Jump to content
Sign in to follow this  
Suzi Newman

I have been Hijacked by Funmoods...please help

Recommended Posts

I have gotten infected by start.funmoods.com on my google chrome search engine. I originally posted in another forum here is the link to that original post:

 

http://forums.pcpitstop.com/index.php?/topic/199704-i-know-im-infected-but-none-of-my-security-programs-find-it/

 

I posted my malware log and was directed to get the DDS log, come to this forum and post here.

DDS Log:

 

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.5.1

Run by Suzi at 17:29:04 on 2012-08-25

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.489 [GMT -5:00]

.

AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\spoolsv.exe

c:\program files\idt\wdm\STacSV.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\IDT\WDM\sttray.exe

C:\WINDOWS\system32\AESTFltr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\HP\HPBTWD.exe

C:\Program Files\Everything\Everything.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\PdaNet for Android\PdaNetPC.exe

C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\WINDOWS\System32\vssvc.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\system32\wscntfy.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.yahoo.com/?ilc=17

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0559.0\msneshellx.dll

BHO: WeCareReminder Class: {d824f0de-3d60-4f57-9eb1-66033ecd8abb} - c:\documents and settings\all users\application data\wecarereminder\IEHelperv2.5.0.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll

TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0559.0\msneshellx.dll

TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized

uRun: [Google Update] "c:\documents and settings\suzi\local settings\application data\google\update\GoogleUpdate.exe" /c

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe

mRun: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [HP Mobile Broadband] c:\swsetup\hpqwwan\HPMobileBroadband.exe /TrayMode

mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume

mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

mRun: [HP BTW Detect Program] c:\program files\hp\HPBTWD.exe

mRun: [Everything] "c:\program files\everything\Everything.exe" -startup

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

StartupFolder: c:\docume~1\suzi\startm~1\programs\startup\pdanet~1.lnk - c:\program files\pdanet for android\PdaNetPC.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {53F6FCCD-9E22-4d71-86EA-6E43136192AB}

IE: {925DAB62-F9AC-4221-806A-057BFB1014AA}

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

Trusted Zone: facebook.com\www

Trusted Zone: yahoo.com\login

DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} - hxxp://utilities.pcpitstop.com/Exterminate2/pcpitstopAntiVirus.dll

TCP: DhcpNameServer = 8.8.8.8

TCP: Interfaces\{62745325-20C1-4F0C-A6BD-2AC3CD7BA611} : DhcpNameServer = 8.8.8.8

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\suzi\application data\mozilla\firefox\profiles\03u3rlxy.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=685749&p=

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\documents and settings\suzi\local settings\application data\google\update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll

FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_271.dll

FF - plugin: c:\windows\system32\npdeployJava1.dll

FF - plugin: c:\windows\system32\npptools.dll

.

---- FIREFOX POLICIES ----

FF - user.js: extensions.funmoods.hmpg - true

FF - user.js: extensions.funmoods.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1QzutDtDtByCtAyB0B0DtAzyyEtByD0FtD0FtN0D0Tzu0CtBtAtBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=463652123

FF - user.js: extensions.funmoods.dfltSrch - false

FF - user.js: extensions.funmoods.srchPrvdr - Search

FF - user.js: extensions.funmoods.dnsErr - true

FF - user.js: extensions.funmoods_i.newTab - true

FF - user.js: extensions.funmoods.newTabUrl - hxxp://start.funmoods.com/?f=2&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1QzutDtDtByCtAyB0B0DtAzyyEtByD0FtD0FtN0D0Tzu0CtBtAtBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=463652123

FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://start.funmoods.com/?f=3&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1QzutDtDtByCtAyB0B0DtAzyyEtByD0FtD0FtN0D0Tzu0CtBtAtBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=463652123&q=

FF - user.js: extensions.funmoods.id - 002637BD39425F0F

FF - user.js: extensions.funmoods.instlDay - 15571

FF - user.js: extensions.funmoods.vrsn - 1.5.23.22

FF - user.js: extensions.funmoods.vrsni - 1.5.23.22

FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2218:54:16

FF - user.js: extensions.funmoods.prtnrId - funmoods

FF - user.js: extensions.funmoods.prdct - funmoods

FF - user.js: extensions.funmoods.aflt - axl

FF - user.js: extensions.funmoods_i.smplGrp - none

FF - user.js: extensions.funmoods.tlbrId - base

FF - user.js: extensions.funmoods.instlRef - axl

FF - user.js: extensions.funmoods.dfltLng -

FF - user.js: extensions.funmoods.excTlbr - false

FF - user.js: extensions.funmoods.autoRvrt - false

FF - user.js: extensions.funmoods.envrmnt - production

FF - user.js: extensions.funmoods.isdcmntcmplt - true

FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0

.

============= SERVICES / DRIVERS ===============

.

R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-1-26 36000]

R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2012-1-26 86224]

R2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2012-1-26 110032]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-1-26 83392]

R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2009-5-7 113664]

R3 pneteth;PdaNet Broadband;c:\windows\system32\drivers\pneteth.sys [2012-2-26 13440]

R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2012-2-26 121192]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-7-21 116648]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-29 250056]

S3 cpuz128;cpuz128; [x]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-7-21 116648]

S3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys --> c:\windows\system32\drivers\l1c51x86.sys [?]

S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [2008-9-23 20480]

S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [2009-7-26 174336]

S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\rts5121.sys --> c:\windows\system32\drivers\RTS5121.sys [?]

S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\drivers\rts516xir.sys --> c:\windows\system32\drivers\Rts516xIR.sys [?]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-15 14336]

S4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\pcpitstop\PCPitstopScheduleService.exe [2012-8-24 77312]

.

=============== Created Last 30 ================

.

2012-08-24 13:41:03 -------- d-----w- c:\documents and settings\all users\application data\PCPitstop

2012-08-24 13:39:46 -------- d-----w- c:\program files\PCPitstop

2012-08-23 12:01:27 -------- d-----w- c:\documents and settings\suzi\local settings\application data\Paint.NET

2012-08-23 11:59:59 -------- d-----w- c:\documents and settings\suzi\local settings\application data\FreeEditorEditTemp

2012-08-23 11:50:15 175616 ----a-w- c:\windows\system32\unrar.dll

2012-08-23 11:50:08 -------- d-----w- c:\program files\K-Lite Codec Pack

2012-08-23 11:49:42 -------- d-----w- c:\program files\Free Editor

2012-08-23 11:22:07 -------- d-----w- c:\documents and settings\suzi\local settings\application data\Software Assist

2012-08-23 11:22:02 -------- d-----w- c:\program files\Software Assist

2012-08-20 01:07:53 -------- d-----w- c:\documents and settings\all users\application data\YTD Video Downloader

2012-08-20 01:07:41 -------- d-----w- c:\program files\GreenTree Applications

2012-08-20 00:15:18 -------- d-----w- c:\program files\VideoLAN

2012-08-19 23:59:08 33958 ----a-w- c:\documents and settings\all users\application data\uninstaller.exe

2012-08-19 23:59:04 -------- d-----w- c:\documents and settings\all users\application data\WeCareReminder

2012-08-19 23:55:33 -------- d-----w- c:\documents and settings\all users\application data\Tarma Installer

2012-08-19 14:52:24 -------- d-----w- c:\program files\Tweaks

2012-08-17 00:32:22 -------- d-----w- c:\documents and settings\all users\application data\firebird

2012-08-17 00:30:37 -------- d-----w- c:\documents and settings\suzi\application data\Chrysanth

2012-08-17 00:30:19 -------- d-----w- c:\program files\Chrysanth

2012-08-17 00:08:52 249856 ------w- c:\windows\Setup1.exe

2012-08-17 00:08:51 73216 ----a-w- c:\windows\ST6UNST.EXE

2012-08-16 23:52:29 -------- d-----w- C:\myDiary

2012-08-07 18:49:20 4608000 ----a-w- c:\documents and settings\all users\application data\ReadOnlyInstaller.msi

2012-08-07 14:25:17 -------- d-----w- c:\documents and settings\suzi\local settings\application data\Sun

2012-08-02 04:14:06 -------- d-----w- c:\documents and settings\suzi\local settings\application data\Google

2012-08-02 04:12:31 -------- d-----w- c:\documents and settings\suzi\local settings\application data\Deployment

2012-08-01 13:36:41 -------- d-----w- c:\program files\Oracle

.

==================== Find3M ====================

.

2012-08-25 04:22:33 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-08-25 04:22:32 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-07-06 13:58:51 78336 ----a-w- c:\windows\system32\browser.dll

2012-07-06 03:07:08 143872 ----a-w- c:\windows\system32\javacpl.cpl

2012-07-06 03:06:30 772544 ----a-w- c:\windows\system32\npdeployJava1.dll

2012-07-04 14:05:18 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-07-03 18:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-07-03 13:40:15 1866112 ----a-w- c:\windows\system32\win32k.sys

2012-07-02 17:49:33 916992 ----a-w- c:\windows\system32\wininet.dll

2012-07-02 17:49:32 43520 ------w- c:\windows\system32\licmgr10.dll

2012-07-02 17:49:32 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-07-02 12:05:43 385024 ------w- c:\windows\system32\html.iec

2012-06-08 14:26:20 8462848 ----a-w- c:\windows\system32\SETB9.tmp

2012-06-07 01:59:42 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX

2012-06-05 15:50:25 1372672 ----a-w- c:\windows\system32\msxml6.dll

2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\SET7D.tmp

2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll

2012-06-04 22:35:26 222448 ----a-w- c:\windows\system32\muweb.dll

2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\SETB1.tmp

2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll

2012-06-02 20:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui

2012-06-02 20:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl

2012-06-02 20:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui

2012-06-02 20:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui

2012-06-02 20:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui

2012-06-02 20:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll

2012-06-02 20:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui

2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll

.

============= FINISH: 17:29:35.26 ===============

 

Here is the Attach Log:

 

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume1

Install Date: 6/18/2009 3:34:14 AM

System Uptime: 8/25/2012 5:09:21 PM (0 hours ago)

.

Motherboard: Hewlett-Packard | | 308F

Processor: Intel® Atom CPU N270 @ 1.60GHz | CPU 1 | 1596/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 149 GiB total, 130.954 GiB free.

D: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID:

Description: Ethernet Controller

Device ID: PCI\VEN_1969&DEV_1062&SUBSYS_308F103C&REV_C0\4&23C6FC68&0&00E1

Manufacturer:

Name: Ethernet Controller

PNP Device ID: PCI\VEN_1969&DEV_1062&SUBSYS_308F103C&REV_C0\4&23C6FC68&0&00E1

Service:

.

Class GUID:

Description: Samsung Android ACM

Device ID: USB\VID_04E8&PID_681C&MI_00\M820C1278B0B_00

Manufacturer:

Name: Samsung Android ACM

PNP Device ID: USB\VID_04E8&PID_681C&MI_00\M820C1278B0B_00

Service:

.

==== System Restore Points ===================

.

RP13: 5/25/2012 6:33:40 AM - Software Distribution Service 3.0

RP14: 5/27/2012 10:17:55 AM - Software Distribution Service 3.0

RP15: 5/27/2012 11:43:21 AM - Software Distribution Service 3.0

RP16: 5/30/2012 5:27:38 PM - System Checkpoint

RP17: 6/15/2012 5:59:07 PM - Software Distribution Service 3.0

RP18: 6/15/2012 6:20:55 PM - Software Distribution Service 3.0

RP19: 6/26/2012 9:17:00 AM - Installed %1 %2.

RP20: 6/26/2012 9:27:48 AM - Installed %1 %2.

RP21: 6/26/2012 9:30:25 AM - Installed Windows XP KB2492386.

RP22: 6/26/2012 10:05:42 AM - Installed Windows Internet Explorer 8.

RP23: 6/26/2012 10:06:58 AM - Software Distribution Service 3.0

RP24: 7/13/2012 11:39:05 PM - Software Distribution Service 3.0

RP25: 7/13/2012 11:45:50 PM - Installed Windows Internet Explorer 8.

RP26: 7/13/2012 11:46:48 PM - Software Distribution Service 3.0

RP27: 7/14/2012 12:49:27 AM - 07/13/12

RP28: 7/14/2012 1:32:02 AM - Software Distribution Service 3.0

RP29: 7/14/2012 9:19:53 AM - Removed iComment 2.0.2

RP30: 7/14/2012 9:22:04 AM - Software Distribution Service 3.0

RP31: 7/15/2012 10:53:10 AM - System Checkpoint

RP32: 7/15/2012 11:19:14 AM - Software Distribution Service 3.0

RP33: 7/15/2012 11:21:38 AM - Software Distribution Service 3.0

RP34: 7/15/2012 11:22:47 AM - Installed Windows XP KB2699988.

RP35: 7/15/2012 11:23:17 AM - Software Distribution Service 3.0

RP36: 7/19/2012 3:25:23 PM - System Checkpoint

RP37: 7/21/2012 10:41:37 AM - Software Distribution Service 3.0

RP38: 7/28/2012 11:46:52 AM - running very well

RP39: 8/1/2012 8:35:56 AM - Installed Java 7 Update 5

RP40: 8/1/2012 8:36:38 AM - Installed JavaFX 2.1.1

RP41: 8/17/2012 6:26:03 AM - Software Distribution Service 3.0

RP42: 8/18/2012 8:14:53 AM - System Checkpoint

RP43: 8/19/2012 10:01:28 AM - Removed WinZip 16.5

RP44: 8/20/2012 10:29:52 PM - System Checkpoint

RP45: 8/23/2012 6:53:14 AM - IObit Uninstaller restore point

RP46: 8/23/2012 6:53:48 AM - Removed Atheros Communications Inc.® AR81Family Gigabit/Fast E

RP47: 8/23/2012 6:55:31 AM - IObit Uninstaller restore point

RP48: 8/24/2012 7:16:20 AM - System Checkpoint

.

==== Installed Programs ======================

.

Acrobat.com

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader 9.2

Adobe Shockwave Player 11.5

ASPCA Reminder by We-Care.com v4.1.18.1

Avira Free Antivirus

Broadcom 802.11 Wireless LAN Adapter

Compatibility Pack for the 2007 Office system

Critical Update for Windows Media Player 11 (KB959772)

Default Manager

Everything 1.2.1.371

File Extractor

Free Editor

Google Chrome

Google Earth Plug-in

Google Update Helper

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Internet Explorer 7 (KB947864)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB2633952)

Hotfix for Windows XP (KB949764)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

HP BatteryCheck 2.10 A2

HP Doc Viewer

HP Driver Diagnostics

HP Help and Support

HP Mobile Broadband Setup Utility

HP User Guides 0139

HP Wireless Assistant

HpSdpAppCoreApp

IDT Audio

Intel® Graphics Media Accelerator Driver

Internet Explorer (Enable DEP)

Java Auto Updater

Java 6 Update 32

Java 7 Update 5

JavaFX 2.1.1

K-Lite Codec Pack 8.7.0 (Standard)

Malwarebytes Anti-Malware version 1.62.0.1300

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2656353)

Microsoft .NET Framework 1.1 Security Update (KB2656370)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Application Error Reporting

Microsoft Base Smart Card Cryptographic Service Provider Package

Microsoft Choice Guard

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft Kernel-Mode Driver Framework Feature Pack 1.7

Microsoft Live Search Toolbar

Microsoft National Language Support Downlevel APIs

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Home and Student 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft Software Update for Web Folders (English) 12

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft WinUsb 1.0

Microsoft Works

Mozilla Firefox 10.0.2 (x86 en-US)

MSN

MSVCRT

MSXML 6.0 Parser

PC Pitstop Exterminate2 2.0

PdaNet for Android 3.25

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition

Security Update for Microsoft Windows (KB2564958)

Security Update for Windows Internet Explorer 7 (KB2183461)

Security Update for Windows Internet Explorer 7 (KB2360131)

Security Update for Windows Internet Explorer 7 (KB2416400)

Security Update for Windows Internet Explorer 7 (KB2544521)

Security Update for Windows Internet Explorer 7 (KB2618444)

Security Update for Windows Internet Explorer 7 (KB2647516)

Security Update for Windows Internet Explorer 7 (KB2675157)

Security Update for Windows Internet Explorer 7 (KB2699988)

Security Update for Windows Internet Explorer 7 (KB938127-v2)

Security Update for Windows Internet Explorer 7 (KB969897)

Security Update for Windows Internet Explorer 7 (KB972260)

Security Update for Windows Internet Explorer 7 (KB974455)

Security Update for Windows Internet Explorer 7 (KB976325)

Security Update for Windows Internet Explorer 7 (KB978207)

Security Update for Windows Internet Explorer 7 (KB982381)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2618444)

Security Update for Windows Internet Explorer 8 (KB2699988)

Security Update for Windows Internet Explorer 8 (KB2722913)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 11 (KB936782)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2510581)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2585542)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2619339)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2621440)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2633171)

Security Update for Windows XP (KB2639417)

Security Update for Windows XP (KB2641653)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB2647518)

Security Update for Windows XP (KB2653956)

Security Update for Windows XP (KB2655992)

Security Update for Windows XP (KB2659262)

Security Update for Windows XP (KB2660465)

Security Update for Windows XP (KB2661637)

Security Update for Windows XP (KB2676562)

Security Update for Windows XP (KB2685939)

Security Update for Windows XP (KB2686509)

Security Update for Windows XP (KB2691442)

Security Update for Windows XP (KB2695962)

Security Update for Windows XP (KB2698365)

Security Update for Windows XP (KB2705219)

Security Update for Windows XP (KB2707511)

Security Update for Windows XP (KB2709162)

Security Update for Windows XP (KB2712808)

Security Update for Windows XP (KB2718523)

Security Update for Windows XP (KB2719985)

Security Update for Windows XP (KB2723135)

Security Update for Windows XP (KB2731847)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB938464-v2)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981349)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

Segoe UI

Skype™ 3.8

Software Assist

Synaptics Pointing Device Driver

TeamViewer 7

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows Internet Explorer 7 (KB976749)

Update for Windows Internet Explorer 7 (KB980182)

Update for Windows Internet Explorer 8 (KB2598845)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2492386)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2641690)

Update for Windows XP (KB2718704)

Update for Windows XP (KB898461)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB961503)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

Viewpoint Media Player

WebFldrs XP

Windows Backup Utility

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 7

Windows Internet Explorer 8

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Messenger

Windows Live Sign-in Assistant

Windows Live Upload Tool

Windows Management Framework Core

Windows Media Format 11 runtime

Windows Media Player 11

YTD Video Downloader 3.9

.

