1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

HJT host file redirect warning

Discussion in 'Virus & Other Malware Removal' started by nettyiam, Jan 2, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. nettyiam

    nettyiam Thread Starter

    Joined:
    Jan 26, 2004
    Messages:
    295
    First Name:
    Betty
    Dell Dimension E510 Internet Explorer8 WinXP Yahoo browser

    I know there are posts on this problem but the one posted by the old coot states that the response if for his computer only. Really would appreciate an answer whether I can use the help on his page or if you will help me also.
    As always, many thanks to all you mods...Netty


    My computer is doing some strange things (slow loading, pages jumping, OE not letting me write email unless I close the main page) so I ran the HJT (attached) . Before it actually did the report, I got the HJT host file redirect warning at the top in red.
    Did little on line checking & found I should check my HJT on host file it came up with this:


    # Copyright (c) 1993-1999 Microsoft Corp.
    #
    # This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
    #
    # This file contains the mappings of IP addresses to host names. Each
    # entry should be kept on an individual line. The IP address should
    # be placed in the first column followed by the corresponding host name.
    # The IP address and the host name should be separated by at least one
    # space.
    #
    # Additionally, comments (such as these) may be inserted on individual
    # lines or following the machine name denoted by a '#' symbol.
    #
    # For example:
    #
    # 102.54.94.97 rhino.acme.com # source server
    # 38.25.63.10 x.acme.com # x client host

    127.0.0.1 localhost
    .......................................................................................................................
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 4:26:15 PM, on 1/2/2013
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe
    c:\WINDOWS\system32\ZuneBusEnum.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O16 - DPF: {000F1EA4-5E08-4564-A29B-29076F63A37A} (SOE Web Installer) - http://launch.soe.com/plugin/web/SOEWebInstaller.cab
    O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} (Bitdefender QuickScan Control) - http://quickscan.bitdefender.com/qsax/qsax.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1272917492281
    O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
    O16 - DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} (P3DActiveX Control) - http://panda-plugin.disney.go.com/plugin/win32/p3dactivex.cab
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: BitDefender Update Server v2 (Update Server) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe
    O23 - Service: BitDefender Desktop Update Service (UPDATESRV) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe
    O23 - Service: BitDefender Virus Shield (VSSERV) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe

    --
    End of file - 4517 bytes
     
  2. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    113,313
    That's an old version of HijackThis. Please uninstall it and get the latest version, as follows:

    Please go here to download HijackThis.
    • Click on the button that says Download Now EXE Version and save the HijackThis.exe file to your desktop.
    • Double-click the HijackThis.exe file on your desktop to launch the program. If you get a security warning asking if you want to run this software because the publisher couldn't be verified click on Run to allow it.
    • Click on the Scan button. The scan will not take long and when it's finished the resulting log will open automatically in Notepad.
    • Click on the Save log button and save the log file to your desktop. Copy and paste the contents of the log in your post.
    Please do not fix anything with HijackThis unless you are instructed to do so. Most of what appears in the log will be harmless and/or necessary.


    Please download DDS by sUBs to your desktop from the following location:

    http://download.bleepingcomputer.com/sUBs/dds.scr

    Double-click the dds.scr file to run the program.

    It will automatically run in silent mode and then you will see the following note:

    "Two logs shall be created n your Desktop".

    The logs will be named dds.txt and attach.txt.

    Wait until the logs appear and then copy and paste their contents in your post.
     
  3. nettyiam

    nettyiam Thread Starter

    Joined:
    Jan 26, 2004
    Messages:
    295
    First Name:
    Betty
    Thank you for your prompt reply, I hope this is correct.

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 6:59:50 PM, on 1/3/2013
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe
    c:\WINDOWS\system32\ZuneBusEnum.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\Betty\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O16 - DPF: {000F1EA4-5E08-4564-A29B-29076F63A37A} (SOE Web Installer) - http://launch.soe.com/plugin/web/SOEWebInstaller.cab
    O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} (Bitdefender QuickScan Control) - http://quickscan.bitdefender.com/qsax/qsax.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1272917492281
    O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
    O16 - DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} (P3DActiveX Control) - http://panda-plugin.disney.go.com/plugin/win32/p3dactivex.cab
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: BitDefender Update Server v2 (Update Server) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe
    O23 - Service: BitDefender Desktop Update Service (UPDATESRV) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe
    O23 - Service: BitDefender Virus Shield (VSSERV) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe

    --
    End of file - 4582 bytes
    ...............................................................
    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 8.0.6001.18702
    Run by Betty at 19:04:51 on 2013-01-03
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.2791 [GMT -6:00]
    .
    AV: Bitdefender Antivirus *Enabled/Updated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
    FW: Bitdefender Firewall *Enabled*
    .
    ============== Running Processes ================
    .
    C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe
    c:\WINDOWS\system32\ZuneBusEnum.exe
    C:\WINDOWS\ehome\mcrdsvc.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\Betty\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Betty\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Betty\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    C:\WINDOWS\system32\svchost.exe -k NetworkService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://my.yahoo.com/
    uInternet Connection Wizard,ShellNext = hxxp://www.dell.com/
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [ehTray] c:\windows\ehome\ehtray.exe
    mRun: [BDAgent] "c:\program files\bitdefender\bitdefender 2012\bdagent.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
    mPolicies-Explorer: NoDriveAutoRun = dword:67108863
    mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    DPF: {000F1EA4-5E08-4564-A29B-29076F63A37A} - hxxp://launch.soe.com/plugin/web/SOEWebInstaller.cab
    DPF: {15B782AF-55D8-11D1-B477-006097098764} - hxxp://download.macromedia.com/pub/shockwave/cabs/authorware/awswaxf.cab
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1272917492281
    DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} - hxxp://panda-plugin.disney.go.com/plugin/win32/p3dactivex.cab
    DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2_03-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    TCP: NameServer = 209.18.47.61 209.18.47.62
    TCP: Interfaces\{54E9D73F-CE01-45E4-8FD1-2E7C146127F6} : DHCPNameServer = 209.18.47.61 209.18.47.62
    Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\betty\application data\mozilla\firefox\profiles\0xgy5skh.default\
    FF - prefs.js: browser.startup.homepage - hxxp://myyahoo.com/
    FF - component: c:\program files\bitdefender\bitdefender 2011\bdaphffext\components\bdaphff3.6.dll
    FF - component: c:\program files\bitdefender\bitdefender 2011\bdaphffext\components\bdaphff3.dll
    FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
    FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
    FF - plugin: c:\windows\downloaded program files\npsoe.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 avc3;avc3;c:\windows\system32\drivers\avc3.sys [2012-3-20 622616]
    R1 BDVEDISK;BDVEDISK;c:\windows\system32\drivers\bdvedisk.sys [2010-1-19 85128]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
    R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2011-8-11 116608]
    R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
    R2 UPDATESRV;BitDefender Desktop Update Service;c:\program files\bitdefender\bitdefender 2012\updatesrv.exe [2012-3-13 55032]
    R3 avchv;avchv Function Driver;c:\windows\system32\drivers\avchv.sys [2011-11-25 242504]
    R3 avckf;avckf;c:\windows\system32\drivers\avckf.sys [2012-2-17 481464]
    R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf.sys [2011-11-14 116248]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 bdsandbox;bdsandbox;c:\windows\system32\drivers\bdsandbox.sys [2011-11-17 63056]
    S3 Update Server;BitDefender Update Server v2;c:\program files\common files\bitdefender\bitdefender arrakis server\bin\arrakis3.exe [2011-10-14 307544]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    .
    =============== Created Last 30 ================
    .
    2013-01-01 18:15:25 1409 ----a-w- c:\windows\QTFont.for
    2013-01-01 01:59:04 -------- d-----w- c:\program files\Conduit
    2013-01-01 01:59:02 -------- d-----w- c:\documents and settings\betty\local settings\application data\Conduit
    2012-12-28 18:54:25 63833 ----a-w- c:\documents and settings\all users\application data\1356720840.bdinstall.bin
    2012-12-22 15:25:51 102000 ----a-w- c:\documents and settings\all users\application data\1356189869.bdinstall.bin
    .
    ==================== Find3M ====================
    .
    2012-12-16 12:23:59 290560 ----a-w- c:\windows\system32\atmfd.dll
    2012-12-14 22:49:28 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-12-12 23:28:33 622616 ----a-w- c:\windows\system32\drivers\avc3.sys
    2012-12-12 23:27:49 481464 ----a-w- c:\windows\system32\drivers\avckf.sys
    2012-12-12 23:27:36 242504 ----a-w- c:\windows\system32\drivers\avchv.sys
    2012-12-12 01:08:14 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-12-12 01:08:14 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-11-13 01:25:12 1866368 ----a-w- c:\windows\system32\win32k.sys
    2012-11-02 02:02:42 375296 ----a-w- c:\windows\system32\dpnet.dll
    2010-03-30 00:40:20 100256 ----a-w- c:\program files\common files\LinkInstaller.exe
    2004-09-10 18:40:38 75264 ----a-w- c:\program files\DECCHECK.exe
    .
    ============= FINISH: 19:05:31.03 ===============
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume2
    Install Date: 4/16/2010 9:51:54 AM
    System Uptime: 1/3/2013 4:31:11 PM (3 hours ago)
    .
    Motherboard: Dell Inc. | | 0HJ054
    Processor: Intel(R) Pentium(R) D CPU 3.20GHz | Microprocessor | 3192/800mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 227 GiB total, 194.966 GiB free.
    D: is CDROM ()
    E: is CDROM ()
    F: is Removable
    G: is Removable
    H: is Removable
    I: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP791: 10/6/2012 8:49:31 AM - System Checkpoint
    RP792: 10/7/2012 11:22:57 AM - System Checkpoint
    RP793: 10/12/2012 8:22:31 AM - System Checkpoint
    RP794: 10/13/2012 9:04:39 AM - System Checkpoint
    RP795: 10/14/2012 9:25:18 AM - System Checkpoint
    RP796: 10/16/2012 4:53:07 PM - System Checkpoint
    RP797: 10/16/2012 5:12:12 PM - Software Distribution Service 3.0
    RP798: 10/17/2012 5:12:45 PM - System Checkpoint
    RP799: 10/18/2012 7:39:08 PM - System Checkpoint
    RP800: 10/20/2012 2:27:24 PM - System Checkpoint
    RP801: 10/21/2012 9:38:15 AM - Software Distribution Service 3.0
    RP802: 10/22/2012 4:50:36 PM - System Checkpoint
    RP803: 10/24/2012 7:13:00 PM - System Checkpoint
    RP804: 10/26/2012 10:01:23 AM - System Checkpoint
    RP805: 10/27/2012 11:01:36 AM - System Checkpoint
    RP806: 10/28/2012 3:04:47 PM - System Checkpoint
    RP807: 10/30/2012 5:31:28 PM - System Checkpoint
    RP808: 10/31/2012 5:37:29 PM - System Checkpoint
    RP809: 11/2/2012 9:18:15 AM - System Checkpoint
    RP810: 11/3/2012 1:42:58 PM - System Checkpoint
    RP811: 11/4/2012 1:04:09 PM - System Checkpoint
    RP812: 11/6/2012 5:05:10 PM - System Checkpoint
    RP813: 11/9/2012 8:55:29 AM - System Checkpoint
    RP814: 11/9/2012 5:39:45 PM - Installed Pirate101
    RP815: 11/11/2012 8:51:52 AM - System Checkpoint
    RP816: 11/14/2012 4:47:52 AM - Software Distribution Service 3.0
    RP817: 11/15/2012 4:48:09 PM - System Checkpoint
    RP818: 11/16/2012 5:20:46 PM - System Checkpoint
    RP819: 11/17/2012 5:30:35 PM - System Checkpoint
    RP820: 11/18/2012 8:56:24 AM - Software Distribution Service 3.0
    RP821: 11/20/2012 5:02:37 PM - System Checkpoint
    RP822: 11/21/2012 6:45:22 PM - System Checkpoint
    RP823: 11/23/2012 1:14:06 PM - System Checkpoint
    RP824: 11/24/2012 3:49:42 PM - System Checkpoint
    RP825: 11/27/2012 4:58:46 PM - System Checkpoint
    RP826: 11/29/2012 4:54:36 PM - System Checkpoint
    RP827: 12/1/2012 12:53:29 PM - System Checkpoint
    RP828: 12/2/2012 4:03:09 PM - System Checkpoint
    RP829: 12/3/2012 4:49:16 PM - System Checkpoint
    RP830: 12/4/2012 5:25:45 PM - System Checkpoint
    RP831: 12/5/2012 7:16:05 PM - System Checkpoint
    RP832: 12/7/2012 2:34:57 PM - System Checkpoint
    RP833: 12/8/2012 4:47:48 PM - System Checkpoint
    RP834: 12/10/2012 4:48:16 PM - System Checkpoint
    RP835: 12/12/2012 5:08:47 PM - System Checkpoint
    RP836: 12/13/2012 8:30:37 PM - Software Distribution Service 3.0
    RP837: 12/14/2012 9:50:07 PM - System Checkpoint
    RP838: 12/16/2012 8:15:44 AM - System Checkpoint
    RP839: 12/17/2012 8:29:58 AM - System Checkpoint
    RP840: 12/18/2012 5:50:57 PM - System Checkpoint
    RP841: 12/19/2012 6:04:39 PM - System Checkpoint
    RP842: 12/21/2012 7:40:10 AM - System Checkpoint
    RP843: 12/21/2012 8:14:28 PM - Software Distribution Service 3.0
    RP844: 12/22/2012 9:07:05 AM - Software Distribution Service 3.0
    RP845: 12/23/2012 11:10:48 AM - System Checkpoint
    RP846: 12/24/2012 11:49:06 AM - System Checkpoint
    RP847: 12/25/2012 12:32:51 PM - System Checkpoint
    RP848: 12/27/2012 9:54:26 AM - System Checkpoint
    RP849: 12/28/2012 3:21:36 PM - System Checkpoint
    RP850: 12/30/2012 12:30:11 PM - System Checkpoint
    RP851: 1/1/2013 12:30:23 PM - System Checkpoint
    RP852: 1/2/2013 1:31:41 PM - System Checkpoint
    RP853: 1/3/2013 4:47:15 PM - System Checkpoint
    .
    ==== Installed Programs ======================
    .
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader X (10.1.4)
    Adobe Shockwave Player 11.5
    Amazon MP3 Downloader 1.0.17
    ATI Control Panel
    ATI Display Driver
    Belarc Advisor 8.2
    Bitdefender Internet Security 2012
    Conexant D850 PCI V.92 Modem
    Dell CinePlayer
    Dell Driver Reset Tool
    Digital Line Detect
    ESPNMotion
    Free File Opener v2011.7.0.1
    GemMaster Mystic
    Google Chrome
    GoToAssist 8.0.0.514
    High Definition Audio Driver Package - KB835221
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Format 11 SDK (KB973442)
    Hotfix for Windows Media Player 10 (KB903157)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB2570791)
    Hotfix for Windows XP (KB2633952)
    Hotfix for Windows XP (KB2756822)
    Hotfix for Windows XP (KB2779562)
    Hotfix for Windows XP (KB932716-v2)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    HP PrecisionScan LTX
    HP Product Detection
    HP Scan-to-Web Wizard
    Intel(R) PRO Network Connections Drivers
    Intel(R) PROSet for Wired Connections
    Java 2 Runtime Environment, SE v1.4.2_03
    Java Auto Updater
    Java(TM) 6 Update 31
    Malwarebytes Anti-Malware version 1.70.0.1100
    Microsoft .NET Framework 1.0 Hotfix (KB2572066)
    Microsoft .NET Framework 1.0 Hotfix (KB2604042)
    Microsoft .NET Framework 1.0 Hotfix (KB2656378)
    Microsoft .NET Framework 1.0 Hotfix (KB979904)
    Microsoft .NET Framework 1.0 Security Update (KB2698035)
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2656370)
    Microsoft .NET Framework 1.1 Security Update (KB2698023)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Picture It! Express 2000
    Microsoft User-Mode Driver Framework Feature Pack 1.9
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft Windows XP Video Decoder Checkup Utility
    Microsoft WinUsb 1.0
    Microsoft Word 2000
    Microsoft Works 2000
    Microsoft Works 2000 Setup Launcher
    Modem Helper
    Mozilla Firefox 5.0 (x86 en-US)
    MSN
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP3 Parser (KB2721691)
    MSXML 4.0 SP3 Parser (KB973685)
    MSXML 6 Service Pack 2 (KB973686)
    Nero OEM
    Netwaiting
    OpenOffice.org 3.1
    Otto
    Photo Story 3 for Windows
    Pirate101
    QualXServ Service Agreement
    QuickTime
    Road Runner PhotoShow 5
    ROBLOX Player for Betty
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft Windows (KB2564958)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB2482017)
    Security Update for Windows Internet Explorer 8 (KB2497640)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2530548)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2559049)
    Security Update for Windows Internet Explorer 8 (KB2586448)
    Security Update for Windows Internet Explorer 8 (KB2618444)
    Security Update for Windows Internet Explorer 8 (KB2647516)
    Security Update for Windows Internet Explorer 8 (KB2675157)
    Security Update for Windows Internet Explorer 8 (KB2699988)
    Security Update for Windows Internet Explorer 8 (KB2722913)
    Security Update for Windows Internet Explorer 8 (KB2744842)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2491683)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2536276)
    Security Update for Windows XP (KB2544893-v2)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB2555917)
    Security Update for Windows XP (KB2562937)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2567053)
    Security Update for Windows XP (KB2567680)
    Security Update for Windows XP (KB2570222)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB2584146)
    Security Update for Windows XP (KB2585542)
    Security Update for Windows XP (KB2592799)
    Security Update for Windows XP (KB2598479)
    Security Update for Windows XP (KB2603381)
    Security Update for Windows XP (KB2618451)
    Security Update for Windows XP (KB2620712)
    Security Update for Windows XP (KB2621440)
    Security Update for Windows XP (KB2624667)
    Security Update for Windows XP (KB2631813)
    Security Update for Windows XP (KB2633171)
    Security Update for Windows XP (KB2639417)
    Security Update for Windows XP (KB2641653)
    Security Update for Windows XP (KB2646524)
    Security Update for Windows XP (KB2647518)
    Security Update for Windows XP (KB2653956)
    Security Update for Windows XP (KB2655992)
    Security Update for Windows XP (KB2659262)
    Security Update for Windows XP (KB2660465)
    Security Update for Windows XP (KB2661637)
    Security Update for Windows XP (KB2676562)
    Security Update for Windows XP (KB2685939)
    Security Update for Windows XP (KB2686509)
    Security Update for Windows XP (KB2691442)
    Security Update for Windows XP (KB2695962)
    Security Update for Windows XP (KB2698365)
    Security Update for Windows XP (KB2705219)
    Security Update for Windows XP (KB2707511)
    Security Update for Windows XP (KB2709162)
    Security Update for Windows XP (KB2712808)
    Security Update for Windows XP (KB2718523)
    Security Update for Windows XP (KB2719985)
    Security Update for Windows XP (KB2723135)
    Security Update for Windows XP (KB2724197)
    Security Update for Windows XP (KB2727528)
    Security Update for Windows XP (KB2731847)
    Security Update for Windows XP (KB2753842-v2)
    Security Update for Windows XP (KB2753842)
    Security Update for Windows XP (KB2758857)
    Security Update for Windows XP (KB2761226)
    Security Update for Windows XP (KB2770660)
    Security Update for Windows XP (KB2779030)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371-v2)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB963027)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969897)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    Sonic Encoders
    SUPERAntiSpyware
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Windows (KB971513)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows Internet Explorer 8 (KB980302)
    Update for Windows Media Player 10 (KB910393)
    Update for Windows Media Player 10 (KB913800)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB2616676-v2)
    Update for Windows XP (KB2616676)
    Update for Windows XP (KB2641690)
    Update for Windows XP (KB2661254-v2)
    Update for Windows XP (KB2718704)
    Update for Windows XP (KB2736233)
    Update for Windows XP (KB2749655)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Update for Windows XP (KB980182)
    Update Rollup 2 for Windows XP Media Center Edition 2005
    VLC media player 1.1.0-rc
    WebFldrs XP
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Installer 3.1 (KB893803)
    Windows Internet Explorer 8
    Windows Media Format 11 runtime
    Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
    Windows Media Player 11
    Windows PowerShell(TM) 1.0
    Windows XP Media Center Edition 2005 KB2502898
    Windows XP Media Center Edition 2005 KB2619340
    Windows XP Media Center Edition 2005 KB2628259
    Windows XP Media Center Edition 2005 KB908246
    Windows XP Media Center Edition 2005 KB925766
    Windows XP Media Center Edition 2005 KB973768
    Windows XP Service Pack 3
    Wizard101
    Word in Works Suite add-in
    Zune
    Zune Language Pack (DE)
    Zune Language Pack (ES)
    Zune Language Pack (FR)
    Zune Language Pack (IT)
    .
    ==== Event Viewer Messages From Past Week ========
    .
    1/3/2013 6:44:34 PM, error: DCOM [10000] - Unable to start a DCOM Server: {F3A614DC-ABE0-11D2-A441-00C04F795683}. The error: "%2" Happened while starting this command: C:\Program Files\Messenger\msmsgs.exe -Embedding
    .
    ==== End Of File ===========================
     
