Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Solved: Trojan virus, browser redirect, etc.


(!)

nearfantastica's Avatar
nearfantastica nearfantastica is offline
Member with 64 posts.
THREAD STARTER
 
Join Date: Jul 2011
21-Jul-2012, 11:34 AM #16
I ran malwarebytes just to double check and it is saying there is still a virus. I tried to move it to the vault, and I got this message: "Do you want to force the threat removal?" "Forced removal can cause system instability or even crash." I wasn't sure so I clicked no. Here are the scan results:

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.21.09

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 8.0.6001.19088
Kathy :: KATHY-PC [administrator]

7/21/2012 12:19:59 PM
mbam-log-2012-07-21 (12-27-16).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 184238
Time elapsed: 5 minute(s), 59 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\assembly\GAC\Desktop.ini (Trojan.0access) -> No action taken.

(end)
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 9,627 posts.
 
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
21-Jul-2012, 11:44 AM #17
OK, that is indicating Zeroaccess infection, see if you can do the following:

Download Farbar Recovery Scan Tool and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options I give two methods, use whichever is convenient for you.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select Your Country as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

Kevin..
nearfantastica's Avatar
nearfantastica nearfantastica is offline
Member with 64 posts.
THREAD STARTER
 
Join Date: Jul 2011
21-Jul-2012, 02:57 PM #18
Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 20-07-2012 01
Ran by SYSTEM at 21-07-2012 15:51:35
Running from E:\
Windows Vista (TM) Home Basic (X86) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [118784 2006-10-20] (CyberLink Corp.)
HKLM\...\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe [17920 2006-11-17] ( )
HKLM\...\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup [221184 2006-10-03] (Macrovision Corporation)
HKLM\...\Run: [FaxCenterServer] "C:\Program Files\Dell PC Fax\fm3032.exe" /s [312200 2006-11-03] ()
HKLM\...\Run: [DLBTCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16 [73728 2007-02-12] ()
HKLM\...\Run: [dlbtmon.exe] "C:\Program Files\Dell Photo AIO Printer 922\dlbtmon.exe" [431600 2007-02-28] (Lexmark International, Inc.)
HKLM\...\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart [90191 2006-12-07] (NVIDIA Corporation)
HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [7766016 2006-12-07] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit [81920 2006-12-07] (NVIDIA Corporation)
HKLM\...\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe [2339168 2012-01-17] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-17] (Sun Microsystems, Inc.)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-04-03] (Adobe Systems Incorporated)
HKU\Default\...\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup [446976 2006-11-11] (Gteko Ltd.)
HKU\Default User\...\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup [446976 2006-11-11] (Gteko Ltd.)
HKU\Kathy\...\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup [446976 2006-11-11] (Gteko Ltd.)
HKU\Kathy\...\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-18] (Microsoft Corporation)
Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [X]
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )
Startup: C:\Users\All Users\Start Menu\Programs\Startup\NETGEAR WNA1100 Smart Wizard.lnk
ShortcutTarget: NETGEAR WNA1100 Smart Wizard.lnk -> C:\Program Files\NETGEAR\WNA1100\WNA1100.exe ()

================================ Services (Whitelisted) ==================

2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE.EXE" [116608 2011-08-11] (SUPERAntiSpyware.com)
2 AVGIDSAgent; "C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe" [7391072 2012-01-31] (AVG Technologies CZ, s.r.o.)
2 avgwd; "C:\Program Files\AVG\AVG10\avgwdsvc.exe" [269520 2011-02-08] (AVG Technologies CZ, s.r.o.)
2 dlbt_device; C:\Windows\system32\dlbtcoms.exe -service [538096 2007-02-28] ( )
3 DSBrokerService; "C:\Program Files\DellSupport\brkrsvc.exe" [70656 2006-11-07] ()
2 Eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [21504 2008-01-18] (Microsoft Corporation)
3 jswpsapi; C:\Program Files\NETGEAR\WNA1100\jswpsapi.exe [954368 2009-11-05] (Atheros Communications, Inc.)
2 MDM; "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE" [322120 2003-06-19] (Microsoft Corporation)
2 WSWNA1100; C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe [278528 2009-11-27] ()

========================== Drivers (Whitelisted) =============

3 athur; C:\Windows\System32\DRIVERS\athur.sys [1384448 2009-11-26] (Atheros Communications, Inc.)
3 AVGIDSDriver; C:\Windows\System32\DRIVERS\AVGIDSDriver.Sys [134480 2011-05-27] (AVG Technologies CZ, s.r.o. )
0 AVGIDSEH; C:\Windows\System32\DRIVERS\AVGIDSEH.Sys [22992 2011-02-22] (AVG Technologies CZ, s.r.o. )
3 AVGIDSFilter; C:\Windows\System32\DRIVERS\AVGIDSFilter.Sys [24144 2011-02-10] (AVG Technologies CZ, s.r.o. )
3 AVGIDSShim; C:\Windows\System32\DRIVERS\AVGIDSShim.Sys [28624 2011-02-10] (AVG Technologies CZ, s.r.o. )
1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [248656 2011-01-07] (AVG Technologies CZ, s.r.o.)
1 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [34896 2011-03-01] (AVG Technologies CZ, s.r.o.)
0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [32592 2011-03-16] (AVG Technologies CZ, s.r.o.)
1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [297168 2011-04-04] (AVG Technologies CZ, s.r.o.)
2 dsunidrv; \??\C:\Program Files\DellSupport\Drivers\dsunidrv.sys [7424 2006-08-17] (Gteko Ltd.)
0 pavboot; C:\Windows\System32\drivers\pavboot.sys [28544 2008-06-19] (Panda Security, S.L.)
1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
0 SCMNdisP; C:\Windows\System32\DRIVERS\scmndisp.sys [21728 2007-01-19] (Windows (R) Codename Longhorn DDK provider)
3 STHDA; C:\Windows\System32\drivers\stwrt.sys [647680 2006-11-22] (SigmaTel, Inc.)
2 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [138384 2007-12-24] (Trend Micro Inc.)
4 blbdrive; C:\Windows\system32\drivers\blbdrive.sys [x]
3 catchme; \??\C:\ComboFix\catchme.sys [x]
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-07-21 15:51 - 2012-07-21 15:51 - 00000000 ____D C:\FRST
2012-07-21 11:35 - 2012-07-21 11:36 - 00000714 ____A C:\Windows\setupact.log
2012-07-21 11:35 - 2012-07-21 11:35 - 00000000 ____A C:\Windows\setuperr.log
2012-07-21 04:50 - 2012-07-21 04:50 - 00124136 ____A C:\Users\Kathy\AppData\Local\GDIPFONTCACHEV1.DAT
2012-07-21 04:46 - 2012-07-21 04:47 - 00432600 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-20 13:15 - 2012-07-20 13:16 - 00000000 ____D C:\Program Files\Common Files\Adobe
2012-07-20 13:15 - 2012-07-20 13:15 - 00000000 ____D C:\Program Files\Adobe
2012-07-20 13:09 - 2012-07-20 13:09 - 00000000 ____D C:\Program Files\Common Files\Java
2012-07-20 13:08 - 2012-07-20 13:07 - 00772592 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2012-07-20 13:08 - 2012-07-20 13:07 - 00227824 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2012-07-20 13:08 - 2012-07-20 13:07 - 00174064 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2012-07-20 13:08 - 2012-07-20 13:07 - 00174064 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2012-07-20 13:02 - 2012-07-20 13:02 - 00000000 ____D C:\Users\Kathy\AppData\Roaming\SUPERAntiSpyware.com
2012-07-20 13:01 - 2012-07-20 13:02 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2012-07-20 12:55 - 2012-07-20 12:55 - 00000000 ____D C:\Program Files\Common Files\Apple
2012-07-20 12:54 - 2012-07-20 12:54 - 00000000 ____D C:\Users\All Users\Apple
2012-07-20 12:54 - 2012-07-20 12:54 - 00000000 ____D C:\Program Files\Apple Software Update
2012-07-20 12:44 - 2012-07-20 12:44 - 00000000 ____D C:\Program Files\FileHippo.com
2012-07-20 12:38 - 2012-07-20 12:40 - 00000000 ___SD C:\ComboFix
2012-07-19 17:42 - 2012-07-19 17:42 - 00010214 ____A C:\ComboFix.txt
2012-07-17 18:11 - 2012-07-17 18:12 - 00607260 ____R (Swearware) C:\Users\Kathy\Desktop\dds.com
2012-07-17 18:06 - 2012-07-17 18:07 - 00388608 ____A (Trend Micro Inc.) C:\Users\Kathy\Desktop\HijackThis.exe
2012-07-16 10:26 - 2012-07-16 10:26 - 08437955 ____A C:\Users\Kathy\Desktop\untitled folder.zip
2012-07-16 07:16 - 2012-07-21 04:55 - 00000000 ____D C:\Users\Kathy\Desktop\New Folder (2)

============ 3 Months Modified Files ========================

2012-07-21 11:48 - 2006-11-02 04:58 - 00032634 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-07-21 11:48 - 2006-11-02 04:58 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-21 11:48 - 2006-11-02 04:45 - 00003552 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-21 11:48 - 2006-11-02 04:45 - 00003552 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-21 11:37 - 2009-03-28 14:13 - 01825919 ____A C:\Windows\WindowsUpdate.log
2012-07-21 11:36 - 2012-07-21 11:35 - 00000714 ____A C:\Windows\setupact.log
2012-07-21 11:35 - 2012-07-21 11:35 - 00000000 ____A C:\Windows\setuperr.log
2012-07-21 04:50 - 2012-07-21 04:50 - 00124136 ____A C:\Users\Kathy\AppData\Local\GDIPFONTCACHEV1.DAT
2012-07-21 04:47 - 2012-07-21 04:46 - 00432600 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-20 13:47 - 2007-02-17 06:35 - 00000418 ___AH C:\Windows\Tasks\User_Feed_Synchronization-{3D784BF5-3F70-43C8-AEC5-32F88F4B4CE3}.job
2012-07-20 13:13 - 2007-08-14 18:17 - 00002120 ___AH C:\IPH.PH
2012-07-20 13:07 - 2012-07-20 13:08 - 00772592 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2012-07-20 13:07 - 2012-07-20 13:08 - 00227824 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2012-07-20 13:07 - 2012-07-20 13:08 - 00174064 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2012-07-20 13:07 - 2012-07-20 13:08 - 00174064 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2012-07-20 13:07 - 2010-10-24 05:59 - 00687600 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2012-07-20 12:35 - 2010-08-14 14:23 - 00000000 ____A C:\Users\Kathy\AppData\Local\prvlcl.dat
2012-07-19 17:42 - 2012-07-19 17:42 - 00010214 ____A C:\ComboFix.txt
2012-07-19 17:34 - 2006-11-02 02:23 - 00000215 ____A C:\Windows\system.ini
2012-07-17 18:12 - 2012-07-17 18:11 - 00607260 ____R (Swearware) C:\Users\Kathy\Desktop\dds.com
2012-07-17 18:07 - 2012-07-17 18:06 - 00388608 ____A (Trend Micro Inc.) C:\Users\Kathy\Desktop\HijackThis.exe
2012-07-16 10:26 - 2012-07-16 10:26 - 08437955 ____A C:\Users\Kathy\Desktop\untitled folder.zip
2012-07-16 06:03 - 2007-02-15 19:49 - 00035840 ____A C:\Users\Kathy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-07-11 18:11 - 2006-11-02 02:24 - 57442464 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2012-07-11 18:10 - 2006-11-02 02:23 - 00000240 ____A C:\Windows\win.ini
2012-07-03 09:46 - 2010-11-27 17:00 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-05-30 10:26 - 2006-11-02 02:33 - 00709582 ____A C:\Windows\System32\PerfStringBackup.INI
2012-05-06 14:29 - 2012-05-06 14:29 - 06956507 ____A C:\Users\Kathy\Desktop\pipes.zip