==== Event Viewer Messages From Past Week ========

.

8/24/2012 11:35:32 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AliIde IntelIde ViaIde

8/24/2012 11:34:25 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.

8/23/2012 9:18:51 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the hpqwmiex service to connect.

8/23/2012 9:18:51 PM, error: Service Control Manager [7000] - The hpqwmiex service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

8/23/2012 9:18:51 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service hpqwmiex with arguments "" in order to run the server: {F5539356-2F02-40D4-999E-FA61F45FE12E}

8/22/2012 5:35:18 AM, error: ACPI [43] - The system sleep operation failed

8/19/2012 10:01:41 AM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The system cannot find the file specified.

.

==== End Of File ===========================

 

I am so lost as to what to do I really appreciate any help. Thank you.

Share this post


Link to post
Share on other sites

Hi Suzi,

 

:wp:

 

My name is Tomk. I would be glad to take a look at your log and help you with solving any malware problems. Logs can take a while to research, so please be patient and I'd be grateful if you would note the following:

 

  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

I'd like you to run a different log for me please.

 

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Check the boxes beside LOP Check and Purity Check.
  • Under Custom Scan paste this in

     

    netsvcs
    drivers32
    %SYSTEMDRIVE%*.*
    %systemroot%Fonts*.com
    %systemroot%Fonts*.dll
    %systemroot%Fonts*.ini
    %systemroot%Fonts*.ini2
    %systemroot%Fonts*.exe
    %systemroot%system32spoolprtprocsw32x86*.*
    %systemroot%REPAIR*.bak1
    %systemroot%REPAIR*.ini
    %systemroot%system32*.jpg
    %systemroot%*.jpg
    %systemroot%*.png
    %systemroot%*.scr
    %systemroot%*._sy
    %APPDATA%AdobeUpdate*.*
    %ALLUSERSPROFILE%Favorites*.*
    %APPDATA%Microsoft*.*
    %PROGRAMFILES%*.*
    %APPDATA%Update*.*
    %systemroot%*. /mp /s
    CREATERESTOREPOINT
    %systemroot%System32config*.sav
    %PROGRAMFILES%bak. /s
    %systemroot%system32bak. /s
    %ALLUSERSPROFILE%Start Menu*.lnk /x
    %systemroot%system32configsystemprofile*.dat /x
    %systemroot%*.config
    %systemroot%system32*.db
    %PROGRAMFILES%Internet Explorer*.dat
    %APPDATA%MicrosoftInternet ExplorerQuick Launch*.lnk /x
    %USERPROFILE%Desktop*.exe
    %PROGRAMFILES%Common Files*.*
    %systemroot%*.src
    %systemroot%install*.*
    %systemroot%system32DLL*.*
    %systemroot%system32HelpFiles*.*
    %systemroot%system32rundll*.*
    %systemroot%winn32*.*
    %systemroot%Java*.*
    %systemroot%system32test*.*
    %systemroot%system32Rundll32*.*
    %systemroot%AppPatchCustom*.*
    HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsWindowsUpdateAU
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionWindowsUpdateAuto UpdateResultsInstall|LastSuccessTime /rs
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.

    Note:These logs can be located in the OTL. folder on you C: drive if they fail to open automatically.

  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

Share this post


Link to post
Share on other sites

Thank you so much for your help!

Here is the Extras Log:

 

OTL Extras logfile created on: 8/25/2012 11:18:14 PM - Run 1

OTL by OldTimer - Version 3.2.59.0 Folder = C:Documents and SettingsSuziDesktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

1015.23 Mb Total Physical Memory | 619.18 Mb Available Physical Memory | 60.99% Memory free

2.39 Gb Paging File | 2.01 Gb Available in Paging File | 84.25% Paging File free

Paging file location(s): C:pagefile.sys 1524 3048 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:WINDOWS | %ProgramFiles% = C:Program Files

Drive C: | 149.04 Gb Total Space | 130.93 Gb Free Space | 87.85% Space Free | Partition Type: NTFS

 

Computer Name: PC279151865318 | User Name: Suzi | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINESOFTWAREClasses<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.html [@ = FirefoxHTML] -- C:Program FilesMozilla Firefoxfirefox.exe (Mozilla Corporation)

 

[HKEY_CURRENT_USERSOFTWAREClasses<extension>]

.html [@ = ChromeHTML.2GYDN7B64J6JRI6FRS2WBYTBAI] -- C:Documents and SettingsSuziLocal SettingsApplication DataGoogleChromeApplicationchrome.exe (Google Inc.)

 

========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINESOFTWAREClasses<key>shell[command]command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

http [open] -- "C:Program FilesMozilla Firefoxfirefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)

https [open] -- "C:Program FilesMozilla Firefoxfirefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%system32rundll32.exe %SystemRoot%system32shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%Explorer.exe (Microsoft Corporation)

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoring]

 

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringAhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringKasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringMcAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringMcAfeeFirewall]

 

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringPandaAntiVirus]

 

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringPandaFirewall]

 

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringSophosAntiVirus]

 

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringSymantecAntiVirus]

 

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringSymantecFirewall]

 

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringTinyFirewall]

 

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringTrendAntiVirus]

 

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringTrendFirewall]

 

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringZoneLabsFirewall]

 

========== System Restore Settings ==========

 

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionSystemRestore]

"DisableSR" = 0

 

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSr]

"Start" = 0

 

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSrService]

"Start" = 2

 

========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyDomainProfile]

 

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfileGloballyOpenPortsList]

"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management

"80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)

 

========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyDomainProfileAuthorizedApplicationsList]

 

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfileAuthorizedApplicationsList]

"C:Program FilesTeamViewerVersion7TeamViewer.exe" = C:Program FilesTeamViewerVersion7TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)

"C:Program FilesTeamViewerVersion7TeamViewer_Service.exe" = C:Program FilesTeamViewerVersion7TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)

"C:Program FilesMalwarebytes' Anti-Malwarembam.exe" = C:Program FilesMalwarebytes' Anti-Malwarembam.exe:*:Enabled:Malwarebytes Anti-Malware -- (Malwarebytes Corporation)

"C:Program FilesAviraAntiVir Desktopavcenter.exe" = C:Program FilesAviraAntiVir Desktopavcenter.exe:*:Enabled:Start Avira Free Antivirus -- (Avira Operations GmbH & Co. KG)

 

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstall]

"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer

"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1

"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works

"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YTD Video Downloader 3.9

"{1BF14E04-85DE-480C-9A04-EB36744C66B4}_is1" = Free Editor

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java 6 Update 32

"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java 7 Update 5

"{286D2FF4-8AED-4147-B79D-A81874CCA7E4}" = Microsoft Live Search Toolbar

"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform

"{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant

"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4CCC7F68-A437-4559-A840-F5E010934951}" = HP Driver Diagnostics

"{4F2AF17E-94F0-4F22-943D-216CE46AC502}" = HP Mobile Broadband Setup Utility

"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8

"{69DAC00A-7665-4E9B-B441-093D40736429}" = HP BatteryCheck 2.10 A2

"{6FABA483-0BAD-4EFA-9B1C-599CC4F6677D}" = HP User Guides 0139

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{909B62B0-8ACA-4061-A83B-09CAEF609619}" = MSXML 6.0 Parser

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant

"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support

"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2

"{AE469025-08BA-4B2A-915D-CC7765132419}" = Default Manager

"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger

"{B618B8E1-FB71-4237-8361-C3EA3EF15EF7}" = ASPCA Reminder by We-Care.com v4.1.18.1

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp

"{DF802C05-4660-418c-970C-B988ADB1D316}" = Microsoft Live Search Toolbar

"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio

"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.5

"Avira AntiVir Desktop" = Avira Free Antivirus

"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter

"Everything" = Everything 1.2.1.371

"HDMI" = Intel® Graphics Media Accelerator Driver

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"ie8" = Windows Internet Explorer 8

"KLiteCodecPack_is1" = K-Lite Codec Pack 8.7.0 (Standard)

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Mozilla Firefox 10.0.2 (x86 en-US)" = Mozilla Firefox 10.0.2 (x86 en-US)

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"MSNINST" = MSN

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"PC Pitstop Exterminate2_is1" = PC Pitstop Exterminate2 2.0

"PdaNet_is1" = PdaNet for Android 3.25

"Software Assist" = Software Assist

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"TeamViewer 7" = TeamViewer 7

"Tweaks File Extractor" = File Extractor

"ViewpointMediaPlayer" = Viewpoint Media Player

"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"WinLiveSuite_Wave3" = Windows Live Essentials

"winusb0100" = Microsoft WinUsb 1.0

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

 

========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionUninstall]

"Google Chrome" = Google Chrome

 

========== Last 20 Event Log Errors ==========

 

[ Application Events ]

Error - 3/3/2012 12:25:57 PM | Computer Name = PC279151865318 | Source = RstIdle | ID = 0

Description =

 

Error - 3/3/2012 12:30:38 PM | Computer Name = PC279151865318 | Source = RstMgr | ID = 0

Description =

 

Error - 3/3/2012 12:30:38 PM | Computer Name = PC279151865318 | Source = RstIdle | ID = 0

Description =

 

Error - 5/19/2012 1:00:02 AM | Computer Name = PC279151865318 | Source = crypt32 | ID = 131083

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file.

 

Error - 5/19/2012 1:00:02 AM | Computer Name = PC279151865318 | Source = crypt32 | ID = 131083

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file.

 

Error - 5/19/2012 1:00:35 AM | Computer Name = PC279151865318 | Source = crypt32 | ID = 131075

Description = Failed auto update retrieval of third-party root list cab from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: This operation returned because the timeout period expired.

 

Error - 5/30/2012 6:05:56 PM | Computer Name = PC279151865318 | Source = Application Error | ID = 1000

Description = Faulting application iexplore.exe, version 7.0.6000.17109, faulting

module icomment.dll, version 2.0.2.0, fault address 0x0004ccf2.

 

Error - 7/14/2012 1:12:44 AM | Computer Name = PC279151865318 | Source = Application Error | ID = 1000

Description = Faulting application msimn.exe, version 6.0.2900.5512, faulting module

msoe.dll, version 6.0.2900.5931, fault address 0x0001c235.

 

Error - 8/16/2012 8:12:44 PM | Computer Name = PC279151865318 | Source = Application Error | ID = 1000

Description = Faulting application journal.exe, version 2.0.0.0, faulting module

msvbvm60.dll, version 6.0.98.2, fault address 0x000b4374.

 

Error - 8/18/2012 8:57:34 PM | Computer Name = PC279151865318 | Source = Application Error | ID = 1000

Description = Faulting application pdanetpc.exe, version 0.0.0.0, faulting module

pdanetpc.exe, version 0.0.0.0, fault address 0x00025f58.

 

[ OSession Events ]

Error - 9/23/2009 6:41:51 PM | Computer Name = PC279151865318 | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 640

seconds with 120 seconds of active time. This session ended with a crash.

 

Error - 6/9/2010 12:15:31 AM | Computer Name = PC279151865318 | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

12.0.6524.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 118

seconds with 60 seconds of active time. This session ended with a crash.

 

[ System Events ]

Error - 8/23/2012 10:18:45 PM | Computer Name = PC279151865318 | Source = DCOM | ID = 10010

Description = The server {4EB61BAC-A3B6-4760-9581-655041EF4D69} did not register

with DCOM within the required timeout.

 

Error - 8/23/2012 10:18:51 PM | Computer Name = PC279151865318 | Source = DCOM | ID = 10005

Description = DCOM got error "%1053" attempting to start the service hpqwmiex with

arguments "" in order to run the server: {F5539356-2F02-40D4-999E-FA61F45FE12E}

 

Error - 8/23/2012 10:18:51 PM | Computer Name = PC279151865318 | Source = Service Control Manager | ID = 7009

Description = Timeout (30000 milliseconds) waiting for the hpqwmiex service to connect.

 

Error - 8/23/2012 10:18:51 PM | Computer Name = PC279151865318 | Source = Service Control Manager | ID = 7000

Description = The hpqwmiex service failed to start due to the following error: %%1053

 

Error - 8/24/2012 5:58:56 AM | Computer Name = PC279151865318 | Source = ACPI | ID = 262187

Description = The system sleep operation failed

 

Error - 8/24/2012 6:00:10 AM | Computer Name = PC279151865318 | Source = DCOM | ID = 10010

Description = The server {4EB61BAC-A3B6-4760-9581-655041EF4D69} did not register

with DCOM within the required timeout.

 

Error - 8/24/2012 11:32:59 PM | Computer Name = PC279151865318 | Source = DCOM | ID = 10010

Description = The server {4EB61BAC-A3B6-4760-9581-655041EF4D69} did not register

with DCOM within the required timeout.

 

Error - 8/25/2012 12:34:25 AM | Computer Name = PC279151865318 | Source = sr | ID = 1

Description = The System Restore filter encountered the unexpected error '0xC0000001'

while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring

the volume.

 

Error - 8/25/2012 12:35:32 AM | Computer Name = PC279151865318 | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

AliIde IntelIde ViaIde

 

Error - 8/25/2012 10:52:30 PM | Computer Name = PC279151865318 | Source = DCOM | ID = 10010

Description = The server {4EB61BAC-A3B6-4760-9581-655041EF4D69} did not register

with DCOM within the required timeout.

 

 

< End of report >

 

(I connect to the internet by tethering my mini through my phone. If my slow connection speed is a problem I can redo these logs using wifi tomorrow)

 

I am including the OTL log in the next post as you suggested.