  4. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    113,313
    Please download GMER from: http://gmer.net/index.php

    Click on the "Download EXE" button and save the randomly named .exe file to your desktop.

    Note: You must uninstall any CD Emulation programs that you have before running GMER as they can cause conflicts and give false results.

    Double click the GMER .exe file on your desktop to run the tool and it will automatically do a quick scan.

    If the tool warns of rootkit activity and asks if you want to run a full scan, click on No and make sure the following are unchecked on the right-hand side:

    IAT/EAT
    Any drive letter other than the primary system drive (which is generally C).

    Click the Scan button and when the scan is finished, click Save and save the log in Notepad with the name ark.txt to your desktop.

    Note: It's important that all other windows be closed and that you don't touch the mouse or do anything with the computer during the scan as it may cause it to freeze. You should disable your screen saver as if it comes on it may cause the program to freeze.

    Open the ark.txt file and copy and paste the contents of the log here please.
     
  5. nettyiam

    nettyiam Thread Starter

    Joined:
    Jan 26, 2004
    Messages:
    295
    First Name:
    Betty
    Hi Cookie,
    Having some problems..
    I didnt know what CD emulation programs were but checked TSG..only one I know of that they mention is Nero which I uninstalled.
    Went to download GMER but get warning GMER has found system modification caused by ROOTKIT activity but when I try to tick ok or close the window, it wont go any further.
    Also forgot to mention in last post that when I ran HJT, I got a popup that says:

    For some reason your system denied write access to the Hosts file. If
    any hijacked domains are in this file, HJT may NOT be able to fix this.

    If that happens, you need to edit the file yourself. To do this, click
    Start, Run and type:

    notepad C:\Windows\System32\drivers\etc\hosts

    and press Enter. Find the line(s) HijackThis reports and delete them.
    Save the file as hosts (with quotes), and reboot.

    For Vista: simpy, exit HJT, right click on the HJT icon,
    choose Run as administrator .

    Ironically, I get this same warning on my laptop but that can be addressed after we get this fixed.
     
