Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Google/Yahoo Redirect virus/Rootkit infection [Closed]


  • This topic is locked This topic is locked

#1
Snyder275

Snyder275

    New Member

  • Member
  • Pip
  • 1 posts
First, thanks for taking the time to help me. I know you guys are volunteers so I really appreciate any help. Running Windows Vista, 32-bit OS.

I've been experiencing redirects on Internet Explorer when using Google and Yahoo. Browser is running generally slow and webpages take longer than usual to load. I've followed a few different tutorials and ran a plethora of programs without success. I haven't maintained logs for most of them due to lack of success.
In previous attempts I've ran the following (in order)
- RKill
- TDSSKiller (had to run Undetectable version because all others wouldn't run, even as admin and renamed both the name and file extension). The only success (partial) and indication I've had that a rootkit was the problem was when running TDSS Undetectable when operating off Hiren's Boot CD in Mini Win XP mode. I was running off the Hiren's ISO file on the CD without having loaded my Vista OS in hopes I could kill the rootkit since all previous tutorials failed. TDSSKiller showed rootkit existing, from what I remember, in "harddisk0\DR0". I was unable to 'cure' it though. After restart, IE seemed to run much faster, pages loaded fine without redirect for about 5 minutes then the redirects started again. Running off the boot CD was the only time TDSSKiller found any indication of a rootkit existing.

- SuperAntiVirus, ran on numerous occasions (found a handful of adware files and removed them)
- Malewarebytes Anti-Malware (same as SuperAntiVirus)

After no luck with those I looked for other anti-rootkit programs and ran the following:
- F-Secure Blacklight (could not run while using boot CD, found nothing while running Vista)
- McAfee RootKit Remover (found nothing)
- Sophos Virus Removal Tool

I followed the GeeeksToGo tutorial as well with no success. TDSSKiller found the following file and cured it but redirects still persist:
Virus.Win32.Rloader.a
Service: Wdf0100
Service Type: Kernel driver (0x1)
Service Start: Boot (0x0)
File: C:\Windows\system32\drivers\Wdf0100.sys
MD5: 6ed4faa0734a392d0fa7d78502a68db8

********OTL LOG**********(OTL Extras Log follows after)

OTL logfile created on: 11/5/2012 11:05:24 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\LAUREN\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.96 Gb Total Physical Memory | 0.86 Gb Available Physical Memory | 29.08% Memory free
6.12 Gb Paging File | 3.73 Gb Available in Paging File | 61.05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.81 Gb Total Space | 138.81 Gb Free Space | 62.30% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 3.71 Gb Free Space | 37.10% Space Free | Partition Type: NTFS
Drive F: | 1.92 Gb Total Space | 1.81 Gb Free Space | 94.27% Space Free | Partition Type: FAT

Computer Name: LAUREN-PC | User Name: LAUREN | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/05 11:04:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\LAUREN\Desktop\OTL.exe
PRC - [2012/07/27 14:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/05/17 12:54:01 | 000,145,936 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
PRC - [2012/05/17 12:53:57 | 000,159,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
PRC - [2011/02/23 06:59:00 | 000,086,016 | ---- | M] () -- C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_32server.exe
PRC - [2011/01/12 15:05:00 | 000,185,664 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
PRC - [2011/01/12 15:05:00 | 000,161,088 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe
PRC - [2011/01/12 15:05:00 | 000,120,128 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
PRC - [2011/01/12 15:05:00 | 000,075,072 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\McTray.exe
PRC - [2011/01/12 07:08:00 | 000,215,360 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
PRC - [2011/01/12 07:08:00 | 000,209,760 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
PRC - [2011/01/12 07:08:00 | 000,033,648 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
PRC - [2010/03/08 18:47:06 | 005,010,288 | ---- | M] (Wacom Technology, Corp.) -- C:\Windows\System32\Wacom_Tablet.exe
PRC - [2010/03/08 18:47:06 | 002,046,320 | ---- | M] (Wacom Technology, Corp.) -- C:\Windows\System32\WTablet\Wacom_TabletUser.exe
PRC - [2009/05/27 10:06:20 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/02/23 08:49:48 | 000,402,672 | ---- | M] () -- C:\Windows\sminst\Components\scheduler\STService.exe
PRC - [2009/02/23 08:48:06 | 000,632,048 | ---- | M] (SoftThinks) -- C:\Windows\sminst\SftService.exe
PRC - [2009/02/04 20:26:38 | 000,128,232 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2009/01/29 23:50:10 | 001,017,648 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\gs_agent\dsc.exe
PRC - [2009/01/29 23:50:06 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/01/29 23:50:06 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/12/22 03:26:46 | 000,483,420 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2008/12/22 03:26:36 | 000,241,746 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\stacsv.exe
PRC - [2008/12/22 03:26:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\AEstSrv.exe
PRC - [2008/12/18 12:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/08/25 05:26:04 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2008/08/25 05:25:54 | 000,200,704 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2008/08/25 05:25:54 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2008/08/25 05:25:52 | 000,046,376 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2008/07/31 11:58:38 | 001,616,976 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe


========== Modules (No Company Name) ==========

MOD - [2012/11/05 10:11:34 | 000,016,896 | ---- | M] () -- C:\Users\LAUREN\AppData\Local\jlijouf.dll
MOD - [2012/06/14 11:32:12 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\508b444db523c5cf20ff12c7f440837b\System.Web.ni.dll
MOD - [2012/05/09 02:53:26 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll
MOD - [2012/05/09 02:48:44 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll
MOD - [2012/05/09 02:46:38 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012/05/09 02:46:06 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2011/11/01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/02 11:40:51 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2009/04/11 00:28:22 | 000,223,232 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll
MOD - [2009/04/11 00:28:22 | 000,223,232 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll
MOD - [2009/02/23 08:49:48 | 000,402,672 | ---- | M] () -- C:\Windows\sminst\Components\scheduler\STService.exe
MOD - [2009/02/05 08:27:48 | 000,229,376 | ---- | M] () -- C:\Windows\System32\STFiles.dll
MOD - [2008/12/22 04:32:38 | 000,054,784 | ---- | M] () -- C:\Windows\System32\bcmwlrmt.dll
MOD - [2008/05/22 12:37:10 | 000,122,880 | ---- | M] () -- C:\Windows\System32\STLog.dll
MOD - [2008/05/12 14:20:28 | 001,118,208 | ---- | M] () -- C:\Windows\System32\libxml2.dll
MOD - [2008/05/12 14:20:28 | 000,115,712 | ---- | M] () -- C:\Windows\System32\STNLS.dll
MOD - [2008/05/12 14:20:28 | 000,106,496 | ---- | M] () -- C:\Windows\System32\STPE.dll
MOD - [2008/05/12 14:20:28 | 000,073,728 | ---- | M] () -- C:\Windows\System32\zlib1.dll
MOD - [2008/05/12 14:20:28 | 000,069,632 | ---- | M] () -- C:\Windows\System32\STRegistry.dll
MOD - [2007/04/18 18:30:46 | 000,471,040 | ---- | M] () -- C:\Program Files\McAfee\Common Framework\ccme_base.dll
MOD - [2007/04/18 18:30:46 | 000,393,216 | ---- | M] () -- C:\Program Files\McAfee\Common Framework\cryptocme2.dll


