1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Trojan virus, browser redirect, etc.

Discussion in 'Virus & Other Malware Removal' started by nearfantastica, Jul 17, 2012.

Thread Status:
Not open for further replies.
Advertisement
  1. nearfantastica

    nearfantastica Thread Starter

    Joined:
    Jul 26, 2011
    Messages:
    64
    I ran malwarebytes just to double check and it is saying there is still a virus. I tried to move it to the vault, and I got this message: "Do you want to force the threat removal?" "Forced removal can cause system instability or even crash." I wasn't sure so I clicked no. Here are the scan results:

    Malwarebytes Anti-Malware 1.62.0.1300
    www.malwarebytes.org

    Database version: v2012.07.21.09

    Windows Vista Service Pack 1 x86 NTFS
    Internet Explorer 8.0.6001.19088
    Kathy :: KATHY-PC [administrator]

    7/21/2012 12:19:59 PM
    mbam-log-2012-07-21 (12-27-16).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 184238
    Time elapsed: 5 minute(s), 59 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\Windows\assembly\GAC\Desktop.ini (Trojan.0access) -> No action taken.

    (end)
     
  2. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,154
    OK, that is indicating Zeroaccess infection, see if you can do the following:

    Download Farbar Recovery Scan Tool and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options I give two methods, use whichever is convenient for you.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select Your Country as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.

    On the System Recovery Options menu you will get the following options:
    Startup Repair
    System Restore
    Windows Complete PC Restore
    Windows Memory Diagnostic Tool
    Command Prompt


    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

    Kevin..
     
  3. nearfantastica

    nearfantastica Thread Starter

    Joined:
    Jul 26, 2011
    Messages:
    64
    Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 20-07-2012 01
    Ran by SYSTEM at 21-07-2012 15:51:35
    Running from E:\
    Windows Vista (TM) Home Basic (X86) OS Language: English(US)
    The current controlset is ControlSet001

    ========================== Registry (Whitelisted) =============

    HKLM\...\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [118784 2006-10-20] (CyberLink Corp.)
    HKLM\...\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe [17920 2006-11-17] ( )
    HKLM\...\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup [221184 2006-10-03] (Macrovision Corporation)
    HKLM\...\Run: [FaxCenterServer] "C:\Program Files\Dell PC Fax\fm3032.exe" /s [312200 2006-11-03] ()
    HKLM\...\Run: [DLBTCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16 [73728 2007-02-12] ()
    HKLM\...\Run: [dlbtmon.exe] "C:\Program Files\Dell Photo AIO Printer 922\dlbtmon.exe" [431600 2007-02-28] (Lexmark International, Inc.)
    HKLM\...\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart [90191 2006-12-07] (NVIDIA Corporation)
    HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [7766016 2006-12-07] (NVIDIA Corporation)
    HKLM\...\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit [81920 2006-12-07] (NVIDIA Corporation)
    HKLM\...\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe [2339168 2012-01-17] (AVG Technologies CZ, s.r.o.)
    HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
    HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
    HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-17] (Sun Microsystems, Inc.)
    HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-04-03] (Adobe Systems Incorporated)
    HKU\Default\...\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup [446976 2006-11-11] (Gteko Ltd.)
    HKU\Default User\...\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup [446976 2006-11-11] (Gteko Ltd.)
    HKU\Kathy\...\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup [446976 2006-11-11] (Gteko Ltd.)
    HKU\Kathy\...\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-18] (Microsoft Corporation)
    Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [X]
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
    ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\NETGEAR WNA1100 Smart Wizard.lnk
    ShortcutTarget: NETGEAR WNA1100 Smart Wizard.lnk -> C:\Program Files\NETGEAR\WNA1100\WNA1100.exe ()

    ================================ Services (Whitelisted) ==================

    2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE.EXE" [116608 2011-08-11] (SUPERAntiSpyware.com)
    2 AVGIDSAgent; "C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe" [7391072 2012-01-31] (AVG Technologies CZ, s.r.o.)
    2 avgwd; "C:\Program Files\AVG\AVG10\avgwdsvc.exe" [269520 2011-02-08] (AVG Technologies CZ, s.r.o.)
    2 dlbt_device; C:\Windows\system32\dlbtcoms.exe -service [538096 2007-02-28] ( )
    3 DSBrokerService; "C:\Program Files\DellSupport\brkrsvc.exe" [70656 2006-11-07] ()
    2 Eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [21504 2008-01-18] (Microsoft Corporation)
    3 jswpsapi; C:\Program Files\NETGEAR\WNA1100\jswpsapi.exe [954368 2009-11-05] (Atheros Communications, Inc.)
    2 MDM; "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE" [322120 2003-06-19] (Microsoft Corporation)
    2 WSWNA1100; C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe [278528 2009-11-27] ()

    ========================== Drivers (Whitelisted) =============

    3 athur; C:\Windows\System32\DRIVERS\athur.sys [1384448 2009-11-26] (Atheros Communications, Inc.)
    3 AVGIDSDriver; C:\Windows\System32\DRIVERS\AVGIDSDriver.Sys [134480 2011-05-27] (AVG Technologies CZ, s.r.o. )
    0 AVGIDSEH; C:\Windows\System32\DRIVERS\AVGIDSEH.Sys [22992 2011-02-22] (AVG Technologies CZ, s.r.o. )
    3 AVGIDSFilter; C:\Windows\System32\DRIVERS\AVGIDSFilter.Sys [24144 2011-02-10] (AVG Technologies CZ, s.r.o. )
    3 AVGIDSShim; C:\Windows\System32\DRIVERS\AVGIDSShim.Sys [28624 2011-02-10] (AVG Technologies CZ, s.r.o. )
    1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [248656 2011-01-07] (AVG Technologies CZ, s.r.o.)
    1 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [34896 2011-03-01] (AVG Technologies CZ, s.r.o.)
    0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [32592 2011-03-16] (AVG Technologies CZ, s.r.o.)
    1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [297168 2011-04-04] (AVG Technologies CZ, s.r.o.)
    2 dsunidrv; \??\C:\Program Files\DellSupport\Drivers\dsunidrv.sys [7424 2006-08-17] (Gteko Ltd.)
    0 pavboot; C:\Windows\System32\drivers\pavboot.sys [28544 2008-06-19] (Panda Security, S.L.)
    1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    0 SCMNdisP; C:\Windows\System32\DRIVERS\scmndisp.sys [21728 2007-01-19] (Windows (R) Codename Longhorn DDK provider)
    3 STHDA; C:\Windows\System32\drivers\stwrt.sys [647680 2006-11-22] (SigmaTel, Inc.)
    2 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [138384 2007-12-24] (Trend Micro Inc.)
    4 blbdrive; C:\Windows\system32\drivers\blbdrive.sys [x]
    3 catchme; \??\C:\ComboFix\catchme.sys [x]
    3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
    3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
    3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]