  6. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    113,313
    OK then let's try this:

    Please go here and download the TDSSKiller.exe to your desktop.
    • Double-click to TDSSKiller.exe on your desktop to run it.
    • Click on Start Scan
    • As we don't want to fix anything yet, if any malicious objects are detected, do NOT select Cure but select Skip instead.
    It will produce a log once it finishes in the root drive which should look like this example:

    C:\TDSSKiller.<version_date_time>log.txt

    Please copy and paste the contents of that log in your next reply.
     
  7. nettyiam

    nettyiam Thread Starter

    Joined:
    Jan 26, 2004
    Messages:
    295
    First Name:
    Betty
    After I did the scan. Shows Threats detected; select action for found objects:

    Copy all to quarantine or + Restore default actions
    Locked file
    Service: sptd
    Suspicious object, medium risk

    window with Skip, copy to quarantee, delete
    I clicked Skip, continue & there is a log that shows everything as ok except the last with warning: skipped by user. I tried to copy this log, but cant.
     
  8. nettyiam

    nettyiam Thread Starter

    Joined:
    Jan 26, 2004
    Messages:
    295
    First Name:
    Betty
    hope this made sense :)
     
  9. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    113,313
    Please visit Combofix Guide & Instructions for instructions for installing the Recovery Console and downloading and running ComboFix.

    The only thing different from the instructions there is that when downloading and saving the ComboFix.exe I would like you to rename it to puppy.exe please.

    Post the log from ComboFix when you've accomplished that.

    Important notes regarding ComboFix:

    ComboFix may reset a number of Internet Explorer's settings, including making it the default browser. This can easily be changed once we're finished.

    ComboFix also prevents autorun of ALL CDs, floppies and USB devices (don't worry, the keyboard and mouse will still function) to assist with malware removal & increase security. If this is an issue or makes it difficult for you, please let me know. This can be undone manually when we're finished. Read HERE for an article written by dvk01 on why we disable autoruns.
     
  10. nettyiam

    nettyiam Thread Starter

    Joined:
    Jan 26, 2004
    Messages:
    295
    First Name:
    Betty
    Forgive me, but when I went to the guide & instruction page, I clicked the download and it downloaded a 7zip file installq installation utility & I dont know what to do. I also went to bleepingcomputer sight & downloaded the Combofix.exe & renamed puppy.exe.
    I did not run either because I wanted to check with you..sorry but I am very cautious.
     
  11. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    113,313
    That is not the legitimate 7-zip but it's a rogue installer (malware) that you already had on your machine.

    Are you able to run ComboFix and post the log?
     