========== Services (SafeList) ==========

SRV - [2012/07/27 14:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/05/17 12:54:01 | 000,145,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\System32\mfevtps.exe -- (mfevtp)
SRV - [2012/05/17 12:53:57 | 000,159,320 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2012/04/08 18:03:03 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/02/23 06:59:00 | 000,086,016 | ---- | M] () [Auto | Running] -- C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_32server.exe -- (mi-raysat_3dsmax2012_32)
SRV - [2011/01/12 15:05:00 | 000,120,128 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2011/01/12 07:08:00 | 000,209,760 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager)
SRV - [2010/03/08 18:47:06 | 005,010,288 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Windows\System32\Wacom_Tablet.exe -- (TabletServiceWacom)
SRV - [2009/12/14 20:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2009/12/14 20:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2009/05/11 03:32:21 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2009/02/23 08:48:06 | 000,632,048 | ---- | M] (SoftThinks) [Auto | Running] -- C:\Windows\sminst\SftService.exe -- (SftService)
SRV - [2009/01/29 23:50:06 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter)
SRV - [2008/12/22 03:26:36 | 000,241,746 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\stacsv.exe -- (STacSV)
SRV - [2008/12/22 03:26:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\AEstSrv.exe -- (AESTFilters)
SRV - [2008/12/18 12:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (mfeavfk01)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\LAUREN\AppData\Local\Temp\mfe_rr.sys -- (MFE_RR)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Users\LAUREN\AppData\Local\Temp\5762.sys -- (5762)
DRV - [2012/05/17 12:54:01 | 000,162,928 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk)
DRV - [2012/05/17 12:54:01 | 000,085,152 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2012/05/17 12:54:00 | 000,436,728 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2012/05/17 12:53:59 | 000,058,456 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2012/05/17 12:53:58 | 000,171,296 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2012/05/17 12:53:58 | 000,116,104 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2011/04/14 13:08:02 | 000,314,088 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2010/01/24 17:32:24 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV - [2009/09/21 17:29:22 | 000,014,120 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2009/03/08 16:06:00 | 000,280,096 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA001Vid.sys -- (OA001Vid)
DRV - [2009/03/06 06:30:08 | 000,133,632 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA001Ufd.sys -- (OA001Ufd)
DRV - [2008/12/22 04:32:18 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2008/12/22 03:26:50 | 000,393,216 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2008/11/21 05:15:30 | 000,112,128 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV - [2008/11/04 17:16:40 | 000,022,904 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Dell Support Center\HWDiag\bin\pcd5srvc.pkms -- (PCD5SRVC{3F6A8B78-EC003E00-05040104})
DRV - [2008/08/25 05:25:52 | 000,170,032 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/08/25 04:37:44 | 000,203,264 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x)
DRV - [2008/08/25 04:35:24 | 000,054,784 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\itecir.sys -- (itecir)
DRV - [2008/07/16 05:46:52 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2008/07/16 05:46:50 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008/07/16 05:46:48 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2008/01/20 20:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2007/02/16 13:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2006/11/02 01:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
IE - HKLM\..\SearchScopes,DefaultScope = ComcastSearch
IE - HKLM\..\SearchScopes\{2BF1B185-6824-4912-9851-B4DD60DEC1A9}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\ComcastSearch: "URL" = http://search.comcas...cat=Web&con=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\SearchScopes,DefaultScope = {EB07457C-65C0-489E-9FC4-74882B8726CA}
IE - HKCU\..\SearchScopes\{2BF1B185-6824-4912-9851-B4DD60DEC1A9}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{EB07457C-65C0-489E-9FC4-74882B8726CA}: "URL" = http://search.yahoo....tf-8&fr=att-ie8