    ========================== NetSvcs (Whitelisted) ===========


    ============ One Month Created Files and Folders ==============

    2012-07-21 15:51 - 2012-07-21 15:51 - 00000000 ____D C:\FRST
    2012-07-21 11:35 - 2012-07-21 11:36 - 00000714 ____A C:\Windows\setupact.log
    2012-07-21 11:35 - 2012-07-21 11:35 - 00000000 ____A C:\Windows\setuperr.log
    2012-07-21 04:50 - 2012-07-21 04:50 - 00124136 ____A C:\Users\Kathy\AppData\Local\GDIPFONTCACHEV1.DAT
    2012-07-21 04:46 - 2012-07-21 04:47 - 00432600 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-07-20 13:15 - 2012-07-20 13:16 - 00000000 ____D C:\Program Files\Common Files\Adobe
    2012-07-20 13:15 - 2012-07-20 13:15 - 00000000 ____D C:\Program Files\Adobe
    2012-07-20 13:09 - 2012-07-20 13:09 - 00000000 ____D C:\Program Files\Common Files\Java
    2012-07-20 13:08 - 2012-07-20 13:07 - 00772592 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
    2012-07-20 13:08 - 2012-07-20 13:07 - 00227824 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
    2012-07-20 13:08 - 2012-07-20 13:07 - 00174064 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
    2012-07-20 13:08 - 2012-07-20 13:07 - 00174064 ____A (Oracle Corporation) C:\Windows\System32\java.exe
    2012-07-20 13:02 - 2012-07-20 13:02 - 00000000 ____D C:\Users\Kathy\AppData\Roaming\SUPERAntiSpyware.com
    2012-07-20 13:01 - 2012-07-20 13:02 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
    2012-07-20 12:55 - 2012-07-20 12:55 - 00000000 ____D C:\Program Files\Common Files\Apple
    2012-07-20 12:54 - 2012-07-20 12:54 - 00000000 ____D C:\Users\All Users\Apple
    2012-07-20 12:54 - 2012-07-20 12:54 - 00000000 ____D C:\Program Files\Apple Software Update
    2012-07-20 12:44 - 2012-07-20 12:44 - 00000000 ____D C:\Program Files\FileHippo.com
    2012-07-20 12:38 - 2012-07-20 12:40 - 00000000 ___SD C:\ComboFix
    2012-07-19 17:42 - 2012-07-19 17:42 - 00010214 ____A C:\ComboFix.txt
    2012-07-17 18:11 - 2012-07-17 18:12 - 00607260 ____R (Swearware) C:\Users\Kathy\Desktop\dds.com
    2012-07-17 18:06 - 2012-07-17 18:07 - 00388608 ____A (Trend Micro Inc.) C:\Users\Kathy\Desktop\HijackThis.exe
    2012-07-16 10:26 - 2012-07-16 10:26 - 08437955 ____A C:\Users\Kathy\Desktop\untitled folder.zip
    2012-07-16 07:16 - 2012-07-21 04:55 - 00000000 ____D C:\Users\Kathy\Desktop\New Folder (2)

    ============ 3 Months Modified Files ========================

    2012-07-21 11:48 - 2006-11-02 04:58 - 00032634 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-07-21 11:48 - 2006-11-02 04:58 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-07-21 11:48 - 2006-11-02 04:45 - 00003552 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    2012-07-21 11:48 - 2006-11-02 04:45 - 00003552 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    2012-07-21 11:37 - 2009-03-28 14:13 - 01825919 ____A C:\Windows\WindowsUpdate.log
    2012-07-21 11:36 - 2012-07-21 11:35 - 00000714 ____A C:\Windows\setupact.log
    2012-07-21 11:35 - 2012-07-21 11:35 - 00000000 ____A C:\Windows\setuperr.log
    2012-07-21 04:50 - 2012-07-21 04:50 - 00124136 ____A C:\Users\Kathy\AppData\Local\GDIPFONTCACHEV1.DAT
    2012-07-21 04:47 - 2012-07-21 04:46 - 00432600 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-07-20 13:47 - 2007-02-17 06:35 - 00000418 ___AH C:\Windows\Tasks\User_Feed_Synchronization-{3D784BF5-3F70-43C8-AEC5-32F88F4B4CE3}.job
    2012-07-20 13:13 - 2007-08-14 18:17 - 00002120 ___AH C:\IPH.PH
    2012-07-20 13:07 - 2012-07-20 13:08 - 00772592 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
    2012-07-20 13:07 - 2012-07-20 13:08 - 00227824 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
    2012-07-20 13:07 - 2012-07-20 13:08 - 00174064 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
    2012-07-20 13:07 - 2012-07-20 13:08 - 00174064 ____A (Oracle Corporation) C:\Windows\System32\java.exe
    2012-07-20 13:07 - 2010-10-24 05:59 - 00687600 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
    2012-07-20 12:35 - 2010-08-14 14:23 - 00000000 ____A C:\Users\Kathy\AppData\Local\prvlcl.dat
    2012-07-19 17:42 - 2012-07-19 17:42 - 00010214 ____A C:\ComboFix.txt
    2012-07-19 17:34 - 2006-11-02 02:23 - 00000215 ____A C:\Windows\system.ini
    2012-07-17 18:12 - 2012-07-17 18:11 - 00607260 ____R (Swearware) C:\Users\Kathy\Desktop\dds.com
    2012-07-17 18:07 - 2012-07-17 18:06 - 00388608 ____A (Trend Micro Inc.) C:\Users\Kathy\Desktop\HijackThis.exe
    2012-07-16 10:26 - 2012-07-16 10:26 - 08437955 ____A C:\Users\Kathy\Desktop\untitled folder.zip
    2012-07-16 06:03 - 2007-02-15 19:49 - 00035840 ____A C:\Users\Kathy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2012-07-11 18:11 - 2006-11-02 02:24 - 57442464 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
    2012-07-11 18:10 - 2006-11-02 02:23 - 00000240 ____A C:\Windows\win.ini
    2012-07-03 09:46 - 2010-11-27 17:00 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-05-30 10:26 - 2006-11-02 02:33 - 00709582 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-05-06 14:29 - 2012-05-06 14:29 - 06956507 ____A C:\Users\Kathy\Desktop\pipes.zip

    ZeroAccess:
    C:\Windows\Installer\{8d70b107-73a7-e7b2-da44-c273c0c4bc10}
    C:\Windows\Installer\{8d70b107-73a7-e7b2-da44-c273c0c4bc10}\L
    C:\Windows\Installer\{8d70b107-73a7-e7b2-da44-c273c0c4bc10}\U

    ZeroAccess:
    C:\Users\Kathy\AppData\Local\{8d70b107-73a7-e7b2-da44-c273c0c4bc10}
    C:\Users\Kathy\AppData\Local\{8d70b107-73a7-e7b2-da44-c273c0c4bc10}\L
    C:\Users\Kathy\AppData\Local\{8d70b107-73a7-e7b2-da44-c273c0c4bc10}\U

    ZeroAccess:
    C:\Windows\assembly\GAC\Desktop.ini

    ========================= Known DLLs (Whitelisted) ============


    ========================= Bamital & volsnap Check ============

    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ========================= Memory info ======================

    Percentage of memory in use: 21%
    Total physical RAM: 957.88 MB
    Available physical RAM: 751.94 MB
    Total Pagefile: 926.69 MB
    Available Pagefile: 812.27 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1984.97 MB

    ======================= Partitions =========================

    1 Drive c: (OS) (Fixed) (Total:64.46 GB) (Free:24.51 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
    3 Drive e: () (Removable) (Total:3.73 GB) (Free:3.1 GB) FAT32
    4 Drive x: (RECOVERY) (Fixed) (Total:10 GB) (Free:6.02 GB) NTFS

    Disk ### Status Size Free Dyn Gpt
    -------- ---------- ------- ------- --- ---
    Disk 0 Online 75 GB 1766 KB
    Disk 1 Online 3819 MB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 OEM 39 MB 32 KB
    Partition 2 Primary 10 GB 40 MB
    Partition 3 Primary 64 GB 10 GB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : DE
    Hidden: Yes
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 FAT Partition 39 MB Healthy Hidden

    ==================================================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 0 X RECOVERY NTFS Partition 10 GB Healthy Boot

    ==================================================================================

    Disk: 0
    Partition 3
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 C OS NTFS Partition 64 GB Healthy

    ==================================================================================

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 3819 MB 16 KB

    ==================================================================================

    Disk: 1
    Partition 1
    Type : 0B
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 0 E FAT32 Removable 3819 MB Healthy

    ==================================================================================

    ==========================================================

    Last Boot: 2012-07-21 11:36

    ======================= End Of Log ==========================
     
  4. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,154
    Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

    Code:
    start
    C:\Windows\Installer\{8d70b107-73a7-e7b2-da44-c273c0c4bc10}
    C:\Users\Kathy\AppData\Local\{8d70b107-73a7-e7b2-da44-c273c0c4bc10}
    C:\Windows\assembly\GAC\Desktop.ini
    end
    
    Now please enter System Recovery Options as you did to get the log.

    Run FRST and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Reboot and run Malwarebytes quick scan after checking for updates, post both logs...

    Kevin
     
  5. nearfantastica

    nearfantastica Thread Starter

    Joined:
    Jul 26, 2011
    Messages:
    64
    Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 20-07-2012 01
    Ran by SYSTEM at 2012-07-21 16:31:41 Run:1
    Running from E:\

    ==============================================

    C:\Windows\Installer\{8d70b107-73a7-e7b2-da44-c273c0c4bc10} moved successfully.
    C:\Users\Kathy\AppData\Local\{8d70b107-73a7-e7b2-da44-c273c0c4bc10} moved successfully.
    C:\Windows\assembly\GAC\Desktop.ini moved successfully.

    ==== End of Fixlog ====


    Malwarebytes Anti-Malware 1.62.0.1300
    www.malwarebytes.org

    Database version: v2012.07.21.09

    Windows Vista Service Pack 1 x86 NTFS
    Internet Explorer 8.0.6001.19088
    Kathy :: KATHY-PC [administrator]

    7/21/2012 4:35:16 PM
    mbam-log-2012-07-21 (16-35-16).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 184172
    Time elapsed: 7 minute(s), 38 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
     
  6. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,154
    Run the following:

    Download OTL from any of the following links and save to your desktop.

    Link 1
    Link 2
    Link3

    Double click the icon to start the tool. (Note: If you are running on Vista or Windows 7 accept UAC alert)

    • Please check the box next to "LOP check" and "Purtiy check"
    • Click Run Scan and let the program run uninterrupted.
    • When the scan is complete, two text files will be created on your Desktop.
    • OTL.Txt <- this one will be opened
    • Extras.txt <- this one will be minimized

    Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of OTL.Txt and the Extras.txt in your next reply.
     
  7. nearfantastica

    nearfantastica Thread Starter

    Joined:
    Jul 26, 2011
    Messages:
    64
    OTL logfile created on: 7/21/2012 5:22:50 PM - Run 1
    OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Kathy\Desktop
    Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.19088)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    957.76 Mb Total Physical Memory | 252.00 Mb Available Physical Memory | 26.31% Memory free
    2.13 Gb Paging File | 1.35 Gb Available in Paging File | 63.53% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 64.46 Gb Total Space | 24.49 Gb Free Space | 37.99% Space Free | Partition Type: NTFS
    Drive D: | 10.00 Gb Total Space | 6.01 Gb Free Space | 60.13% Space Free | Partition Type: NTFS

    Computer Name: KATHY-PC | User Name: Kathy | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/07/21 17:21:26 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Kathy\Desktop\OTL.com
    PRC - [2012/04/04 01:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2012/01/31 16:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    PRC - [2012/01/17 21:03:24 | 002,339,168 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
    PRC - [2011/09/09 03:10:56 | 001,082,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
    PRC - [2011/08/18 01:33:26 | 000,659,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
    PRC - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
    PRC - [2011/05/23 14:13:04 | 000,657,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
    PRC - [2011/03/28 03:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
    PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
    PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
    PRC - [2009/12/10 11:13:56 | 004,562,944 | ---- | M] () -- C:\Program Files\NETGEAR\WNA1100\WNA1100.exe
    PRC - [2009/11/27 12:04:44 | 000,278,528 | ---- | M] () -- C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe
    PRC - [2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2007/02/28 18:24:14 | 000,538,096 | ---- | M] ( ) -- C:\Windows\System32\dlbtcoms.exe
    PRC - [2007/02/28 18:23:56 | 000,431,600 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Dell Photo AIO Printer 922\DLBTmon.exe
    PRC - [2006/11/12 03:19:46 | 000,446,976 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe
    PRC - [2006/10/20 18:23:38 | 000,118,784 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe


    ========== Modules (No Company Name) ==========

    MOD - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
    MOD - [2009/12/10 11:13:56 | 004,562,944 | ---- | M] () -- C:\Program Files\NETGEAR\WNA1100\WNA1100.exe
    MOD - [2009/08/28 16:50:18 | 000,282,624 | ---- | M] () -- C:\Program Files\NETGEAR\WNA1100\WifiSvcLib.dll
    MOD - [2007/01/22 02:18:28 | 000,069,632 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 922\DLBTcfg.dll
    MOD - [2006/08/18 14:17:36 | 000,056,056 | ---- | M] () -- C:\Windows\System32\DLAAPI_W.DLL
    MOD - [2005/09/20 07:40:30 | 000,122,880 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 922\dlbtdrec.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2012/06/18 18:24:43 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/04/04 01:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2012/01/31 16:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
    SRV - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
    SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
    SRV - [2009/11/27 12:04:44 | 000,278,528 | ---- | M] () [Auto | Running] -- C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe -- (WSWNA1100)
    SRV - [2009/11/05 16:10:22 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files\NETGEAR\WNA1100\jswpsapi.exe -- (jswpsapi)
    SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2007/02/28 18:24:14 | 000,538,096 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\dlbtcoms.exe -- (dlbt_device)
    SRV - [2006/11/07 14:27:02 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
    DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
    DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
    DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2011/05/27 19:05:18 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
    DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
    DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
    DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
    DRV - [2011/02/22 08:12:38 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AVGIDSEH.sys -- (AVGIDSEH)
    DRV - [2011/02/10 07:53:30 | 000,028,624 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
    DRV - [2011/02/10 07:53:28 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
    DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
    DRV - [2009/11/27 03:47:00 | 001,384,448 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athur.sys -- (athur)
    DRV - [2009/06/11 19:34:34 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
    DRV - [2008/06/19 16:24:30 | 000,028,544 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\pavboot.sys -- (pavboot)
    DRV - [2008/05/15 02:28:00 | 000,020,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\jswpslwf.sys -- (jswpslwf)
    DRV - [2007/12/24 17:37:00 | 000,138,384 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmcomm.sys -- (tmcomm)
    DRV - [2007/07/03 01:37:08 | 000,110,112 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
    DRV - [2007/02/08 23:05:30 | 000,012,856 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLACDBHM.SYS -- (DLACDBHM)
    DRV - [2007/01/19 18:20:54 | 000,021,728 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SCMNdisP.sys -- (SCMNdisP)
    DRV - [2006/12/08 00:25:00 | 004,456,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
    DRV - [2006/11/22 18:56:52 | 000,647,680 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
    DRV - [2006/11/02 03:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
    DRV - [2006/11/02 03:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
    DRV - [2006/11/02 03:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
    DRV - [2006/10/18 14:08:18 | 000,258,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
    DRV - [2006/10/05 17:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Running] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
    DRV - [2006/08/18 14:18:08 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLADResM.SYS -- (DLADResM)
    DRV - [2006/08/18 14:17:46 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABMFSM.SYS -- (DLABMFSM)
    DRV - [2006/08/18 14:17:44 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
    DRV - [2006/08/18 14:17:44 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
    DRV - [2006/08/18 14:17:42 | 000,026,008 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
    DRV - [2006/08/18 14:17:40 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABOIOM.SYS -- (DLABOIOM)
    DRV - [2006/08/18 14:17:38 | 000,104,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
    DRV - [2006/08/18 14:17:38 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAPoolM.SYS -- (DLAPoolM)
    DRV - [2006/08/17 16:43:52 | 000,007,424 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Program Files\DellSupport\Drivers\dsunidrv.sys -- (dsunidrv)
    DRV - [2006/08/11 11:35:16 | 000,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLARTL_M.SYS -- (DLARTL_M)
    DRV - [2006/08/04 20:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/browsers/redirect/?b=RRHSO_BLD1&CMP=OTC-RRHSO_BLD1HPRR&d=homerr
    IE - HKLM\..\SearchScopes,DefaultScope = {B66B7AA8-EF74-4FE7-9A63-CFF0A3EAEF4C}
    IE - HKLM\..\SearchScopes\{B66B7AA8-EF74-4FE7-9A63-CFF0A3EAEF4C}: "URL" = http://www.rr.com/browsers/redirect/?b=RRHSO_BLD1&CMP=OTC-RRHSO_BLD1SPSE&d=searchrr&q={searchTerms}

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/browsers/redirect/?b=RRHSO_BLD1&CMP=OTC-RRHSO_BLD1HPRR&d=homerr
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKCU\..\SearchScopes,DefaultScope = {937A4F6A-5111-4A55-8480-CAAC4A06E5BB}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
    IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DKUS
    IE - HKCU\..\SearchScopes\{937A4F6A-5111-4A55-8480-CAAC4A06E5BB}: "URL" = http://www.rr.com/browsers/redirect/?b=RRHSO_BLD1&CMP=OTC-RRHSO_BLD1SPSE&d=searchrr&q={searchTerms}
    IE - HKCU\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = http://dl.ask.com/toolbarv/askRedirect.jsp?gct=&gc=1&q={searchTerms}&crm=1&toolbar=GV2
    IE - HKCU\..\SearchScopes\{E0C2F44F-C0BA-4379-980B-DEC52DB84CAA}: "URL" = http://search.avg.com/?d=4ded6770&i=23&tp=chrome&q={searchTerms}&lng={language}&nt=1
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
    FF - prefs.js..browser.search.selectedEngine: "Google"
    FF - prefs.js..browser.startup.homepage: "http://www.rr.com/"
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1410
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}:6.0.27
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
    FF - prefs.js..keyword.URL: "http://search.avg.com/?d=4ded6606&i=23&tp=ab&nt=1&q="


    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security)
    FF - HKLM\Software\MozillaPlugins\@real.com/npracplug;version=1.0.0.0: C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dll File not found
    FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2012/02/03 09:04:28 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/20 16:59:58 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/07/20 17:16:54 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/20 16:59:58 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/07/20 17:16:54 | 000,000,000 | ---D | M]

    [2009/10/10 15:55:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kathy\AppData\Roaming\Mozilla\Extensions
    [2012/05/01 19:11:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kathy\AppData\Roaming\Mozilla\Firefox\Profiles\8flhhrgj.default\extensions
    [2010/08/06 06:37:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Kathy\AppData\Roaming\Mozilla\Firefox\Profiles\8flhhrgj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2012/04/24 21:31:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2012/06/18 18:24:44 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2012/06/18 18:24:40 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2012/06/18 18:24:40 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
    CHR - Extension: AVG Safe Search = C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1390_0\

    O1 HOSTS File: ([2012/07/19 21:33:49 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [DLBTCATS] C:\Windows\System32\spool\DRIVERS\W32X86\3\DLBTtime.DLL ()
    O4 - HKLM..\Run: [dlbtmon.exe] C:\Program Files\Dell Photo AIO Printer 922\dlbtmon.exe (Lexmark International, Inc.)
    O4 - HKLM..\Run: [ECenter] c:\DELL\E-Center\EULALauncher.exe ( )
    O4 - HKLM..\Run: [FaxCenterServer] C:\Program Files\Dell PC Fax\fm3032.exe ()
    O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
    O4 - HKCU..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} http://support.dell.com/systemprofiler/SysProExe.CAB (WMI Class)
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7F9A41FD-478D-4F5C-9E41-7CD27476CEC1}: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D8BD712E-E4A5-4507-AFE1-0A0DF3D92BE9}: DhcpNameServer = 192.168.1.1
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
    O24 - Desktop WallPaper: C:\Users\Kathy\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
    O24 - Desktop BackupWallPaper: C:\Users\Kathy\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync)
    O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/07/21 19:51:29 | 000,000,000 | ---D | C] -- C:\FRST
    [2012/07/21 17:21:22 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Kathy\Desktop\OTL.com
    [2012/07/20 17:15:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
    [2012/07/20 17:15:46 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
    [2012/07/20 17:13:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIM
    [2012/07/20 17:09:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
    [2012/07/20 17:08:46 | 000,772,592 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
    [2012/07/20 17:08:46 | 000,227,824 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
    [2012/07/20 17:08:12 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
    [2012/07/20 17:08:10 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
    [2012/07/20 17:02:45 | 000,000,000 | ---D | C] -- C:\Users\Kathy\AppData\Roaming\SUPERAntiSpyware.com
    [2012/07/20 17:01:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
    [2012/07/20 17:01:47 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
    [2012/07/20 16:58:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
    [2012/07/20 16:55:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
    [2012/07/20 16:54:07 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
    [2012/07/20 16:54:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
    [2012/07/20 16:44:19 | 000,000,000 | ---D | C] -- C:\Program Files\FileHippo.com
    [2012/07/20 16:38:30 | 000,000,000 | --SD | C] -- C:\ComboFix
    [2012/07/19 22:09:59 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/07/19 21:42:45 | 000,000,000 | ---D | C] -- C:\Users\Kathy\AppData\Local\temp
    [2012/07/19 21:34:00 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/07/17 22:11:55 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Kathy\Desktop\dds.com
    [2012/07/17 22:06:53 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Kathy\Desktop\HijackThis.exe
    [2012/07/16 11:16:38 | 000,000,000 | ---D | C] -- C:\Users\Kathy\Desktop\New Folder (2)
    [2011/12/31 16:56:57 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Program Files\HijackThis.exe
    [2009/01/27 19:01:53 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll

    ========== Files - Modified Within 30 Days ==========

    [2012/07/21 17:21:26 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Kathy\Desktop\OTL.com
    [2012/07/21 16:34:13 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/07/21 16:34:13 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/07/21 16:32:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/07/21 16:27:58 | 000,608,406 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2012/07/21 16:27:58 | 000,105,908 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2012/07/21 16:04:38 | 000,000,000 | ---- | M] () -- C:\Users\Kathy\AppData\Local\prvlcl.dat
    [2012/07/21 15:59:31 | 000,000,044 | ---- | M] () -- C:\Users\Kathy\AppData\Roaming\mbam.context.scan
    [2012/07/21 09:05:32 | 000,150,047 | ---- | M] () -- C:\Users\Kathy\Desktop\screen shot.jpg
    [2012/07/21 08:53:48 | 101,889,530 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
    [2012/07/21 08:47:01 | 000,432,600 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2012/07/20 18:01:20 | 000,427,700 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
    [2012/07/20 17:47:10 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{3D784BF5-3F70-43C8-AEC5-32F88F4B4CE3}.job
    [2012/07/20 17:13:25 | 000,002,120 | -H-- | M] () -- C:\IPH.PH
    [2012/07/20 17:13:12 | 000,001,722 | ---- | M] () -- C:\Users\Kathy\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk
    [2012/07/20 17:07:49 | 000,227,824 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
    [2012/07/20 17:07:49 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
    [2012/07/20 17:07:49 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
    [2012/07/20 17:07:48 | 000,772,592 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
    [2012/07/20 17:07:48 | 000,687,600 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
    [2012/07/19 21:33:49 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2012/07/17 22:12:09 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Kathy\Desktop\dds.com
    [2012/07/17 22:07:14 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Kathy\Desktop\HijackThis.exe
    [2012/07/16 14:26:13 | 008,437,955 | ---- | M] () -- C:\Users\Kathy\Desktop\untitled folder.zip
    [2012/07/16 10:03:23 | 000,035,840 | ---- | M] () -- C:\Users\Kathy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

    ========== Files Created - No Company Name ==========

    [2012/07/21 15:59:31 | 000,000,044 | ---- | C] () -- C:\Users\Kathy\AppData\Roaming\mbam.context.scan
    [2012/07/21 09:05:32 | 000,150,047 | ---- | C] () -- C:\Users\Kathy\Desktop\screen shot.jpg
    [2012/07/21 08:46:30 | 000,432,600 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
    [2012/07/20 17:16:54 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
    [2012/07/20 16:44:19 | 000,001,786 | ---- | C] () -- C:\Users\Kathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Update Checker.lnk
    [2012/07/16 14:26:12 | 008,437,955 | ---- | C] () -- C:\Users\Kathy\Desktop\untitled folder.zip
    [2010/11/01 19:47:11 | 000,005,876 | ---- | C] () -- C:\Users\Kathy\Router_Setup.html
    [2010/10/29 05:41:07 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
    [2010/10/29 05:41:07 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
    [2010/08/14 18:23:14 | 000,000,000 | ---- | C] () -- C:\Users\Kathy\AppData\Local\prvlcl.dat
    [2010/08/05 21:15:15 | 000,000,007 | ---- | C] () -- C:\Windows\System32\mkghj.dll
    [2009/06/06 13:22:09 | 000,000,420 | ---- | C] () -- C:\Users\Kathy\AppData\Roaming\wklnhst.dat
    [2008/02/15 21:33:57 | 000,024,206 | ---- | C] () -- C:\Users\Kathy\AppData\Roaming\UserTile.png
    [2007/05/11 17:42:32 | 000,007,484 | ---- | C] () -- C:\Users\Kathy\AppData\Local\d3d9caps.dat
    [2007/02/15 23:49:12 | 000,035,840 | ---- | C] () -- C:\Users\Kathy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    ========== LOP Check ==========

    [2009/02/26 20:26:40 | 000,000,000 | ---D | M] -- C:\Users\Kathy\AppData\Roaming\7Wonders
    [2007/08/23 14:21:05 | 000,000,000 | ---D | M] -- C:\Users\Kathy\AppData\Roaming\acccore
    [2010/11/13 10:54:40 | 000,000,000 | ---D | M] -- C:\Users\Kathy\AppData\Roaming\AVG10
    [2007/04/12 21:46:47 | 000,000,000 | ---D | M] -- C:\Users\Kathy\AppData\Roaming\Bitbliss Studios
    [2009/02/03 10:17:34 | 000,000,000 | ---D | M] -- C:\Users\Kathy\AppData\Roaming\funkitron
    [2009/03/28 17:40:02 | 000,000,000 | ---D | M] -- C:\Users\Kathy\AppData\Roaming\HouseCall 6.6
    [2012/03/15 19:13:35 | 000,000,000 | ---D | M] -- C:\Users\Kathy\AppData\Roaming\iolo
    [2009/03/02 19:15:22 | 000,000,000 | ---D | M] -- C:\Users\Kathy\AppData\Roaming\iWin
    [2009/03/12 09:05:37 | 000,000,000 | ---D | M] -- C:\Users\Kathy\AppData\Roaming\MagicBall3
    [2008/02/15 21:33:56 | 000,000,000 | ---D | M] -- C:\Users\Kathy\AppData\Roaming\PeerNetworking
    [2009/02/25 09:56:35 | 000,000,000 | ---D | M] -- C:\Users\Kathy\AppData\Roaming\pixelStorm
    [2009/03/06 11:46:41 | 000,000,000 | ---D | M] -- C:\Users\Kathy\AppData\Roaming\PlayFirst
    [2009/01/26 16:55:32 | 000,000,000 | ---D | M] -- C:\Users\Kathy\AppData\Roaming\Pogo Games
    [2010/03/08 21:41:14 | 000,000,000 | ---D | M] -- C:\Users\Kathy\AppData\Roaming\Road Runner
    [2010/03/08 18:47:42 | 000,000,000 | ---D | M] -- C:\Users\Kathy\AppData\Roaming\Simple Star
    [2009/01/28 08:19:33 | 000,000,000 | ---D | M] -- C:\Users\Kathy\AppData\Roaming\Skip-Bo
    [2009/06/06 13:22:12 | 000,000,000 | ---D | M] -- C:\Users\Kathy\AppData\Roaming\Template
    [2008/02/13 08:20:45 | 000,000,000 | ---D | M] -- C:\Users\Kathy\AppData\Roaming\WildTangent
    [2012/07/21 16:30:16 | 000,032,634 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
    [2012/07/20 17:47:10 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{3D784BF5-3F70-43C8-AEC5-32F88F4B4CE3}.job

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:07348C09
    @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:A73EAFFB
    @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:DD9E1B63
    @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:588B60C7
    @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:A3EE97B6
    @Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:C5A35877

    < End of report >



    OTL Extras logfile created on: 7/21/2012 5:22:50 PM - Run 1
    OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Kathy\Desktop
    Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.19088)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    957.76 Mb Total Physical Memory | 252.00 Mb Available Physical Memory | 26.31% Memory free
    2.13 Gb Paging File | 1.35 Gb Available in Paging File | 63.53% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 64.46 Gb Total Space | 24.49 Gb Free Space | 37.99% Space Free | Partition Type: NTFS
    Drive D: | 10.00 Gb Total Space | 6.01 Gb Free Space | 60.13% Space Free | Partition Type: NTFS

    Computer Name: KATHY-PC | User Name: Kathy | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\CA Personal Firewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
    "{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
    "{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
    "{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
    "{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
    "{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
    "{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
    "{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
    "{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{9C76CED6-7AC3-4667-BE19-EDF0A7207192}" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
    "{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
    "{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{D8AC1CB2-EE14-4F8E-8D28-B77FE5F8A63D}" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
    "{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{F7274493-F67F-4E11-B442-6E6060485191}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
    "{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
    "{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
    "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
    "{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5}" = Dell System Customization Wizard
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
    "{281ECE39-F043-492B-8337-F2E546B5604A}" = PowerDVD
    "{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
    "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
    "{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3E25E350-949F-4DB7-8288-2A60E018B4C1}" = Games, Music, & Photos Launcher
    "{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
    "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4AC7B4E7-59B7-4E48-A60D-263C486FC33A}_is1" = System Checkup 3.1
    "{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides
    "{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
    "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
    "{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{7ADE3A47-B425-45E9-8FF6-11BE2B775645}" = Corel Snapfire Plus
    "{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
    "{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
    "{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Documentation & Support Launcher
    "{90120000-001B-0000-0000-0000000FF1CE}" = Microsoft Office Word 2007
    "{90120000-001B-0000-0000-0000000FF1CE}_WORD_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_WORD_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_WORD_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_WORD_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_WORD_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_WORD_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_WORD_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{91CA0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Small Business Edition 2003
    "{93A1B09E-BAFA-4628-A5B6-921CB026955A}" = Corel Paint Shop Pro Photo XI
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A2AE9709-283B-4B48-AA34-729C070A62FB}" = NETGEAR WNA1100 wireless USB 2.0 adapter
    "{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
    "{C8FC7066-4457-4365-9BDF-4E439BF703C8}" = AVG 2011
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
    "{D69F6DA9-46CF-3EFD-DC4B-9E38F75F5B10}" = Super Collapse 3
    "{DBA8B9E1-C6FF-4624-9598-73D3B41A0903}" = Microsoft Picture It! Photo Premium 9
    "{E533E637-FB3E-4F28-8B18-449CC9AB7235}" = AVG 2011
    "{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
    "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
    "{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
    "ActiveScan 2.0" = Panda ActiveScan 2.0
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "AIM_7" = AIM 7
    "AVG" = AVG 2011
    "Brunswick Circuit Pro Bowling" = Brunswick Circuit Pro Bowling
    "CameraUserGuide-PSSX230HSandPSSX220HS" = Canon PowerShot SX230 HS and PowerShot SX220 HS Camera User Guide
    "CameraWindowDC8" = Canon Utilities CameraWindow DC 8
    "CameraWindowLauncher" = Canon Utilities CameraWindow Launcher
    "CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
    "Canon MOV Decoder" = Canon MOV Decoder
    "Canon MOV Encoder" = Canon MOV Encoder
    "CCleaner" = CCleaner
    "CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 PCI V.92 Modem
    "Dell Fax Solutions" = Fax Solutions
    "Dell Photo AIO Printer 922" = Dell Photo AIO Printer 922
    "FileHippo.com" = FileHippo.com Update Checker
    "HijackThis" = HijackThis 2.0.2
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
    "Mozilla Firefox 13.0.1 (x86 en-US)" = Mozilla Firefox 13.0.1 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "MyCamera" = Canon Utilities MyCamera
    "MyCamera Download Plugin" = CANON iMAGE GATEWAY MyCamera Download Plugin
    "NVIDIA Drivers" = NVIDIA Drivers
    "OfotoEZUpload" = KODAK EASYSHARE Gallery Upload ActiveX Control
    "PictureIt_v9" = Microsoft Picture It! Photo Premium 9
    "Software Guide" = Canon DIGITAL CAMERA Solution Disk Software Guide
    "SoftwareUpdUtility" = Download Updater (AOL LLC)
    "Super Collapse 3" = Super Collapse 3 (remove only)
    "Trend Micro HouseCall 6.6" = HouseCall 6.6
    "ViewpointMediaPlayer" = Viewpoint Media Player
    "WildTangent dell Master Uninstall" = Dell Games
    "WORD" = Microsoft Office Word 2007
    "YTdetect" = Yahoo! Detect
    "ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
    "ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 7/20/2012 5:13:18 PM | Computer Name = Kathy-PC | Source = Windows Search Service | ID = 3013
    Description =

    Error - 7/20/2012 5:13:18 PM | Computer Name = Kathy-PC | Source = Windows Search Service | ID = 3013
    Description =

    Error - 7/20/2012 5:13:20 PM | Computer Name = Kathy-PC | Source = Windows Search Service | ID = 3013
    Description =

    Error - 7/20/2012 5:13:20 PM | Computer Name = Kathy-PC | Source = Windows Search Service | ID = 3013
    Description =

    Error - 7/20/2012 5:13:21 PM | Computer Name = Kathy-PC | Source = Windows Search Service | ID = 3013
    Description =

    Error - 7/20/2012 5:13:21 PM | Computer Name = Kathy-PC | Source = Windows Search Service | ID = 3013
    Description =

    Error - 7/20/2012 5:19:20 PM | Computer Name = Kathy-PC | Source = Windows Search Service | ID = 3013
    Description =

    Error - 7/20/2012 5:27:28 PM | Computer Name = Kathy-PC | Source = Application Error | ID = 1000
    Description = Faulting application TFC.exe, version 3.1.7.0, time stamp 0x2a425e19,
    faulting module RPCRT4.dll, version 6.0.6001.18247, time stamp 0x49f0625f, exception
    code 0xc0000005, fault offset 0x000b1ebe, process id 0x1b9c, application start time
    0x01cd66bdbec535f8.

    Error - 7/20/2012 6:26:16 PM | Computer Name = Kathy-PC | Source = Application Error | ID = 1000
    Description = Faulting application TFC.exe, version 3.1.7.0, time stamp 0x2a425e19,
    faulting module ole32.dll, version 6.0.6001.18498, time stamp 0x4c28cad0, exception
    code 0xc0000005, fault offset 0x00003587, process id 0x1094, application start time
    0x01cd66c614398746.

    Error - 7/21/2012 1:03:30 PM | Computer Name = Kathy-PC | Source = EventSystem | ID = 4609
    Description =

    [ System Events ]
    Error - 7/20/2012 6:11:47 PM | Computer Name = Kathy-PC | Source = HTTP | ID = 15016
    Description =

    Error - 7/20/2012 6:29:58 PM | Computer Name = Kathy-PC | Source = HTTP | ID = 15016
    Description =

    Error - 7/20/2012 8:15:11 PM | Computer Name = Kathy-PC | Source = HTTP | ID = 15016
    Description =

    Error - 7/21/2012 8:46:53 AM | Computer Name = Kathy-PC | Source = HTTP | ID = 15016
    Description =

    Error - 7/21/2012 1:04:22 PM | Computer Name = Kathy-PC | Source = Service Control Manager | ID = 7043
    Description =

    Error - 7/21/2012 1:04:50 PM | Computer Name = Kathy-PC | Source = Service Control Manager | ID = 7011
    Description =

    Error - 7/21/2012 3:27:15 PM | Computer Name = Kathy-PC | Source = HTTP | ID = 15016
    Description =

    Error - 7/21/2012 3:47:09 PM | Computer Name = Kathy-PC | Source = HTTP | ID = 15016
    Description =

    Error - 7/21/2012 3:54:24 PM | Computer Name = Kathy-PC | Source = HTTP | ID = 15016
    Description =

    Error - 7/21/2012 4:32:45 PM | Computer Name = Kathy-PC | Source = HTTP | ID = 15016
    Description =


    < End of report >
     
  8. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,154
    Re-Run [​IMG] by double left click, Vista and Widows 7 users right click and select Run as Administrator.
    • Under the [​IMG] box at the bottom, paste in the following

      Code:
      :OTL
      IE - HKCU\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = http://dl.ask.com/toolbarv/askRedirect.jsp?gct=&gc=1&q={searchTerms}&crm=1&toolbar=GV2
      O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
      @Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:07348C09
      @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:A73EAFFB
      @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMPD9E1B63
      @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:588B60C7
      @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:A3EE97B6
      @Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:C5A35877
      :Files
      ipconfig /flushdns /c
      C:\ComboFix
      C:\FRST
      C:\Windows\System32\mkghj.dll
      :Commands
      [emptytemp]
      
      
    • Then click [​IMG] button at the top
    • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
    • Please post that log in your next reply.

    Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
    If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start > All Programs > Accessories > Notepad), click File > Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

    Let me see that log, give update on any remaining issues or concerns..

    Kevin
     
  9. nearfantastica

    nearfantastica Thread Starter

    Joined:
    Jul 26, 2011
    Messages:
    64
    AVG popped up during this scan that said there was a threat:

    c:\FRST\quarantine\desktop.ini

    I left the file there because I thought it might have something to do with deleting? Here is the log:

    All processes killed
    ========== OTL ==========
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF739809-1C6C-47C0-85B9-569DBB141420}\ not found.
    Starting removal of ActiveX control {7530BFB8-7293-4D34-9923-61A11451AFC5}
    C:\Windows\Downloaded Program Files\OnlineScanner.inf moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
    Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
    C:\Windows\Downloaded Program Files\gp.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    ADS C:\ProgramData\TEMP:07348C09 deleted successfully.
    ADS C:\ProgramData\TEMP:A73EAFFB deleted successfully.
    Unable to delete ADS C:\ProgramData\TEMPD9E1B63 .
    ADS C:\ProgramData\TEMP:588B60C7 deleted successfully.
    ADS C:\ProgramData\TEMP:A3EE97B6 deleted successfully.
    ADS C:\ProgramData\TEMP:C5A35877 deleted successfully.
    ========== FILES ==========
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\Users\Kathy\Desktop\cmd.bat deleted successfully.
    C:\Users\Kathy\Desktop\cmd.txt deleted successfully.
    C:\ComboFix folder moved successfully.
    C:\FRST\Quarantine\{8d70b107-73a7-e7b2-da44-c273c0c4bc10}\{8d70b107-73a7-e7b2-da44-c273c0c4bc10}\U folder moved successfully.
    C:\FRST\Quarantine\{8d70b107-73a7-e7b2-da44-c273c0c4bc10}\{8d70b107-73a7-e7b2-da44-c273c0c4bc10}\L folder moved successfully.
    C:\FRST\Quarantine\{8d70b107-73a7-e7b2-da44-c273c0c4bc10}\{8d70b107-73a7-e7b2-da44-c273c0c4bc10} folder moved successfully.
    C:\FRST\Quarantine\{8d70b107-73a7-e7b2-da44-c273c0c4bc10}\U folder moved successfully.
    C:\FRST\Quarantine\{8d70b107-73a7-e7b2-da44-c273c0c4bc10}\L folder moved successfully.
    C:\FRST\Quarantine\{8d70b107-73a7-e7b2-da44-c273c0c4bc10} folder moved successfully.
    Folder move failed. C:\FRST\Quarantine scheduled to be moved on reboot.
    C:\FRST\Logs folder moved successfully.
    C:\FRST\Hives folder moved successfully.
    C:\FRST folder moved successfully.
    C:\Windows\System32\mkghj.dll moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Kathy
    ->Temp folder emptied: 966438 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 66303982 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 487 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 630 bytes
    RecycleBin emptied: 4594150 bytes

    Total Files Cleaned = 69.00 mb


    OTL by OldTimer - Version 3.2.53.1 log created on 07212012_181939

    Files\Folders moved on Reboot...
    File\Folder C:\FRST\Quarantine not found!

    PendingFileRenameOperations files...
    File C:\FRST\Quarantine not found!

    Registry entries deleted on Reboot...
     
  10. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,154
    FRST was the application we used to find and remove the ZA remnants, obviously anything contained in its quarantine folder is very safe......

    If your system is behaving itself do the following:

    • Re-open [​IMG] to run it. (Vista and Win 7 users, right click on OTL and "Run as administrator")
    • Click on the [​IMG] button.
    • Click Yes to begin the cleanup process and remove tools, including this application
    • You may be asked to reboot the machine to finish the cleanup process - if so, choose Yes

    I note that you have not updated to Service Pack 2 (SP2) your system will be prone to re-infection, a stand alone version of SP2 is available here http://www.microsoft.com/en-us/download/details.aspx?id=16468 it will be advisable to update ASAP....

    Kevin
     
  11. nearfantastica

    nearfantastica Thread Starter

    Joined:
    Jul 26, 2011
    Messages:
    64
    Okay, I did both of those. One thing I noticed after updating to SP2 is that the computer seems to be running slower. I know this computer doesn't have a lot of memory. Do you think it might have something to do with that?
     
  12. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,154
    Vista is a known resource hog, I gig of ram is not enough. Run the following to see if any startup entries can be removed to help in the short term, ultimately you need to upgrade your ram..

    Simply download this tool Startuplite to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and may help improve preformance.

    Kevin
     
  13. nearfantastica

    nearfantastica Thread Starter

    Joined:
    Jul 26, 2011
    Messages:
    64
    After using the computer last night and today, it doesn't seem to be having any more problems. I'm going to look into them getting some more ram for the computer or even just upgrading all together. They also need a bigger hard drive

    Thank you for all your help!
     
  14. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,154
    Glad to have helped, don`t hesitate to come back if you need any help on the malware front. I`m not the best to ask for advice on ram and hd`s if you need any...

    Take care,

    Kevin
     
  15. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1061511