  12. nettyiam

    nettyiam Thread Starter

    Joined:
    Jan 26, 2004
    Messages:
    295
    First Name:
    Betty
    ComboFix 13-01-05.01 - Betty 01/05/2013 23:31:00.1.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.2811 [GMT -6:00]
    Running from: c:\documents and settings\Betty\Desktop\Puppy.exe
    AV: Bitdefender Antivirus *Disabled/Updated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
    FW: Bitdefender Firewall *Disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\All Users\Application Data\1335377058.bdinstall.bin
    c:\documents and settings\All Users\Application Data\1356189869.bdinstall.bin
    c:\documents and settings\All Users\Application Data\1356720840.bdinstall.bin
    c:\documents and settings\Betty\GoToAssistDownloadHelper.exe
    c:\documents and settings\Betty\Recent\Free Jigsaw Puzzles - Jigsaw Puzzle Games at TheJigsawPuzzles.com - Play Free Online Jigsaw Puzzles.url
    c:\program files\MyScrapNook_12EI
    c:\program files\MyScrapNook_12EI\Installr\5.bin\12EIPlug.dll
    c:\program files\MyScrapNook_12EI\Installr\5.bin\12EZSETP.dll
    c:\program files\MyScrapNook_12EI\Installr\5.bin\NP12EISb.dll
    c:\windows\system32\_000006_.tmp.dll
    c:\windows\system32\_000007_.tmp.dll
    c:\windows\system32\_000008_.tmp.dll
    c:\windows\system32\hpsj32.1
    c:\windows\system32\service
    c:\windows\system32\service\04052010_TIS17_SfFniAU.log
    c:\windows\system32\service\09082010_TIS17_SfFniAU.log
    c:\windows\system32\service\10082010_TIS17_SfFniAU.log
    c:\windows\system32\service\11012011_TIS17_SfFniAU.log
    c:\windows\system32\service\12122010_TIS17_SfFniAU.log
    c:\windows\system32\service\19042010_TIS17_SfFniAU.log
    c:\windows\system32\service\20112010_TIS17_SfFniAU.log
    c:\windows\system32\service\24112010_TIS17_SfFniAU.log
    c:\windows\system32\service\27072010_TIS17_SfFniAU.log
    c:\windows\system32\service\28062010_TIS17_SfFniAU.log
    c:\windows\system32\SET190.tmp
    c:\windows\system32\SET196.tmp
    c:\windows\system32\SET3BC.tmp
    c:\windows\system32\SET3BD.tmp
    c:\windows\system32\SET3BE.tmp
    c:\windows\system32\SET3C2.tmp
    c:\windows\system32\SET3C3.tmp
    c:\windows\system32\SET3C4.tmp
    c:\windows\system32\SET3C8.tmp
    c:\windows\system32\SET3CA.tmp
    c:\windows\system32\SET406.tmp
    c:\windows\system32\SET408.tmp
    c:\windows\system32\SET40C.tmp
    c:\windows\system32\SET40D.tmp
    c:\windows\system32\SET40E.tmp
    c:\windows\system32\SET412.tmp
    c:\windows\system32\SET413.tmp
    c:\windows\system32\SET414.tmp
    c:\windows\system32\SET4AE.tmp
    c:\windows\system32\SET4AF.tmp
    c:\windows\system32\SET4EA.tmp
    c:\windows\system32\SET4EB.tmp
    c:\windows\system32\SET4EC.tmp
    c:\windows\system32\SET4F0.tmp
    c:\windows\system32\SET4F1.tmp
    c:\windows\system32\SET4F2.tmp
    c:\windows\system32\SET4F6.tmp
    c:\windows\system32\SET4F8.tmp
    c:\windows\system32\SET534.tmp
    c:\windows\system32\SET536.tmp
    c:\windows\system32\SET53A.tmp
    c:\windows\system32\SET53B.tmp
    c:\windows\system32\SET53C.tmp
    c:\windows\system32\SET540.tmp
    c:\windows\system32\SET541.tmp
    c:\windows\system32\SET542.tmp
    c:\windows\system32\SET57.tmp
    c:\windows\system32\SET5A.tmp
    c:\windows\system32\SET5D.tmp
    c:\windows\system32\SET60.tmp
    c:\windows\system32\SET60A.tmp
    c:\windows\system32\SET60D.tmp
    c:\windows\system32\SET618.tmp
    c:\windows\system32\SETA86.tmp
    c:\windows\system32\SETA8C.tmp
    c:\windows\system32\SETA95.tmp
    c:\windows\system32\SETA98.tmp
    c:\windows\system32\SETA9B.tmp
    c:\windows\system32\SETA9F.tmp
    c:\windows\system32\URTTemp
    c:\windows\system32\URTTemp\fusion.dll
    c:\windows\system32\URTTemp\mscoree.dll
    c:\windows\system32\URTTemp\mscoree.dll.local
    c:\windows\system32\URTTemp\mscorsn.dll
    c:\windows\system32\URTTemp\mscorwks.dll
    c:\windows\system32\URTTemp\msvcr71.dll
    c:\windows\system32\URTTemp\regtlib.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-12-06 to 2013-01-06 )))))))))))))))))))))))))))))))
    .
    .
    2013-01-05 00:26 . 2013-01-05 00:26 -------- d-----w- C:\TDSSKiller_Quarantine
    2013-01-01 01:59 . 2013-01-01 01:59 -------- d-----w- c:\program files\Conduit
    2013-01-01 01:59 . 2013-01-01 02:20 -------- d-----w- c:\documents and settings\Betty\Local Settings\Application Data\Conduit
    2012-12-28 18:50 . 2012-12-28 18:50 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
    2012-12-28 18:50 . 2012-12-28 18:50 -------- d-sh--w- c:\documents and settings\LocalService\IECompatCache
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-12-16 12:23 . 2005-08-16 09:18 290560 ----a-w- c:\windows\system32\atmfd.dll
    2012-12-14 22:49 . 2012-03-17 05:57 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-12-12 23:28 . 2012-03-21 01:22 622616 ----a-w- c:\windows\system32\drivers\avc3.sys
    2012-12-12 23:27 . 2012-02-17 21:45 481464 ----a-w- c:\windows\system32\drivers\avckf.sys
    2012-12-12 23:27 . 2011-11-25 19:59 242504 ----a-w- c:\windows\system32\drivers\avchv.sys
    2012-12-12 01:08 . 2012-04-07 16:08 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-12-12 01:08 . 2011-05-18 17:40 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-11-13 01:25 . 2005-08-16 09:18 1866368 ----a-w- c:\windows\system32\win32k.sys
    2012-11-02 02:02 . 2005-08-16 09:18 375296 ----a-w- c:\windows\system32\dpnet.dll
    2010-03-30 00:40 . 2010-03-30 00:40 100256 ----a-w- c:\program files\Common Files\LinkInstaller.exe
    2004-09-10 18:40 . 2004-09-10 18:40 75264 ----a-w- c:\program files\DECCHECK.exe
    2011-06-26 22:53 . 2011-04-22 00:38 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
    "BDAgent"="c:\program files\Bitdefender\Bitdefender 2012\bdagent.exe" [2012-12-12 1199344]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
    @="Service"
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
    backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
    backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
    backup=c:\windows\pss\Microsoft Works Calendar Reminders.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Betty^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
    path=c:\documents and settings\Betty\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
    backup=c:\windows\pss\OpenOffice.org 3.1.lnkStartup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
    2005-08-06 02:05 344064 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
    2005-10-05 08:12 94208 ----a-w- c:\program files\Dell\Media Experience\DMXLauncher.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
    2012-09-18 23:36 116648 ----atw- c:\documents and settings\Betty\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Update 4300C]
    2002-02-07 20:33 32768 ----a-w- c:\sj657\hpupdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-04-28 19:08 77824 ----a-w- c:\program files\QuickTime\qttask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Road Runner PhotoShow Media Manager]
    2008-05-09 22:20 361976 ----a-w- c:\progra~1\ROADRU~1\PHOTOS~1\data\Xtras\mssysmgr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
    2006-02-10 16:17 282624 ----a-w- c:\windows\stsystra.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2012-01-18 20:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
    2012-09-29 19:32 4780928 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
    2010-01-07 19:38 158448 -c--a-w- c:\program files\Zune\ZuneLauncher.exe
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\KingsIsle Entertainment\\Wizard101\\Wizard101.exe"=
    .
    R0 avc3;avc3;c:\windows\system32\drivers\avc3.sys [3/20/2012 7:22 PM 622616]
    R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [11/11/2011 4:13 PM 691696]
    R1 BDVEDISK;BDVEDISK;c:\windows\system32\drivers\bdvedisk.sys [1/19/2010 6:32 PM 85128]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 10:27 AM 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 3:55 PM 67664]
    R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [8/11/2011 5:38 PM 116608]
    R2 UPDATESRV;BitDefender Desktop Update Service;c:\program files\Bitdefender\Bitdefender 2012\updatesrv.exe [3/13/2012 5:24 PM 55032]
    R3 avchv;avchv Function Driver;c:\windows\system32\drivers\avchv.sys [11/25/2011 1:59 PM 242504]
    R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf.sys [11/14/2011 7:16 PM 116248]
    S3 avckf;avckf;c:\windows\system32\drivers\avckf.sys [2/17/2012 3:45 PM 481464]
    S3 bdsandbox;bdsandbox;c:\windows\system32\drivers\bdsandbox.sys [11/17/2011 4:38 PM 63056]
    S3 Update Server;BitDefender Update Server v2;c:\program files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe [10/14/2011 10:57 PM 307544]
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-01-06 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 01:08]
    .
    2012-07-20 c:\windows\Tasks\Disk Cleanup.job
    - c:\windows\system32\cleanmgr.exe [2005-08-16 00:12]
    .
    2013-01-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4207097214-2822948736-4082840186-1005Core.job
    - c:\documents and settings\Betty\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-09-18 23:36]
    .
    2013-01-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4207097214-2822948736-4082840186-1005UA.job
    - c:\documents and settings\Betty\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-09-18 23:36]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://my.yahoo.com/
    uInternet Connection Wizard,ShellNext = hxxp://www.dell.com/
    Trusted Zone: intuit.com\ttlc
    TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
    FF - ProfilePath - c:\documents and settings\Betty\Application Data\Mozilla\Firefox\Profiles\0xgy5skh.default\
    FF - prefs.js: browser.startup.homepage - hxxp://myyahoo.com/
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    SafeBoot-WudfPf
    SafeBoot-WudfRd
    MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
    MSConfigStartUp-MSMSGS - c:\program files\Messenger\msmsgs.exe
    MSConfigStartUp-NeroFilterCheck - c:\windows\system32\NeroCheck.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2013-01-05 23:40
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-4207097214-2822948736-4082840186-1005\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{730130BE-4FF2-442B-86A6-B7B11C315B3C}*tings]
    "AppName"="Roblox.exe"
    "Policy"=dword:00000003
    "AppPath"="c:\\Documents and Settings\\Betty\\Local Settings\\Application Data\\RobloxVersions\\version-221a4807685c44e7\\"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    Completion time: 2013-01-05 23:43:00
    ComboFix-quarantined-files.txt 2013-01-06 05:42
    .
    Pre-Run: 209,198,915,584 bytes free
    Post-Run: 209,216,471,040 bytes free
    .
    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
    .
    - - End Of File - - 69074BBBB65F6001EA3B02F799033A70
     
  13. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    113,313
    Please download OTL to your Desktop.
    • Double-click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Under Custom Scans/Fixes type in Netsvcs
    • Click the Run Scan button. Do not change any other settings unless otherwise instructed. The scan won't take long.
    • When the scan completes, it will open two Notepad windows called OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy and paste the contents of both of these files here in your next reply.
     
  14. nettyiam

    nettyiam Thread Starter

    Joined:
    Jan 26, 2004
    Messages:
    295
    First Name:
    Betty
    OTL logfile created on: 1/6/2013 1:30:43 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Betty\Desktop
    Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.50 Gb Total Physical Memory | 3.06 Gb Available Physical Memory | 87.41% Memory free
    4.84 Gb Paging File | 4.32 Gb Available in Paging File | 89.40% Paging File free
    Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 227.41 Gb Total Space | 194.88 Gb Free Space | 85.70% Space Free | Partition Type: NTFS