IE - HKCU\..\SearchScopes\{F0CBCFE3-B398-41B9-80CB-178BB11BB3B0}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.3: C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\LAUREN\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009/05/27 10:06:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/02/04 22:06:15 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/02/04 22:06:15 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{4F662965-21A8-4D22-BE4F-26D18686B636}: C:\Users\LAUREN\AppData\Local\{4F662965-21A8-4D22-BE4F-26D18686B636} [2011/04/11 09:42:24 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2012/11/05 10:13:20 | 000,000,761 | RHS- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20121024133621.dll (McAfee, Inc.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [dIwngBIBGkKB.exe] C:\ProgramData\dIwngBIBGkKB.exe File not found
O4 - HKCU..\Run: [jlijouf] C:\Users\LAUREN\AppData\Local\jlijouf.dll ()
O4 - HKLM..\RunOnce: [DSUpdateLauncher] C:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\runhstart.bat ()
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\sminst\Components\scheduler\Launcher.exe (Softthinks)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: mhhs.org ([insite] https in Trusted sites)
O15 - HKCU\..Trusted Domains: mhhs.org ([webmail] https in Trusted sites)
O15 - HKCU\..Trusted Domains: newphysicianlink.org ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: ttuhsc.edu ([learn] https in Trusted sites)
O16 - DPF: {8A5BE387-D09A-4DFA-A56B-DCB89BD11468} https://lowes.2020.n...X_WEB_Win32.cab (20-20 3D Viewer for WEB)
O16 - DPF: {C6FAB351-8F12-4ED3-A9C1-4D3E86B0BB07} https://insite.mhhs....al_Login_09.cab (MHHS_Login Control 2009)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://ttuhscnursin...br/ieatgpc1.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3B3EC472-3718-4CA4-94E3-221730C541E2}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{40912FEF-DA20-4889-9D41-4D60C9AD5DF0}: DhcpNameServer = 131.191.7.12 131.191.7.194 8.8.8.8
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Users\LAUREN\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\LAUREN\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/04/08 17:31:16 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2004/04/30 15:01:00 | 000,000,053 | -HS- | M] () - D:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{7db02abd-3ddf-11de-b5f4-806e6f6e6963}\Shell\Option1\Command - "" = E:\HBCD\HBCDMenu.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/11/05 11:04:02 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\LAUREN\Desktop\OTL.exe
[2012/11/05 10:39:32 | 000,000,000 | ---D | C] -- C:\Users\LAUREN\Desktop\GooredFix Backups
[2012/11/05 10:38:58 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\LAUREN\Desktop\GooredFix.exe
[2012/11/05 10:33:03 | 000,000,000 | ---D | C] -- C:\_OTM
[2012/11/05 10:31:01 | 000,522,240 | ---- | C] (OldTimer Tools) -- C:\Users\LAUREN\Desktop\OTM.exe
[2012/11/05 10:27:57 | 000,000,000 | ---D | C] -- C:\Users\LAUREN\Desktop\erunt
[2012/11/02 22:03:13 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/11/02 16:31:38 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/10/28 18:34:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos
[2012/10/28 18:34:16 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2012/10/26 10:21:18 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012/10/26 09:50:30 | 000,000,000 | ---D | C] -- C:\ProgramData\vugnatgjjznuagr
[2012/10/24 12:36:21 | 000,000,000 | ---D | C] -- C:\Users\LAUREN\{efbd52e9-be44-4b68-8480-80c16348fed8}
[2012/10/24 12:35:59 | 000,314,088 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfefirek.sys
[2012/10/24 12:35:42 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee.com
[2012/10/24 12:10:00 | 000,000,000 | ---D | C] -- C:\Users\LAUREN\AppData\Roaming\WinRAR
[2012/10/24 11:47:55 | 000,000,000 | ---D | C] -- C:\Users\LAUREN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012/10/24 11:47:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012/10/24 11:47:38 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2012/10/24 02:08:17 | 000,000,000 | ---D | C] -- C:\Users\LAUREN\Documents\tdsskiller
[2012/10/23 19:03:28 | 000,000,000 | ---D | C] -- C:\QUARANTINE
[2012/10/17 10:26:02 | 000,000,000 | ---D | C] -- C:\Users\LAUREN\Desktop\Floursack Animation
[2012/10/12 18:29:44 | 000,000,000 | ---D | C] -- C:\Users\LAUREN\Desktop\wedding pics
[2012/10/09 17:18:03 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2012/10/09 17:17:49 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012/10/09 17:17:49 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2 C:\Users\LAUREN\Documents\*.tmp files -> C:\Users\LAUREN\Documents\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/11/05 11:04:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\LAUREN\Desktop\OTL.exe
[2012/11/05 11:00:24 | 000,640,658 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/11/05 11:00:24 | 000,118,878 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/11/05 11:00:01 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/05 10:48:33 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/05 10:48:28 | 000,003,744 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/05 10:48:28 | 000,003,744 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/05 10:48:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/05 10:48:14 | 3178,102,784 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/05 10:38:58 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\LAUREN\Desktop\GooredFix.exe
[2012/11/05 10:31:02 | 000,522,240 | ---- | M] (OldTimer Tools) -- C:\Users\LAUREN\Desktop\OTM.exe
[2012/11/05 10:27:10 | 000,513,320 | ---- | M] () -- C:\Users\LAUREN\Desktop\erunt.zip
[2012/11/05 10:13:20 | 000,000,761 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/11/05 10:11:34 | 000,016,896 | ---- | M] () -- C:\Users\LAUREN\AppData\Local\jlijouf.dll
[2012/11/05 10:11:13 | 000,365,568 | ---- | M] () -- C:\Users\LAUREN\yfbqafjrhuxvjaqauqjotq.exe
[2012/11/05 10:11:13 | 000,015,360 | ---- | M] () -- C:\Users\LAUREN\nwmzmptgnyhdynnp.exe
[2012/11/03 21:35:17 | 000,002,609 | ---- | M] () -- C:\Users\LAUREN\Desktop\Microsoft Office Word 2003.lnk
[2012/11/02 17:57:35 | 000,333,048 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/11/01 06:00:54 | 000,186,880 | ---- | M] () -- C:\Users\LAUREN\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/10/28 21:42:38 | 000,000,000 | ---- | M] () -- C:\Users\LAUREN\defogger_reenable
[2012/10/28 14:51:57 | 000,007,728 | ---- | M] () -- C:\Users\LAUREN\AppData\Local\d3d9caps.dat
[2012/10/26 17:46:31 | 000,248,463 | ---- | M] () -- C:\Users\LAUREN\Desktop\npa2011.pdf
[2012/10/26 10:32:42 | 000,000,112 | ---- | M] () -- C:\ProgramData\1tmFFV1.dat
[2012/10/26 10:22:31 | 000,000,001 | ---- | M] () -- C:\ProgramData\yqBJ44Bj.exe_.b
[2012/10/26 10:22:31 | 000,000,001 | ---- | M] () -- C:\ProgramData\yqBJ44Bj.exe.b
[2012/10/26 09:50:29 | 000,097,641 | ---- | M] () -- C:\ProgramData\oakspmeedgujdfb
[2012/10/24 12:09:12 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/10/24 12:09:12 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/10/24 11:57:24 | 000,075,282 | ---- | M] () -- C:\Users\LAUREN\roznvbulehwjiobkshcy.exe
[2012/10/17 21:57:55 | 000,000,111 | ---- | M] () -- C:\Users\LAUREN\webct_upload_applet.properties
[2 C:\Users\LAUREN\Documents\*.tmp files -> C:\Users\LAUREN\Documents\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/11/05 10:27:02 | 000,513,320 | ---- | C] () -- C:\Users\LAUREN\Desktop\erunt.zip
[2012/11/05 10:11:34 | 000,016,896 | ---- | C] () -- C:\Users\LAUREN\AppData\Local\jlijouf.dll
[2012/11/05 10:11:13 | 000,015,360 | ---- | C] () -- C:\Users\LAUREN\nwmzmptgnyhdynnp.exe
[2012/11/05 10:10:58 | 000,365,568 | ---- | C] () -- C:\Users\LAUREN\yfbqafjrhuxvjaqauqjotq.exe
[2012/10/28 21:42:38 | 000,000,000 | ---- | C] () -- C:\Users\LAUREN\defogger_reenable
[2012/10/28 20:32:36 | 3178,102,784 | -HS- | C] () -- C:\hiberfil.sys
[2012/10/26 17:46:31 | 000,248,463 | ---- | C] () -- C:\Users\LAUREN\Desktop\npa2011.pdf
[2012/10/26 10:22:47 | 000,000,112 | ---- | C] () -- C:\ProgramData\1tmFFV1.dat
[2012/10/26 10:22:31 | 000,000,001 | ---- | C] () -- C:\ProgramData\yqBJ44Bj.exe_.b
[2012/10/26 10:22:31 | 000,000,001 | ---- | C] () -- C:\ProgramData\yqBJ44Bj.exe.b
[2012/10/26 09:50:19 | 000,097,641 | ---- | C] () -- C:\ProgramData\oakspmeedgujdfb
[2012/10/24 11:57:14 | 000,075,282 | ---- | C] () -- C:\Users\LAUREN\roznvbulehwjiobkshcy.exe
[2012/10/24 11:26:24 | 000,001,883 | ---- | C] () -- C:\Users\Public\Desktop\Autodesk 3ds Max 2012.lnk
[2012/10/24 11:26:24 | 000,001,666 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/10/24 11:26:24 | 000,000,754 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2012/05/30 15:51:39 | 000,000,111 | ---- | C] () -- C:\Users\LAUREN\webct_upload_applet.properties
[2011/05/08 04:03:26 | 000,000,127 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2011/04/11 09:42:26 | 000,000,120 | ---- | C] () -- C:\Users\LAUREN\AppData\Local\Tnoqam.dat
[2011/04/11 09:42:26 | 000,000,000 | ---- | C] () -- C:\Users\LAUREN\AppData\Local\Cmeraf.bin
[2009/06/01 23:01:50 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/05/21 21:33:14 | 000,186,880 | ---- | C] () -- C:\Users\LAUREN\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/05/19 22:14:45 | 000,007,728 | ---- | C] () -- C:\Users\LAUREN\AppData\Local\d3d9caps.dat

========== ZeroAccess Check ==========

[2012/11/05 10:12:30 | 000,002,048 | -HS- | M] () -- C:\$Recycle.Bin\S-1-5-18\$65b92435860865d77e2fd6735e3d7043\@
[2012/11/05 10:12:30 | 000,079,360 | -HS- | M] () -- C:\$Recycle.Bin\S-1-5-18\$65b92435860865d77e2fd6735e3d7043\n
[2012/11/05 10:37:13 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin\S-1-5-18\$65b92435860865d77e2fd6735e3d7043\L
[2012/11/05 10:12:38 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin\S-1-5-18\$65b92435860865d77e2fd6735e3d7043\U
[2012/11/05 10:48:39 | 000,000,804 | ---- | M] () -- C:\$Recycle.Bin\S-1-5-18\$65b92435860865d77e2fd6735e3d7043\L\[email protected]
[2012/11/05 10:12:35 | 000,002,048 | ---- | M] () -- C:\$Recycle.Bin\S-1-5-18\$65b92435860865d77e2fd6735e3d7043\U\[email protected]
[2012/11/05 10:12:38 | 000,232,960 | ---- | M] () -- C:\$Recycle.Bin\S-1-5-18\$65b92435860865d77e2fd6735e3d7043\U\[email protected]
[2012/11/05 10:12:35 | 000,001,632 | ---- | M] () -- C:\$Recycle.Bin\S-1-5-18\$65b92435860865d77e2fd6735e3d7043\U\[email protected]
[2012/11/05 10:12:35 | 000,011,776 | ---- | M] () -- C:\$Recycle.Bin\S-1-5-18\$65b92435860865d77e2fd6735e3d7043\U\[email protected]
[2012/11/05 10:12:38 | 000,091,136 | ---- | M] () -- C:\$Recycle.Bin\S-1-5-18\$65b92435860865d77e2fd6735e3d7043\U\[email protected]
[2006/11/02 06:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[2012/11/05 10:48:38 | 000,005,120 | -HS- | M] () -- C:\Windows\assembly\GAC\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
"ThreadingModel" = Both
"" = C:\$Recycle.Bin\S-1-5-21-13782014-1178786868-1916682601-1000\$65b92435860865d77e2fd6735e3d7043\n. -- File not found

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 11:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\$Recycle.Bin\S-1-5-18\$65b92435860865d77e2fd6735e3d7043\n. -- [2012/11/05 10:12:30 | 000,079,360 | -HS- | M] ()
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 00:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:5D432CE3
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:C8B8CEBD

< End of report >


*****************OTL EXTRAS LOG*******************

OTL Extras logfile created on: 11/5/2012 11:05:24 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\LAUREN\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.96 Gb Total Physical Memory | 0.86 Gb Available Physical Memory | 29.08% Memory free
6.12 Gb Paging File | 3.73 Gb Available in Paging File | 61.05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.81 Gb Total Space | 138.81 Gb Free Space | 62.30% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 3.71 Gb Free Space | 37.10% Space Free | Partition Type: NTFS
Drive F: | 1.92 Gb Total Space | 1.81 Gb Free Space | 94.27% Space Free | Partition Type: FAT

Computer Name: LAUREN-PC | User Name: LAUREN | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

========== Firewall Settings ==========

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 11
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2AAB21C2-4CDA-4189-A0EC-5ED666113F84}" = McAfee Agent
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2012.0.0
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}" = Banctec Service Agreement
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{497072FE-0A75-4E5C-A5B7-EB1FA67F66F1}" = DJ_AIO_05_F4400_Software_Min
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{5AEBB4A3-6878-4CEE-AD34-0F6958A983F0}" = HP Deskjet F4400 Printer Driver Software 13.0 Rel .5
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{65420DC9-306E-4371-905F-F4DC3B418E52}" = Autodesk Material Library Base Resolution Image Library 2012
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EAD600D-1912-4DEF-92B5-0C7525E17ED2}" = F4400
"{8F0837C2-EE09-4903-88F3-1976FE7FFF4E}" = Autodesk Material Library 2012
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5751715-EC10-43D9-8C95-62E1368433EF}" = Autodesk Material Library Medium Resolution Image Library 2012
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{B935C985-A17F-484B-8470-09E4FC27DC26}" = Dell-eBay
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C4972073-2BFE-475D-8441-564EA97DA161}" = QuickSet
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CE15D1B6-19B6-4D4D-8F43-CF5D2C3356FF}" = McAfee VirusScan Enterprise
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E6083921-A185-0409-B058-ACB1DB615AD9}" = Autodesk 3ds Max 2012 32-bit - English
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F6BB6248-C507-46FE-8A35-1B16F35E0441}" = ITECIR
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"{FAF26102-09D7-4C58-AB01-0D59A2E517CA}" = Copy
"{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
"{FEC02973-0781-49C7-9F04-28DA9BAF0372}" = Composite 2012
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Autodesk 3ds Max 2012 32-bit - English" = Autodesk 3ds Max 2012 32-bit - English
"Autodesk FBX Plug-in 2012.0 - 3ds Max 2012" = Autodesk FBX Plug-in 2012.0 - 3ds Max 2012
"Broadcom 802.11 Application" = Dell Wireless WLAN Card Utility
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"ComcastHSI" = Comcast High-Speed Internet Install Wizard
"Creative OA001" = Integrated Webcam Driver (1.06.03.0309)
"Dell Video Chat" = Dell Video Chat
"Dell Webcam Central" = Dell Webcam Central
"GoToAssist" = GoToAssist 8.0.0.514
"HDMI" = Intel® Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"RealPlayer 6.0" = RealPlayer
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.0.1
"Wacom Tablet Driver" = Wacom Tablet
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"WinRAR archiver" = WinRAR 4.00 (32-bit)
"Yahoo! Companion" = Yahoo! Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8/12/2012 12:10:17 AM | Computer Name = LAUREN-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 571743

Error - 8/12/2012 12:17:04 AM | Computer Name = LAUREN-PC | Source = Application Hang | ID = 1002
Description = The program steam.exe version 1.0.1446.623 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 1004 Start Time: 01cd781f6e80d2a0 Termination Time: 27

Error - 8/12/2012 2:11:55 AM | Computer Name = LAUREN-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 8/12/2012 2:11:55 AM | Computer Name = LAUREN-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1310

Error - 8/12/2012 2:11:55 AM | Computer Name = LAUREN-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1310

Error - 8/12/2012 2:19:06 AM | Computer Name = LAUREN-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 8/12/2012 2:19:06 AM | Computer Name = LAUREN-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 432684

Error - 8/12/2012 2:19:06 AM | Computer Name = LAUREN-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 432684

Error - 8/12/2012 2:19:07 AM | Computer Name = LAUREN-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 8/12/2012 2:19:07 AM | Computer Name = LAUREN-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 433713

[ Broadcom Wireless LAN Events ]
Error - 9/5/2012 10:48:25 AM | Computer Name = LAUREN-PC | Source = WLAN-Tray | ID = 0
Description = 09:48:25, Wed, Sep 05, 12 Error - Unable to decode string, error 87


Error - 11/3/2012 12:48:00 PM | Computer Name = LAUREN-PC | Source = WLAN-Tray | ID = 0
Description = 11:48:00, Sat, Nov 03, 12 Error - Unable to gain access to user store


[ Dell Events ]
Error - 6/17/2009 8:36:55 PM | Computer Name = LAUREN-PC | Source = DataSafe | ID = 3
Description = Failed or canceled

Error - 6/19/2009 8:45:37 AM | Computer Name = LAUREN-PC | Source = DataSafe | ID = 3
Description = Failed or canceled

[ Media Center Events ]
Error - 7/27/2010 12:02:42 AM | Computer Name = LAUREN-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.

Error - 7/30/2010 8:06:08 PM | Computer Name = LAUREN-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.

Error - 8/26/2010 5:39:04 PM | Computer Name = LAUREN-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.

Error - 7/5/2012 8:49:06 PM | Computer Name = LAUREN-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.

[ System Events ]
Error - 9/21/2009 2:00:10 AM | Computer Name = LAUREN-PC | Source = Print | ID = 6161
Description = The document Test Page, owned by LAUREN, failed to print on printer
HP DeskJet 400. Try to print the document again, or restart the print spooler.
Data type: NT EMF 1.008. Size of the spool file in bytes: 196608. Number of bytes
printed: 0. Total number of pages in the document: 1. Number of pages printed:
0. Client computer: \\LAUREN-PC. Win32 error code returned by the print processor:
2. The system cannot find the file specified.

Error - 9/21/2009 2:02:09 AM | Computer Name = LAUREN-PC | Source = BROWSER | ID = 8032
Description =

Error - 9/21/2009 6:00:20 AM | Computer Name = LAUREN-PC | Source = Print | ID = 6161
Description = The document Test Page, owned by LAUREN, failed to print on printer
HP DeskJet 400. Try to print the document again, or restart the print spooler.
Data type: NT EMF 1.008. Size of the spool file in bytes: 196608. Number of bytes
printed: 0. Total number of pages in the document: 1. Number of pages printed:
0. Client computer: \\LAUREN-PC. Win32 error code returned by the print processor:
2. The system cannot find the file specified.

Error - 9/21/2009 6:01:43 AM | Computer Name = LAUREN-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 9/21/2009 7:58:18 PM | Computer Name = LAUREN-PC | Source = Print | ID = 6161
Description = The document Test Page, owned by LAUREN, failed to print on printer
HP DeskJet 400. Try to print the document again, or restart the print spooler.
Data type: NT EMF 1.008. Size of the spool file in bytes: 196608. Number of bytes
printed: 0. Total number of pages in the document: 1. Number of pages printed:
0. Client computer: \\LAUREN-PC. Win32 error code returned by the print processor:
2. The system cannot find the file specified.

Error - 9/22/2009 2:13:15 AM | Computer Name = LAUREN-PC | Source = Print | ID = 6161
Description = The document Test Page, owned by LAUREN, failed to print on printer
HP DeskJet 400. Try to print the document again, or restart the print spooler.
Data type: NT EMF 1.008. Size of the spool file in bytes: 196608. Number of bytes
printed: 0. Total number of pages in the document: 1. Number of pages printed:
0. Client computer: \\LAUREN-PC. Win32 error code returned by the print processor:
2. The system cannot find the file specified.

Error - 9/22/2009 6:00:20 AM | Computer Name = LAUREN-PC | Source = Print | ID = 6161
Description = The document Test Page, owned by LAUREN, failed to print on printer
HP DeskJet 400. Try to print the document again, or restart the print spooler.
Data type: NT EMF 1.008. Size of the spool file in bytes: 196608. Number of bytes
printed: 0. Total number of pages in the document: 1. Number of pages printed:
0. Client computer: \\LAUREN-PC. Win32 error code returned by the print processor:
2. The system cannot find the file specified.

Error - 9/22/2009 6:01:27 AM | Computer Name = LAUREN-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 9/22/2009 6:02:14 AM | Computer Name = LAUREN-PC | Source = BROWSER | ID = 8032
Description =

Error - 9/23/2009 1:56:01 AM | Computer Name = LAUREN-PC | Source = Print | ID = 6161
Description = The document Test Page, owned by LAUREN, failed to print on printer
HP DeskJet 400. Try to print the document again, or restart the print spooler.
Data type: NT EMF 1.008. Size of the spool file in bytes: 196608. Number of bytes
printed: 0. Total number of pages in the document: 1. Number of pages printed:
0. Client computer: \\LAUREN-PC. Win32 error code returned by the print processor:
2. The system cannot find the file specified.


< End of report >
  • 0

Advertisements


#2
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Hello Snyder275 and welcome to Geeks to Go. I am sorry that you are having troubles with your computer and will try my best to help you. I know that being infected is very frustrating, but I will be here to help you through the whole process of cleaning. Removing malware can be difficult and complicated and will most likely take many steps, so please stick with me until I have declared your computer clean. I always recommend printing my instructions before following them in case you cannot keep this webpage open. Please be sure to alway follow all steps exactly as they are written and let me know what happens each time. Stop and ask if something unexpected happens or if you are unsure of how to proceed.

Please note that I am currently in training as a GeekU Senior. My posts must be reviewed by an instructor, so there may be a slight delay.

I am sorry to imform yout that you have a ZeroAccess backdoor infection.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of its backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. There is no way for us to know exactly what the malware has done to your machine to give itself access, nor how it may have damaged critical files.
Additionally, it is quite possible that changes made to the system by the malware may impact negatively on your computer during the removal process. Many experts in the security community believe that once infected with this type of trojan, the best and safest course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

That being said, I can still help you clean out the malware as best as I can without going that route (though there is no guarantee that it will work right or be totally safe after disinfection), so if you decide that you don't want to do a format and reinstall of Windows, then please let me know in your next post.

  • 0

#3
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP