:00:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/03/21 13:00:00 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe
PRC - [2006/11/03 17:55:50 | 000,703,280 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2006/11/03 17:55:48 | 001,583,920 | ---- | M] (Broadcom Corporation.) -- c:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/12 22:37:51 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\fecd1103dd16dc1192402770caf56575\System.Web.ni.dll
MOD - [2012/01/12 22:37:31 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\311bc26c3ed83409589eb6bae0eeb86e\System.Runtime.Remoting.ni.dll
MOD - [2011/10/12 21:02:37 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll
MOD - [2011/10/12 21:02:09 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2011/01/05 12:06:43 | 000,176,128 | ---- | M] () -- C:\Program Files\AIM\nssckbi.dll
MOD - [2010/08/26 11:35:29 | 000,034,816 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\gzlib.dll
MOD - [2008/12/22 09:50:28 | 000,135,168 | ---- | M] () -- C:\Program Files\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll
MOD - [2008/11/21 13:58:42 | 000,057,344 | ---- | M] () -- C:\Program Files\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll
MOD - [2007/12/12 01:01:24 | 000,054,784 | ---- | M] () -- C:\Windows\System32\bcmwlrmt.dll
MOD - [2007/01/13 03:01:28 | 000,475,136 | R--- | M] () -- C:\Program Files\Adobe\Reader 8.0\Reader\ccme_base.dll
MOD - [2007/01/13 03:01:28 | 000,397,312 | R--- | M] () -- C:\Program Files\Adobe\Reader 8.0\Reader\cryptocme2.dll
MOD - [2006/11/03 17:25:56 | 000,389,120 | ---- | M] () -- C:\Windows\System32\btwhidcs.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2012/02/10 21:13:31 | 003,340,064 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_7de0ed9.dll -- (Akamai)
SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/12/29 22:43:32 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/10/08 10:15:18 | 001,541,360 | ---- | M] (Sophos Plc) [Auto | Running] -- C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe -- (swi_service)
SRV - [2010/10/08 10:15:13 | 000,163,056 | ---- | M] (Sophos Plc) [Unknown | Running] -- C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe -- (SAVAdminService)
SRV - [2010/09/21 11:16:17 | 000,230,640 | ---- | M] (Sophos Plc) [Auto | Running] -- C:\Program Files\Sophos\AutoUpdate\ALsvc.exe -- (Sophos AutoUpdate Service)
SRV - [2010/06/04 06:23:16 | 000,097,520 | ---- | M] (Sophos Plc) [Unknown | Running] -- C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe -- (SAVService)
SRV - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2008/05/16 12:53:56 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/11/12 06:07:20 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007/11/12 06:07:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
SRV - [2007/03/21 13:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)


========== Driver Services (SafeList) ==========

DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/11/17 19:36:02 | 000,021,744 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\Dell Support Center\pcdsrvc.pkms -- (PCDSRVC{E9D79540-57D5953E-06020101}_0)
DRV - [2010/10/08 10:14:55 | 000,122,360 | ---- | M] (Sophos Plc) [File_System | System | Running] -- C:\Windows\System32\drivers\savonaccess.sys -- (SAVOnAccess)
DRV - [2010/05/17 15:26:12 | 000,110,080 | ---- | M] (Omnivision Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\OVTX16.sys -- (APL531)
DRV - [2009/02/09 05:06:53 | 000,022,536 | ---- | M] (Sophos Plc) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\SophosBootDriver.sys -- (SophosBootDriver)
DRV - [2008/05/23 19:40:09 | 000,271,360 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2008/05/23 19:40:09 | 000,018,048 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2008/03/06 02:58:44 | 000,111,616 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV - [2008/03/04 00:05:34 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2008/03/04 00:05:18 | 000,235,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2008/01/25 00:42:14 | 000,164,400 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/11/12 06:07:28 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/10/09 08:09:02 | 000,032,280 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2007/10/09 08:09:00 | 000,032,152 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007/09/06 11:35:16 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/09/06 11:35:14 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/09/06 11:35:12 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/02 02:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 02:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2006/08/04 19:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\- no pills needed -skToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
IE - HKCU\..\URLSearchHook: {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL (Ask.com)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaulturl: "http://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us&tb_uuid=20100907024038094&tb_oid=26-01-2011&tb_mrud=26-01-2011"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "my.yahoo.com"
FF - prefs.js..extensions.enabledItems: {c2f863cd-0429-48c7-bb54-db756a951760}:5.96.10.6044
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=AD2&o=102164&locale=en_US&apn_uid=8C0CBBAD-DB4D-4787-8CEA-E2DC61EADF15&apn_ptnrs=JH&apn_sauid=667589AE-DF47-4337-AAE6-C7137C61A2A1&apn_dtid=YYYYYYN2US&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Jack\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Jack\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/10 23:35:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/23 14:13:15 | 000,000,000 | ---D | M]

[2009/02/16 07:49:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jack\AppData\Roaming\Mozilla\Extensions
[2012/02/03 22:26:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\5y7ooiln.default\extensions
[2011/01/25 21:48:22 | 000,000,000 | ---D | M] (Avery Toolbar) -- C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\5y7ooiln.default\extensions\toolbar@ask.com
[2010/09/06 21:40:32 | 000,001,490 | ---- | M] () -- C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\5y7ooiln.default\searchplugins\AOL Search.xml
[2011/01/25 21:48:23 | 000,002,569 | ---- | M] () -- C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\5y7ooiln.default\searchplugins\askcom.xml
[2011/11/13 21:29:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\USERS\JACK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5Y7OOILN.DEFAULT\EXTENSIONS\{68836A21-FC7D-4EA1-A065-7EFABD99D414}.XPI
[2012/02/10 23:35:20 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/04/12 16:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/09/06 21:40:32 | 000,001,490 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\AOL Search.xml
[2011/10/09 08:43:27 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/13 21:29:47 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Jack\AppData\Local\Google\Chrome\Application\16.0.912.77\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Jack\AppData\Local\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Jack\AppData\Local\Google\Chrome\Application\16.0.912.77\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2012/02/02 22:46:31 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Ask Search Assistant BHO) - {0A94B111-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL (Ask.com)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Sophos Web Content Scanner) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll (Sophos Plc)
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Avery Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\- no pills needed -skToolbar.dll (Ask)
O2 - BHO: (Ask Toolbar BHO) - {F4D76F01-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL (Ask.com)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
O3 - HKLM\..\Toolbar: (Avery Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\- no pills needed -skToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Avery Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\- no pills needed -skToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {F4D76F09-7896-458A-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL (Ask.com)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [DELL Webcam Manager] C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE (Logitech Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [Sophos AutoUpdate Monitor] C:\Program Files\Sophos\AutoUpdate\ALMon.exe (Sophos Plc)
O4 - HKCU..\Run: [Aim] C:\Program Files\AIM\aim.exe (AOL Inc.)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Jack\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Domains: nhl.com ([link] https in Trusted sites)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {0F2AAAE3-7E9E-4B64-AB5D-1CA24C6ACB9C} https://webmail.nhl.com/dwa85W.cab (IBM Lotus iNotes 8.5 Control)
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} http://support.dell....r/SysProExe.CAB (WMI Class)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bit...m/qsax/qsax.cab (BitDefender QuickScan Control)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{204F39FD-011F-453E-9A0A-60FDB4DB3FF8}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll) -C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - AppInit_DLLs: (C:\PROGRA~1\Sophos\SOPHOS~1\sophos_detoured.dll) -C:\Program Files\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Plc)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/10 22:38:28 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Roaming\QuickScan
[2012/02/10 22:20:54 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/02/08 23:36:17 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\{73492733-5F79-48CB-827D-69CDB856A278}
[2012/02/08 23:35:51 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\{D91F6069-D992-4ED4-8D09-A0F26472EB37}
[2012/02/08 23:35:50 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\{A2ED03EA-324C-4EE3-A0DE-C7DF29FBCD54}
[2012/02/06 12:27:51 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/02/02 22:55:21 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/02/02 22:29:22 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/02/02 22:29:22 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/02/02 22:29:08 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/02/02 22:29:01 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/02 22:27:42 | 004,395,020 | R--- | C] (Swearware) -- C:\Users\Jack\Desktop\ComboFix.exe
[2012/02/01 21:19:29 | 000,000,000 | ---D | C] -- C:\Users\Jack\Desktop\tdsskiller
[2012/02/01 21:13:01 | 004,733,440 | ---- | C] (AVAST Software) -- C:\Users\Jack\Desktop\aswMBR.exe
[2012/01/31 22:14:34 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Jack\Desktop\OTL.exe
[2012/01/31 21:07:12 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Jack\Desktop\mbam-setup-1.60.1.1000.exe
[2012/01/29 15:23:12 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Roaming\OverDrive
[2012/01/29 15:23:12 | 000,000,000 | ---D | C] -- C:\Users\Jack\Documents\My Media
[2012/01/29 15:22:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OverDrive Media Console
[2012/01/29 15:22:32 | 000,000,000 | ---D | C] -- C:\Program Files\OverDrive Media Console
[2007/10/15 09:35:00 | 000,040,960 | ---- | C] ( ) -- C:\Windows\OMNIUNS.EXE

========== Files - Modified Within 30 Days ==========

[2012/02/12 23:32:47 | 000,003,568 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/12 23:32:47 | 000,003,568 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/12 18:43:00 | 000,000,422 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012/02/12 18:35:01 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/12 18:01:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-434353647-1296689581-1115071189-1000UA.job
[2012/02/12 14:55:00 | 000,000,820 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012/02/12 03:00:01 | 000,000,530 | ---- | M] () -- C:\Windows\tasks\Conference Room Scan.job
[2012/02/11 21:35:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/11 20:01:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-434353647-1296689581-1115071189-1000Core.job
[2012/02/10 23:39:24 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/02/10 23:39:24 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/02/10 23:32:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/10 23:32:49 | 3210,784,768 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/10 23:21:14 | 000,003,726 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/02/02 22:46:31 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/02/02 22:27:58 | 004,395,020 | R--- | M] (Swearware) -- C:\Users\Jack\Desktop\ComboFix.exe
[2012/02/01 21:14:58 | 000,000,512 | ---- | M] () -- C:\Users\Jack\Desktop\MBR.dat
[2012/02/01 21:13:36 | 004,733,440 | ---- | M] (AVAST Software) -- C:\Users\Jack\Desktop\aswMBR.exe
[2012/02/01 21:10:50 | 000,303,059 | ---- | M] () -- C:\Users\Jack\Desktop\ListParts.exe
[2012/01/31 22:36:59 | 000,879,683 | ---- | M] () -- C:\Users\Jack\Desktop\SecurityCheck.exe
[2012/01/31 21:08:11 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/31 11:44:16 | 000,132,597 | ---- | M] () -- C:\Users\Jack\Desktop\Flash_Disinfector.exe
[2012/01/31 10:24:24 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Jack\Desktop\OTL.exe
[2012/01/31 10:23:38 | 000,009,223 | ---- | M] () -- C:\Users\Jack\Desktop\TFC.exe
[2012/01/31 10:22:50 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Jack\Desktop\mbam-setup-1.60.1.1000.exe
[2012/01/31 06:40:12 | 000,000,631 | ---- | M] () -- C:\Users\Jack\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2012/01/27 21:57:59 | 000,002,039 | ---- | M] () -- C:\Users\Jack\Desktop\Google Chrome.lnk
[2012/01/27 21:23:45 | 261,659,902 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/01/27 00:21:24 | 000,237,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2012/01/22 12:25:28 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012/01/14 13:08:03 | 000,070,144 | ---- | M] () -- C:\Users\Jack\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Files Created - No Company Name ==========

[2012/02/02 23:10:24 | 000,000,820 | ---- | C] () -- C:\Windows\tasks\Google Software Updater.job
[2012/02/02 22:29:22 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/02/02 22:29:22 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/02/02 22:29:22 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/02/02 22:29:22 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/02/02 22:29:22 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/02/01 21:14:58 | 000,000,512 | ---- | C] () -- C:\Users\Jack\Desktop\MBR.dat
[2012/02/01 21:10:46 | 000,303,059 | ---- | C] () -- C:\Users\Jack\Desktop\ListParts.exe
[2012/01/31 22:36:52 | 000,879,683 | ---- | C] () -- C:\Users\Jack\Desktop\SecurityCheck.exe
[2012/01/31 21:59:57 | 000,009,223 | ---- | C] () -- C:\Users\Jack\Desktop\TFC.exe
[2012/01/31 21:08:11 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/31 20:45:36 | 000,132,597 | ---- | C] () -- C:\Users\Jack\Desktop\Flash_Disinfector.exe
[2012/01/31 06:40:12 | 000,000,631 | ---- | C] () -- C:\Users\Jack\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2012/01/27 21:23:45 | 261,659,902 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/05/27 20:12:18 | 000,020,992 | ---- | C] () -- C:\Windows\jestertb.dll
[2011/05/21 16:15:32 | 000,000,552 | ---- | C] () -- C:\Users\Jack\AppData\Local\d3d8caps.dat
[2010/08/12 19:42:42 | 000,138,056 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010/08/12 19:42:11 | 000,138,056 | ---- | C] () -- C:\Users\Jack\AppData\Roaming\PnkBstrK.sys
[2010/08/12 19:41:26 | 000,189,248 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2010/08/12 19:41:25 | 002,434,856 | ---- | C] () -- C:\Windows\System32\pbsvc_bc2.exe
[2010/08/12 19:41:25 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2010/03/07 16:58:11 | 003,566,434 | ---- | C] () -- C:\Windows\System32\fun_avcodec.dll
[2010/03/07 16:58:11 | 000,167,936 | ---- | C] () -- C:\Windows\System32\Mpeg4Tools.dll
[2010/03/07 16:58:11 | 000,042,108 | ---- | C] () -- C:\Windows\System32\fun_avutil.dll
[2010/03/07 16:58:10 | 000,827,392 | ---- | C] () -- C:\Windows\System32\Mpeg4System.dll
[2010/03/07 16:58:10 | 000,241,664 | ---- | C] () -- C:\Windows\System32\AMR.dll
[2010/03/07 16:58:10 | 000,122,880 | ---- | C] () -- C:\Windows\System32\Mpeg4DSF.dll
[2010/03/07 16:58:10 | 000,057,344 | ---- | C] () -- C:\Windows\System32\EvrcDecDll.dll
[2010/03/07 16:58:10 | 000,057,344 | ---- | C] () -- C:\Windows\System32\AMRDSF.dll
[2010/01/22 22:58:53 | 000,073,220 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2010/01/22 22:58:53 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2010/01/22 22:58:53 | 000,029,114 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2010/01/22 22:58:53 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2010/01/22 22:58:53 | 000,021,021 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2010/01/22 22:58:53 | 000,015,670 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2010/01/22 22:58:53 | 000,013,280 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2010/01/22 22:58:53 | 000,010,673 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2010/01/22 22:58:53 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2010/01/22 22:58:53 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2010/01/22 22:58:53 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2010/01/22 22:58:53 | 000,001,137 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2010/01/22 22:58:53 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2010/01/22 22:58:53 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2010/01/22 22:58:53 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2010/01/22 22:58:53 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2010/01/22 22:53:00 | 000,000,090 | ---- | C] () -- C:\Windows\EPART810.ini
[2009/09/05 10:47:24 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/05 10:47:24 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2008/10/05 02:01:22 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/08/09 20:04:07 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2008/07/30 12:45:47 | 000,000,680 | ---- | C] () -- C:\Users\Jack\AppData\Local\d3d9caps.dat
[2008/07/27 17:40:30 | 000,000,196 | ---- | C] () -- C:\Windows\SIERRA.INI
[2008/06/14 03:24:00 | 000,151,552 | ---- | C] () -- C:\Windows\System32\JpgLib.dll
[2008/05/23 19:40:09 | 000,271,360 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2008/05/23 19:40:09 | 000,018,048 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2008/05/22 00:52:45 | 000,070,144 | ---- | C] () -- C:\Users\Jack\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/05/16 20:13:43 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2008/05/16 20:13:43 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2008/05/16 20:13:43 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2008/05/16 20:13:43 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2008/05/16 20:13:43 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2008/05/16 20:13:40 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008/05/16 12:42:20 | 000,054,784 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2008/05/16 12:42:20 | 000,024,064 | ---- | C] () -- C:\Windows\System32\WLTRYSVC.EXE
[2008/05/16 12:36:57 | 000,000,076 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2008/05/16 12:21:17 | 000,003,726 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2006/11/10 08:26:12 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006/11/03 17:25:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,505,464 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,604,502 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,104,170 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2001/11/14 12:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

========== Custom Scans ==========


< %PROGRAMDATA%\*. >
[2009/01/19 15:53:18 | 000,000,000 | ---D | M] -- C:\ProgramData\Adobe
[2010/09/06 21:40:32 | 000,000,000 | ---D | M] -- C:\ProgramData\AIM
[2010/09/06 21:40:43 | 000,000,000 | ---D | M] -- C:\ProgramData\AIM Toolbar
[2010/04/25 15:51:52 | 000,000,000 | ---D | M] -- C:\ProgramData\Apple
[2010/08/24 13:42:31 | 000,000,000 | ---D | M] -- C:\ProgramData\Apple Computer
[2008/05/22 00:44:20 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2010/12/30 21:32:43 | 000,000,000 | ---D | M] -- C:\ProgramData\ArcSoft
[2010/12/12 16:46:03 | 000,000,000 | ---D | M] -- C:\ProgramData\Avery
[2009/05/02 12:43:20 | 000,000,000 | ---D | M] -- C:\ProgramData\Citrix
[2008/05/22 21:13:06 | 000,000,000 | ---D | M] -- C:\ProgramData\CyberLink
[2011/03/26 20:59:52 | 000,000,000 | ---D | M] -- C:\ProgramData\Dell
[2008/05/22 00:44:20 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2008/05/22 00:44:20 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2010/07/25 09:40:52 | 000,000,000 | ---D | M] -- C:\ProgramData\Electronic Arts
[2010/01/22 23:04:24 | 000,000,000 | ---D | M] -- C:\ProgramData\EPSON
[2008/05/22 00:44:20 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2009/10/02 20:34:27 | 000,000,000 | ---D | M] -- C:\ProgramData\Google
[2011/09/10 10:13:43 | 000,000,000 | ---D | M] -- C:\ProgramData\Google Updater
[2008/05/16 12:51:41 | 000,000,000 | ---D | M] -- C:\ProgramData\InstallShield
[2008/08/10 21:18:09 | 000,000,000 | ---D | M] -- C:\ProgramData\Kodak
[2008/05/16 12:32:32 | 000,000,000 | ---D | M] -- C:\ProgramData\Logitech
[2010/09/18 17:38:47 | 000,000,000 | ---D | M] -- C:\ProgramData\Malwarebytes
[2008/05/31 16:01:45 | 000,000,000 | ---D | M] -- C:\ProgramData\McAfee
[2011/06/05 21:18:31 | 000,000,000 | --SD | M] -- C:\ProgramData\Microsoft
[2012/01/12 22:08:10 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft Help
[2009/07/09 21:35:34 | 000,000,000 | ---D | M] -- C:\ProgramData\NOS
[2009/08/30 00:33:02 | 000,000,000 | ---D | M] -- C:\ProgramData\Office Genuine Advantage
[2011/03/26 21:14:01 | 000,000,000 | ---D | M] -- C:\ProgramData\PCDr
[2008/05/25 10:51:21 | 000,000,000 | ---D | M] -- C:\ProgramData\Roxio
[2008/08/09 20:02:16 | 000,000,000 | ---D | M] -- C:\ProgramData\Skype
[2008/05/16 12:52:37 | 000,000,000 | ---D | M] -- C:\ProgramData\Sonic
[2011/03/02 21:03:15 | 000,000,000 | ---D | M] -- C:\ProgramData\Sophos
[2011/03/02 21:04:21 | 000,000,000 | ---D | M] -- C:\ProgramData\Sophos Web Intelligence
[2008/05/22 00:44:20 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2008/10/09 19:57:16 | 000,000,000 | ---D | M] -- C:\ProgramData\Symantec
[2008/05/22 00:44:20 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2008/05/16 12:53:36 | 000,000,000 | ---D | M] -- C:\ProgramData\Uninstall
[2010/10/09 10:54:59 | 000,000,000 | ---D | M] -- C:\ProgramData\WebEx
[2008/10/13 10:30:22 | 000,000,000 | ---D | M] -- C:\ProgramData\WindowsSearch

< %PROGRAMDATA%\*.exe /s >
[2010/12/30 21:31:00 | 001,680,607 | ---- | M] (ArcSoft Inc. ) -- C:\ProgramData\ArcSoft\Global Deploy\CheckUpdate\ArcConnect.exe
[2010/10/06 21:55:39 | 000,372,736 | ---- | M] (SoftThinks) -- C:\ProgramData\Dell\DSL\DSLCheck.exe
[2007/01/10 22:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
[2007/12/16 22:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
[2011/03/01 23:13:13 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
[2010/10/08 10:15:16 | 001,344,240 | ---- | M] (Sophos Plc) -- C:\ProgramData\Sophos Web Intelligence\swi_config.exe
[2010/10/08 10:15:16 | 000,201,968 | ---- | M] (Sophos Plc) -- C:\ProgramData\Sophos Web Intelligence\swi_lsp_installer.exe
[2007/08/08 07:16:37 | 000,245,760 | ---- | M] (Sophos Plc) -- C:\ProgramData\Sophos\AutoUpdate\Cache\sau\program files\sophos\autoupdate\almon.exe
[2007/06/20 05:29:00 | 000,172,032 | ---- | M] (Sophos Plc) -- C:\ProgramData\Sophos\AutoUpdate\Cache\sau\program files\sophos\autoupdate\alsvc.exe
[2007/08/29 19:55:16 | 000,602,112 | ---- | M] (Sophos Plc) -- C:\ProgramData\Sophos\AutoUpdate\Cache\sau\program files\sophos\autoupdate\alupdate.exe
[2008/05/25 22:54:16 | 000,094,208 | ---- | M] () -- C:\ProgramData\Sophos\AutoUpdate\Cache\savxp\configuresav.exe
[2008/05/25 22:54:16 | 000,203,832 | ---- | M] (Sophos Plc) -- C:\ProgramData\Sophos\AutoUpdate\Cache\savxp\program files\sophos\sophos anti-virus\sav32cli.exe
[2008/05/25 22:54:13 | 000,069,632 | ---- | M] (Sophos Plc) -- C:\ProgramData\Sophos\AutoUpdate\Cache\savxp\program files\sophos\sophos anti-virus\savadminservice.exe
[2008/05/25 22:54:26 | 000,090,112 | ---- | M] (Sophos Plc) -- C:\ProgramData\Sophos\AutoUpdate\Cache\savxp\program files\sophos\sophos anti-virus\savcleanupservice.exe
[2008/05/25 22:54:15 | 000,098,304 | ---- | M] (Sophos Plc) -- C:\ProgramData\Sophos\AutoUpdate\Cache\savxp\program files\sophos\sophos anti-virus\savservice.exe
[2008/05/25 22:54:18 | 000,045,624 | ---- | M] (Sophos Plc) -- C:\ProgramData\Sophos\AutoUpdate\Cache\savxp\program files\sophos\sophos anti-virus\module retargetable folder\backgroundscanclient.exe
[2008/05/25 22:54:24 | 001,997,880 | ---- | M] (Sophos Plc) -- C:\ProgramData\Sophos\AutoUpdate\Cache\savxp\program files\sophos\sophos anti-virus\module retargetable folder\savmain.exe
[2008/05/25 22:54:14 | 000,556,088 | ---- | M] (Sophos Plc) -- C:\ProgramData\Sophos\AutoUpdate\Cache\savxp\program files\sophos\sophos anti-virus\module retargetable folder\savprogress.exe
[2008/05/25 22:54:16 | 000,017,920 | ---- | M] (Sophos Plc) -- C:\ProgramData\Sophos\AutoUpdate\Cache\savxp\win2k\sophosboottasks.exe
[2008/05/25 22:54:22 | 000,040,448 | ---- | M] () -- C:\ProgramData\Sophos\AutoUpdate\Cache\savxp\winlh_amd64\native.exe
[2008/05/25 22:54:25 | 000,022,528 | ---- | M] (Sophos Plc) -- C:\ProgramData\Sophos\AutoUpdate\Cache\savxp\winlh_amd64\sophosboottasks.exe
[2008/05/25 22:54:16 | 000,017,920 | ---- | M] (Sophos Plc) -- C:\ProgramData\Sophos\AutoUpdate\Cache\savxp\winlh_i386\sophosboottasks.exe
[2008/05/25 22:54:23 | 000,078,336 | ---- | M] () -- C:\ProgramData\Sophos\AutoUpdate\Cache\savxp\winlh_ia64\native.exe
[2008/05/25 22:54:22 | 000,046,080 | ---- | M] (Sophos Plc) -- C:\ProgramData\Sophos\AutoUpdate\Cache\savxp\winlh_ia64\sophosboottasks.exe
[2008/05/25 22:54:22 | 000,040,448 | ---- | M] () -- C:\ProgramData\Sophos\AutoUpdate\Cache\savxp\winxp_amd64\native.exe
[2008/05/25 22:54:25 | 000,022,528 | ---- | M] (Sophos Plc) -- C:\ProgramData\Sophos\AutoUpdate\Cache\savxp\winxp_amd64\sophosboottasks.exe
[2008/05/25 22:54:16 | 000,017,920 | ---- | M] (Sophos Plc) -- C:\ProgramData\Sophos\AutoUpdate\Cache\savxp\winxp_i386\sophosboottasks.exe
[2008/05/25 22:54:23 | 000,078,336 | ---- | M] () -- C:\ProgramData\Sophos\AutoUpdate\Cache\savxp\winxp_ia64\native.exe
[2008/05/25 22:54:22 | 000,046,080 | ---- | M] (Sophos Plc) -- C:\ProgramData\Sophos\AutoUpdate\Cache\savxp\winxp_ia64\sophosboottasks.exe
[2007/12/23 12:03:22 | 004,819,440 | ---- | M] (Sonic Solutions) -- C:\ProgramData\Uninstall\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}\setup.exe
[2010/10/09 10:54:55 | 000,402,744 | ---- | M] (Cisco WebEx LLC) -- C:\ProgramData\WebEx\atcliun.exe
[2010/10/09 10:54:59 | 000,030,088 | ---- | M] (Cisco WebEx LLC) -- C:\ProgramData\WebEx\WebEx\924\atasanot.exe
[2010/10/09 10:54:49 | 000,079,160 | ---- | M] (Cisco WebEx LLC) -- C:\ProgramData\WebEx\WebEx\924\atinst.exe
[2010/10/09 10:54:59 | 000,173,368 | ---- | M] (Cisco WebEx LLC) -- C:\ProgramData\WebEx\WebEx\924\atmgr.exe
[2010/10/09 10:54:55 | 000,165,176 | ---- | M] (Cisco WebEx LLC) -- C:\ProgramData\WebEx\WebEx\924\wbxreport.exe

< %AppData%\Microsoft\Internet Explorer\Quick Launch\*. >

< %AppData%\Microsoft\Internet Explorer\Quick Launch\*.lnk /s >
[2012/01/31 06:40:12 | 000,000,631 | ---- | M] () -- C:\Users\Jack\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\System Check.lnk

< dir %Temp%\smtmp\*.* /s /c >

========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\Jack\Documents\184140.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Jack\Documents\175727.avi:TOC.WMV

< End of report >


#17 sempai

sempai

    3 stars and a sun

  • Admin
  • 1,043 posts

Posted 14 February 2012 - 12:01 PM

Hi,

You posted the OTL log twice.


1. Please reopen OTL on your desktop.
  • Copy and Paste the following code into the Custom Scan/Fixes text box.

    CODE
    :OTL
    [2012/01/31 06:40:12 | 000,000,631 | ---- | C] () -- C:\Users\Jack\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk

    :Files
    ipconfig /flushdns /c

    :Commands
    [CREATERESTOREPOINT]

  • Push the Run Fix button.
  • OTL may ask to reboot the machine. Please do so if asked.
  • A massage box "Fix complete! Click OK to open the fix log." will pop-up.
  • Click the OK button and a report will open.
  • Copy and Paste that report in your next reply.



2. Run OTL.
  • Click the None button at the top (Between "Run fix" and "Clean up" button).
  • Copy and Paste the following code into the Custom Scan box.

    CODE

    %Temp%\*.

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open a notepad windows.
  • Please copy (Edit->Select All, Edit->Copy) the contents of that file, and post them when you reply.


#18 jackger

jackger

    Adv. Member

  • Active Members
  • 77 posts

Posted 16 February 2012 - 02:29 AM

performed both runs of OTL with custom code as instructed.

Neither run required any changes, run with Sophos on-access scanning off.
Neither run performed a system restart.

at this time I have noticed that the "system Check" icon in the quick start bar is gone. ( whether or not it returns upon restart I do not know )

All other issues stated before, empty "Start" menu, absence of applications like Excel, Word etc. still exist.

Will perform a restart and repost as to whether or not System Check re-appears.

Thanks again for you help.

Best regards,

Jack

first run of OTL log is as follows:

I was not prompted to change any settings and system did not restart:

Log follows:

========== OTL ==========
C:\Users\Jack\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Jack\Desktop\cmd.bat deleted successfully.
C:\Users\Jack\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========


OTL by OldTimer - Version 3.2.31.0 log created on 02152012_210355




Second run of OTL is as follows:

I was not prompted to change any settings and system did not restart:

Log follows:


OTL logfile created on: 2/15/2012 9:14:32 PM - Run 4
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Jack\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 1.53 Gb Available Physical Memory | 51.26% Memory free
6.18 Gb Paging File | 4.71 Gb Available in Paging File | 76.17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220.32 Gb Total Space | 116.66 Gb Free Space | 52.95% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.73 Gb Free Space | 57.30% Space Free | Partition Type: NTFS

Computer Name: KERMIT | User Name: Jack | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Custom Scans ==========


< %Temp%\*. >
[2012/02/10 22:25:22 | 000,000,000 | ---D | M] -- C:\Users\Jack\AppData\Local\Temp\Google Gadget Cache
[2012/02/10 22:25:16 | 000,000,000 | ---D | M] -- C:\Users\Jack\AppData\Local\Temp\Log
[2012/02/12 17:28:15 | 000,000,000 | ---D | M] -- C:\Users\Jack\AppData\Local\Temp\Low
[2012/02/11 00:35:22 | 000,000,000 | ---D | M] -- C:\Users\Jack\AppData\Local\Temp\mozilla-media-cache
[2012/02/15 20:22:37 | 000,000,000 | ---D | M] -- C:\Users\Jack\AppData\Local\Temp\WPDNSE

< End of report >


#19 jackger

jackger

    Adv. Member

  • Active Members
  • 77 posts

Posted 16 February 2012 - 04:16 AM

upon shutdown, system did 9 updates, then shut down.

I restarted and can not see "system Check" in the "quick Start" menu bar.

I am uncertain what is causing my Start menu to be coming up blank and why some of my applications are not on the start menu at all.

To try to make clear what is happening:

When I click on the "START" icon, the start menu comes up blank ( no applications or folders above the "all Programs" text. )

When I click on "all programs" I get a load of folders and applications above the "all programs.

In this list, certain applications are not listed, like Excel, Word, and some others. The Microsoft Office folder is not listed ( although there is an icon on my desktop ).

As click on "all programs" it turns to "Back"

When I click "Back", everything disappears and the menu is now blank again.

I am uncertain what is causing this to happen. All I can say is that this did not exit prior to the appearance of "System Check"

thanks again, Jack

Thanks for your help so far.

Jack

#20 sempai

sempai

    3 stars and a sun

  • Admin
  • 1,043 posts

Posted 16 February 2012 - 07:05 PM

QUOTE
When I click on the "START" icon, the start menu comes up blank ( no applications or folders above the "all Programs" text. )

When I click on "all programs" I get a load of folders and applications above the "all programs.

In this list, certain applications are not listed, like Excel, Word, and some others. The Microsoft Office folder is not listed ( although there is an icon on my desktop ).


This is because one of the characteristics of this particular infection is to delete the shortcuts found in your start menu and desktop and create a back-up of those deleted shortcut in %Temp%\smtmp folder. And when the temp files is emptied the back-up will be deleted as well.

This is why if you read our "Guidelines for Posting in This Forum" you will see that we noted there to skip the run of TFC if symptoms like this is present.

We initially run Combofix because it can revert these changes but sadly in your case, the Temp files were emptied already before we begin the cleaning process and so the only way to bring those shortcuts back is to recreate them manually, there are various method on how to do this but the safest way is to simply make a repair install of those programs with missing shortcuts, this can be done by running their uninstaller but choose repair instead of uninstalling them. If repair is not available then uninstall-reinstall will do the trick.



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users