    Computer Name: BETTYDESKTOP | User Name: Betty | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013/01/06 13:24:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Betty\Desktop\OTL.exe
    PRC - [2012/12/12 17:27:45 | 001,199,344 | ---- | M] (Bitdefender) -- C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe
    PRC - [2012/12/12 17:27:38 | 001,554,176 | ---- | M] (Bitdefender) -- C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe
    PRC - [2012/09/29 13:32:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    PRC - [2012/08/23 16:05:09 | 000,055,032 | ---- | M] (Bitdefender) -- C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe
    PRC - [2010/01/07 13:38:10 | 000,058,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ZuneBusEnum.exe
    PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/12/12 17:28:30 | 000,272,344 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\avc3al.dll
    MOD - [2012/12/12 17:27:36 | 000,092,600 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\bdmetrics.dll
    MOD - [2012/03/27 23:07:06 | 000,004,608 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\UI\imsecurityal.ui
    MOD - [2012/03/27 23:07:04 | 000,003,072 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\UI\accessl.ui
    MOD - [2012/03/22 11:30:52 | 002,063,872 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\as2core\ashttpf.mdl
    MOD - [2012/03/22 11:30:52 | 001,917,952 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\as2core\ashttpph.mdl
    MOD - [2012/03/22 11:30:52 | 001,867,776 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\as2core\asimf.mdl
    MOD - [2012/03/22 11:30:52 | 000,956,928 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\as2core\ashttprbl.mdl
    MOD - [2012/03/22 11:30:52 | 000,634,880 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\as2core\ashttpbr.mdl
    MOD - [2012/03/22 11:30:52 | 000,513,536 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\as2core\ashttpdsp.mdl
    MOD - [2012/03/22 11:30:52 | 000,446,464 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\as2core\asimdsp.mdl
    MOD - [2012/03/22 11:30:52 | 000,391,168 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\as2core\asimbr.mdl
    MOD - [2012/01/23 19:27:20 | 000,035,208 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\procinfo.dll
    MOD - [2012/01/23 19:15:40 | 000,059,392 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\bdmltusrsrv.dll
    MOD - [2012/01/23 19:14:56 | 000,110,880 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\connector.dll
    MOD - [2012/01/23 19:14:00 | 000,061,440 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\excludemgr.dll
    MOD - [2012/01/23 19:13:40 | 000,154,152 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\framework.dll
    MOD - [2012/01/06 15:27:34 | 000,035,720 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\strdecoder.dll
    MOD - [2012/01/06 15:27:28 | 000,202,032 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\txmlutil.dll
    MOD - [2011/11/14 19:17:08 | 000,132,176 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\bdfwcore.dll
    MOD - [2011/11/03 09:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
    MOD - [2011/10/27 14:07:06 | 000,362,736 | ---- | M] () -- \\?\C:\Program Files\Common Files\Bitdefender\Bitdefender Threat Scanner\trufos.dll
    MOD - [2011/02/04 17:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
    MOD - [2008/04/13 18:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
    MOD - [2008/04/13 18:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll


    ========== Services (SafeList) ==========

    SRV - [2012/12/12 17:27:38 | 001,554,176 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe -- (VSSERV)
    SRV - [2012/12/11 19:08:14 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/09/29 13:32:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
    SRV - [2012/08/23 16:05:09 | 000,055,032 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe -- (UPDATESRV)
    SRV - [2011/10/14 22:57:36 | 000,307,544 | ---- | M] (BitDefender) [On_Demand | Stopped] -- C:\Program Files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe -- (Update Server)
    SRV - [2010/06/03 20:16:50 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
    SRV - [2010/01/07 13:38:18 | 000,447,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
    SRV - [2010/01/07 13:38:10 | 000,058,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ZuneBusEnum.exe -- (ZuneBusEnum)
    SRV - [2010/01/07 13:38:08 | 005,950,704 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
    DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
    DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
    DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Betty\LOCALS~1\Temp\catchme.sys -- (catchme)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (bvrp_pci)
    DRV - [2012/12/12 17:28:33 | 000,622,616 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avc3.sys -- (avc3)
    DRV - [2012/12/12 17:27:49 | 000,481,464 | ---- | M] (BitDefender) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avckf.sys -- (avckf)
    DRV - [2012/12/12 17:27:36 | 000,242,504 | ---- | M] (BitDefender) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avchv.sys -- (avchv)
    DRV - [2012/08/23 16:05:20 | 000,132,600 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys -- (bdselfpr)
    DRV - [2012/08/23 16:05:08 | 000,116,248 | ---- | M] (BitDefender LLC) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf.sys -- (Bdfndisf)
    DRV - [2011/11/17 16:38:34 | 000,063,056 | ---- | M] (BitDefender SRL) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bdsandbox.sys -- (bdsandbox)
    DRV - [2011/11/14 19:16:28 | 000,130,640 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdftdif.sys -- (bdftdif)
    DRV - [2011/11/11 16:13:54 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
    DRV - [2011/10/27 14:07:06 | 000,340,624 | ---- | M] (BitDefender S.R.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\trufos.sys -- (trufos)
    DRV - [2011/08/16 13:59:34 | 000,360,976 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\bdfsfltr.sys -- (bdfsfltr)
    DRV - [2011/08/09 16:33:58 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\BANTExt.sys -- (BANTExt)
    DRV - [2011/07/22 10:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
    DRV - [2011/07/12 15:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2010/01/19 18:32:40 | 000,085,128 | ---- | M] (BitDefender) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\bdvedisk.sys -- (BDVEDISK)
    DRV - [2009/03/18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
    DRV - [2008/07/01 14:13:26 | 000,985,472 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
    DRV - [2008/07/01 14:13:26 | 000,731,264 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
    DRV - [2008/07/01 14:13:24 | 000,267,520 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
    DRV - [2006/11/02 06:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
    DRV - [2006/02/10 10:19:12 | 001,107,224 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
    DRV - [2005/08/03 20:10:18 | 001,273,344 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/
    IE - HKCU\..\SearchScopes,DefaultScope = {72699759-CC18-408A-B150-52DBF7E19F58}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
    IE - HKCU\..\SearchScopes\{72699759-CC18-408A-B150-52DBF7E19F58}: "URL" = http://www.google.com/search?q={searchTerms}
    IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3239904
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "http://myyahoo.com/"
    FF - prefs.js..extensions.enabledAddons: [email protected]:1.0
    FF - prefs.js..extensions.enabledAddons: [email protected]:6.0
    FF - prefs.js..extensions.enabledItems: [email protected]:2.0
    FF - prefs.js..extensions.enabledItems: [email protected]:1.0
    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Documents and Settings\Betty\Local Settings\Application Data\RobloxVersions\version-cbdc8c4c0dd24338\\NPRobloxProxy.dll ()
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Betty\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Betty\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Documents and Settings\Betty\My Documents\My Music\npAmazonMP3DownloaderPlugin101752.dll (Amazon.com, Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\Bitdefender\Bitdefender 2012\bdtbext\ [2012/04/25 12:06:59 | 000,000,000 | ---D | M]

    [2011/04/19 12:32:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Betty\Application Data\Mozilla\Extensions
    [2011/04/21 13:13:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Betty\Application Data\Mozilla\Firefox\Profiles\0xgy5skh.default\extensions
    [2011/04/19 12:37:19 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Betty\Application Data\Mozilla\Firefox\Profiles\0xgy5skh.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2011/09/14 08:03:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2011/09/14 08:03:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
    [2011/06/26 16:53:36 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

    ========== Chrome ==========

    CHR - homepage:
    CHR - default_search_provider: Yahoo! (Enabled)
    CHR - default_search_provider: search_url = http://search.yahoo.com/search?ei={inputEncoding}&fr=crmas&p={searchTerms}
    CHR - default_search_provider: suggest_url = http://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms},
    CHR - homepage:
    CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Betty\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Betty\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.97\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Betty\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Betty\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.97\pdf.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Betty\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - Extension: Expression of light = C:\Documents and Settings\Betty\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hoeaebjkjpnhfdemoidmfdicalnfaebl\1_0\