ZeroAccess:
C:\Windows\Installer\{8d70b107-73a7-e7b2-da44-c273c0c4bc10}
C:\Windows\Installer\{8d70b107-73a7-e7b2-da44-c273c0c4bc10}\L
C:\Windows\Installer\{8d70b107-73a7-e7b2-da44-c273c0c4bc10}\U

ZeroAccess:
C:\Users\Kathy\AppData\Local\{8d70b107-73a7-e7b2-da44-c273c0c4bc10}
C:\Users\Kathy\AppData\Local\{8d70b107-73a7-e7b2-da44-c273c0c4bc10}\L
C:\Users\Kathy\AppData\Local\{8d70b107-73a7-e7b2-da44-c273c0c4bc10}\U

ZeroAccess:
C:\Windows\assembly\GAC\Desktop.ini

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 21%
Total physical RAM: 957.88 MB
Available physical RAM: 751.94 MB
Total Pagefile: 926.69 MB
Available Pagefile: 812.27 MB
Total Virtual: 2047.88 MB
Available Virtual: 1984.97 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:64.46 GB) (Free:24.51 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
3 Drive e: () (Removable) (Total:3.73 GB) (Free:3.1 GB) FAT32
4 Drive x: (RECOVERY) (Fixed) (Total:10 GB) (Free:6.02 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 75 GB 1766 KB
Disk 1 Online 3819 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 39 MB 32 KB
Partition 2 Primary 10 GB 40 MB
Partition 3 Primary 64 GB 10 GB

=========================================================================== =======

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 FAT Partition 39 MB Healthy Hidden

=========================================================================== =======

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 0 X RECOVERY NTFS Partition 10 GB Healthy Boot

=========================================================================== =======

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C OS NTFS Partition 64 GB Healthy

=========================================================================== =======

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3819 MB 16 KB

=========================================================================== =======

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 0 E FAT32 Removable 3819 MB Healthy

=========================================================================== =======

==========================================================

Last Boot: 2012-07-21 11:36

======================= End Of Log ==========================
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 9,627 posts.
 
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
21-Jul-2012, 03:11 PM #19
Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

Code:
start
C:\Windows\Installer\{8d70b107-73a7-e7b2-da44-c273c0c4bc10}
C:\Users\Kathy\AppData\Local\{8d70b107-73a7-e7b2-da44-c273c0c4bc10}
C:\Windows\assembly\GAC\Desktop.ini
end
Now please enter System Recovery Options as you did to get the log.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Reboot and run Malwarebytes quick scan after checking for updates, post both logs...

Kevin
nearfantastica's Avatar
nearfantastica nearfantastica is offline
Member with 64 posts.
THREAD STARTER
 
Join Date: Jul 2011
21-Jul-2012, 03:46 PM #20
Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 20-07-2012 01
Ran by SYSTEM at 2012-07-21 16:31:41 Run:1
Running from E:\

==============================================

C:\Windows\Installer\{8d70b107-73a7-e7b2-da44-c273c0c4bc10} moved successfully.
C:\Users\Kathy\AppData\Local\{8d70b107-73a7-e7b2-da44-c273c0c4bc10} moved successfully.
C:\Windows\assembly\GAC\Desktop.ini moved successfully.

==== End of Fixlog ====


Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.21.09

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 8.0.6001.19088
Kathy :: KATHY-PC [administrator]

7/21/2012 4:35:16 PM
mbam-log-2012-07-21 (16-35-16).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 184172
Time elapsed: 7 minute(s), 38 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 9,627 posts.
 
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
21-Jul-2012, 04:16 PM #21
Run the following:

Download OTL from any of the following links and save to your desktop.

Link 1
Link 2
Link3

Double click the icon to start the tool. (Note: If you are running on Vista or Windows 7 accept UAC alert)
  • Please check the box next to "LOP check" and "Purtiy check"
  • Click Run Scan and let the program run uninterrupted.
  • When the scan is complete, two text files will be created on your Desktop.
  • OTL.Txt <- this one will be opened
  • Extras.txt <- this one will be minimized

Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of OTL.Txt and the Extras.txt in your next reply.
nearfantastica's Avatar
nearfantastica nearfantastica is offline
Member with 64 posts.
THREAD STARTER
 
Join Date: Jul 2011
21-Jul-2012, 04:47 PM #22
OTL logfile created on: 7/21/2012 5:22:50 PM - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Kathy\Desktop
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

957.76 Mb Total Physical Memory | 252.00 Mb Available Physical Memory | 26.31% Memory free
2.13 Gb Paging File | 1.35 Gb Available in Paging File | 63.53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 64.46 Gb Total Space | 24.49 Gb Free Space | 37.99% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.01 Gb Free Space | 60.13% Space Free | Partition Type: NTFS

Computer Name: KATHY-PC | User Name: Kathy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/21 17:21:26 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Kathy\Desktop\OTL.com
PRC - [2012/04/04 01:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/01/31 16:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2012/01/17 21:03:24 | 002,339,168 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/09/09 03:10:56 | 001,082,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/08/18 01:33:26 | 000,659,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/05/23 14:13:04 | 000,657,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011/03/28 03:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2009/12/10 11:13:56 | 004,562,944 | ---- | M] () -- C:\Program Files\NETGEAR\WNA1100\WNA1100.exe
PRC - [2009/11/27 12:04:44 | 000,278,528 | ---- | M] () -- C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe
PRC - [2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/02/28 18:24:14 | 000,538,096 | ---- | M] ( ) -- C:\Windows\System32\dlbtcoms.exe
PRC - [2007/02/28 18:23:56 | 000,431,600 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Dell Photo AIO Printer 922\DLBTmon.exe
PRC - [2006/11/12 03:19:46 | 000,446,976 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe
PRC - [2006/10/20 18:23:38 | 000,118,784 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe


========== Modules (No Company Name) ==========

MOD - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
MOD - [2009/12/10 11:13:56 | 004,562,944 | ---- | M] () -- C:\Program Files\NETGEAR\WNA1100\WNA1100.exe
MOD - [2009/08/28 16:50:18 | 000,282,624 | ---- | M] () -- C:\Program Files\NETGEAR\WNA1100\WifiSvcLib.dll
MOD - [2007/01/22 02:18:28 | 000,069,632 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 922\DLBTcfg.dll
MOD - [2006/08/18 14:17:36 | 000,056,056 | ---- | M] () -- C:\Windows\System32\DLAAPI_W.DLL
MOD - [2005/09/20 07:40:30 | 000,122,880 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 922\dlbtdrec.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/06/18 18:24:43 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/04/04 01:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/01/31 16:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2009/11/27 12:04:44 | 000,278,528 | ---- | M] () [Auto | Running] -- C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe -- (WSWNA1100)
SRV - [2009/11/05 16:10:22 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files\NETGEAR\WNA1100\jswpsapi.exe -- (jswpsapi)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/02/28 18:24:14 | 000,538,096 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\dlbtcoms.exe -- (dlbt_device)
SRV - [2006/11/07 14:27:02 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/05/27 19:05:18 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:12:38 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV - [2011/02/10 07:53:30 | 000,028,624 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:28 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2009/11/27 03:47:00 | 001,384,448 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athur.sys -- (athur)
DRV - [2009/06/11 19:34:34 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2008/06/19 16:24:30 | 000,028,544 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\pavboot.sys -- (pavboot)
DRV - [2008/05/15 02:28:00 | 000,020,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\jswpslwf.sys -- (jswpslwf)
DRV - [2007/12/24 17:37:00 | 000,138,384 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2007/07/03 01:37:08 | 000,110,112 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007/02/08 23:05:30 | 000,012,856 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2007/01/19 18:20:54 | 000,021,728 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SCMNdisP.sys -- (SCMNdisP)
DRV - [2006/12/08 00:25:00 | 004,456,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2006/11/22 18:56:52 | 000,647,680 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2006/11/02 03:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 03:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2006/11/02 03:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/10/18 14:08:18 | 000,258,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2006/10/05 17:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Running] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/08/18 14:18:08 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/08/18 14:17:46 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/08/18 14:17:44 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/08/18 14:17:44 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/08/18 14:17:42 | 000,026,008 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/08/18 14:17:40 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/08/18 14:17:38 | 000,104,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/08/18 14:17:38 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/08/17 16:43:52 | 000,007,424 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Program Files\DellSupport\Drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/08/11 11:35:16 | 000,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2006/08/04 20:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/browsers/redirect/...1HPRR&d=homerr
IE - HKLM\..\SearchScopes,DefaultScope = {B66B7AA8-EF74-4FE7-9A63-CFF0A3EAEF4C}
IE - HKLM\..\SearchScopes\{B66B7AA8-EF74-4FE7-9A63-CFF0A3EAEF4C}: "URL" = http://www.rr.com/browsers/redirect/?b=RRHSO_BLD1&CMP=OTC-RRHSO_BLD1SPSE&d=searchrr&q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/browsers/redirect/...1HPRR&d=homerr
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {937A4F6A-5111-4A55-8480-CAAC4A06E5BB}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={ inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DKUS
IE - HKCU\..\SearchScopes\{937A4F6A-5111-4A55-8480-CAAC4A06E5BB}: "URL" = http://www.rr.com/browsers/redirect/?b=RRHSO_BLD1&CMP=OTC-RRHSO_BLD1SPSE&d=searchrr&q={searchTerms}
IE - HKCU\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = http://dl.ask.com/toolbarv/askRedirect.jsp?gct=&gc=1&q={searchTerms}&crm=1&toolbar=GV2
IE - HKCU\..\SearchScopes\{E0C2F44F-C0BA-4379-980B-DEC52DB84CAA}: "URL" = http://search.avg.com/?d=4ded6770&i=23&tp=chrome&q={searchTerms}&lng={language}&nt=1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.rr.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1410
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}:6.0.27
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..keyword.URL: "http://search.avg.com/?d=4ded6606&i=23&tp=ab&nt=1&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security)
FF - HKLM\Software\MozillaPlugins\@real.com/npracplug;version=1.0.0.0: C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dll File not found
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2012/02/03 09:04:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/20 16:59:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/07/20 17:16:54 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/20 16:59:58 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/07/20 17:16:54 | 000,000,000 | ---D | M]

[2009/10/10 15:55:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kathy\AppData\Roaming\Mozilla\Extensions
[2012/05/01 19:11:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kathy\AppData\Roaming\Mozilla\Firefox\Profiles\8flhhrgj.default\ex tensions
[2010/08/06 06:37:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Kathy\AppData\Roaming\Mozilla\Firefox\Profiles\8flhhrgj.default\ex tensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/04/24 21:31:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/06/18 18:24:44 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/06/18 18:24:40 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/06/18 18:24:40 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googlerigi nalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - Extension: AVG Safe Search = C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1390_0\

O1 HOSTS File: ([2012/07/19 21:33:49 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DLBTCATS] C:\Windows\System32\spool\DRIVERS\W32X86\3\DLBTtime.DLL ()
O4 - HKLM..\Run: [dlbtmon.exe] C:\Program Files\Dell Photo AIO Printer 922\dlbtmon.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [ECenter] c:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [FaxCenterServer] C:\Program Files\Dell PC Fax\fm3032.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKCU..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} http://support.dell.com/systemprofiler/SysProExe.CAB (WMI Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7F9A41FD-478D-4F5C-9E41-7CD27476CEC1}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D8BD712E-E4A5-4507-AFE1-0A0DF3D92BE9}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Users\Kathy\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Users\Kathy\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/21 19:51:29 | 000,000,000 | ---D | C] -- C:\FRST
[2012/07/21 17:21:22 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Kathy\Desktop\OTL.com
[2012/07/20 17:15:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012/07/20 17:15:46 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012/07/20 17:13:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIM
[2012/07/20 17:09:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/07/20 17:08:46 | 000,772,592 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2012/07/20 17:08:46 | 000,227,824 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012/07/20 17:08:12 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/07/20 17:08:10 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/07/20 17:02:45 | 000,000,000 | ---D | C] -- C:\Users\Kathy\AppData\Roaming\SUPERAntiSpyware.com
[2012/07/20 17:01:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/07/20 17:01:47 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/07/20 16:58:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/07/20 16:55:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2012/07/20 16:54:07 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2012/07/20 16:54:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2012/07/20 16:44:19 | 000,000,000 | ---D | C] -- C:\Program Files\FileHippo.com
[2012/07/20 16:38:30 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/07/19 22:09:59 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/07/19 21:42:45 | 000,000,000 | ---D | C] -- C:\Users\Kathy\AppData\Local\temp
[2012/07/19 21:34:00 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/07/17 22:11:55 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Kathy\Desktop\dds.com
[2012/07/17 22:06:53 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Kathy\Desktop\HijackThis.exe
[2012/07/16 11:16:38 | 000,000,000 | ---D | C] -- C:\Users\Kathy\Desktop\New Folder (2)
[2011/12/31 16:56:57 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Program Files\HijackThis.exe
[2009/01/27 19:01:53 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll

========== Files - Modified Within 30 Days ==========

[2012/07/21 17:21:26 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Kathy\Desktop\OTL.com
[2012/07/21 16:34:13 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/21 16:34:13 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/21 16:32:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/21 16:27:58 | 000,608,406 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/07/21 16:27:58 | 000,105,908 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/07/21 16:04:38 | 000,000,000 | ---- | M] () -- C:\Users\Kathy\AppData\Local\prvlcl.dat
[2012/07/21 15:59:31 | 000,000,044 | ---- | M] () -- C:\Users\Kathy\AppData\Roaming\mbam.context.scan
[2012/07/21 09:05:32 | 000,150,047 | ---- | M] () -- C:\Users\Kathy\Desktop\screen shot.jpg
[2012/07/21 08:53:48 | 101,889,530 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012/07/21 08:47:01 | 000,432,600 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/07/20 18:01:20 | 000,427,700 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012/07/20 17:47:10 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{3D784BF5-3F70-43C8-AEC5-32F88F4B4CE3}.job
[2012/07/20 17:13:25 | 000,002,120 | -H-- | M] () -- C:\IPH.PH
[2012/07/20 17:13:12 | 000,001,722 | ---- | M] () -- C:\Users\Kathy\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk
[2012/07/20 17:07:49 | 000,227,824 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012/07/20 17:07:49 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/07/20 17:07:49 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/07/20 17:07:48 | 000,772,592 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2012/07/20 17:07:48 | 000,687,600 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2012/07/19 21:33:49 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/07/17 22:12:09 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Kathy\Desktop\dds.com
[2012/07/17 22:07:14 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Kathy\Desktop\HijackThis.exe
[2012/07/16 14:26:13 | 008,437,955 | ---- | M] () -- C:\Users\Kathy\Desktop\untitled folder.zip
[2012/07/16 10:03:23 | 000,035,840 | ---- | M] () -- C:\Users\Kathy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2012/07/21 15:59:31 | 000,000,044 | ---- | C] () -- C:\Users\Kathy\AppData\Roaming\mbam.context.scan
[2012/07/21 09:05:32 | 000,150,047 | ---- | C] () -- C:\Users\Kathy\Desktop\screen shot.jpg
[2012/07/21 08:46:30 | 000,432,600 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/07/20 17:16:54 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012/07/20 16:44:19 | 000,001,786 | ---- | C] () -- C:\Users\Kathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Update Checker.lnk
[2012/07/16 14:26:12 | 008,437,955 | ---- | C] () -- C:\Users\Kathy\Desktop\untitled folder.zip
[2010/11/01 19:47:11 | 000,005,876 | ---- | C] () -- C:\Users\Kathy\Router_Setup.html
[2010/10/29 05:41:07 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/10/29 05:41:07 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/08/14 18:23:14 | 000,000,000 | ---- | C] () -- C:\Users\Kathy\AppData\Local\prvlcl.dat
[2010/08/05 21:15:15 | 000,000,007 | ---- | C] () -- C:\Windows\System32\mkghj.dll
[2009/06/06 13:22:09 | 000,000,420 | ---- | C] () -- C:\Users\Kathy\AppData\Roaming\wklnhst.dat
[2008/02/15 21:33:57 | 000,024,206 | ---- | C] () -- C:\Users\Kathy\AppData\Roaming\UserTile.png
[2007/05/11 17:42:32 | 000,007,484 | ---- | C] () -- C:\Users\Kathy\AppData\Local\d3d9caps.dat
[2007/02/15 23:49:12 | 000,035,840 | ---- | C] () -- C:\Users\Kathy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== LOP Check ==========

[2009/02/26 20:26:40 | 000,000,000 | ---D | M] -- C:\Users\Kathy\AppData\Roaming\7Wonders
[2007/08/23 14:21:05 | 000,000,000 | ---D | M] -- C:\Users\Kathy\AppData\Roaming\acccore
[2010/11/13 10:54:40 | 000,000,000 | ---D | M] -- C:\Users\Kathy\AppData\Roaming\AVG10
[2007/04/12 21:46:47 | 000,000,000 | ---D | M] -- C:\Users\Kathy\AppData\Roaming\Bitbliss Studios
[2009/02/03 10:17:34 | 000,000,000 | ---D | M] -- C:\Users\Kathy\AppData\Roaming\funkitron
[2009/03/28 17:40:02 | 000,000,000 | ---D | M] -- C:\Users\Kathy\AppData\Roaming\HouseCall 6.6
[2012/03/15 19:13:35 | 000,000,000 | ---D | M] -- C:\Users\Kathy\AppData\Roaming\iolo
[2009/03/02 19:15:22 | 000,000,000 | ---D | M] -- C:\Users\Kathy\AppData\Roaming\iWin
[2009/03/12 09:05:37 | 000,000,000 | ---D | M] -- C:\Users\Kathy\AppData\Roaming\MagicBall3
[2008/02/15 21:33:56 | 000,000,000 | ---D | M] -- C:\Users\Kathy\AppData\Roaming\PeerNetworking
[2009/02/25 09:56:35 | 000,000,000 | ---D | M] -- C:\Users\Kathy\AppData\Roaming\pixelStorm
[2009/03/06 11:46:41 | 000,000,000 | ---D | M] -- C:\Users\Kathy\AppData\Roaming\PlayFirst
[2009/01/26 16:55:32 | 000,000,000 | ---D | M] -- C:\Users\Kathy\AppData\Roaming\Pogo Games
[2010/03/08 21:41:14 | 000,000,000 | ---D | M] -- C:\Users\Kathy\AppData\Roaming\Road Runner
[2010/03/08 18:47:42 | 000,000,000 | ---D | M] -- C:\Users\Kathy\AppData\Roaming\Simple Star
[2009/01/28 08:19:33 | 000,000,000 | ---D | M] -- C:\Users\Kathy\AppData\Roaming\Skip-Bo
[2009/06/06 13:22:12 | 000,000,000 | ---D | M] -- C:\Users\Kathy\AppData\Roaming\Template
[2008/02/13 08:20:45 | 000,000,000 | ---D | M] -- C:\Users\Kathy\AppData\Roaming\WildTangent
[2012/07/21 16:30:16 | 000,032,634 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/07/20 17:47:10 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{3D784BF5-3F70-43C8-AEC5-32F88F4B4CE3}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:07348C09
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:A73EAFFB
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMPD9E1B63
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:588B60C7
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:A3EE97B6
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:C5A35877

< End of report >



OTL Extras logfile created on: 7/21/2012 5:22:50 PM - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Kathy\Desktop
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

957.76 Mb Total Physical Memory | 252.00 Mb Available Physical Memory | 26.31% Memory free
2.13 Gb Paging File | 1.35 Gb Available in Paging File | 63.53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 64.46 Gb Total Space | 24.49 Gb Free Space | 37.99% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.01 Gb Free Space | 60.13% Space Free | Partition Type: NTFS

Computer Name: KATHY-PC | User Name: Kathy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\CA Personal Firewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfil e]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProf ile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9C76CED6-7AC3-4667-BE19-EDF0A7207192}" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D8AC1CB2-EE14-4F8E-8D28-B77FE5F8A63D}" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F7274493-F67F-4E11-B442-6E6060485191}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5}" = Dell System Customization Wizard
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{281ECE39-F043-492B-8337-F2E546B5604A}" = PowerDVD
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E25E350-949F-4DB7-8288-2A60E018B4C1}" = Games, Music, & Photos Launcher
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AC7B4E7-59B7-4E48-A60D-263C486FC33A}_is1" = System Checkup 3.1
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7ADE3A47-B425-45E9-8FF6-11BE2B775645}" = Corel Snapfire Plus
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Documentation & Support Launcher
"{90120000-001B-0000-0000-0000000FF1CE}" = Microsoft Office Word 2007
"{90120000-001B-0000-0000-0000000FF1CE}_WORD_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_WORD_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_WORD_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_WORD_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_WORD_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_WORD_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_WORD_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91CA0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Small Business Edition 2003
"{93A1B09E-BAFA-4628-A5B6-921CB026955A}" = Corel Paint Shop Pro Photo XI
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2AE9709-283B-4B48-AA34-729C070A62FB}" = NETGEAR WNA1100 wireless USB 2.0 adapter
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{C8FC7066-4457-4365-9BDF-4E439BF703C8}" = AVG 2011
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"{D69F6DA9-46CF-3EFD-DC4B-9E38F75F5B10}" = Super Collapse 3
"{DBA8B9E1-C6FF-4624-9598-73D3B41A0903}" = Microsoft Picture It! Photo Premium 9
"{E533E637-FB3E-4F28-8B18-449CC9AB7235}" = AVG 2011
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AIM_7" = AIM 7
"AVG" = AVG 2011
"Brunswick Circuit Pro Bowling" = Brunswick Circuit Pro Bowling
"CameraUserGuide-PSSX230HSandPSSX220HS" = Canon PowerShot SX230 HS and PowerShot SX220 HS Camera User Guide
"CameraWindowDC8" = Canon Utilities CameraWindow DC 8
"CameraWindowLauncher" = Canon Utilities CameraWindow Launcher
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 PCI V.92 Modem
"Dell Fax Solutions" = Fax Solutions
"Dell Photo AIO Printer 922" = Dell Photo AIO Printer 922
"FileHippo.com" = FileHippo.com Update Checker
"HijackThis" = HijackThis 2.0.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox 13.0.1 (x86 en-US)" = Mozilla Firefox 13.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MyCamera" = Canon Utilities MyCamera
"MyCamera Download Plugin" = CANON iMAGE GATEWAY MyCamera Download Plugin
"NVIDIA Drivers" = NVIDIA Drivers
"OfotoEZUpload" = KODAK EASYSHARE Gallery Upload ActiveX Control
"PictureIt_v9" = Microsoft Picture It! Photo Premium 9
"Software Guide" = Canon DIGITAL CAMERA Solution Disk Software Guide
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Super Collapse 3" = Super Collapse 3 (remove only)
"Trend Micro HouseCall 6.6" = HouseCall 6.6
"ViewpointMediaPlayer" = Viewpoint Media Player
"WildTangent dell Master Uninstall" = Dell Games
"WORD" = Microsoft Office Word 2007
"YTdetect" = Yahoo! Detect
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/20/2012 5:13:18 PM | Computer Name = Kathy-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 7/20/2012 5:13:18 PM | Computer Name = Kathy-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 7/20/2012 5:13:20 PM | Computer Name = Kathy-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 7/20/2012 5:13:20 PM | Computer Name = Kathy-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 7/20/2012 5:13:21 PM | Computer Name = Kathy-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 7/20/2012 5:13:21 PM | Computer Name = Kathy-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 7/20/2012 5:19:20 PM | Computer Name = Kathy-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 7/20/2012 5:27:28 PM | Computer Name = Kathy-PC | Source = Application Error | ID = 1000
Description = Faulting application TFC.exe, version 3.1.7.0, time stamp 0x2a425e19,
faulting module RPCRT4.dll, version 6.0.6001.18247, time stamp 0x49f0625f, exception
code 0xc0000005, fault offset 0x000b1ebe, process id 0x1b9c, application start time
0x01cd66bdbec535f8.

Error - 7/20/2012 6:26:16 PM | Computer Name = Kathy-PC | Source = Application Error | ID = 1000
Description = Faulting application TFC.exe, version 3.1.7.0, time stamp 0x2a425e19,
faulting module ole32.dll, version 6.0.6001.18498, time stamp 0x4c28cad0, exception
code 0xc0000005, fault offset 0x00003587, process id 0x1094, application start time
0x01cd66c614398746.

Error - 7/21/2012 1:03:30 PM | Computer Name = Kathy-PC | Source = EventSystem | ID = 4609
Description =

[ System Events ]
Error - 7/20/2012 6:11:47 PM | Computer Name = Kathy-PC | Source = HTTP | ID = 15016
Description =

Error - 7/20/2012 6:29:58 PM | Computer Name = Kathy-PC | Source = HTTP | ID = 15016
Description =

Error - 7/20/2012 8:15:11 PM | Computer Name = Kathy-PC | Source = HTTP | ID = 15016
Description =

Error - 7/21/2012 8:46:53 AM | Computer Name = Kathy-PC | Source = HTTP | ID = 15016
Description =

Error - 7/21/2012 1:04:22 PM | Computer Name = Kathy-PC | Source = Service Control Manager | ID = 7043
Description =

Error - 7/21/2012 1:04:50 PM | Computer Name = Kathy-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 7/21/2012 3:27:15 PM | Computer Name = Kathy-PC | Source = HTTP | ID = 15016
Description =

Error - 7/21/2012 3:47:09 PM | Computer Name = Kathy-PC | Source = HTTP | ID = 15016
Description =

Error - 7/21/2012 3:54:24 PM | Computer Name = Kathy-PC | Source = HTTP | ID = 15016
Description =

Error - 7/21/2012 4:32:45 PM | Computer Name = Kathy-PC | Source = HTTP | ID = 15016
Description =


< End of report >
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 9,627 posts.
 
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
21-Jul-2012, 05:02 PM #23
Re-Run by double left click, Vista and Widows 7 users right click and select Run as Administrator.
  • Under the box at the bottom, paste in the following

    Code:
    :OTL
    IE - HKCU\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = http://dl.ask.com/toolbarv/askRedirect.jsp?gct=&gc=1&q={searchTerms}&crm=1&toolbar=GV2
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    @Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:07348C09
    @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:A73EAFFB
    @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMPD9E1B63
    @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:588B60C7
    @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:A3EE97B6
    @Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:C5A35877
    :Files
    ipconfig /flushdns /c
    C:\ComboFix
    C:\FRST
    C:\Windows\System32\mkghj.dll
    :Commands
    [emptytemp]
  • Then click button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start > All Programs > Accessories > Notepad), click File > Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Let me see that log, give update on any remaining issues or concerns..

Kevin
nearfantastica's Avatar
nearfantastica nearfantastica is offline
Member with 64 posts.
THREAD STARTER
 
Join Date: Jul 2011
21-Jul-2012, 05:27 PM #24
AVG popped up during this scan that said there was a threat:

c:\FRST\quarantine\desktop.ini

I left the file there because I thought it might have something to do with deleting? Here is the log:

All processes killed
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF739809-1C6C-47C0-85B9-569DBB141420}\ not found.
Starting removal of ActiveX control {7530BFB8-7293-4D34-9923-61A11451AFC5}
C:\Windows\Downloaded Program Files\OnlineScanner.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
ADS C:\ProgramData\TEMP:07348C09 deleted successfully.
ADS C:\ProgramData\TEMP:A73EAFFB deleted successfully.
Unable to delete ADS C:\ProgramData\TEMPD9E1B63 .
ADS C:\ProgramData\TEMP:588B60C7 deleted successfully.
ADS C:\ProgramData\TEMP:A3EE97B6 deleted successfully.
ADS C:\ProgramData\TEMP:C5A35877 deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Kathy\Desktop\cmd.bat deleted successfully.
C:\Users\Kathy\Desktop\cmd.txt deleted successfully.
C:\ComboFix folder moved successfully.
C:\FRST\Quarantine\{8d70b107-73a7-e7b2-da44-c273c0c4bc10}\{8d70b107-73a7-e7b2-da44-c273c0c4bc10}\U folder moved successfully.
C:\FRST\Quarantine\{8d70b107-73a7-e7b2-da44-c273c0c4bc10}\{8d70b107-73a7-e7b2-da44-c273c0c4bc10}\L folder moved successfully.
C:\FRST\Quarantine\{8d70b107-73a7-e7b2-da44-c273c0c4bc10}\{8d70b107-73a7-e7b2-da44-c273c0c4bc10} folder moved successfully.
C:\FRST\Quarantine\{8d70b107-73a7-e7b2-da44-c273c0c4bc10}\U folder moved successfully.
C:\FRST\Quarantine\{8d70b107-73a7-e7b2-da44-c273c0c4bc10}\L folder moved successfully.
C:\FRST\Quarantine\{8d70b107-73a7-e7b2-da44-c273c0c4bc10} folder moved successfully.
Folder move failed. C:\FRST\Quarantine scheduled to be moved on reboot.
C:\FRST\Logs folder moved successfully.
C:\FRST\Hives folder moved successfully.
C:\FRST folder moved successfully.
C:\Windows\System32\mkghj.dll moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Kathy
->Temp folder emptied: 966438 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 66303982 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 487 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 630 bytes
RecycleBin emptied: 4594150 bytes

Total Files Cleaned = 69.00 mb


OTL by OldTimer - Version 3.2.53.1 log created on 07212012_181939

Files\Folders moved on Reboot...
File\Folder C:\FRST\Quarantine not found!

PendingFileRenameOperations files...
File C:\FRST\Quarantine not found!

Registry entries deleted on Reboot...
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 9,627 posts.
 
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
22-Jul-2012, 03:17 AM #25
FRST was the application we used to find and remove the ZA remnants, obviously anything contained in its quarantine folder is very safe......

If your system is behaving itself do the following:
  • Re-open to run it. (Vista and Win 7 users, right click on OTL and "Run as administrator")
  • Click on the button.
  • Click Yes to begin the cleanup process and remove tools, including this application
  • You may be asked to reboot the machine to finish the cleanup process - if so, choose Yes

I note that you have not updated to Service Pack 2 (SP2) your system will be prone to re-infection, a stand alone version of SP2 is available here http://www.microsoft.com/en-us/downl....aspx?id=16468 it will be advisable to update ASAP....

Kevin
nearfantastica's Avatar
nearfantastica nearfantastica is offline
Member with 64 posts.
THREAD STARTER
 
Join Date: Jul 2011
22-Jul-2012, 01:51 PM #26
Okay, I did both of those. One thing I noticed after updating to SP2 is that the computer seems to be running slower. I know this computer doesn't have a lot of memory. Do you think it might have something to do with that?
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 9,627 posts.
 
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
22-Jul-2012, 02:03 PM #27
Vista is a known resource hog, I gig of ram is not enough. Run the following to see if any startup entries can be removed to help in the short term, ultimately you need to upgrade your ram..

Simply download this tool Startuplite to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and may help improve preformance.

Kevin
nearfantastica's Avatar
nearfantastica nearfantastica is offline
Member with 64 posts.
THREAD STARTER
 
Join Date: Jul 2011
23-Jul-2012, 10:09 PM #28
After using the computer last night and today, it doesn't seem to be having any more problems. I'm going to look into them getting some more ram for the computer or even just upgrading all together. They also need a bigger hard drive

Thank you for all your help!
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 9,627 posts.
 
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
24-Jul-2012, 02:13 PM #29
Glad to have helped, don`t hesitate to come back if you need any help on the malware front. I`m not the best to ask for advice on ram and hd`s if you need any...

Take care,

Kevin
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