Share this post


Link to post
Share on other sites

Here is the OTL log:

 

OTL logfile created on: 8/25/2012 11:18:13 PM - Run 1

OTL by OldTimer - Version 3.2.59.0 Folder = C:Documents and SettingsSuziDesktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

1015.23 Mb Total Physical Memory | 619.18 Mb Available Physical Memory | 60.99% Memory free

2.39 Gb Paging File | 2.01 Gb Available in Paging File | 84.25% Paging File free

Paging file location(s): C:pagefile.sys 1524 3048 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:WINDOWS | %ProgramFiles% = C:Program Files

Drive C: | 149.04 Gb Total Space | 130.93 Gb Free Space | 87.85% Space Free | Partition Type: NTFS

 

Computer Name: PC279151865318 | User Name: Suzi | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2012/08/25 23:00:29 | 000,598,016 | ---- | M] (OldTimer Tools) -- C:Documents and SettingsSuziDesktopOTL.exe

PRC - [2012/08/09 16:53:03 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:Program FilesAviraAntiVir Desktopavgnt.exe

PRC - [2012/07/05 22:07:00 | 000,161,704 | ---- | M] (Oracle Corporation) -- C:Program FilesOracleJavaFX 2.1 Runtimebinjqs.exe

PRC - [2012/05/18 23:58:40 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:Program FilesAviraAntiVir Desktopsched.exe

PRC - [2012/05/18 23:58:40 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:Program FilesAviraAntiVir Desktopavshadow.exe

PRC - [2012/05/18 23:58:39 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:Program FilesAviraAntiVir Desktopavguard.exe

PRC - [2012/01/26 21:04:18 | 000,484,976 | ---- | M] () -- C:Program FilesPdaNet for AndroidPdaNetPC.exe

PRC - [2009/03/30 18:02:08 | 000,319,488 | ---- | M] () -- C:Program FilesHPHPBTWD.exe

PRC - [2009/03/30 15:47:00 | 000,483,428 | ---- | M] (IDT, Inc.) -- C:Program FilesIDTWDMsttray.exe

PRC - [2009/03/30 15:47:00 | 000,254,042 | ---- | M] (IDT, Inc.) -- c:Program FilesIDTWDMstacsv.exe

PRC - [2009/03/12 20:18:48 | 000,602,624 | ---- | M] () -- C:Program FilesEverythingEverything.exe

PRC - [2009/02/18 16:41:56 | 000,737,280 | ---- | M] (Andrea Electronics Corporation) -- C:WINDOWSsystem32AESTFltr.exe

PRC - [2008/04/15 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:WINDOWSexplorer.exe

 

 

========== Modules (No Company Name) ==========

 

MOD - [2012/05/18 23:58:41 | 000,398,288 | ---- | M] () -- C:Program FilesAviraAntiVir Desktopsqlite3.dll

MOD - [2012/01/26 21:04:18 | 000,484,976 | ---- | M] () -- C:Program FilesPdaNet for AndroidPdaNetPC.exe

MOD - [2009/03/30 18:02:08 | 000,319,488 | ---- | M] () -- C:Program FilesHPHPBTWD.exe

MOD - [2009/03/12 20:18:48 | 000,602,624 | ---- | M] () -- C:Program FilesEverythingEverything.exe

MOD - [2008/04/15 07:00:00 | 000,059,904 | ---- | M] () -- C:WINDOWSsystem32devenum.dll

MOD - [2008/04/15 07:00:00 | 000,014,336 | ---- | M] () -- C:WINDOWSsystem32msdmo.dll

 

 

========== Services (SafeList) ==========

 

SRV - [2012/08/24 23:22:35 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:WINDOWSsystem32MacromedFlashFlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/07/05 22:07:00 | 000,161,704 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:Program FilesOracleJavaFX 2.1 Runtimebinjqs.exe -- (JavaQuickStarterService)

SRV - [2012/05/18 23:58:40 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:Program FilesAviraAntiVir Desktopsched.exe -- (AntiVirSchedulerService)

SRV - [2012/05/18 23:58:39 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:Program FilesAviraAntiVir Desktopavguard.exe -- (AntiVirService)

SRV - [2009/03/30 15:47:00 | 000,254,042 | ---- | M] (IDT, Inc.) [Auto | Running] -- c:Program FilesIDTWDMstacsv.exe -- (STacSV)

SRV - [2008/10/21 12:50:02 | 000,077,312 | ---- | M] () [Disabled | Stopped] -- C:Program FilesPCPitstopPCPitstopScheduleService.exe -- (PCPitstop Scheduling)

 

 

========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32DRIVERSRts5161ccid.sys -- (USBCCID)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32DRIVERSRts516xIR.sys -- (Rts516xIR)

DRV - File not found [Kernel | On_Demand | Stopped] -- System32DriversRTS5121.sys -- (RSUSBSTOR)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PCTINDIS5)

DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32DRIVERSpctnullport.sys -- (Nmea)

DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32DRIVERSl1c51x86.sys -- (L1c)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (cpuz128)

DRV - File not found [Kernel | System | Stopped] -- -- (Changer)

DRV - [2012/05/18 23:58:41 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:WINDOWSsystem32driversavipbb.sys -- (avipbb)

DRV - [2012/05/18 23:58:41 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:WINDOWSsystem32driversavgntflt.sys -- (avgntflt)

DRV - [2011/11/25 03:26:04 | 000,013,440 | ---- | M] (June Fabrics Technology Inc.) [Kernel | On_Demand | Running] -- C:WINDOWSsystem32driverspneteth.sys -- (pneteth)

DRV - [2011/09/16 02:55:04 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:WINDOWSsystem32driversavkmgr.sys -- (avkmgr)

DRV - [2011/01/12 23:15:08 | 000,121,192 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:WINDOWSsystem32driversssadbus.sys -- (ssadbus)

DRV - [2010/06/17 18:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:WINDOWSsystem32driversssmdrv.sys -- (ssmdrv)

DRV - [2009/05/07 18:25:14 | 001,735,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:WINDOWSsystem32driversBCMWL5.SYS -- (BCM43XX)

DRV - [2009/03/30 15:47:00 | 001,550,891 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:WINDOWSsystem32driverssthda.sys -- (STHDA)

DRV - [2009/03/19 13:55:06 | 000,113,664 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:WINDOWSsystem32driversAESTAud.sys -- (AESTAud)

DRV - [2008/09/23 16:10:48 | 000,024,840 | ---- | M] () [Kernel | On_Demand | Running] -- C:WINDOWSsystem32driversswmsflt.sys -- (swmsflt)

DRV - [2008/09/23 16:10:46 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driversPCASp50.sys -- (PCASp50)

DRV - [2008/09/23 16:10:42 | 000,222,720 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:WINDOWSsystem32driversNWADIenum.sys -- (NWADI)

DRV - [2008/09/23 16:10:42 | 000,174,336 | R--- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driversnwusbser2.sys -- (NWUSBPort2)

DRV - [2008/09/23 16:10:42 | 000,174,336 | R--- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driversnwusbser.sys -- (NWUSBPort)

DRV - [2008/09/23 16:10:42 | 000,174,336 | R--- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driversnwusbmdm.sys -- (NWUSBModem)

DRV - [2008/09/23 16:10:42 | 000,020,480 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driversNwUsbCdFil.sys -- (NWUSBCDFIL)

DRV - [2006/11/02 10:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:WINDOWSsystem32driverswinusb.sys -- (WinUSB)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM..SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM..SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKLM..SearchScopes{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKLM..SearchScopes{7C5AA3FF-F56B-4A27-B01C-9B34E46F084A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPNTDF

IE - HKLM..SearchScopes{C1A2A748-9F61-42DA-A5A3-22D4089CE36D}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl

 

IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://www.yahoo.com/?ilc=17

IE - HKCU..SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKCU..SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKCU..SearchScopes{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU..SearchScopes{7C5AA3FF-F56B-4A27-B01C-9B34E46F084A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox

IE - HKCU..SearchScopes{C1A2A748-9F61-42DA-A5A3-22D4089CE36D}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl

IE - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyEnable" = 0

 

========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "Yahoo"

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=685749&ilc=12"

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"

FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=685749&p="

FF - prefs.js..network.proxy.type: 0

 

 

FF - HKLMSoftwareMozillaPlugins@adobe.com/FlashPlayer: C:WINDOWSsystem32MacromedFlashNPSWF32_11_3_300_271.dll ()

FF - HKLMSoftwareMozillaPlugins@adobe.com/ShockwavePlayer: C:WINDOWSsystem32AdobeDirectornp32dsw.dll (Adobe Systems, Inc.)

FF - HKLMSoftwareMozillaPlugins@Google.com/GoogleEarthPlugin: C:Program FilesGoogleGoogle Earthpluginnpgeplugin.dll (Google)

FF - HKLMSoftwareMozillaPlugins@java.com/DTPlugin,version=10.5.1: C:WINDOWSsystem32npDeployJava1.dll (Oracle Corporation)

FF - HKLMSoftwareMozillaPlugins@java.com/JavaPlugin,version=10.5.1: C:Program FilesOracleJavaFX 2.1 Runtimebinplugin2npjp2.dll (Oracle Corporation)

FF - HKLMSoftwareMozillaPlugins@Microsoft.com/NpCtrl,version=1.0: c:Program FilesMicrosoft Silverlight4.1.10329.0npctrl.dll ( Microsoft Corporation)

FF - HKLMSoftwareMozillaPlugins@microsoft.com/WPF,version=3.5: c:WINDOWSMicrosoft.NETFrameworkv3.5Windows Presentation FoundationNPWPF.dll (Microsoft Corporation)

FF - HKLMSoftwareMozillaPlugins@tools.google.com/Google Update;version=3: C:Program FilesGoogleUpdate1.3.21.115npGoogleUpdate3.dll (Google Inc.)

FF - HKLMSoftwareMozillaPlugins@tools.google.com/Google Update;version=9: C:Program FilesGoogleUpdate1.3.21.115npGoogleUpdate3.dll (Google Inc.)

FF - HKLMSoftwareMozillaPlugins@viewpoint.com/VMP: C:Program FilesViewpointViewpoint Experience TechnologynpViewpoint.dll ()

FF - HKCUSoftwareMozillaPlugins@tools.google.com/Google Update;version=3: C:Documents and SettingsSuziLocal SettingsApplication DataGoogleUpdate1.3.21.115npGoogleUpdate3.dll (Google Inc.)

FF - HKCUSoftwareMozillaPlugins@tools.google.com/Google Update;version=9: C:Documents and SettingsSuziLocal SettingsApplication DataGoogleUpdate1.3.21.115npGoogleUpdate3.dll (Google Inc.)

 

FF - HKEY_LOCAL_MACHINEsoftwaremozillaMozilla Firefox 10.0.2extensionsComponents: C:Program FilesMozilla Firefoxcomponents [2012/02/25 12:56:20 | 000,000,000 | ---D | M]

 

[2012/02/26 18:25:07 | 000,000,000 | ---D | M] (No name found) -- C:Documents and SettingsSuziApplication DataMozillaExtensions

[2012/08/25 11:31:46 | 000,000,000 | ---D | M] (No name found) -- C:Documents and SettingsSuziApplication DataMozillaFirefoxProfiles03u3rlxy.defaultextensions

[2012/08/25 11:31:46 | 000,000,000 | ---D | M] ("Software Assist") -- C:Documents and SettingsSuziApplication DataMozillaFirefoxProfiles03u3rlxy.defaultextensionscrossriderapp3026@crossrider.com

[2012/04/29 19:28:06 | 000,000,000 | ---D | M] (No name found) -- C:Program FilesMozilla Firefoxextensions

[2012/04/29 19:28:06 | 000,000,000 | ---D | M] (Java Console) -- C:Program FilesMozilla Firefoxextensions{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}

[2012/02/16 09:40:42 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:Program Filesmozilla firefoxcomponentsbrowsercomps.dll

[2012/02/16 05:42:53 | 000,002,252 | ---- | M] () -- C:Program Filesmozilla firefoxsearchpluginsbing.xml

[2012/02/16 05:42:53 | 000,002,040 | ---- | M] () -- C:Program Filesmozilla firefoxsearchpluginstwitter.xml

 

========== Chrome ==========

 

CHR - homepage:

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},

CHR - homepage:

CHR - plugin: Shockwave Flash (Enabled) = C:Documents and SettingsSuziLocal SettingsApplication DataGoogleChromeApplication21.0.1180.60PepperFlashpepflashplayer.dll

CHR - plugin: Shockwave Flash (Enabled) = C:Documents and SettingsSuziLocal SettingsApplication DataGoogleChromeApplication21.0.1180.83gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:WINDOWSsystem32MacromedFlashNPSWF32_11_3_300_268.dll

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:Documents and SettingsSuziLocal SettingsApplication DataGoogleChromeApplication21.0.1180.83ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:Documents and SettingsSuziLocal SettingsApplication DataGoogleChromeApplication21.0.1180.83pdf.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:Program FilesAdobeReader 9.0ReaderBrowsernppdf32.dll

CHR - plugin: Microsoftu00AE DRM (Enabled) = C:Program FilesWindows Media Playernpdrmv2.dll

CHR - plugin: Microsoftu00AE DRM (Enabled) = C:Program FilesWindows Media Playernpwmsdrm.dll

CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:Program FilesWindows Media Playernpdsplay.dll

CHR - plugin: Google Update (Enabled) = C:Program FilesGoogleUpdate1.3.21.115npGoogleUpdate3.dll

CHR - plugin: Google Earth Plugin (Enabled) = C:Program FilesGoogleGoogle Earthpluginnpgeplugin.dll

CHR - plugin: Java Platform SE 7 U5 (Enabled) = C:Program FilesOracleJavaFX 2.1 Runtimebinplugin2npjp2.dll

CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:WINDOWSsystem32npDeployJava1.dll

CHR - plugin: MetaStream 3 Plugin (Enabled) = C:Program FilesViewpointViewpoint Experience TechnologynpViewpoint.dll

CHR - plugin: Shockwave for Director (Enabled) = C:WINDOWSsystem32AdobeDirectornp32dsw.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:Program FilesMicrosoft Silverlight4.1.10329.0npctrl.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = c:WINDOWSMicrosoft.NETFrameworkv3.5Windows Presentation FoundationNPWPF.dll

CHR - Extension: Bejeweled = C:Documents and SettingsSuziLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionsadpkifcfcacgmnggcbpbjbkdijciiigm2_1

CHR - Extension: YouTube = C:Documents and SettingsSuziLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionsblpcfgokakmgnkcojhhkbfbldkacnbeo4.2.5_0

CHR - Extension: SpeedDial = C:Documents and SettingsSuziLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionscjpglkicenollcignonpgiafdgfeehoj4.0_0

CHR - Extension: Google Search = C:Documents and SettingsSuziLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionscoobgpohoikkiipiblmjeljniedjpjpf0.0.0.19_0

CHR - Extension: Search by Image (by Google) = C:Documents and SettingsSuziLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionsdajedkncpodkggklbegccjpmnglmnflm1.1.1_1

CHR - Extension: Read Later Fast = C:Documents and SettingsSuziLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionsdecdfngdidijkdjgbknlnepdljfaepji1.5.2_0

CHR - Extension: Pandora = C:Documents and SettingsSuziLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionsfbangkleohkafngihneedemihgfeikcl1.0_0

CHR - Extension: Web Lab = C:Documents and SettingsSuziLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionsfgacgeibpdjllcjckbmgecpahipdjabe1.0_0

CHR - Extension: Quick Pinterest = C:Documents and SettingsSuziLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionskoknjbkknnhiigohiagkpaechjmplakb1.5.1_0

CHR - Extension: Picasa = C:Documents and SettingsSuziLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionsonlgmecjpnejhfeofkgbfgnmdlipdejb6.2.2_0

 

O1 HOSTS File: ([2008/04/15 07:00:00 | 000,000,734 | ---- | M]) - C:WINDOWSsystem32driversetchosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll (Skype Technologies S.A.)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesOracleJavaFX 2.1 Runtimebinssv.dll (Oracle Corporation)

O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:Program FilesMSNToolbar3.0.0559.0msneshellx.dll (Microsoft Corp.)

O2 - BHO: (WeCareReminder Class) - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:Documents and SettingsAll UsersApplication DataWeCareReminderIEHelperv2.5.0.dll (We-Care.com)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program FilesOracleJavaFX 2.1 Runtimebinjp2ssv.dll (Oracle Corporation)

O3 - HKLM..Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:Program FilesMSNToolbar3.0.0559.0msneshellx.dll (Microsoft Corp.)

O3 - HKLM..Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKCU..ToolbarWebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.

O4 - HKLM..Run: [AESTFltr] C:WINDOWSSystem32AESTFltr.exe (Andrea Electronics Corporation)

O4 - HKLM..Run: [avgnt] C:Program FilesAviraAntiVir Desktopavgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..Run: [Everything] C:Program FilesEverythingEverything.exe ()

O4 - HKLM..Run: [HP BTW Detect Program] C:Program FilesHPHPBTWD.exe ()

O4 - HKLM..Run: [HP Mobile Broadband] c:SWsetupHPQWWANHPMobileBroadband.exe (Hewlett-Packard Company)

O4 - HKLM..Run: [sysTrayApp] C:Program FilesIDTWDMsttray.exe (IDT, Inc.)

O4 - Startup: C:Documents and SettingsSuziStart MenuProgramsStartupPdaNet Desktop.lnk = C:Program FilesPdaNet for AndroidPdaNetPC.exe ()

O6 - HKLMSoftwarePoliciesMicrosoftInternet ExplorerInfodelivery present

O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: HonorAutoRunSetting = 1

O7 - HKCUSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDriveTypeAutoRun = 145

O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll (Skype Technologies S.A.)

O15 - HKCU..Trusted Domains: facebook.com ([www] https in Trusted sites)

O15 - HKCU..Trusted Domains: yahoo.com ([login] https in Trusted sites)

O16 - DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} http://utilities.pcpitstop.com/Exterminate2/pcpitstopAntiVirus.dll (PCPitstop AntiVirus)

O17 - HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 8.8.8.8

O17 - HKLMSystemCCSServicesTcpipParametersInterfaces{62745325-20C1-4F0C-A6BD-2AC3CD7BA611}: DhcpNameServer = 8.8.8.8

O18 - ProtocolHandlerskype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:Program FilesCommon FilesSkypeSkype4COM.dll (Skype Technologies)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:WINDOWSexplorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:WINDOWSsystem32userinit.exe) - C:WINDOWSsystem32userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:Documents and SettingsSuziLocal SettingsApplication DataMicrosoftWallpaper1.bmp

O24 - Desktop BackupWallPaper: C:Documents and SettingsSuziLocal SettingsApplication DataMicrosoftWallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM..comfile [open] -- "%1" %*

O35 - HKLM..exefile [open] -- "%1" %*

O37 - HKLM...com [@ = comfile] -- "%1" %*

O37 - HKLM...exe [@ = exefile] -- "%1" %*

O38 - SubSystemsWindows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystemsWindows: (ServerDll=winsrv:ConServerDllInitialization,2)

 

========== Files/Folders - Created Within 30 Days ==========

 

[2012/08/25 23:08:41 | 000,000,000 | ---D | C] -- C:_OTL

[2012/08/25 22:59:47 | 000,598,016 | ---- | C] (OldTimer Tools) -- C:Documents and SettingsSuziDesktopOTL.exe

[2012/08/25 17:38:03 | 000,000,000 | ---D | C] -- C:Hijackthis

[2012/08/25 17:22:51 | 000,000,000 | R--D | C] -- C:Documents and SettingsAll UsersDocumentsMy Videos

[2012/08/25 17:21:55 | 000,607,260 | R--- | C] (Swearware) -- C:Documents and SettingsSuziMy Documentsdds.com

[2012/08/25 17:12:39 | 000,000,000 | ---D | C] -- C:Documents and SettingsSuziDesktopDDS

[2012/08/25 12:39:00 | 000,000,000 | ---D | C] -- C:Documents and SettingsSuziDesktopLogs

[2012/08/24 09:00:16 | 001,483,696 | ---- | C] (PC Pitstop LLC ) -- C:Documents and SettingsSuziMy Documentspcmatic-setup-0008.exe

[2012/08/24 08:41:03 | 000,000,000 | ---D | C] -- C:Documents and SettingsAll UsersApplication DataPCPitstop

[2012/08/24 08:39:48 | 000,000,000 | ---D | C] -- C:Documents and SettingsAll UsersStart MenuProgramsPC Pitstop

[2012/08/24 08:39:46 | 000,000,000 | ---D | C] -- C:Program FilesPCPitstop

[2012/08/24 08:36:35 | 002,103,688 | ---- | C] (PC Pitstop LLC ) -- C:Documents and SettingsSuziMy Documentsexterminate2-setup-0004.exe

[2012/08/24 05:36:23 | 016,476,616 | ---- | C] (Microsoft Corporation) -- C:Documents and SettingsSuziMy DocumentsWindows-KB890830-V4.11.exe

[2012/08/23 07:02:31 | 000,000,000 | ---D | C] -- C:Documents and SettingsSuziDesktopEDITED

[2012/08/23 07:01:27 | 000,000,000 | ---D | C] -- C:Documents and SettingsSuziLocal SettingsApplication DataPaint.NET

[2012/08/23 06:59:59 | 000,000,000 | ---D | C] -- C:Documents and SettingsSuziLocal SettingsApplication DataFreeEditorEditTemp

[2012/08/23 06:50:08 | 000,000,000 | ---D | C] -- C:Program FilesK-Lite Codec Pack

[2012/08/23 06:49:58 | 000,000,000 | ---D | C] -- C:Documents and SettingsAll UsersStart MenuProgramsFree Editor

[2012/08/23 06:49:42 | 000,000,000 | ---D | C] -- C:Program FilesFree Editor

[2012/08/23 06:22:07 | 000,000,000 | ---D | C] -- C:Documents and SettingsSuziLocal SettingsApplication DataSoftware Assist

[2012/08/23 06:22:02 | 000,000,000 | ---D | C] -- C:Program FilesSoftware Assist

[2012/08/21 08:36:46 | 000,000,000 | ---D | C] -- C:Documents and SettingsSuziDesktopfb

[2012/08/19 20:09:47 | 000,000,000 | ---D | C] -- C:Documents and SettingsSuziDesktopyou tube catches

[2012/08/19 20:09:35 | 000,000,000 | ---D | C] -- C:Documents and SettingsSuziMy DocumentsNew Folder

[2012/08/19 20:07:53 | 000,000,000 | ---D | C] -- C:Documents and SettingsAll UsersApplication DataYTD Video Downloader

[2012/08/19 20:07:44 | 000,000,000 | ---D | C] -- C:Documents and SettingsAll UsersStart MenuProgramsYTD Video Downloader

[2012/08/19 20:07:41 | 000,000,000 | ---D | C] -- C:Program FilesGreenTree Applications

[2012/08/19 19:16:59 | 000,000,000 | ---D | C] -- C:Documents and SettingsSuziApplication Datavlc

[2012/08/19 19:15:18 | 000,000,000 | ---D | C] -- C:Program FilesVideoLAN

[2012/08/19 18:59:04 | 000,000,000 | ---D | C] -- C:Documents and SettingsAll UsersApplication DataWeCareReminder

[2012/08/19 18:55:33 | 000,000,000 | ---D | C] -- C:Documents and SettingsAll UsersApplication DataTarma Installer

[2012/08/19 18:51:45 | 000,000,000 | R--D | C] -- C:Documents and SettingsSuziStart MenuProgramsAdministrative Tools

[2012/08/19 18:51:44 | 000,000,000 | R--D | C] -- C:Documents and SettingsSuziMy DocumentsMy Videos

[2012/08/19 09:52:26 | 000,000,000 | ---D | C] -- C:Documents and SettingsAll UsersStart MenuProgramsTweaks

[2012/08/19 09:52:24 | 000,000,000 | ---D | C] -- C:Program FilesTweaks

[2012/08/16 19:32:22 | 000,000,000 | ---D | C] -- C:Documents and SettingsAll UsersApplication Datafirebird

[2012/08/16 19:30:37 | 000,000,000 | ---D | C] -- C:Documents and SettingsSuziMy DocumentsMy Chrysanth

[2012/08/16 19:30:37 | 000,000,000 | ---D | C] -- C:Documents and SettingsSuziApplication DataChrysanth

[2012/08/16 19:30:19 | 000,000,000 | ---D | C] -- C:Program FilesChrysanth

[2012/08/16 19:08:52 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:WINDOWSSetup1.exe

[2012/08/16 19:08:51 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:WINDOWSST6UNST.EXE

[2012/08/16 18:52:29 | 000,000,000 | ---D | C] -- C:myDiary

[2012/08/07 09:25:17 | 000,000,000 | ---D | C] -- C:Documents and SettingsSuziLocal SettingsApplication DataSun

[2012/08/01 23:39:25 | 000,000,000 | ---D | C] -- C:Documents and SettingsSuziStart MenuProgramsGoogle Chrome

[2012/08/01 23:14:06 | 000,000,000 | ---D | C] -- C:Documents and SettingsSuziLocal SettingsApplication DataGoogle

[2012/08/01 23:12:31 | 000,000,000 | ---D | C] -- C:Documents and SettingsSuziLocal SettingsApplication DataDeployment

[2012/08/01 08:37:25 | 000,000,000 | ---D | C] -- C:Program FilesCommon FilesJava

[2012/08/01 08:36:41 | 000,000,000 | ---D | C] -- C:Program FilesOracle

[2012/08/01 08:36:32 | 000,000,000 | ---D | C] -- C:Documents and SettingsSuziApplication DataOracle

[2012/08/01 08:36:27 | 000,227,760 | ---- | C] (Oracle Corporation) -- C:WINDOWSSystem32javaws.exe

[2012/08/01 08:36:19 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:WINDOWSSystem32javaw.exe

[2012/08/01 08:36:19 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:WINDOWSSystem32java.exe

[2012/08/01 08:35:34 | 000,000,000 | ---D | C] -- C:Documents and SettingsAll UsersApplication DataMcAfee

[2012/07/30 06:37:29 | 000,000,000 | ---D | C] -- C:Documents and SettingsSuziApplication DataTemplate

[48 C:WINDOWSSystem32*.tmp files -> C:WINDOWSSystem32*.tmp -> ]

[21 C:WINDOWSSystem32dllcache*.tmp files -> C:WINDOWSSystem32dllcache*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2012/08/25 23:19:00 | 000,000,974 | ---- | M] () -- C:WINDOWStasksGoogleUpdateTaskUserS-1-5-21-3722816078-4193266709-504252426-1008UA.job

[2012/08/25 23:15:16 | 000,000,830 | ---- | M] () -- C:WINDOWStasksAdobe Flash Player Updater.job

[2012/08/25 23:00:29 | 000,598,016 | ---- | M] (OldTimer Tools) -- C:Documents and SettingsSuziDesktopOTL.exe

[2012/08/25 22:55:46 | 000,442,140 | ---- | M] () -- C:WINDOWSSystem32perfh009.dat

[2012/08/25 22:55:46 | 000,071,910 | ---- | M] () -- C:WINDOWSSystem32perfc009.dat

[2012/08/25 22:51:41 | 000,000,880 | ---- | M] () -- C:WINDOWStasksGoogleUpdateTaskMachineCore.job

[2012/08/25 22:51:41 | 000,000,416 | ---- | M] () -- C:WINDOWStasksPCConfidential.job

[2012/08/25 22:51:22 | 000,002,048 | --S- | M] () -- C:WINDOWSbootstat.dat

[2012/08/25 22:51:17 | 1064,620,032 | -HS- | M] () -- C:hiberfil.sys

[2012/08/25 17:30:00 | 000,000,884 | ---- | M] () -- C:WINDOWStasksGoogleUpdateTaskMachineUA.job

[2012/08/25 17:29:05 | 000,000,974 | ---- | M] () -- C:WINDOWStasksGoogleUpdateTaskUserS-1-5-21-3722816078-4193266709-504252426-1009UA.job

[2012/08/25 17:22:19 | 000,607,260 | R--- | M] (Swearware) -- C:Documents and SettingsSuziMy Documentsdds.com

[2012/08/25 13:43:41 | 000,001,821 | ---- | M] () -- C:Documents and SettingsSuziDesktopAvira Free Antivirus Profile Scan for Rootkits and active malware.LNK

[2012/08/25 12:19:00 | 000,000,922 | ---- | M] () -- C:WINDOWStasksGoogleUpdateTaskUserS-1-5-21-3722816078-4193266709-504252426-1008Core.job

[2012/08/24 23:22:33 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:WINDOWSSystem32FlashPlayerApp.exe

[2012/08/24 23:22:32 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:WINDOWSSystem32FlashPlayerCPLApp.cpl

[2012/08/24 09:01:30 | 001,483,696 | ---- | M] (PC Pitstop LLC ) -- C:Documents and SettingsSuziMy Documentspcmatic-setup-0008.exe

[2012/08/24 08:39:48 | 000,001,778 | ---- | M] () -- C:Documents and SettingsSuziDesktopPC Pitstop Exterminate2.lnk

[2012/08/24 08:37:13 | 002,103,688 | ---- | M] (PC Pitstop LLC ) -- C:Documents and SettingsSuziMy Documentsexterminate2-setup-0004.exe

[2012/08/24 05:41:39 | 016,476,616 | ---- | M] (Microsoft Corporation) -- C:Documents and SettingsSuziMy DocumentsWindows-KB890830-V4.11.exe

[2012/08/23 06:49:58 | 000,000,713 | ---- | M] () -- C:Documents and SettingsAll UsersDesktopFree Editor.lnk

[2012/08/23 06:15:19 | 000,001,729 | ---- | M] () -- C:Documents and SettingsAll UsersDesktopAdobe Reader 9.lnk

[2012/08/23 05:51:08 | 000,011,527 | ---- | M] () -- C:Documents and SettingsSuziDesktopMeditation - pg 86, 87 & 88.pdf

[2012/08/22 22:03:53 | 001,127,948 | ---- | M] () -- C:Documents and SettingsSuziDesktopIMG_20120822_144841.JPG

[2012/08/22 06:34:37 | 000,002,277 | ---- | M] () -- C:Documents and SettingsSuziDesktopGoogle Chrome.lnk

[2012/08/22 06:34:37 | 000,002,255 | ---- | M] () -- C:Documents and SettingsSuziApplication DataMicrosoftInternet ExplorerQuick LaunchGoogle Chrome.lnk

[2012/08/20 08:33:01 | 018,563,935 | ---- | M] () -- C:Documents and SettingsSuziMy DocumentsVOICE OF TRUTH with lyrics.flv

[2012/08/20 08:27:27 | 020,447,678 | ---- | M] () -- C:Documents and SettingsSuziMy DocumentsEast To West - Casting Crowns (Music Video With Lyrics).flv

[2012/08/20 08:19:29 | 017,103,276 | ---- | M] () -- C:Documents and SettingsSuziMy DocumentsCasting Crowns - Who am I (LIVE) - With Lyrics_Subtitles.flv

[2012/08/20 08:10:33 | 010,008,445 | ---- | M] () -- C:Documents and SettingsSuziMy DocumentsHere I am to Worship.flv

[2012/08/20 08:06:17 | 007,926,943 | ---- | M] () -- C:Documents and SettingsSuziMy DocumentsLord I Lift Your Name On High (worship video w_ lyrics).flv

[2012/08/20 07:59:44 | 016,571,908 | ---- | M] () -- C:Documents and SettingsSuziMy DocumentsDays Of Elijah-Worship songs With Lyrics.mp4

[2012/08/20 07:53:12 | 019,300,285 | ---- | M] () -- C:Documents and SettingsSuziMy DocumentsGrace Like rain Todd Agnew Lyrics.flv

[2012/08/20 07:46:45 | 033,797,195 | ---- | M] () -- C:Documents and SettingsSuziMy Documentsbetter is one day - matt redman ( christian song _ with lyrics ).flv

[2012/08/19 20:29:00 | 000,000,922 | ---- | M] () -- C:WINDOWStasksGoogleUpdateTaskUserS-1-5-21-3722816078-4193266709-504252426-1009Core.job

[2012/08/19 20:22:54 | 005,933,600 | ---- | M] () -- C:Documents and SettingsSuziMy DocumentsPraise and Worship Songs with Lyrics Shout to the Lord.flv

[2012/08/19 20:07:44 | 000,000,942 | ---- | M] () -- C:Documents and SettingsAll UsersDesktopYTD Video Downloader.lnk

[2012/08/19 18:59:08 | 000,033,958 | ---- | M] () -- C:Documents and SettingsAll UsersApplication Datauninstaller.exe

[2012/08/19 18:54:19 | 000,384,844 | ---- | M] () -- C:Documents and SettingsSuziLocal SettingsApplication Datafunmoods-speeddial.crx

[2012/08/19 10:07:57 | 000,000,687 | ---- | M] () -- C:Documents and SettingsSuziDesktopEfficient Diary.lnk

[2012/08/19 09:52:26 | 000,000,842 | ---- | M] () -- C:Documents and SettingsAll UsersDesktopFile Extractor.lnk

[2012/08/17 06:48:21 | 000,243,128 | ---- | M] () -- C:WINDOWSSystem32FNTCACHE.DAT

[2012/08/16 19:08:53 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:WINDOWSSetup1.exe

[2012/08/16 19:08:51 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:WINDOWSST6UNST.EXE

[2012/08/15 16:07:08 | 000,001,158 | ---- | M] () -- C:WINDOWSSystem32wpa.dbl

[2012/08/11 23:37:51 | 000,002,257 | ---- | M] () -- C:Documents and SettingsAll UsersDesktopSkype.lnk

[2012/08/07 13:49:20 | 004,608,000 | ---- | M] () -- C:Documents and SettingsAll UsersApplication DataReadOnlyInstaller.msi

[2012/08/01 09:40:02 | 000,000,270 | ---- | M] () -- C:Documents and SettingsSuziApplication Datawklnhst.dat

[2012/08/01 08:36:02 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:WINDOWSSystem32javaw.exe

[2012/08/01 08:36:02 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:WINDOWSSystem32java.exe

[2012/07/29 14:18:15 | 000,016,714 | ---- | M] () -- C:Documents and SettingsSuziMy Documentsfacebook_-755996876.jpg

[48 C:WINDOWSSystem32*.tmp files -> C:WINDOWSSystem32*.tmp -> ]

[21 C:WINDOWSSystem32dllcache*.tmp files -> C:WINDOWSSystem32dllcache*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2012/08/25 13:43:41 | 000,001,821 | ---- | C] () -- C:Documents and SettingsSuziDesktopAvira Free Antivirus Profile Scan for Rootkits and active malware.LNK

[2012/08/24 08:39:48 | 000,001,778 | ---- | C] () -- C:Documents and SettingsSuziDesktopPC Pitstop Exterminate2.lnk

[2012/08/23 06:50:15 | 000,175,616 | ---- | C] () -- C:WINDOWSSystem32unrar.dll

[2012/08/23 06:49:58 | 000,000,713 | ---- | C] () -- C:Documents and SettingsAll UsersDesktopFree Editor.lnk

[2012/08/23 06:15:19 | 000,001,804 | ---- | C] () -- C:Documents and SettingsAll UsersStart MenuProgramsAdobe Reader 9.lnk

[2012/08/23 06:15:19 | 000,001,729 | ---- | C] () -- C:Documents and SettingsAll UsersDesktopAdobe Reader 9.lnk

[2012/08/23 05:51:49 | 000,011,527 | ---- | C] () -- C:Documents and SettingsSuziDesktopMeditation - pg 86, 87 & 88.pdf

[2012/08/22 22:03:52 | 001,127,948 | ---- | C] () -- C:Documents and SettingsSuziDesktopIMG_20120822_144841.JPG

[2012/08/20 08:28:58 | 018,563,935 | ---- | C] () -- C:Documents and SettingsSuziMy DocumentsVOICE OF TRUTH with lyrics.flv

[2012/08/20 08:23:54 | 020,447,678 | ---- | C] () -- C:Documents and SettingsSuziMy DocumentsEast To West - Casting Crowns (Music Video With Lyrics).flv

[2012/08/20 08:15:29 | 017,103,276 | ---- | C] () -- C:Documents and SettingsSuziMy DocumentsCasting Crowns - Who am I (LIVE) - With Lyrics_Subtitles.flv

[2012/08/20 08:06:58 | 010,008,445 | ---- | C] () -- C:Documents and SettingsSuziMy DocumentsHere I am to Worship.flv

[2012/08/20 08:03:31 | 007,926,943 | ---- | C] () -- C:Documents and SettingsSuziMy DocumentsLord I Lift Your Name On High (worship video w_ lyrics).flv

[2012/08/20 07:56:25 | 016,571,908 | ---- | C] () -- C:Documents and SettingsSuziMy DocumentsDays Of Elijah-Worship songs With Lyrics.mp4

[2012/08/20 07:49:06 | 019,300,285 | ---- | C] () -- C:Documents and SettingsSuziMy DocumentsGrace Like rain Todd Agnew Lyrics.flv

[2012/08/20 07:37:53 | 033,797,195 | ---- | C] () -- C:Documents and SettingsSuziMy Documentsbetter is one day - matt redman ( christian song _ with lyrics ).flv

[2012/08/19 20:14:02 | 005,933,600 | ---- | C] () -- C:Documents and SettingsSuziMy DocumentsPraise and Worship Songs with Lyrics Shout to the Lord.flv

[2012/08/19 20:07:44 | 000,000,942 | ---- | C] () -- C:Documents and SettingsAll UsersDesktopYTD Video Downloader.lnk

[2012/08/19 18:59:08 | 000,033,958 | ---- | C] () -- C:Documents and SettingsAll UsersApplication Datauninstaller.exe

[2012/08/19 18:54:26 | 000,384,844 | ---- | C] () -- C:Documents and SettingsSuziLocal SettingsApplication Datafunmoods-speeddial.crx

[2012/08/19 10:07:57 | 000,000,687 | ---- | C] () -- C:Documents and SettingsSuziDesktopEfficient Diary.lnk

[2012/08/19 09:52:26 | 000,000,842 | ---- | C] () -- C:Documents and SettingsAll UsersDesktopFile Extractor.lnk

[2012/08/07 13:49:20 | 004,608,000 | ---- | C] () -- C:Documents and SettingsAll UsersApplication DataReadOnlyInstaller.msi

[2012/08/01 23:39:30 | 000,002,277 | ---- | C] () -- C:Documents and SettingsSuziDesktopGoogle Chrome.lnk

[2012/08/01 23:39:30 | 000,002,255 | ---- | C] () -- C:Documents and SettingsSuziApplication DataMicrosoftInternet ExplorerQuick LaunchGoogle Chrome.lnk

[2012/08/01 23:14:08 | 000,000,974 | ---- | C] () -- C:WINDOWStasksGoogleUpdateTaskUserS-1-5-21-3722816078-4193266709-504252426-1009UA.job

[2012/08/01 23:14:08 | 000,000,922 | ---- | C] () -- C:WINDOWStasksGoogleUpdateTaskUserS-1-5-21-3722816078-4193266709-504252426-1009Core.job

[2012/07/30 06:37:28 | 000,000,270 | ---- | C] () -- C:Documents and SettingsSuziApplication Datawklnhst.dat

[2012/07/29 14:18:48 | 000,016,714 | ---- | C] () -- C:Documents and SettingsSuziMy Documentsfacebook_-755996876.jpg

[2012/03/03 17:59:46 | 000,000,253 | ---- | C] () -- C:WINDOWSWININIT.INI

[2012/02/25 11:58:54 | 000,003,072 | ---- | C] () -- C:WINDOWSSystem32iacenc.dll

 

========== LOP Check ==========

 

[2012/08/19 09:13:50 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication Datafirebird

[2012/03/03 15:07:35 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataIObit

[2012/08/24 08:41:03 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataPCPitstop

[2012/01/26 13:19:36 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataSprint

[2012/08/23 06:22:13 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataTarma Installer

[2009/05/07 18:33:03 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataUninstall

[2009/05/07 18:36:13 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataViewpoint

[2012/08/19 18:59:05 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataWeCareReminder

[2009/10/18 13:51:25 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataWinferno

[2012/08/21 07:20:09 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataYTD Video Downloader

[2012/08/16 19:30:37 | 000,000,000 | ---D | M] -- C:Documents and SettingsSuziApplication DataChrysanth

[2012/07/14 00:17:28 | 000,000,000 | ---D | M] -- C:Documents and SettingsSuziApplication DataElevatedDiagnostics

[2012/04/29 09:21:40 | 000,000,000 | ---D | M] -- C:Documents and SettingsSuziApplication DataiComment

[2012/08/21 09:59:25 | 000,000,000 | ---D | M] -- C:Documents and SettingsSuziApplication DataIObit

[2012/08/01 08:36:32 | 000,000,000 | ---D | M] -- C:Documents and SettingsSuziApplication DataOracle

[2012/07/30 06:37:30 | 000,000,000 | ---D | M] -- C:Documents and SettingsSuziApplication DataTemplate

[2012/08/25 22:51:41 | 000,000,416 | ---- | M] () -- C:WINDOWSTasksPCConfidential.job

 

========== Purity Check ==========

 

 

 

========== Custom Scans ==========

 

< %SYSTEMDRIVE%*.* >

[2009/06/18 03:34:06 | 000,000,211 | -HS- | M] () -- C:boot.ini

[2012/07/13 23:04:37 | 000,001,971 | ---- | M] () -- C:hdd.log

[2012/08/25 22:51:17 | 1064,620,032 | -HS- | M] () -- C:hiberfil.sys

[2009/05/07 18:36:15 | 000,000,442 | -H-- | M] () -- C:IPH.PH

[2008/04/15 07:00:00 | 000,047,564 | RHS- | M] () -- C:ntdetect.com

[2008/04/15 07:00:00 | 000,250,048 | RHS- | M] () -- C:ntldr

[2012/08/25 22:51:14 | 1598,029,824 | -HS- | M] () -- C:pagefile.sys

 

< %systemroot%Fonts*.com >

[2006/04/18 17:39:28 | 000,026,040 | ---- | M] () -- C:WINDOWSFontsGlobalMonospace.CompositeFont

[2006/06/29 16:53:56 | 000,026,489 | ---- | M] () -- C:WINDOWSFontsGlobalSansSerif.CompositeFont

[2006/04/18 17:39:28 | 000,029,779 | ---- | M] () -- C:WINDOWSFontsGlobalSerif.CompositeFont

[2006/06/29 16:58:52 | 000,030,808 | ---- | M] () -- C:WINDOWSFontsGlobalUserInterface.CompositeFont

 

< %systemroot%Fonts*.dll >

 

< %systemroot%Fonts*.ini >

[2008/06/24 20:12:00 | 000,000,067 | -HS- | M] () -- C:WINDOWSFontsdesktop.ini

 

< %systemroot%Fonts*.ini2 >

 

< %systemroot%Fonts*.exe >

 

< %systemroot%system32spoolprtprocsw32x86*.* >

[2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:WINDOWSsystem32spoolprtprocsw32x86filterpipelineprintproc.dll

[2006/10/26 21:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:WINDOWSsystem32spoolprtprocsw32x86msonpppr.dll

[2008/07/06 05:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:WINDOWSsystem32spoolprtprocsw32x86printfilterpipelinesvc.exe

 

< %systemroot%REPAIR*.bak1 >

 

< %systemroot%REPAIR*.ini >

 

< %systemroot%system32*.jpg >

 

< %systemroot%*.jpg >

 

< %systemroot%*.png >

 

< %systemroot%*.scr >

 

< %systemroot%*._sy >

 

< %APPDATA%AdobeUpdate*.* >

 

< %ALLUSERSPROFILE%Favorites*.* >

 

< %APPDATA%Microsoft*.* >

 

< %PROGRAMFILES%*.* >

 

< %APPDATA%Update*.* >

 

< %systemroot%*. /mp /s >

 

< %systemroot%System32config*.sav >

[2008/06/24 13:05:34 | 000,094,208 | ---- | M] () -- C:WINDOWSSystem32configdefault.sav

[2008/06/24 13:05:34 | 001,064,960 | ---- | M] () -- C:WINDOWSSystem32configsoftware.sav

[2008/06/24 13:05:32 | 000,905,216 | ---- | M] () -- C:WINDOWSSystem32configsystem.sav

 

< %PROGRAMFILES%bak. /s >

 

< %systemroot%system32bak. /s >

 

< %ALLUSERSPROFILE%Start Menu*.lnk /x >

[2008/06/24 20:12:32 | 000,000,294 | -HS- | M] () -- C:Documents and SettingsAll UsersStart Menudesktop.ini

 

< %systemroot%system32configsystemprofile*.dat /x >

 

< %systemroot%*.config >

 

< %systemroot%system32*.db >

 

< %PROGRAMFILES%Internet Explorer*.dat >

 

< %APPDATA%MicrosoftInternet ExplorerQuick Launch*.lnk /x >

[2012/02/25 16:23:49 | 000,000,060 | -HS- | M] () -- C:Documents and SettingsSuziApplication DataMicrosoftInternet ExplorerQuick Launchdesktop.ini

[2008/06/24 20:17:08 | 000,000,079 | ---- | M] () -- C:Documents and SettingsSuziApplication DataMicrosoftInternet ExplorerQuick LaunchShow Desktop.scf

 

< %USERPROFILE%Desktop*.exe >

[2012/08/25 23:00:29 | 000,598,016 | ---- | M] (OldTimer Tools) -- C:Documents and SettingsSuziDesktopOTL.exe

 

< %PROGRAMFILES%Common Files*.* >

 

< %systemroot%*.src >

 

< %systemroot%install*.* >

 

< %systemroot%system32DLL*.* >

 

< %systemroot%system32HelpFiles*.* >

 

< %systemroot%system32rundll*.* >

 

< %systemroot%winn32*.* >

 

< %systemroot%Java*.* >

 

< %systemroot%system32test*.* >

 

< %systemroot%system32Rundll32*.* >

 

< %systemroot%AppPatchCustom*.* >

[2011/12/19 03:04:46 | 000,000,698 | ---- | M] () -- C:WINDOWSAppPatchCustom{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb

 

< HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsWindowsUpdateAU >

 

< HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionWindowsUpdateAuto UpdateResultsInstall|LastSuccessTime /rs >

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionWindowsUpdateAuto UpdateResultsInstallLastSuccessTime: 2012-08-17 11:38:53

 

< End of report >

 

Again thank you so much for your help!

Share this post


Link to post
Share on other sites

Double click on OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
  • Do Not copy the word CODE
  • please note the fix starts with the :
:Processes

:OTL
IE - HKLM..SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU..SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
FF - HKLMSoftwareMozillaPlugins@viewpoint.com/VMP: C:Program FilesViewpointViewpoint Experience TechnologynpViewpoint.dll ()
[2012/04/29 19:28:06 | 000,000,000 | ---D | M] (Java Console) -- C:Program FilesMozilla Firefoxextensions{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:Program FilesViewpointViewpoint Experience TechnologynpViewpoint.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O3 - HKLM..Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU..ToolbarWebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O15 - HKCU..Trusted Domains: facebook.com ([www] https in Trusted sites)
O15 - HKCU..Trusted Domains: yahoo.com ([login] https in Trusted sites)
[2012/08/19 18:54:19 | 000,384,844 | ---- | M] () -- C:Documents and SettingsSuziLocal SettingsApplication Datafunmoods-speeddial.crx
[2012/08/19 18:54:26 | 000,384,844 | ---- | C] () -- C:Documents and SettingsSuziLocal SettingsApplication Datafunmoods-speeddial.crx

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

Then click the Run Fix button at the top

  • Let the program run unhindered
  • Please save the resulting log to be posted in your next reply.
  • Reboot your computer
Please post the OTL log.

 

Then... in Chrome... click on the wrench in the upper right of your screen. Select settings. Half way or so down the page you will find the Search section. Click on the button that says "Manage search engines..." If FunMoods appears in the list... put your mouse pointer on it. This will cause an X to appear to the right of the line. Click on the X to delete it. OK your way out and let me know how it went.

Share this post


Link to post
Share on other sites

All processes killed

========== PROCESSES ==========

========== OTL ==========

HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerSearchScopesDefaultScope| /E : value set successfully!

HKEY_CURRENT_USERSOFTWAREMicrosoftInternet ExplorerSearchScopesDefaultScope| /E : value set successfully!

Registry key HKEY_LOCAL_MACHINESoftwareMozillaPlugins@viewpoint.com/VMP deleted successfully.

C:Program FilesViewpointViewpoint Experience TechnologynpViewpoint.dll moved successfully.

C:Program FilesMozilla Firefoxextensions{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}chromelocalezh-TWffjcext folder moved successfully.

C:Program FilesMozilla Firefoxextensions{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}chromelocalezh-TW folder moved successfully.

C:Program FilesMozilla Firefoxextensions{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}chromelocalezh-CNffjcext folder moved successfully.

C:Program FilesMozilla Firefoxextensions{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}chromelocalezh-CN folder moved successfully.

C:Program FilesMozilla Firefoxextensions{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}chromelocalesv-SEffjcext folder moved successfully.

C:Program FilesMozilla Firefoxextensions{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}chromelocalesv-SE folder moved successfully.

C:Program FilesMozilla Firefoxextensions{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}chromelocaleko-KRffjcext folder moved successfully.

C:Program FilesMozilla Firefoxextensions{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}chromelocaleko-KR folder moved successfully.

C:Program FilesMozilla Firefoxextensions{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}chromelocaleja-JPffjcext folder moved successfully.

C:Program FilesMozilla Firefoxextensions{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}chromelocaleja-JP folder moved successfully.

C:Program FilesMozilla Firefoxextensions{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}chromelocaleit-ITffjcext folder moved successfully.

C:Program FilesMozilla Firefoxextensions{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}chromelocaleit-IT folder moved successfully.

C:Program FilesMozilla Firefoxextensions{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}chromelocalefr-FRffjcext folder moved successfully.

C:Program FilesMozilla Firefoxextensions{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}chromelocalefr-FR folder moved successfully.

C:Program FilesMozilla Firefoxextensions{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}chromelocalees-ESffjcext folder moved successfully.

C:Program FilesMozilla Firefoxextensions{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}chromelocalees-ES folder moved successfully.

C:Program FilesMozilla Firefoxextensions{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}chromelocaleen-USffjcext folder moved successfully.

C:Program FilesMozilla Firefoxextensions{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}chromelocaleen-US folder moved successfully.

C:Program FilesMozilla Firefoxextensions{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}chromelocalede-DEffjcext folder moved successfully.

C:Program FilesMozilla Firefoxextensions{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}chromelocalede-DE folder moved successfully.

C:Program FilesMozilla Firefoxextensions{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}chromelocale folder moved successfully.

C:Program FilesMozilla Firefoxextensions{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}chromecontentffjcext folder moved successfully.

C:Program FilesMozilla Firefoxextensions{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}chromecontent folder moved successfully.

C:Program FilesMozilla Firefoxextensions{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}chrome folder moved successfully.

C:Program FilesMozilla Firefoxextensions{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} folder moved successfully.

File C:Program FilesViewpointViewpoint Experience TechnologynpViewpoint.dll not found.

Registry key HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{02478D38-C3F9-4efb-9B51-7695ECA05670} deleted successfully.

Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{02478D38-C3F9-4efb-9B51-7695ECA05670} not found.

Registry value HKEY_LOCAL_MACHINESoftwareMicrosoftInternet ExplorerToolbarLocked deleted successfully.

Registry value HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarWebBrowser{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} deleted successfully.

Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} not found.

Registry key HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionInternet SettingsZoneMapDomainsfacebook.comwww deleted successfully.

Registry key HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionInternet SettingsZoneMapDomainsyahoo.comlogin deleted successfully.

C:Documents and SettingsSuziLocal SettingsApplication Datafunmoods-speeddial.crx moved successfully.

File C:Documents and SettingsSuziLocal SettingsApplication Datafunmoods-speeddial.crx not found.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 32902 bytes

->Flash cache emptied: 321 bytes

 

User: Guest

->Temp folder emptied: 3374 bytes

->Temporary Internet Files folder emptied: 33099 bytes

->Flash cache emptied: 321 bytes

 

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 5997386 bytes

 

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: Suzi

->Temp folder emptied: 82765222 bytes

->Temporary Internet Files folder emptied: 1868594 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 85138911 bytes

->Google Chrome cache emptied: 6157010 bytes

->Flash cache emptied: 3050 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%System32 .tmp files removed: 43246316 bytes

%systemroot%System32dllcache .tmp files removed: 9926392 bytes

%systemroot%System32drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 16098284 bytes

%systemroot%system32configsystemprofileLocal SettingsTemp folder emptied: 121646082 bytes

%systemroot%system32configsystemprofileLocal SettingsTemporary Internet Files folder emptied: 33170 bytes

RecycleBin emptied: 15789426 bytes

 

Total Files Cleaned = 371.00 mb

 

 

OTL by OldTimer - Version 3.2.59.0 log created on 08262012_012320

 

FilesFolders moved on Reboot...

 

PendingFileRenameOperations files...

 

Registry entries deleted on Reboot...

 

 

I looked on Chrome and the only search engines listed are google, yahoo and bing...yay :)

Share this post


Link to post
Share on other sites

When running the following tool... it may try to install the recovery console. There are some issues with Microsofts link at the moment so please tell it to run anyway.

 

Download ComboFix:

 

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

* IMPORTANT !!! Save ComboFix.exe to your Desktop

 

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link --> http://forums.whatth...ams_t96260.html
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

 

 

 

Posted Image

 

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

 

Posted Image

 

 

Click on Yes, to continue scanning for malware.

 

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

 

 

Notes:

 

1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

3. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

4. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

5. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Share this post


Link to post
Share on other sites

I hope I didnt mess up (I know how much you probably hate reading those words)

When I started the combofix program and said yes to windows recovery console it ran for a few seconds then this popped up - " Windows recovery failed to download required files, aborting, shall continue scanning for malware" it then had an "ok" button and I pushed ok.. Hope this didnt make this a pain in the butt for you.. :erm:

 

Here is the combofix log:

 

 

ComboFix 12-08-25.04 - Suzi 08/26/2012 11:18:58.1.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.640 [GMT -5:00]

Running from: c:documents and settingsSuziDesktopComboFix.exe

AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

.

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:documents and settingsAll UsersApplication Datauninstaller.exe

c:documents and settingsSuziApplication DataMozillaFirefoxProfiles03u3rlxy.defaultextensionscrossriderapp3026@crossrider.com

c:documents and settingsSuziApplication DataMozillaFirefoxProfiles03u3rlxy.defaultextensionscrossriderapp3026@crossrider.comchrome.manifest

c:documents and settingsSuziApplication DataMozillaFirefoxProfiles03u3rlxy.defaultextensionscrossriderapp3026@crossrider.comchromecontentbackground.html

c:documents and settingsSuziApplication DataMozillaFirefoxProfiles03u3rlxy.defaultextensionscrossriderapp3026@crossrider.comchromecontentbrowser.xul

c:documents and settingsSuziApplication DataMozillaFirefoxProfiles03u3rlxy.defaultextensionscrossriderapp3026@crossrider.comchromecontentcrossrider.js

c:documents and settingsSuziApplication DataMozillaFirefoxProfiles03u3rlxy.defaultextensionscrossriderapp3026@crossrider.comchromecontentcrossriderapi.js

c:documents and settingsSuziApplication DataMozillaFirefoxProfiles03u3rlxy.defaultextensionscrossriderapp3026@crossrider.comchromecontentdialog.js

c:documents and settingsSuziApplication DataMozillaFirefoxProfiles03u3rlxy.defaultextensionscrossriderapp3026@crossrider.comchromecontentoptions.js

c:documents and settingsSuziApplication DataMozillaFirefoxProfiles03u3rlxy.defaultextensionscrossriderapp3026@crossrider.comchromecontentoptions.xul

c:documents and settingsSuziApplication DataMozillaFirefoxProfiles03u3rlxy.defaultextensionscrossriderapp3026@crossrider.comchromecontentsearch_dialog.xul

c:documents and settingsSuziApplication DataMozillaFirefoxProfiles03u3rlxy.defaultextensionscrossriderapp3026@crossrider.comchromecontentupdate.html

c:documents and settingsSuziApplication DataMozillaFirefoxProfiles03u3rlxy.defaultextensionscrossriderapp3026@crossrider.comdefaultspreferencesprefs.js

c:documents and settingsSuziApplication DataMozillaFirefoxProfiles03u3rlxy.defaultextensionscrossriderapp3026@crossrider.cominstall.rdf

c:documents and settingsSuziApplication DataMozillaFirefoxProfiles03u3rlxy.defaultextensionscrossriderapp3026@crossrider.comlocaleen-UStranslations.dtd

c:documents and settingsSuziApplication DataMozillaFirefoxProfiles03u3rlxy.defaultextensionscrossriderapp3026@crossrider.comskinbutton1.png

c:documents and settingsSuziApplication DataMozillaFirefoxProfiles03u3rlxy.defaultextensionscrossriderapp3026@crossrider.comskinbutton2.png

c:documents and settingsSuziApplication DataMozillaFirefoxProfiles03u3rlxy.defaultextensionscrossriderapp3026@crossrider.comskinbutton3.png

c:documents and settingsSuziApplication DataMozillaFirefoxProfiles03u3rlxy.defaultextensionscrossriderapp3026@crossrider.comskinbutton4.png

c:documents and settingsSuziApplication DataMozillaFirefoxProfiles03u3rlxy.defaultextensionscrossriderapp3026@crossrider.comskinbutton5.png

c:documents and settingsSuziApplication DataMozillaFirefoxProfiles03u3rlxy.defaultextensionscrossriderapp3026@crossrider.comskincrossrider_statusbar.png

c:documents and settingsSuziApplication DataMozillaFirefoxProfiles03u3rlxy.defaultextensionscrossriderapp3026@crossrider.comskinicon128.png

c:documents and settingsSuziApplication DataMozillaFirefoxProfiles03u3rlxy.defaultextensionscrossriderapp3026@crossrider.comskinicon16.png

c:documents and settingsSuziApplication DataMozillaFirefoxProfiles03u3rlxy.defaultextensionscrossriderapp3026@crossrider.comskinicon24.png

c:documents and settingsSuziApplication DataMozillaFirefoxProfiles03u3rlxy.defaultextensionscrossriderapp3026@crossrider.comskinicon48.png

c:documents and settingsSuziApplication DataMozillaFirefoxProfiles03u3rlxy.defaultextensionscrossriderapp3026@crossrider.comskinpanelarrow-up.png

c:documents and settingsSuziApplication DataMozillaFirefoxProfiles03u3rlxy.defaultextensionscrossriderapp3026@crossrider.comskinpopup.css

c:documents and settingsSuziApplication DataMozillaFirefoxProfiles03u3rlxy.defaultextensionscrossriderapp3026@crossrider.comskinpopup.html

c:documents and settingsSuziApplication DataMozillaFirefoxProfiles03u3rlxy.defaultextensionscrossriderapp3026@crossrider.comskinpopup_binding.xml

c:documents and settingsSuziApplication DataMozillaFirefoxProfiles03u3rlxy.defaultextensionscrossriderapp3026@crossrider.comskinskin.css

c:documents and settingsSuziApplication DataMozillaFirefoxProfiles03u3rlxy.defaultextensionscrossriderapp3026@crossrider.comskinupdate.css

c:program filesHPHPBTWD.exe

c:program filesInternet ExplorerSET180.tmp

c:program filesInternet ExplorerSET185.tmp

c:windowsDownloaded Program Filesf3initialsetup1.0.1.1.inf

c:windowssystem32_000005_.tmp.dll

c:windowssystem32URTTemp

c:windowssystem32URTTempfusion.dll

c:windowssystem32URTTempmscoree.dll

c:windowssystem32URTTempmscoree.dll.local

c:windowssystem32URTTempmscorsn.dll

c:windowssystem32URTTempmscorwks.dll

c:windowssystem32URTTempmsvcr71.dll

c:windowssystem32URTTempregtlib.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-07-26 to 2012-08-26 )))))))))))))))))))))))))))))))

.

.

2012-08-26 04:08 . 2012-08-26 04:08 -------- d-----w- C:_OTL

2012-08-25 22:38 . 2012-08-25 22:48 -------- d-----w- C:Hijackthis

2012-08-24 13:41 . 2012-08-24 13:41 -------- d-----w- c:documents and settingsAll UsersApplication DataPCPitstop

2012-08-24 13:39 . 2012-08-24 13:39 -------- d-----w- c:program filesPCPitstop

2012-08-24 09:58 . 2012-08-24 14:21 -------- d-----w- c:documents and settingsGuest

2012-08-23 12:01 . 2012-08-24 02:21 -------- d-----w- c:documents and settingsSuziLocal SettingsApplication DataPaint.NET

2012-08-23 11:59 . 2012-08-23 11:59 -------- d-----w- c:documents and settingsSuziLocal SettingsApplication DataFreeEditorEditTemp

2012-08-23 11:50 . 2011-03-02 10:43 175616 ----a-w- c:windowssystem32unrar.dll

2012-08-23 11:50 . 2012-08-23 11:50 -------- d-----w- c:program filesK-Lite Codec Pack

2012-08-23 11:49 . 2012-08-23 12:03 -------- d-----w- c:program filesFree Editor

2012-08-23 11:22 . 2012-08-23 11:22 -------- d-----w- c:documents and settingsSuziLocal SettingsApplication DataSoftware Assist

2012-08-23 11:22 . 2012-08-25 04:32 -------- d-----w- c:program filesSoftware Assist

2012-08-20 01:07 . 2012-08-21 12:20 -------- d-----w- c:documents and settingsAll UsersApplication DataYTD Video Downloader

2012-08-20 01:07 . 2012-08-20 01:07 -------- d-----w- c:program filesGreenTree Applications

2012-08-20 00:16 . 2012-08-21 12:21 -------- d-----w- c:documents and settingsSuziApplication Datavlc

2012-08-20 00:15 . 2012-08-25 20:13 -------- d-----w- c:program filesVideoLAN

2012-08-19 23:59 . 2012-08-19 23:59 -------- d-----w- c:documents and settingsAll UsersApplication DataWeCareReminder

2012-08-19 23:55 . 2012-08-23 11:22 -------- d-----w- c:documents and settingsAll UsersApplication DataTarma Installer

2012-08-19 14:52 . 2012-08-19 14:52 -------- d-----w- c:program filesTweaks

2012-08-17 00:32 . 2012-08-19 14:13 -------- d-----w- c:documents and settingsAll UsersApplication Datafirebird

2012-08-17 00:30 . 2012-08-17 00:30 -------- d-----w- c:documents and settingsSuziApplication DataChrysanth

2012-08-17 00:30 . 2012-08-17 00:30 -------- d-----w- c:program filesChrysanth

2012-08-17 00:08 . 2012-08-17 00:08 249856 ------w- c:windowsSetup1.exe

2012-08-17 00:08 . 2012-08-17 00:08 73216 ----a-w- c:windowsST6UNST.EXE

2012-08-16 23:52 . 2012-08-16 23:52 -------- d-----w- C:myDiary

2012-08-07 18:49 . 2012-08-07 18:49 4608000 ----a-w- c:documents and settingsAll UsersApplication DataReadOnlyInstaller.msi

2012-08-07 14:25 . 2012-08-07 14:25 -------- d-----w- c:documents and settingsSuziLocal SettingsApplication DataSun

2012-08-02 04:14 . 2012-08-02 04:38 -------- d-----w- c:documents and settingsSuziLocal SettingsApplication DataGoogle

2012-08-02 04:12 . 2012-08-02 04:14 -------- d-----w- c:documents and settingsSuziLocal SettingsApplication DataDeployment

2012-08-01 13:37 . 2012-08-01 13:37 -------- d-----w- c:program filesCommon FilesJava

2012-08-01 13:36 . 2012-08-01 13:36 -------- d-----w- c:program filesOracle

2012-08-01 13:36 . 2012-08-01 13:36 -------- d-----w- c:documents and settingsSuziApplication DataOracle

2012-08-01 13:35 . 2012-08-01 13:35 -------- d-----w- c:documents and settingsAll UsersApplication DataMcAfee

2012-07-30 11:37 . 2012-07-30 11:37 -------- d-----w- c:documents and settingsSuziApplication DataTemplate

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-25 04:22 . 2012-04-29 23:52 426184 ----a-w- c:windowssystem32FlashPlayerApp.exe

2012-08-25 04:22 . 2012-01-26 18:40 70344 ----a-w- c:windowssystem32FlashPlayerCPLApp.cpl

2012-07-06 13:58 . 2008-04-15 12:00 78336 ----a-w- c:windowssystem32browser.dll

2012-07-06 03:07 . 2012-04-30 00:28 143872 ----a-w- c:windowssystem32javacpl.cpl

2012-07-06 03:06 . 2012-04-30 00:28 772544 ----a-w- c:windowssystem32npdeployJava1.dll

2012-07-04 14:05 . 2011-12-31 01:19 139784 ----a-w- c:windowssystem32driversrdpwd.sys

2012-07-03 18:46 . 2012-03-03 19:47 22344 ----a-w- c:windowssystem32driversmbam.sys

2012-07-03 13:40 . 2012-01-12 16:53 1866112 ----a-w- c:windowssystem32win32k.sys

2012-07-02 17:49 . 2011-12-19 08:13 916992 ----a-w- c:windowssystem32wininet.dll

2012-07-02 17:49 . 2011-12-19 08:13 1469440 ------w- c:windowssystem32inetcpl.cpl

2012-07-02 17:49 . 2007-08-14 17:44 43520 ------w- c:windowssystem32licmgr10.dll

2012-07-02 12:05 . 2011-10-31 20:57 385024 ------w- c:windowssystem32html.iec

2012-06-07 01:59 . 2012-06-07 01:59 1070152 ----a-w- c:windowssystem32MSCOMCTL.OCX

2012-06-05 15:50 . 2010-06-14 07:41 1172480 ----a-w- c:windowssystem32msxml3.dll

2012-06-05 15:50 . 2009-07-31 18:05 1372672 ----a-w- c:windowssystem32msxml6.dll

2012-06-04 22:35 . 2009-10-04 18:33 222448 ----a-w- c:windowssystem32muweb.dll

2012-06-04 04:32 . 2011-11-16 14:21 152576 ----a-w- c:windowssystem32schannel.dll

2012-06-02 20:19 . 2007-07-31 18:18 22040 ----a-w- c:windowssystem32wucltui.dll.mui

2012-06-02 20:19 . 2009-10-03 19:46 210968 ----a-w- c:windowssystem32wuweb.dll

2012-06-02 20:19 . 2009-10-03 19:46 329240 ----a-w- c:windowssystem32wucltui.dll

2012-06-02 20:19 . 2009-10-03 19:46 219160 ----a-w- c:windowssystem32wuaucpl.cpl

2012-06-02 20:19 . 2007-07-31 18:19 15384 ----a-w- c:windowssystem32wuaucpl.cpl.mui

2012-06-02 20:19 . 2009-10-03 19:46 53784 ----a-w- c:windowssystem32wuauclt.exe

2012-06-02 20:19 . 2009-10-03 19:46 97304 ----a-w- c:windowssystem32cdm.dll

2012-06-02 20:19 . 2008-04-15 12:00 35864 ----a-w- c:windowssystem32wups.dll

2012-06-02 20:19 . 2007-07-31 18:19 45080 ----a-w- c:windowssystem32wups2.dll

2012-06-02 20:19 . 2007-07-31 18:19 15384 ----a-w- c:windowssystem32wuapi.dll.mui

2012-06-02 20:19 . 2007-07-31 18:18 17944 ----a-w- c:windowssystem32wuaueng.dll.mui

2012-06-02 20:19 . 2009-10-03 19:46 577048 ----a-w- c:windowssystem32wuapi.dll

2012-06-02 20:19 . 2009-10-03 19:46 1933848 ----a-w- c:windowssystem32wuaueng.dll

2012-06-02 20:18 . 2009-10-04 18:33 275696 ----a-w- c:windowssystem32mucltui.dll

2012-06-02 20:18 . 2009-06-18 18:59 17136 ----a-w- c:windowssystem32mucltui.dll.mui

2012-05-31 13:22 . 2011-09-28 07:06 599040 ----a-w- c:windowssystem32crypt32.dll

2012-02-16 14:40 . 2012-02-25 17:56 134104 ----a-w- c:program filesmozilla firefoxcomponentsbrowsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]

"Skype"="c:program filesSkypePhoneSkype.exe" [2008-11-06 21755688]

.

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]

"IgfxTray"="c:windowssystem32igfxtray.exe" [2008-02-15 135168]

"HotKeysCmds"="c:windowssystem32hkcmd.exe" [2008-02-15 159744]

"Persistence"="c:windowssystem32igfxpers.exe" [2008-02-15 131072]

"SysTrayApp"="c:program filesIDTWDMsttray.exe" [2009-03-30 483428]

"AESTFltr"="c:windowssystem32AESTFltr.exe" [2009-02-18 737280]

"SynTPEnh"="c:program filesSynapticsSynTPSynTPEnh.exe" [2009-01-16 1418536]

"HP Mobile Broadband"="c:swsetupHPQWWANHPMobileBroadband.exe" [2009-01-09 455224]

"Microsoft Default Manager"="c:program filesMicrosoftSearch Enhancement PackDefault ManagerDefMgr.exe" [2009-02-06 224616]

"hpWirelessAssistant"="c:program filesHewlett-PackardHP Wireless AssistantHPWAMain.exe" [2008-04-15 488752]

"avgnt"="c:program filesAviraAntiVir Desktopavgnt.exe" [2012-08-09 348664]

"Everything"="c:program filesEverythingEverything.exe" [2009-03-13 602624]

"SunJavaUpdateSched"="c:program filesCommon FilesJavaJava Updatejusched.exe" [2012-01-17 252296]

"Adobe Reader Speed Launcher"="c:program filesAdobeReader 9.0ReaderReader_sl.exe" [2009-10-03 35696]

"Adobe ARM"="c:program filesCommon FilesAdobeARM1.0AdobeARM.exe" [2009-09-04 935288]

.

c:documents and settingsSuziStart MenuProgramsStartup

PdaNet Desktop.lnk - c:program filesPdaNet for AndroidPdaNetPC.exe [2012-2-26 484976]

.

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWdf01000.sys]

@="Driver"

.

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]

"%windir%Network Diagnosticxpnetdiag.exe"=

"%windir%system32sessmgr.exe"=

"c:Program FilesMicrosoft OfficeOffice12ONENOTE.EXE"=

"c:Program FilesMessengermsmsgs.exe"=

"c:Program FilesWindows LiveMessengerwlcsdk.exe"=

"c:Program FilesWindows LiveMessengermsnmsgr.exe"=

"c:Program FilesTeamViewerVersion7TeamViewer.exe"=

"c:Program FilesTeamViewerVersion7TeamViewer_Service.exe"=

"c:Program FilesMalwarebytes' Anti-Malwarembam.exe"=

"c:Program FilesAviraAntiVir Desktopavcenter.exe"=

"c:Program FilesSkypePhoneSkype.exe"=

.

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileGloballyOpenPortsList]

"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management

.

R1 avkmgr;avkmgr;c:windowssystem32driversavkmgr.sys [1/26/2012 2:36 PM 36000]

R2 AntiVirSchedulerService;Avira Scheduler;c:program filesAviraAntiVir Desktopsched.exe [1/26/2012 2:36 PM 86224]

R3 AESTAud;AE Audio Service;c:windowssystem32driversAESTAud.sys [5/7/2009 6:23 PM 113664]

R3 pneteth;PdaNet Broadband;c:windowssystem32driverspneteth.sys [2/26/2012 6:55 PM 13440]

R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:windowssystem32driversssadbus.sys [2/26/2012 6:55 PM 121192]

S2 gupdate;Google Update Service (gupdate);c:program filesGoogleUpdateGoogleUpdate.exe [7/21/2012 9:20 AM 116648]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:windowssystem32MacromedFlashFlashPlayerUpdateService.exe [4/29/2012 6:52 PM 250056]

S3 cpuz128;cpuz128; [x]

S3 gupdatem;Google Update Service (gupdatem);c:program filesGoogleUpdateGoogleUpdate.exe [7/21/2012 9:20 AM 116648]

S3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:windowssystem32DRIVERSl1c51x86.sys --> c:windowssystem32DRIVERSl1c51x86.sys [?]

S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:windowssystem32driversNwUsbCdFil.sys [9/23/2008 4:10 PM 20480]

S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:windowssystem32driversnwusbser2.sys [7/26/2009 2:45 PM 174336]

S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:windowssystem32DriversRTS5121.sys --> c:windowssystem32DriversRTS5121.sys [?]

S3 Rts516xIR;Realtek IR Driver;c:windowssystem32DRIVERSRts516xIR.sys --> c:windowssystem32DRIVERSRts516xIR.sys [?]

S4 PCPitstop Scheduling;PCPitstop Scheduling;c:program filesPCPitstopPCPitstopScheduleService.exe [8/24/2012 8:39 AM 77312]

.

Contents of the 'Scheduled Tasks' folder

.

2012-08-26 c:windowsTasksAdobe Flash Player Updater.job

- c:windowssystem32MacromedFlashFlashPlayerUpdateService.exe [2012-04-29 04:22]

.

2012-08-26 c:windowsTasksGoogleUpdateTaskMachineCore.job

- c:program filesGoogleUpdateGoogleUpdate.exe [2012-07-21 14:20]

.

2012-08-26 c:windowsTasksGoogleUpdateTaskMachineUA.job

- c:program filesGoogleUpdateGoogleUpdate.exe [2012-07-21 14:20]

.

2012-08-20 c:windowsTasksGoogleUpdateTaskUserS-1-5-21-3722816078-4193266709-504252426-1009Core.job

- c:documents and settingsSuziLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe [2012-08-02 04:14]

.

2012-08-26 c:windowsTasksGoogleUpdateTaskUserS-1-5-21-3722816078-4193266709-504252426-1009UA.job

- c:documents and settingsSuziLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe [2012-08-02 04:14]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.yahoo.com/?ilc=17

IE: E&xport to Microsoft Excel - c:progra~1MICROS~2Office12EXCEL.EXE/3000

TCP: DhcpNameServer = 8.8.8.8

FF - ProfilePath - c:documents and settingsSuziApplication DataMozillaFirefoxProfiles03u3rlxy.default

FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=685749&p=

FF - prefs.js: network.proxy.type - 0

FF - user.js: extensions.funmoods.hmpg - true

FF - user.js: extensions.funmoods.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1QzutDtDtByCtAyB0B0DtAzyyEtByD0FtD0FtN0D0Tzu0CtBtAtBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=463652123

FF - user.js: extensions.funmoods.dfltSrch - false

FF - user.js: extensions.funmoods.srchPrvdr - Search

FF - user.js: extensions.funmoods.dnsErr - true

FF - user.js: extensions.funmoods_i.newTab - true

FF - user.js: extensions.funmoods.newTabUrl - hxxp://start.funmoods.com/?f=2&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1QzutDtDtByCtAyB0B0DtAzyyEtByD0FtD0FtN0D0Tzu0CtBtAtBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=463652123

FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://start.funmoods.com/?f=3&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1QzutDtDtByCtAyB0B0DtAzyyEtByD0FtD0FtN0D0Tzu0CtBtAtBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=463652123&q=

FF - user.js: extensions.funmoods.id - 002637BD39425F0F

FF - user.js: extensions.funmoods.instlDay - 15571

FF - user.js: extensions.funmoods.vrsn - 1.5.23.22

FF - user.js: extensions.funmoods.vrsni - 1.5.23.22

FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2218:54

FF - user.js: extensions.funmoods.prtnrId - funmoods

FF - user.js: extensions.funmoods.prdct - funmoods

FF - user.js: extensions.funmoods.aflt - axl

FF - user.js: extensions.funmoods_i.smplGrp - none

FF - user.js: extensions.funmoods.tlbrId - base

FF - user.js: extensions.funmoods.instlRef - axl

FF - user.js: extensions.funmoods.dfltLng -

FF - user.js: extensions.funmoods.excTlbr - false

FF - user.js: extensions.funmoods.autoRvrt - false

FF - user.js: extensions.funmoods.envrmnt - production

FF - user.js: extensions.funmoods.isdcmntcmplt - true

FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0

.

- - - - ORPHANS REMOVED - - - -

.

HKLM-Run-HP BTW Detect Program - c:program filesHPHPBTWD.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-08-26 11:25

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

Completion time: 2012-08-26 11:36:26

ComboFix-quarantined-files.txt 2012-08-26 16:36

.

Pre-Run: 140,868,812,800 bytes free

Post-Run: 140,816,244,736 bytes free

.

- - End Of File - - 2C89A3BDDF5807E09955EB6491907C4E

Share this post


Link to post
Share on other sites

You did perfect. You did exactly what I was trying to advise you to do. :tup:

 

COMBOFIX-Script

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

     

    Firefox::
    FF - ProfilePath - c:\documents and settings\Suzi\Application Data\Mozilla\Firefox\Profiles\03u3rlxy.default\
    FF - user.js: extensions.funmoods.hmpg - true
    FF - user.js: extensions.funmoods.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1QzutDtDtByCtAyB0B0DtAzyyEtByD0FtD0FtN0D0Tzu0CtBtAtBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=463652123
    FF - user.js: extensions.funmoods.dfltSrch - false
    FF - user.js: extensions.funmoods.srchPrvdr - Search
    FF - user.js: extensions.funmoods.dnsErr - true
    FF - user.js: extensions.funmoods_i.newTab - true
    FF - user.js: extensions.funmoods.newTabUrl - hxxp://start.funmoods.com/?f=2&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1QzutDtDtByCtAyB0B0DtAzyyEtByD0FtD0FtN0D0Tzu0CtBtAtBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=463652123
    FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://start.funmoods.com/?f=3&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1QzutDtDtByCtAyB0B0DtAzyyEtByD0FtD0FtN0D0Tzu0CtBtAtBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=463652123&q=
    FF - user.js: extensions.funmoods.id - 002637BD39425F0F
    FF - user.js: extensions.funmoods.instlDay - 15571
    FF - user.js: extensions.funmoods.vrsn - 1.5.23.22
    FF - user.js: extensions.funmoods.vrsni - 1.5.23.22
    FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2218:54
    FF - user.js: extensions.funmoods.prtnrId - funmoods
    FF - user.js: extensions.funmoods.prdct - funmoods
    FF - user.js: extensions.funmoods.aflt - axl
    FF - user.js: extensions.funmoods_i.smplGrp - none
    FF - user.js: extensions.funmoods.tlbrId - base
    FF - user.js: extensions.funmoods.instlRef - axl
    FF - user.js: extensions.funmoods.dfltLng -
    FF - user.js: extensions.funmoods.excTlbr - false
    FF - user.js: extensions.funmoods.autoRvrt - false
    FF - user.js: extensions.funmoods.envrmnt - production
    FF - user.js: extensions.funmoods.isdcmntcmplt - true
    FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0
    
  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

     

    Posted Image

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Share this post


Link to post
Share on other sites

Here is the log:

 

ComboFix 12-08-25.04 - Suzi 08/26/2012 18:33:35.2.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.511 [GMT -5:00]

Running from: c:documents and settingsSuziDesktopComboFix.exe

Command switches used :: c:documents and settingsSuziDesktopCFScript.txt

AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

.

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

.

((((((((((((((((((((((((( Files Created from 2012-07-26 to 2012-08-26 )))))))))))))))))))))))))))))))

.

.

2012-08-26 04:08 . 2012-08-26 04:08 -------- d-----w- C:_OTL

2012-08-25 22:38 . 2012-08-25 22:48 -------- d-----w- C:Hijackthis

2012-08-24 13:41 . 2012-08-24 13:41 -------- d-----w- c:documents and settingsAll UsersApplication DataPCPitstop

2012-08-24 13:39 . 2012-08-24 13:39 -------- d-----w- c:program filesPCPitstop

2012-08-24 09:58 . 2012-08-24 14:21 -------- d-----w- c:documents and settingsGuest

2012-08-23 12:01 . 2012-08-24 02:21 -------- d-----w- c:documents and settingsSuziLocal SettingsApplication DataPaint.NET

2012-08-23 11:59 . 2012-08-23 11:59 -------- d-----w- c:documents and settingsSuziLocal SettingsApplication DataFreeEditorEditTemp

2012-08-23 11:50 . 2011-03-02 10:43 175616 ----a-w- c:windowssystem32unrar.dll

2012-08-23 11:50 . 2012-08-23 11:50 -------- d-----w- c:program filesK-Lite Codec Pack

2012-08-23 11:49 . 2012-08-23 12:03 -------- d-----w- c:program filesFree Editor

2012-08-23 11:22 . 2012-08-23 11:22 -------- d-----w- c:documents and settingsSuziLocal SettingsApplication DataSoftware Assist

2012-08-23 11:22 . 2012-08-25 04:32 -------- d-----w- c:program filesSoftware Assist

2012-08-20 01:07 . 2012-08-21 12:20 -------- d-----w- c:documents and settingsAll UsersApplication DataYTD Video Downloader

2012-08-20 01:07 . 2012-08-20 01:07 -------- d-----w- c:program filesGreenTree Applications

2012-08-20 00:16 . 2012-08-21 12:21 -------- d-----w- c:documents and settingsSuziApplication Datavlc

2012-08-20 00:15 . 2012-08-25 20:13 -------- d-----w- c:program filesVideoLAN

2012-08-19 23:59 . 2012-08-19 23:59 -------- d-----w- c:documents and settingsAll UsersApplication DataWeCareReminder

2012-08-19 23:55 . 2012-08-23 11:22 -------- d-----w- c:documents and settingsAll UsersApplication DataTarma Installer

2012-08-19 14:52 . 2012-08-19 14:52 -------- d-----w- c:program filesTweaks

2012-08-17 00:32 . 2012-08-19 14:13 -------- d-----w- c:documents and settingsAll UsersApplication Datafirebird

2012-08-17 00:30 . 2012-08-17 00:30 -------- d-----w- c:documents and settingsSuziApplication DataChrysanth

2012-08-17 00:30 . 2012-08-17 00:30 -------- d-----w- c:program filesChrysanth

2012-08-17 00:08 . 2012-08-17 00:08 249856 ------w- c:windowsSetup1.exe

2012-08-17 00:08 . 2012-08-17 00:08 73216 ----a-w- c:windowsST6UNST.EXE

2012-08-16 23:52 . 2012-08-16 23:52 -------- d-----w- C:myDiary

2012-08-07 18:49 . 2012-08-07 18:49 4608000 ----a-w- c:documents and settingsAll UsersApplication DataReadOnlyInstaller.msi

2012-08-07 14:25 . 2012-08-07 14:25 -------- d-----w- c:documents and settingsSuziLocal SettingsApplication DataSun

2012-08-02 04:14 . 2012-08-02 04:38 -------- d-----w- c:documents and settingsSuziLocal SettingsApplication DataGoogle

2012-08-02 04:12 . 2012-08-02 04:14 -------- d-----w- c:documents and settingsSuziLocal SettingsApplication DataDeployment

2012-08-01 13:37 . 2012-08-01 13:37 -------- d-----w- c:program filesCommon FilesJava

2012-08-01 13:36 . 2012-08-01 13:36 -------- d-----w- c:program filesOracle

2012-08-01 13:36 . 2012-08-01 13:36 -------- d-----w- c:documents and settingsSuziApplication DataOracle

2012-08-01 13:35 . 2012-08-01 13:35 -------- d-----w- c:documents and settingsAll UsersApplication DataMcAfee

2012-07-30 11:37 . 2012-07-30 11:37 -------- d-----w- c:documents and settingsSuziApplication DataTemplate

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-25 04:22 . 2012-04-29 23:52 426184 ----a-w- c:windowssystem32FlashPlayerApp.exe

2012-08-25 04:22 . 2012-01-26 18:40 70344 ----a-w- c:windowssystem32FlashPlayerCPLApp.cpl

2012-07-06 13:58 . 2008-04-15 12:00 78336 ----a-w- c:windowssystem32browser.dll

2012-07-06 03:07 . 2012-04-30 00:28 143872 ----a-w- c:windowssystem32javacpl.cpl

2012-07-06 03:06 . 2012-04-30 00:28 772544 ----a-w- c:windowssystem32npdeployJava1.dll

2012-07-04 14:05 . 2011-12-31 01:19 139784 ----a-w- c:windowssystem32driversrdpwd.sys

2012-07-03 18:46 . 2012-03-03 19:47 22344 ----a-w- c:windowssystem32driversmbam.sys

2012-07-03 13:40 . 2012-01-12 16:53 1866112 ----a-w- c:windowssystem32win32k.sys

2012-07-02 17:49 . 2011-12-19 08:13 916992 ----a-w- c:windowssystem32wininet.dll

2012-07-02 17:49 . 2011-12-19 08:13 1469440 ------w- c:windowssystem32inetcpl.cpl

2012-07-02 17:49 . 2007-08-14 17:44 43520 ------w- c:windowssystem32licmgr10.dll

2012-07-02 12:05 . 2011-10-31 20:57 385024 ------w- c:windowssystem32html.iec

2012-06-07 01:59 . 2012-06-07 01:59 1070152 ----a-w- c:windowssystem32MSCOMCTL.OCX

2012-06-05 15:50 . 2010-06-14 07:41 1172480 ----a-w- c:windowssystem32msxml3.dll

2012-06-05 15:50 . 2009-07-31 18:05 1372672 ----a-w- c:windowssystem32msxml6.dll

2012-06-04 22:35 . 2009-10-04 18:33 222448 ----a-w- c:windowssystem32muweb.dll

2012-06-04 04:32 . 2011-11-16 14:21 152576 ----a-w- c:windowssystem32schannel.dll

2012-06-02 20:19 . 2007-07-31 18:18 22040 ----a-w- c:windowssystem32wucltui.dll.mui

2012-06-02 20:19 . 2009-10-03 19:46 210968 ----a-w- c:windowssystem32wuweb.dll

2012-06-02 20:19 . 2009-10-03 19:46 329240 ----a-w- c:windowssystem32wucltui.dll

2012-06-02 20:19 . 2009-10-03 19:46 219160 ----a-w- c:windowssystem32wuaucpl.cpl

2012-06-02 20:19 . 2007-07-31 18:19 15384 ----a-w- c:windowssystem32wuaucpl.cpl.mui

2012-06-02 20:19 . 2009-10-03 19:46 53784 ----a-w- c:windowssystem32wuauclt.exe

2012-06-02 20:19 . 2009-10-03 19:46 97304 ----a-w- c:windowssystem32cdm.dll

2012-06-02 20:19 . 2008-04-15 12:00 35864 ----a-w- c:windowssystem32wups.dll

2012-06-02 20:19 . 2007-07-31 18:19 45080 ----a-w- c:windowssystem32wups2.dll

2012-06-02 20:19 . 2007-07-31 18:19 15384 ----a-w- c:windowssystem32wuapi.dll.mui

2012-06-02 20:19 . 2007-07-31 18:18 17944 ----a-w- c:windowssystem32wuaueng.dll.mui

2012-06-02 20:19 . 2009-10-03 19:46 577048 ----a-w- c:windowssystem32wuapi.dll

2012-06-02 20:19 . 2009-10-03 19:46 1933848 ----a-w- c:windowssystem32wuaueng.dll

2012-06-02 20:18 . 2009-10-04 18:33 275696 ----a-w- c:windowssystem32mucltui.dll

2012-06-02 20:18 . 2009-06-18 18:59 17136 ----a-w- c:windowssystem32mucltui.dll.mui

2012-05-31 13:22 . 2011-09-28 07:06 599040 ----a-w- c:windowssystem32crypt32.dll

2012-02-16 14:40 . 2012-02-25 17:56 134104 ----a-w- c:program filesmozilla firefoxcomponentsbrowsercomps.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2012-08-26_16.25.41 )))))))))))))))))))))))))))))))))))))))))

.

+ 2012-08-26 23:19 . 2012-08-26 23:19 16384 c:windowstempPerflib_Perfdata_7f4.dat

+ 2008-06-25 01:26 . 2012-08-26 23:23 71910 c:windowssystem32perfc009.dat

- 2008-06-25 01:26 . 2012-08-26 15:51 71910 c:windowssystem32perfc009.dat

+ 2008-06-25 01:26 . 2012-08-26 23:23 442140 c:windowssystem32perfh009.dat

- 2008-06-25 01:26 . 2012-08-26 15:51 442140 c:windowssystem32perfh009.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]

"Skype"="c:program filesSkypePhoneSkype.exe" [2008-11-06 21755688]

.

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]

"IgfxTray"="c:windowssystem32igfxtray.exe" [2008-02-15 135168]

"HotKeysCmds"="c:windowssystem32hkcmd.exe" [2008-02-15 159744]

"Persistence"="c:windowssystem32igfxpers.exe" [2008-02-15 131072]

"SysTrayApp"="c:program filesIDTWDMsttray.exe" [2009-03-30 483428]

"AESTFltr"="c:windowssystem32AESTFltr.exe" [2009-02-18 737280]

"SynTPEnh"="c:program filesSynapticsSynTPSynTPEnh.exe" [2009-01-16 1418536]

"HP Mobile Broadband"="c:swsetupHPQWWANHPMobileBroadband.exe" [2009-01-09 455224]

"Microsoft Default Manager"="c:program filesMicrosoftSearch Enhancement PackDefault ManagerDefMgr.exe" [2009-02-06 224616]

"hpWirelessAssistant"="c:program filesHewlett-PackardHP Wireless AssistantHPWAMain.exe" [2008-04-15 488752]

"avgnt"="c:program filesAviraAntiVir Desktopavgnt.exe" [2012-08-09 348664]

"Everything"="c:program filesEverythingEverything.exe" [2009-03-13 602624]

"SunJavaUpdateSched"="c:program filesCommon FilesJavaJava Updatejusched.exe" [2012-01-17 252296]

"Adobe Reader Speed Launcher"="c:program filesAdobeReader 9.0ReaderReader_sl.exe" [2009-10-03 35696]

"Adobe ARM"="c:program filesCommon FilesAdobeARM1.0AdobeARM.exe" [2009-09-04 935288]

.

c:documents and settingsSuziStart MenuProgramsStartup

PdaNet Desktop.lnk - c:program filesPdaNet for AndroidPdaNetPC.exe [2012-2-26 484976]

.

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWdf01000.sys]

@="Driver"

.

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]

"%windir%Network Diagnosticxpnetdiag.exe"=

"%windir%system32sessmgr.exe"=

"c:Program FilesMicrosoft OfficeOffice12ONENOTE.EXE"=

"c:Program FilesMessengermsmsgs.exe"=

"c:Program FilesWindows LiveMessengerwlcsdk.exe"=

"c:Program FilesWindows LiveMessengermsnmsgr.exe"=

"c:Program FilesTeamViewerVersion7TeamViewer.exe"=

"c:Program FilesTeamViewerVersion7TeamViewer_Service.exe"=

"c:Program FilesMalwarebytes' Anti-Malwarembam.exe"=

"c:Program FilesAviraAntiVir Desktopavcenter.exe"=

"c:Program FilesSkypePhoneSkype.exe"=

.

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileGloballyOpenPortsList]

"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management

.

R1 avkmgr;avkmgr;c:windowssystem32driversavkmgr.sys [1/26/2012 2:36 PM 36000]

R2 AntiVirSchedulerService;Avira Scheduler;c:program filesAviraAntiVir Desktopsched.exe [1/26/2012 2:36 PM 86224]

R3 AESTAud;AE Audio Service;c:windowssystem32driversAESTAud.sys [5/7/2009 6:23 PM 113664]

R3 pneteth;PdaNet Broadband;c:windowssystem32driverspneteth.sys [2/26/2012 6:55 PM 13440]

R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:windowssystem32driversssadbus.sys [2/26/2012 6:55 PM 121192]

S2 gupdate;Google Update Service (gupdate);c:program filesGoogleUpdateGoogleUpdate.exe [7/21/2012 9:20 AM 116648]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:windowssystem32MacromedFlashFlashPlayerUpdateService.exe [4/29/2012 6:52 PM 250056]

S3 cpuz128;cpuz128; [x]

S3 gupdatem;Google Update Service (gupdatem);c:program filesGoogleUpdateGoogleUpdate.exe [7/21/2012 9:20 AM 116648]

S3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:windowssystem32DRIVERSl1c51x86.sys --> c:windowssystem32DRIVERSl1c51x86.sys [?]

S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:windowssystem32driversNwUsbCdFil.sys [9/23/2008 4:10 PM 20480]

S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:windowssystem32driversnwusbser2.sys [7/26/2009 2:45 PM 174336]

S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:windowssystem32DriversRTS5121.sys --> c:windowssystem32DriversRTS5121.sys [?]

S3 Rts516xIR;Realtek IR Driver;c:windowssystem32DRIVERSRts516xIR.sys --> c:windowssystem32DRIVERSRts516xIR.sys [?]

S4 PCPitstop Scheduling;PCPitstop Scheduling;c:program filesPCPitstopPCPitstopScheduleService.exe [8/24/2012 8:39 AM 77312]

.

Contents of the 'Scheduled Tasks' folder

.

2012-08-26 c:windowsTasksAdobe Flash Player Updater.job

- c:windowssystem32MacromedFlashFlashPlayerUpdateService.exe [2012-04-29 04:22]

.

2012-08-26 c:windowsTasksGoogleUpdateTaskMachineCore.job

- c:program filesGoogleUpdateGoogleUpdate.exe [2012-07-21 14:20]

.

2012-08-26 c:windowsTasksGoogleUpdateTaskMachineUA.job

- c:program filesGoogleUpdateGoogleUpdate.exe [2012-07-21 14:20]

.

2012-08-20 c:windowsTasksGoogleUpdateTaskUserS-1-5-21-3722816078-4193266709-504252426-1009Core.job

- c:documents and settingsSuziLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe [2012-08-02 04:14]

.

2012-08-26 c:windowsTasksGoogleUpdateTaskUserS-1-5-21-3722816078-4193266709-504252426-1009UA.job

- c:documents and settingsSuziLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe [2012-08-02 04:14]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.yahoo.com/?ilc=17

IE: E&xport to Microsoft Excel - c:progra~1MICROS~2Office12EXCEL.EXE/3000

FF - ProfilePath - c:documents and settingsSuziApplication DataMozillaFirefoxProfiles03u3rlxy.default

FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=685749&p=

FF - prefs.js: network.proxy.type - 0

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-08-26 18:54

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(3552)

c:windowssystem32WININET.dll

c:windowssystem32ieframe.dll

c:windowssystem32webcheck.dll

c:windowssystem32WPDShServiceObj.dll

c:windowssystem32PortableDeviceTypes.dll

c:windowssystem32PortableDeviceApi.dll

.

Completion time: 2012-08-26 19:05:07

ComboFix-quarantined-files.txt 2012-08-27 00:05

ComboFix2.txt 2012-08-26 16:36

.

Pre-Run: 140,761,341,952 bytes free

Post-Run: 140,763,418,624 bytes free

.

- - End Of File - - 165E2DE9AFCBB232C41DAB786AE21472

Share this post


Link to post
Share on other sites

I believe that's got it... let's cleanup.

 

Log looks good :D

 

 

Time for some housekeeping

  • Click START then RUN
  • Now type ComboFix /Uninstall in the runbox and click OK.
  • Note the space between the X and the U, it needs to be there.
  • Posted Image
The above procedure will:
  • Implement some cleanup procedures.
  • Reset System Restore.

  • Double click on OTL to run it.
  • Click on CleanUp!
  • When done, you will be prompted to restart your computer. Please restart your computer.

Please re-enable any security that was disabled.

 

 

The following is my standard advice for the future. Use what you can and pat yourself on the back for what you're already doing.

 

Please take time to read Preventing Malware - Tools and Practices for Safe Computing. Very important information for your consideration is contained therein.

 

I would also suggest you read this:

So how did I get infected in the first place?

by Tony Klein

 

 

Also: "How to prevent malware"

by miekiemoes

 

Please respond back that you understand the above and let me know if you have any questions. Otherwise, this thread will be closed Resolved. :thumbup:

Share this post


Link to post
Share on other sites
Thank you so very much for your help and this amazing service offered here! I just have one more question before your rid of me...lol I followed the steps above and have read both links. I am currently downloading Outpost firewall protection. As you know I also have Avira anti-virus and Malware bytes. The second page I read "How did I get infected" recommended 3 or 4 other programs that should be downloaded, should I download all of the ones they suggest or will any of them conflict with what I already have?

Share this post


Link to post
Share on other sites

You don't need to install all of them.

 

Your firewall, your Avira Anti-virus, and your Malwarebytes' are the most important components for your security solution (next to you being in control of what you click on, of course) From there each additional layer of protection is "less" important and you will get diminishing returns. Only you can answer how many more you really need. Someone who is a "risky" user might need all of them to keep them "safe". A "careful" user might not gain anything from them. An "average user may benefit from the addition of one or two of them. Personally, I probably wouldn't install both SpywareBlaster and Spybot (though I do have a computer that I have done just that). You could install all of them, and I don't believe you will get any conflicts... though you will probably notice a slowdown at times.

Share this post


Link to post
Share on other sites

Suzi, I might add that I use SpywareBlaster all the time on all 4 of my PC's and think it's great. It helps keep a whole lot of "Nasties" from ever getting on your PC. I use SpywareBlaster, Malwarebytes and a good antivirus and I couldn't be happier. ;)

 

 

 

 

:geezer:

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

Click here to Read Amazon Reviews!



×