    O1 HOSTS File: ([2013/01/05 23:40:35 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O4 - HKLM..\Run: [BDAgent] C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe (Bitdefender)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
    O16 - DPF: {000F1EA4-5E08-4564-A29B-29076F63A37A} http://launch.soe.com/plugin/web/SOEWebInstaller.cab (SOE Web Installer)
    O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} http://download.macromedia.com/pub/shockwave/cabs/authorware/awswaxf.cab (Macromedia Authorware Web Player Control)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cab (Bitdefender QuickScan Control)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1272917492281 (MUWebControl Class)
    O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (GMNRev Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} http://panda-plugin.disney.go.com/plugin/win32/p3dactivex.cab (P3DActiveX Control)
    O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.4.2/jinstall-1_4_2_03-windows-i586.cab (Java Plug-in 1.4.2_03)
    O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{54E9D73F-CE01-45E4-8FD1-2E7C146127F6}: DhcpNameServer = 209.18.47.61 209.18.47.62
    O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2005/08/16 03:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    NetSvcs: 6to4 - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/01/06 13:24:29 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Betty\Desktop\OTL.exe
    [2013/01/06 00:02:18 | 000,000,000 | -HSD | C] -- C:\RECYCLER
    [2013/01/05 23:28:48 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2013/01/05 23:27:27 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2013/01/05 23:27:27 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2013/01/05 23:27:27 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2013/01/05 23:27:27 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2013/01/05 23:24:50 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2013/01/05 23:24:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
    [2013/01/05 20:19:26 | 005,019,547 | R--- | C] (Swearware) -- C:\Documents and Settings\Betty\Desktop\Puppy.exe
    [2013/01/04 18:26:58 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
    [2013/01/04 18:04:32 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Betty\Desktop\tdsskiller.exe
    [2013/01/04 17:27:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Betty\Desktop\TSG
    [2013/01/02 12:48:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Betty\My Documents\Warranties
    [2013/01/02 12:43:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Betty\My Documents\Computers
    [2012/12/31 19:59:04 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
    [2012/12/31 19:59:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Betty\Local Settings\Application Data\Conduit
    [2012/12/28 12:52:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
    [2012/12/28 12:52:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
    [2012/12/22 11:46:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Amazon
    [2012/12/22 09:24:44 | 000,157,320 | ---- | C] (BitDefender LLC) -- C:\WINDOWS\System32\drivers\gzflt.sys.old
    [2012/12/08 15:15:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Betty\Desktop\About Blank
    [2012/12/07 15:07:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Betty\Desktop\dl 2
    [2004/09/10 12:40:38 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Program Files\DECCHECK.exe
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2013/01/06 13:24:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Betty\Desktop\OTL.exe
    [2013/01/06 13:08:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
    [2013/01/06 12:46:01 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4207097214-2822948736-4082840186-1005UA.job
    [2013/01/06 12:23:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2013/01/06 12:23:00 | 3756,150,784 | -HS- | M] () -- C:\hiberfil.sys
    [2013/01/05 23:40:35 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2013/01/05 23:28:54 | 000,000,325 | RHS- | M] () -- C:\boot.ini
    [2013/01/05 21:11:39 | 000,000,209 | ---- | M] () -- C:\Boot.bak
    [2013/01/05 20:28:16 | 005,019,547 | R--- | M] (Swearware) -- C:\Documents and Settings\Betty\Desktop\Puppy.exe
    [2013/01/05 19:58:11 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\Betty\Desktop\My Yahoo!.url
    [2013/01/05 17:46:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4207097214-2822948736-4082840186-1005Core.job
    [2013/01/05 17:28:40 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2013/01/04 21:05:29 | 001,061,063 | ---- | M] () -- C:\Documents and Settings\Betty\Desktop\ComboFix A guide and tutorial on using ComboFix.mht
    [2013/01/04 18:04:33 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Betty\Desktop\tdsskiller.exe
    [2013/01/01 21:35:22 | 000,000,117 | ---- | M] () -- C:\Documents and Settings\Betty\Desktop\Free Jigsaw Puzzles - Jigsaw Puzzle Games at TheJigsawPuzzles.com - Play Free Online Jigsaw Puzzles.url
    [2012/12/31 19:59:09 | 000,000,009 | ---- | M] () -- C:\END
    [2012/12/26 19:11:04 | 000,000,049 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
    [2012/12/23 16:50:05 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Betty\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk
    [2012/12/22 11:46:20 | 000,001,758 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Amazon Cloud Player.lnk
    [2012/12/22 09:09:33 | 000,181,832 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2012/12/16 06:23:59 | 000,290,560 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\dllcache\atmfd.dll
    [2012/12/16 06:23:59 | 000,290,560 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\atmfd.dll
    [2012/12/14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2012/12/13 20:34:07 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2012/12/13 20:30:05 | 000,000,325 | ---- | M] () -- C:\WINDOWS\System32\checkdnsid.xml
    [2012/12/13 13:49:42 | 000,002,284 | ---- | M] () -- C:\Documents and Settings\Betty\Desktop\Google Chrome.lnk
    [2012/12/13 13:49:42 | 000,002,262 | ---- | M] () -- C:\Documents and Settings\Betty\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2012/12/12 17:28:33 | 000,622,616 | ---- | M] (BitDefender) -- C:\WINDOWS\System32\drivers\avc3.sys
    [2012/12/12 17:27:49 | 000,481,464 | ---- | M] (BitDefender) -- C:\WINDOWS\System32\drivers\avckf.sys
    [2012/12/12 17:27:36 | 000,242,504 | ---- | M] (BitDefender) -- C:\WINDOWS\System32\drivers\avchv.sys
    [2012/12/11 19:08:14 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
    [2012/12/11 19:08:14 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
    [2012/12/08 12:27:11 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2013/01/05 23:28:54 | 000,000,209 | ---- | C] () -- C:\Boot.bak
    [2013/01/05 23:28:51 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2013/01/05 23:27:27 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2013/01/05 23:27:27 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2013/01/05 23:27:27 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2013/01/05 23:27:27 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2013/01/05 23:27:27 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2013/01/04 21:05:27 | 001,061,063 | ---- | C] () -- C:\Documents and Settings\Betty\Desktop\ComboFix A guide and tutorial on using ComboFix.mht
    [2012/12/31 19:59:05 | 000,000,009 | ---- | C] () -- C:\END
    [2012/12/23 16:50:05 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Betty\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk
    [2012/12/22 11:46:20 | 000,001,758 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Amazon Cloud Player.lnk
    [2012/11/09 20:52:24 | 000,000,190 | ---- | C] () -- C:\Documents and Settings\Betty\Local Settings\Application Data\rbxcsettings.rbx
    [2012/10/12 18:58:18 | 000,000,272 | ---- | C] () -- C:\WINDOWS\wininit.ini
    [2012/02/15 09:38:22 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
    [2012/01/30 16:09:23 | 001,120,635 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-4207097214-2822948736-4082840186-1005-0.dat
    [2012/01/30 16:09:23 | 000,166,282 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
    [2012/01/30 15:22:26 | 000,000,590 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
    [2011/09/15 18:11:16 | 000,000,004 | ---- | C] () -- C:\WINDOWS\System32\aspdict-en.dat
    [2011/09/15 18:11:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pcwords2.dat
    [2011/09/15 18:11:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pcwords.dat
    [2011/09/15 18:11:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_webproxy.dat
    [2011/09/15 18:11:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_video.dat
    [2011/09/15 18:11:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_tabloids.dat
    [2011/09/15 18:11:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_socialnetworks.dat
    [2011/09/15 18:11:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_searchengines.dat
    [2011/09/15 18:11:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_regionaltlds.dat
    [2011/09/15 18:11:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_pornography.dat
    [2011/09/15 18:11:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_onlineshop.dat
    [2011/09/15 18:11:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_onlinepay.dat
    [2011/09/15 18:11:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_onlinedating.dat
    [2011/09/15 18:11:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_news.dat
    [2011/09/15 18:11:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_im.dat
    [2011/09/15 18:11:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_illegal.dat
    [2011/09/15 18:11:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_hate.dat
    [2011/09/15 18:11:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_games.dat
    [2011/09/15 18:11:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_gambling.dat
    [2011/09/15 18:11:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_drugs.dat
    [2011/09/15 17:25:46 | 000,171,854 | ---- | C] () -- C:\Documents and Settings\Betty\Local Settings\Application Data\census.cache
    [2011/09/15 17:25:45 | 000,170,141 | ---- | C] () -- C:\Documents and Settings\Betty\Local Settings\Application Data\ars.cache
    [2011/09/15 16:49:14 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Betty\Local Settings\Application Data\housecall.guid.cache
    [2011/04/19 12:31:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
    [2011/03/05 12:12:27 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
    [2011/02/19 23:20:57 | 000,000,385 | ---- | C] () -- C:\Documents and Settings\Betty\Application Datauser_gensett.xml
    [2011/02/01 14:21:26 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\search_result.xml
    [2011/01/31 08:16:28 | 000,000,376 | ---- | C] () -- C:\Documents and Settings\Betty\Application Dataprivacy.xml
    [2011/01/29 09:09:05 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\asdict.dat
    [2010/04/19 18:15:57 | 000,009,728 | ---- | C] () -- C:\Documents and Settings\Betty\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/04/19 14:17:47 | 000,007,168 | ---- | C] () -- C:\Documents and Settings\Betty\WINWORD.box
    [2010/04/16 08:52:07 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Betty\Local Settings\Application Data\fusioncache.dat
    [2010/03/29 18:40:20 | 000,100,256 | ---- | C] () -- C:\Program Files\Common Files\LinkInstaller.exe

    ========== ZeroAccess Check ==========

    [2005/08/16 03:39:16 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 18:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 06:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 18:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Betty\Desktop\Show Desktop.scf:SummaryInformation
    @Alternate Data Stream - 10 bytes -> C:\WINDOWS\System32\LegitCheckControl.DLL:BDU

    < End of report >

    ...............................................................................................................................................................
    OTL Extras logfile created on: 1/6/2013 1:30:43 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Betty\Desktop
    Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.50 Gb Total Physical Memory | 3.06 Gb Available Physical Memory | 87.41% Memory free
    4.84 Gb Paging File | 4.32 Gb Available in Paging File | 89.40% Paging File free
    Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 227.41 Gb Total Space | 194.88 Gb Free Space | 85.70% Space Free | Partition Type: NTFS

    Computer Name: BETTYDESKTOP | User Name: Betty | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = htmlfile] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0
    "DoNotAllowExceptions" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019 -- (Microsoft Corporation)
    "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000 -- (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019 -- (Microsoft Corporation)
    "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000 -- (Microsoft Corporation)
    "C:\Program Files\KingsIsle Entertainment\Wizard101\Wizard101.exe" = C:\Program Files\KingsIsle Entertainment\Wizard101\Wizard101.exe:*:Enabled:play Wizard101 -- ()


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{00170409-78E1-11D2-B60F-006097C998E7}" = Microsoft Word 2000
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}" = Zune Language Pack (FR)
    "{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
    "{0DB93918-2A77-11D3-805A-00C04FA329AA}" = Word in Works Suite add-in
    "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
    "{2AB9289D-6432-4CC0-8869-A195C3F0CFCC}" = Bitdefender Internet Security 2012
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{370BCBBA-67D7-4535-ADCD-58CD1C8DEC99}" = Zune Language Pack (DE)
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Netwaiting
    "{40EC6323-497B-44DA-8A88-74578622D9B3}" = Zune Language Pack (IT)
    "{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}" = Dell CinePlayer
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}" = Photo Story 3 for Windows
    "{56364334-9530-11D2-BFFC-00C04FA329AA}" = Microsoft Works 2000
    "{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
    "{662140BE-138C-4DC1-B4CD-B62C6C855A25}" = Pirate101
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
    "{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}" = Intel(R) PROSet for Wired Connections
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{888FFC82-688D-46AB-A776-B417885432B6}" = Zune
    "{903679E8-44C8-4C07-9600-05C92654FC50}" = QualXServ Service Agreement
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A586D09E-1D2C-11D3-9A6B-00105A98B681}" = Microsoft Picture It! Express 2000
    "{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}" = Wizard101
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
    "{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
    "{EE4ACABF-531E-419A-9225-B8E0FA4955AF}" = Zune Language Pack (ES)
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
    "12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.17
    "ATI Display Driver" = ATI Display Driver
    "B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
    "Belarc Advisor" = Belarc Advisor 8.2
    "Bitdefender" = Bitdefender Internet Security 2012
    "CNXT_MODEM_PCI_HSF" = Conexant D850 PCI V.92 Modem
    "DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility
    "EmeraldQFE2" = Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
    "ESPNMotion" = ESPNMotion
    "Free File Opener_is1" = Free File Opener v2011.7.0.1
    "GoToAssist" = GoToAssist 8.0.0.514
    "HP PrecisionScan LTX" = HP PrecisionScan LTX
    "ie8" = Windows Internet Explorer 8
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Mozilla Firefox 5.0 (x86 en-US)" = Mozilla Firefox 5.0 (x86 en-US)
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "MSNINST" = MSN
    "PROSet" = Intel(R) PRO Network Connections Drivers
    "QuickTime" = QuickTime
    "Road Runner PhotoShow 5" = Road Runner PhotoShow 5
    "Scan-To-Web" = HP Scan-to-Web Wizard
    "VLC media player" = VLC media player 1.1.0-rc
    "Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "winusb0100" = Microsoft WinUsb 1.0
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Works2kSetup" = Microsoft Works 2000 Setup Launcher
    "Wudf01009" = Microsoft User-Mode Driver Framework Feature Pack 1.9
    "Zune" = Zune

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{373B1718-8CC5-4567-8EE2-9033AD08A680}" = ROBLOX Player for Betty
    "Google Chrome" = Google Chrome

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 10/1/2011 5:00:51 PM | Computer Name = BETTYDESKTOP | Source = Application Hang | ID = 1002
    Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 10/2/2011 10:28:38 AM | Computer Name = BETTYDESKTOP | Source = JavaQuickStarterService | ID = 1
    Description =

    Error - 10/2/2011 12:44:43 PM | Computer Name = BETTYDESKTOP | Source = Application Hang | ID = 1002
    Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 10/2/2011 12:44:49 PM | Computer Name = BETTYDESKTOP | Source = Application Hang | ID = 1001
    Description = Fault bucket 1180947459.

    Error - 10/2/2011 12:45:26 PM | Computer Name = BETTYDESKTOP | Source = Application Hang | ID = 1002
    Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 10/2/2011 12:45:33 PM | Computer Name = BETTYDESKTOP | Source = Application Hang | ID = 1001
    Description = Fault bucket 1180947459.

    Error - 10/3/2011 11:12:17 AM | Computer Name = BETTYDESKTOP | Source = JavaQuickStarterService | ID = 1
    Description =

    Error - 10/3/2011 1:35:47 PM | Computer Name = BETTYDESKTOP | Source = Application Hang | ID = 1002
    Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 10/3/2011 1:36:55 PM | Computer Name = BETTYDESKTOP | Source = Application Hang | ID = 1002
    Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 10/3/2011 1:37:05 PM | Computer Name = BETTYDESKTOP | Source = Application Hang | ID = 1002
    Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    [ System Events ]
    Error - 11/23/2012 2:29:11 PM | Computer Name = BETTYDESKTOP | Source = BROWSER | ID = 8032
    Description = The browser service has failed to retrieve the backup list too many
    times on transport \Device\NetBT_Tcpip_{54E9D73F-CE01-45E4-8FD1-2E7C146127F6}. The
    backup browser is stopping.

    Error - 12/16/2012 1:35:01 PM | Computer Name = BETTYDESKTOP | Source = DCOM | ID = 10000
    Description = Unable to start a DCOM Server: {F3A614DC-ABE0-11D2-A441-00C04F795683}.
    The
    error: "%2" Happened while starting this command: C:\Program Files\Messenger\msmsgs.exe
    -Embedding

    Error - 1/3/2013 8:44:34 PM | Computer Name = BETTYDESKTOP | Source = DCOM | ID = 10000
    Description = Unable to start a DCOM Server: {F3A614DC-ABE0-11D2-A441-00C04F795683}.
    The
    error: "%2" Happened while starting this command: C:\Program Files\Messenger\msmsgs.exe
    -Embedding


    < End of report >
     
  15. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    113,313
    Please run OTL again. Under the Custom Scans/Fixes box at the bottom paste in the following:

    Code:
    :OTL
    IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3239904
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.4.2/jin...ndows-i586.cab (Java Plug-in 1.4.2_03)
    [2012/12/31 19:59:04 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
    [2012/12/31 19:59:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Betty\Local Settings\Application Data\Conduit
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1083450

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice