Malwarebytes' Anti-Malware 1.40
Database version: 2700
Windows 6.0.6000
8/26/2009 3:15:00 PM
mbam-log-2009-08-26 (15-15-00).txt
Scan type: Quick Scan
Objects scanned: 83196
Time elapsed: 8 minute(s), 25 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Rooter.exe (v1.0.2) by Eric_71
.
The token does not have the SeDebugPrivilege privilege ! (error:1300)
Can not acquire SeDebugPrivilege !
Please run the tool as administrator ..
.
Windows Vista Home Edition (6.0.6000)
[32_bits] - x86 Family 15 Model 76 Stepping 2, AuthenticAMD
.
Error OpenService (wscsvc) : 6
Error OpenSCManager : 5
Error OpenService (MpsSvc) : 6
Windows Defender -> Disabled !
User Account Control (UAC) -> Enabled
.
Internet Explorer 7.0.6000.16890
.
C:\ [Fixed-NTFS] .. ( Total:96 Go - Free:28 Go )
D:\ [Fixed-NTFS] .. ( Total:15 Go - Free:11 Go )
E:\ [CD_Rom]
.
Scan : 14:55.35
Path : C:\Users\futurepres1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZYC9QLOL\Rooter[1].exe
User : futurepres1 ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
Locked System (4)
Locked smss.exe (380)
Locked csrss.exe (456)
Locked wininit.exe (504)
Locked csrss.exe (512)
Locked winlogon.exe (552)
Locked services.exe (592)
Locked lsass.exe (604)
Locked lsm.exe (612)
Locked svchost.exe (764)
Locked svchost.exe (836)
Locked Ati2evxx.exe (960)
Locked svchost.exe (1004)
Locked svchost.exe (1060)
Locked svchost.exe (1080)
Locked audiodg.exe (1152)
Locked SLsvc.exe (1188)
Locked svchost.exe (1220)
Locked svchost.exe (1312)
Locked Ati2evxx.exe (1424)
Locked WLTRYSVC.EXE (1524)
Locked BCMWLTRY.EXE (1540)
Locked spoolsv.exe (1652)
Locked svchost.exe (1692)
Locked AppleMobileDeviceService.exe (1892)
Locked mDNSResponder.exe (1920)
Locked slimsvc.exe (1936)
Locked lxbvcoms.exe (2020)
Locked ccSvcHst.exe (360)
Locked svchost.exe (412)
Locked RoxWatch9.exe (496)
Locked stacsv.exe (2128)
Locked svchost.exe (2180)
Locked svchost.exe (2216)
Locked SearchIndexer.exe (2252)
Locked XAudio.exe (2312)
Locked taskeng.exe (2604)
Locked RoxMediaDB9.exe (2744)
Locked ccSvcHst.exe (3588)
______ C:\Windows\system32\taskeng.exe (2028)
______ C:\Windows\Explorer.EXE (3988)
______ C:\Windows\system32\Dwm.exe (608)
______ C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (996)
______ C:\Windows\sttray.exe (2616)
______ C:\Windows\System32\WLTRAY.EXE (2412)
______ C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (3420)
______ C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (3976)
______ C:\Program Files\iTunes\iTunesHelper.exe (2088)
______ C:\Program Files\SiteRanker\SiteRankTray.exe (1728)
______ C:\Program Files\DellSupport\DSAgnt.exe (1620)
______ C:\Program Files\Crawler\Smileys\CSmileysIM.exe (2644)
______ C:\Program Files\Digital Line Detect\DLG.exe (3332)
______ C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE (3432)
______ C:\Program Files\Dell\QuickSet\quickset.exe (408)
______ C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (3084)
Locked WmiPrvSE.exe (3088)
Locked iPodService.exe (3928)
______ C:\Windows\system32\wuauclt.exe (2860)
______ C:\Windows\system32\wbem\unsecapp.exe (152)
______ C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (1140)
______ C:\PROGRA~1\Crawler\Smileys\CSMILE~1.EXE (2872)
______ C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe (4708)
______ C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe (4728)
______ C:\Program Files\Internet Explorer\ieuser.exe (3524)
______ C:\Program Files\Internet Explorer\iexplore.exe (1876)
______ C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe (3632)
Locked TrustedInstaller.exe (5944)
______ C:\Users\futurepres1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZYC9QLOL\Rooter[1].exe (4544)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 (Start_Offset:32256 | Length:16418304)
\Device\Harddisk0\Partition2 (Start_Offset:16777216 | Length:16107175936)
\Device\Harddisk0\Partition3 --[ MBR ]-- (Start_Offset:16123953152 | Length:103908638720)
.
----------------------\\ Scheduled Tasks
.
C:\Windows\Tasks\Norton Security Scan for futurepres1.job
C:\Windows\Tasks\SA.DAT
C:\Windows\Tasks\SCHEDLGU.TXT
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
C:\PROGRA~1\Smart Antivirus 2009
==> Rogues <==
.
----------------------\\ Scan completed at 14:55.54
.
C:\Rooter$\Rooter_1.txt - (27/08/2009 | 14:55.5
ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/08/27 14:59
Program Version: Version 1.3.5.0
Windows Version: Windows Vista SP0
==================================================
SSDT
-------------------
SYSENTER/INT2E Hooked [0x81c8c9c0]!
==EOF==
OTL logfile created on: 8/27/2009 3:03:38 PM - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Users\futurepres1\Desktop
Windows Vista Home Basic Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16890)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
893.44 Mb Total Physical Memory | 259.30 Mb Available Physical Memory | 29.02% Memory free
2.00 Gb Paging File | 1.09 Gb Available in Paging File | 54.46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 96.77 Gb Total Space | 28.17 Gb Free Space | 29.11% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 11.72 Gb Free Space | 78.13% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: FUTUREPRES1-PC
Current User Name: futurepres1
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2006/11/25 01:36:02 | 00,557,056 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\Ati2evxx.exe
PRC - [2006/11/25 01:36:02 | 00,557,056 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\Ati2evxx.exe
PRC - [2006/11/21 20:52:54 | 00,024,064 | ---- | M] () -- C:\Windows\System32\WLTRYSVC.EXE
PRC - [2006/11/21 20:52:50 | 01,716,224 | ---- | M] (Dell Inc.) -- C:\Windows\System32\bcmwltry.exe
PRC - [2008/10/01 14:06:14 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/08/29 11:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2007/06/10 16:48:02 | 00,331,870 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe
PRC - [2007/04/25 14:18:48 | 00,537,520 | ---- | M] ( ) -- C:\Windows\System32\lxbvcoms.exe
PRC - [2009/08/08 14:27:37 | 00,115,560 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
PRC - [2006/11/05 13:13:00 | 00,159,744 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
PRC - [2007/02/08 01:11:00 | 00,090,112 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
PRC - [2006/11/11 19:10:40 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\DRIVERS\xaudio.exe
PRC - [2006/11/05 13:15:12 | 00,880,640 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
PRC - [2009/08/08 14:27:37 | 00,115,560 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
PRC - [2008/10/29 02:20:29 | 02,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\Explorer.EXE
PRC - [2006/11/20 13:51:10 | 00,815,104 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2007/02/08 01:11:04 | 00,303,104 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\sttray.exe
PRC - [2006/11/21 20:52:54 | 01,540,096 | ---- | M] (Dell Inc.) -- C:\Windows\System32\WLTRAY.EXE
PRC - [2006/10/20 19:23:38 | 00,118,784 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2008/07/26 07:20:54 | 00,029,744 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
PRC - [2008/10/01 19:57:12 | 00,289,576 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/06/25 04:53:32 | 00,273,920 | ---- | M] (Crawler, LLC) -- C:\Program Files\SiteRanker\SiteRankTray.exe
PRC - [2007/03/15 14:09:36 | 00,460,784 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe
PRC - [2009/03/13 02:30:00 | 00,337,408 | ---- | M] (Crawler.com) -- C:\Program Files\Crawler\Smileys\CSmileysIM.exe
PRC - [2006/11/03 20:02:14 | 00,050,688 | ---- | M] (Avanquest Software ) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2006/04/28 11:14:44 | 00,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
PRC - [2007/04/27 10:34:18 | 01,123,872 | ---- | M] (Dell Inc) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2007/01/15 14:23:48 | 00,344,064 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
PRC - [2009/03/02 21:59:26 | 00,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wmiprvse.exe
PRC - [2008/10/01 19:57:00 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2006/11/02 05:45:50 | 00,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe
PRC - [2008/07/26 07:20:54 | 00,029,744 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
PRC - [2009/06/25 08:25:18 | 00,889,856 | ---- | M] (Crawler.com) -- C:\Program Files\Crawler\Smileys\CSmileysH.exe
PRC - [2006/04/28 11:14:44 | 00,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
PRC - [2006/04/28 11:14:44 | 00,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
PRC - [2009/07/18 06:01:10 | 00,301,568 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\ieuser.exe
PRC - [2009/08/27 15:02:27 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Users\futurepres1\Desktop\OTL.exe
========== Win32 Services (SafeList) ==========
SRV - [2008/10/01 14:06:14 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2006/11/25 01:36:02 | 00,557,056 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\Ati2evxx.exe -- (Ati External Event Utility [Auto | Running])
SRV - [2008/08/29 11:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2008/07/27 14:00:25 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2007/06/10 16:48:02 | 00,331,870 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe -- (cpextender [Auto | Running])
SRV - [2007/03/19 14:44:44 | 00,070,656 | ---- | M] () -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService [On_Demand | Stopped])
SRV - [2006/11/02 05:46:13 | 00,989,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wevtsvc.dll -- (Eventlog [Auto | Running])
SRV - [2008/06/19 21:18:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/07/26 07:20:54 | 00,029,744 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-061008-081103 [On_Demand | Stopped])
SRV - [2004/10/22 05:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/06/19 21:17:49 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008/10/01 19:57:00 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2007/04/25 14:18:48 | 00,537,520 | ---- | M] ( ) -- C:\Windows\System32\lxbvcoms.exe -- (lxbv_device [Auto | Running])
SRV - [2008/06/19 21:17:50 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2009/08/08 14:27:37 | 00,115,560 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe -- (Norton AntiVirus [Auto | Running])
SRV - [2006/11/05 13:15:12 | 00,880,640 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9 [On_Demand | Running])
SRV - [2006/11/05 13:13:00 | 00,159,744 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -- (RoxWatch9 [Auto | Running])
SRV - [2007/02/08 01:11:00 | 00,090,112 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe -- (STacSV [Auto | Running])
SRV - [2006/09/14 14:54:34 | 00,073,728 | ---- | M] (MicroVision Development, Inc.) -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr [On_Demand | Stopped])
SRV - [2007/10/29 18:19:19 | 00,265,912 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend [Auto | Stopped])
SRV - [2006/11/21 20:52:54 | 00,024,064 | ---- | M] () -- C:\Windows\System32\WLTRYSVC.EXE -- (wltrysvc [Auto | Running])
SRV - [2006/11/02 08:34:59 | 00,895,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
SRV - [2006/11/11 19:10:40 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\DRIVERS\xaudio.exe -- (XAudioService [Auto | Running])
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://toolbar.inbox.com/help/sa_customize.aspx?tbid=80126
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://toolbar.inbox.com/search/ie.aspx?tbid=80126
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cl...amp;ibd=0071029
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.wbal.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - URLSearchHook: {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = cdn
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = actsvr.comcastonline.com:8100
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/11 22:23:27 | 00,000,000 | ---D | M]
O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: () - {11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} - C:\Program Files\SiteRanker\SiteRank.dll (Crawler, LLC)
O2 - BHO: () - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe ()
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Windows\System32\WLTRAY.exe (Dell Inc.)
O4 - HKLM..\Run: [CSmileys] C:\Program Files\Crawler\Smileys\CSmileysIM.exe (Crawler.com)
O4 - HKLM..\Run: [dscactivate] c:\dell\dsca.exe ( )
O4 - HKLM..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Windows\sttray.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SiteRanker] C:\Program Files\SiteRanker\SiteRankTray.exe (Crawler, LLC)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [CSmileys] C:\Program Files\Crawler\Smileys\CSmileysIM.exe (Crawler.com)
O4 - HKCU..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - Startup: C:\Users\futurepres1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Users\futurepres1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Sony Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: Crawler Search - File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: state.md.us ([constmail.gov] https in Trusted sites)
O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemyfios.verizon.net/sdcCommo...20Installer.cab (Support.com Configuration Class)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Text%20Twist/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photos.walmart.com/WalmartActivia.cab (Snapfish Activia)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} https://vpn.dpscs.state.md.us/sre/ICSScanner.cab (ICSScanner Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} http://picture.vzw.com/activex/VerizonWire...loadControl.cab (Verizon Wireless Media Upload)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} http://web1.shutterfly.com/downloads/Uploader.cab (Shutterfly Picture Upload Plugin)
O16 - DPF: {B4CB50E4-0309-4906-86EA-10B6641C8392} https://vpn.dpscs.state.md.us/SNX/CSHELL/extender.cab (SlimClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Text%20Twist/Images/armhelper.ocx (ArmHelper Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\tbr {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{c3312909-a2ed-11dc-b5f9-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c3312909-a2ed-11dc-b5f9-806e6f6e6963}\Shell\AutoRun\command - "" = E:\CDStart.exe -- File not found
O33 - MountPoints2\{c3312909-a2ed-11dc-b5f9-806e6f6e6963}\Shell\Install\Command - "" = E:\Setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
NetSvcs: FastUserSwitchingCompatibility - Service key not found. File not found
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Irmon - Service key not found. File not found
NetSvcs: Nla - Service key not found. File not found
NetSvcs: Ntmssvc - Service key not found. File not found
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: SRService - Service key not found. File not found
NetSvcs: Wmi - Service key not found. File not found
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: LogonHours - Service key not found. File not found
NetSvcs: PCAudit - Service key not found. File not found
NetSvcs: helpsvc - Service key not found. File not found
NetSvcs: uploadmgr - Service key not found. File not found
========== Files/Folders - Created Within 14 Days ==========
[2009/08/27 15:02:17 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Users\futurepres1\Desktop\OTL.exe
[2009/08/27 15:00:41 | 00,024,064 | ---- | C] () -- C:\Users\futurepres1\Documents\ROOTREPEAL.doc
[2009/08/27 14:58:13 | 00,000,000 | ---- | C] () -- C:\Windows\System32\settings.dat
[2009/08/27 14:57:00 | 00,032,256 | ---- | C] () -- C:\Users\futurepres1\Documents\Rooter.doc
[2009/08/27 14:55:54 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/08/26 19:02:33 | 00,025,088 | ---- | C] () -- C:\Users\futurepres1\Documents\Malwarebytes.doc
[2009/08/26 13:16:25 | 00,000,000 | ---D | C] -- C:\Users\futurepres1\AppData\Roaming\Malwarebytes
[2009/08/26 13:16:17 | 00,000,820 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/08/26 13:16:10 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/08/26 13:16:08 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/08/26 13:16:07 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/08/26 13:16:06 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/08/26 12:46:03 | 00,272,384 | ---- | C] (OldTimer Tools) -- C:\Users\futurepres1\Desktop\TFC.exe
[2009/08/26 12:44:32 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/08/26 12:44:18 | 00,000,915 | ---- | C] () -- C:\Users\futurepres1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/08/26 12:44:09 | 00,000,735 | ---- | C] () -- C:\Users\futurepres1\Desktop\NTREGOPT.lnk
[2009/08/26 12:44:09 | 00,000,716 | ---- | C] () -- C:\Users\futurepres1\Desktop\ERUNT.lnk
[2009/08/26 12:44:01 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/08/26 12:42:50 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\futurepres1\Desktop\erunt-setup.exe
========== Files - Modified Within 14 Days ==========
[2009/08/27 15:02:27 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Users\futurepres1\Desktop\OTL.exe
[2009/08/27 15:00:42 | 00,024,064 | ---- | M] () -- C:\Users\futurepres1\Documents\ROOTREPEAL.doc
[2009/08/27 14:58:13 | 00,000,000 | ---- | M] () -- C:\Windows\System32\settings.dat
[2009/08/27 14:57:01 | 00,032,256 | ---- | M] () -- C:\Users\futurepres1\Documents\Rooter.doc
[2009/08/27 14:48:35 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/08/27 14:48:30 | 00,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/08/27 14:48:27 | 00,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/08/26 19:07:03 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/08/26 19:06:15 | 93,747,6096 | -HS- | M] () -- C:\hiberfil.sys
[2009/08/26 19:03:26 | 02,002,124 | -H-- | M] () -- C:\Users\futurepres1\AppData\Local\IconCache.db
[2009/08/26 19:02:34 | 00,025,088 | ---- | M] () -- C:\Users\futurepres1\Documents\Malwarebytes.doc
[2009/08/26 18:00:10 | 00,000,570 | ---- | M] () -- C:\Windows\tasks\Norton Security Scan for futurepres1.job
[2009/08/26 13:16:17 | 00,000,820 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/08/26 12:46:12 | 00,272,384 | ---- | M] (OldTimer Tools) -- C:\Users\futurepres1\Desktop\TFC.exe
[2009/08/26 12:44:18 | 00,000,915 | ---- | M] () -- C:\Users\futurepres1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/08/26 12:44:09 | 00,000,735 | ---- | M] () -- C:\Users\futurepres1\Desktop\NTREGOPT.lnk
[2009/08/26 12:44:09 | 00,000,716 | ---- | M] () -- C:\Users\futurepres1\Desktop\ERUNT.lnk
[2009/08/26 12:42:55 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\futurepres1\Desktop\erunt-setup.exe
[2009/08/23 19:54:00 | 00,618,648 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/08/23 19:53:59 | 00,104,024 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/08/23 19:53:50 | 00,716,948 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/08/23 19:52:25 | 00,078,336 | ---- | M] () -- C:\Users\futurepres1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
========== LOP Check ==========
[2009/08/26 13:16:25 | 00,000,000 | ---D | M] -- C:\Users\futurepres1\AppData\Roaming
[2007/12/13 06:34:21 | 00,000,000 | ---D | M] -- C:\Users\futurepres1\AppData\Roaming\ATI
[2008/05/12 14:56:10 | 00,000,000 | ---D | M] -- C:\Users\futurepres1\AppData\Roaming\CyberLink
[2009/07/10 18:22:54 | 00,000,000 | ---D | M] -- C:\Users\futurepres1\AppData\Roaming\LimeWire
[2008/02/05 17:20:42 | 00,000,000 | ---D | M] -- C:\Users\futurepres1\AppData\Roaming\PeerNetworking
[2008/06/06 18:17:20 | 00,000,000 | ---D | M] -- C:\Users\futurepres1\AppData\Roaming\Roxio
[2009/07/12 15:29:17 | 00,000,000 | ---D | M] -- C:\Users\futurepres1\AppData\Roaming\SpinTop
[2008/01/05 09:37:00 | 00,000,000 | ---D | M] -- C:\Users\futurepres1\AppData\Roaming\Template
[2009/08/26 18:00:10 | 00,000,570 | ---- | M] () -- C:\Windows\Tasks\Norton Security Scan for futurepres1.job
[2009/08/26 19:07:03 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT
[2009/08/26 19:04:36 | 00,032,606 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\.exe >
< End of report >
OTL Extras logfile created on: 8/27/2009 3:03:38 PM - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Users\futurepres1\Desktop
Windows Vista Home Basic Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16890)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
893.44 Mb Total Physical Memory | 259.30 Mb Available Physical Memory | 29.02% Memory free
2.00 Gb Paging File | 1.09 Gb Available in Paging File | 54.46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 96.77 Gb Total Space | 28.17 Gb Free Space | 29.11% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 11.72 Gb Free Space | 78.13% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: FUTUREPRES1-PC
Current User Name: futurepres1
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00D683D0-B7C5-40AB-8950-D5CB86781A70}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxbvpswx.exe |
"{21445846-DC82-4417-B93A-BB688591622B}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{6EAB322F-899A-4EB2-B3B5-0962771646BD}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6F82FD88-F670-4CB1-8176-852F5CD1ABB2}" = protocol=17 | dir=in | app=c:\windows\system32\lxbvcoms.exe |
"{7D317A8F-B317-4024-AF1C-1DE68528913B}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{9A853D50-521E-49BB-9320-6F776F284875}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxbvpswx.exe |
"{9BF93D3F-A5F0-47DE-A272-4DC746FE56EE}" = protocol=6 | dir=in | app=c:\windows\system32\lxbvcoms.exe |
"{9CEF9952-213C-47B4-A04A-D2DD61960985}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CF6C18C6-6E00-4394-8101-8FC8CCA9F4FF}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{D59E22FC-2570-44A8-B526-1E8245D92C20}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{EC5100F9-EF91-4136-89A4-290EB683B3DC}" = dir=in | app=c:\program files\checkpoint\ssl network extender\slimsvc.exe |
"{F0A03910-9D66-4115-8877-810AEC3E5F1D}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{FCA20B7B-982B-42A0-8277-ABECCCDD166B}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}_is1" = SiteRanker
"{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5}" = Dell System Customization Wizard
"{1a97496e-5110-48a0-b4df-b4bd12a1738a}" = Check Point SSL Network Extender Components Shell
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{281ECE39-F043-492B-8337-F2E546B5604A}" = PowerDVD
"{2C6C74C2-042F-4D36-B7B0-0C538FCF01AB}" = Dell DataSafe Online
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3E25E350-949F-4DB7-8288-2A60E018B4C1}" = Games, Music, & Photos Launcher
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F0C4457-8E64-491B-8D7B-991504365D1E}" = QuickSet
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Product Documentation Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{90300409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content
"{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}" = Apple Mobile Device Support
"{a26ff7e0-a2d0-4453-aa12-14c8aeede90b}" = Check Point SSL Network Extender Service
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A64D224E-E06A-43D2-A919-8BE108F47305}_is1" = Crawler Smileys
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{B8C54AB1-7E1A-40E8-B794-EDB6E8921F3A}" = Dell Support Center
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}" = iTunes
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E713653C-8312-4BC6-AFC9-ADE1F2F04AB9}" = ATI PCI Express (3GIO) Filter Driver
"{EAB9C426-6626-7B76-64F3-569FDCA9852D}" = ATI Catalyst Control Center Ex
"{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"ComcastHSI" = Comcast High-Speed Internet Install Wizard
"CToolbar_UNINSTALL" = Crawler Toolbar
"Disney Pirates of the Caribbean Online" = Disney Pirates of the Caribbean Online
"ERUNT_is1" = ERUNT 1.1j
"Google Desktop" = Google Desktop
"Lexmark 2200 Series" = Lexmark 2200 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NAV" = Norton AntiVirus
"NSS" = Norton Security Scan
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"UnityWebPlayer" = Unity Web Player
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 8/11/2009 10:37:40 PM | Computer Name = futurepres1-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description =
Error - 8/11/2009 10:40:14 PM | Computer Name = futurepres1-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description =
Error - 8/12/2009 3:30:41 AM | Computer Name = futurepres1-PC | Source = WerSvc | ID = 5007
Description =
Error - 8/14/2009 2:37:03 PM | Computer Name = futurepres1-PC | Source = Application Error | ID = 1000
Description = Faulting application SPUBrowser.exe, version 1.2.0.13151, time stamp
0x45ab01aa, faulting module MFC71U.DLL, version 7.10.6030.0, time stamp 0x44b45834,
exception code 0xc0000005, fault offset 0x00033676, process id 0x1670, application
start time 0x01ca1d0e1e4fed1c.
Error - 8/14/2009 2:50:27 PM | Computer Name = futurepres1-PC | Source = WerSvc | ID = 5007
Description =
Error - 8/15/2009 8:31:32 AM | Computer Name = futurepres1-PC | Source = WerSvc | ID = 5007
Description =
Error - 8/17/2009 2:37:09 AM | Computer Name = futurepres1-PC | Source = WerSvc | ID = 5007
Description =
Error - 8/23/2009 8:50:35 AM | Computer Name = futurepres1-PC | Source = WerSvc | ID = 5007
Description =
Error - 8/26/2009 8:00:49 AM | Computer Name = futurepres1-PC | Source = WerSvc | ID = 5007
Description =
Error - 8/26/2009 1:16:08 PM | Computer Name = futurepres1-PC | Source = WerSvc | ID = 5007
Description =
[ Broadcom Wireless LAN Events ]
Error - 4/7/2009 8:53:50 AM | Computer Name = FUTUREPRES1-PC | Source = WLAN-Tray | ID = 0
Description = 08:53:49, Tue, Apr 07, 09 Error - Unable to gain access to user store
Error - 7/14/2009 11:18:42 AM | Computer Name = FUTUREPRES1-PC | Source = WLAN-Tray | ID = 0
Description = 11:18:42, Tue, Jul 14, 09 Error - Unable to gain access to user store
Error - 7/24/2009 6:38:13 AM | Computer Name = FUTUREPRES1-PC | Source = WLAN-Tray | ID = 0
Description = 06:38:13, Fri, Jul 24, 09 Error - Unable to gain access to user store
Error - 8/2/2009 7:17:07 PM | Computer Name = FUTUREPRES1-PC | Source = WLAN-Tray | ID = 0
Description = 19:17:06, Sun, Aug 02, 09 Error - Unable to gain access to user store
Error - 8/14/2009 1:50:44 PM | Computer Name = futurepres1-PC | Source = WLAN-Tray | ID = 0
Description = 13:50:34, Fri, Aug 14, 09 Error - Unable to gain access to user store
Error - 8/26/2009 7:35:22 AM | Computer Name = futurepres1-PC | Source = WLAN-Tray | ID = 0
Description = 07:35:22, Wed, Aug 26, 09 Error - Unable to gain access to user store
Error - 8/26/2009 7:42:41 AM | Computer Name = futurepres1-PC | Source = WLAN-Tray | ID = 0
Description = 07:42:41, Wed, Aug 26, 09 Error - Unable to gain access to user store
Error - 8/26/2009 11:57:32 AM | Computer Name = futurepres1-PC | Source = WLAN-Tray | ID = 0
Description = 11:57:32, Wed, Aug 26, 09 Error - Unable to gain access to user store
Error - 8/26/2009 12:53:48 PM | Computer Name = futurepres1-PC | Source = WLAN-Tray | ID = 0
Description = 12:53:48, Wed, Aug 26, 09 Error - Unable to gain access to user store
[ System Events ]
Error - 8/26/2009 12:48:09 PM | Computer Name = futurepres1-PC | Source = Service Control Manager | ID = 7034
Description =
Error - 8/26/2009 12:52:36 PM | Computer Name = futurepres1-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot
6, function 0. Please contact your system vendor for technical assistance.
Error - 8/26/2009 12:52:38 PM | Computer Name = futurepres1-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot
5, function 0. Please contact your system vendor for technical assistance.
Error - 8/26/2009 12:53:16 PM | Computer Name = futurepres1-PC | Source = R300 | ID = 43015
Description = I2c return failed
Error - 8/26/2009 12:53:16 PM | Computer Name = futurepres1-PC | Source = R300 | ID = 43015
Description = I2c return failed
Error - 8/26/2009 7:03:58 PM | Computer Name = futurepres1-PC | Source = DCOM | ID = 10010
Description =
Error - 8/26/2009 7:05:40 PM | Computer Name = futurepres1-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot
6, function 0. Please contact your system vendor for technical assistance.
Error - 8/26/2009 7:05:42 PM | Computer Name = futurepres1-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot
5, function 0. Please contact your system vendor for technical assistance.
Error - 8/26/2009 7:06:19 PM | Computer Name = futurepres1-PC | Source = R300 | ID = 43015
Description = I2c return failed
Error - 8/26/2009 7:06:19 PM | Computer Name = futurepres1-PC | Source = R300 | ID = 43015
Description = I2c return failed
< End of report >
HELP!! I think I have all of the requested reports on here. THANKS in advance
Full Version: typing frustration - every other key stroke picked up
Hi dianab, Welcome to the Piriform Community Forums 
You are using peer-to-peer programs, specifically LimeWire.
These are what we call an optional removal. However, anytime you are running any type of peer-to-peer application, you are more prone to infection by malware, and this is probably how you became infected in the first place. The choice to remove them is entirely up to you, but I would strongly recommend that you do.
If you do not want to, please at least refrain from using any peer-to-peer programs for the remainder of my fix.
Step #1
Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):
Crawler Toolbar
LimeWire
Step #2
Run OTL.exe
You are using peer-to-peer programs, specifically LimeWire.
These are what we call an optional removal. However, anytime you are running any type of peer-to-peer application, you are more prone to infection by malware, and this is probably how you became infected in the first place. The choice to remove them is entirely up to you, but I would strongly recommend that you do.
If you do not want to, please at least refrain from using any peer-to-peer programs for the remainder of my fix.
Step #1
Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):
Crawler Toolbar
LimeWire
Step #2
Run OTL.exe
- Under the Custom Scans/Fixes box at the bottom, paste in the followingCODE:OTL
IE - URLSearchHook: {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O2 - BHO: () - {11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} - C:\Program Files\SiteRanker\SiteRank.dll (Crawler, LLC)
O2 - BHO: () - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O3 - HKLM\..\Toolbar: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O3 - HKCU\..\Toolbar\WebBrowser: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [SiteRanker] C:\Program Files\SiteRanker\SiteRankTray.exe (Crawler, LLC)
O18 - Protocol\Handler\tbr {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O33 - MountPoints2\{c3312909-a2ed-11dc-b5f9-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c3312909-a2ed-11dc-b5f9-806e6f6e6963}\Shell\AutoRun\command - "" = E:\CDStart.exe -- File not found
O33 - MountPoints2\{c3312909-a2ed-11dc-b5f9-806e6f6e6963}\Shell\Install\Command - "" = E:\Setup.exe -- File not found
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot] - Then click the Run Fix button at the top
- Let the program run unhindered, reboot when it is done
Thanks! That seemed to do the trick. One quick question, when I went to remove the programs, I did find the Crawler toolbar but not Limewire. Could it be somwhere else? I know my husband had downloaded Limewire a while back but he thought he had removed it. I would definitely like to remove any and all peer-to-peer programs to lessen the chances of infection by malware.
Thanks again
Thanks again
QUOTE (SpySentinel @ Aug 27 2009, 03:26 PM) 
Hi dianab, Welcome to the Piriform Community Forums
You are using peer-to-peer programs, specifically LimeWire.
These are what we call an optional removal. However, anytime you are running any type of peer-to-peer application, you are more prone to infection by malware, and this is probably how you became infected in the first place. The choice to remove them is entirely up to you, but I would strongly recommend that you do.
If you do not want to, please at least refrain from using any peer-to-peer programs for the remainder of my fix.
Step #1
Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):
Crawler Toolbar
LimeWire
Step #2
Run OTL.exe
You are using peer-to-peer programs, specifically LimeWire.
These are what we call an optional removal. However, anytime you are running any type of peer-to-peer application, you are more prone to infection by malware, and this is probably how you became infected in the first place. The choice to remove them is entirely up to you, but I would strongly recommend that you do.
If you do not want to, please at least refrain from using any peer-to-peer programs for the remainder of my fix.
Step #1
Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):
Crawler Toolbar
LimeWire
Step #2
Run OTL.exe
- Under the Custom Scans/Fixes box at the bottom, paste in the followingCODE:OTL
IE - URLSearchHook: {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O2 - BHO: () - {11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} - C:\Program Files\SiteRanker\SiteRank.dll (Crawler, LLC)
O2 - BHO: () - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O3 - HKLM\..\Toolbar: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O3 - HKCU\..\Toolbar\WebBrowser: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [SiteRanker] C:\Program Files\SiteRanker\SiteRankTray.exe (Crawler, LLC)
O18 - Protocol\Handler\tbr {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O33 - MountPoints2\{c3312909-a2ed-11dc-b5f9-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c3312909-a2ed-11dc-b5f9-806e6f6e6963}\Shell\AutoRun\command - "" = E:\CDStart.exe -- File not found
O33 - MountPoints2\{c3312909-a2ed-11dc-b5f9-806e6f6e6963}\Shell\Install\Command - "" = E:\Setup.exe -- File not found
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot] - Then click the Run Fix button at the top
- Let the program run unhindered, reboot when it is done
You're welcome.
Looks like just some leftovers from LimeWire which I can remove for you.
OTL should have given you a log. If you could please post that. It should be located under C:\_OTL
Launch Malwarebytes' Anti-Malware
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
Run ESET Online Scan
Looks like just some leftovers from LimeWire which I can remove for you.
OTL should have given you a log. If you could please post that. It should be located under C:\_OTL
Launch Malwarebytes' Anti-Malware
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select "Perform Quick Scan", then click Scan.
- The scan may take some time to finish, so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
Run ESET Online Scan
- Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan - Click the
button. - For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on
to download the ESET Smart Installer. Save it to your desktop. - Double click on the
icon on your desktop.
- Click on
- Check
- Click the
button. - Accept any security warnings from your browser.
- Check
- Push the Start button.
- ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
- When the scan completes, push
- Push
, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply. - Push the
button. - Push
Due to lack of feedback, this topic has been closed.
If you need this topic reopened, please contact me or another staff member. This applies only to the original topic starter.
Everyone else please begin a New Topic.
If you need this topic reopened, please contact me or another staff member. This applies only to the original topic starter.
Everyone else please begin a New Topic.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.