[Irishlass1021]

Hello,

 

Today when opening an internet link in an email (received from a known source), my WinXPPro computer suddenly rebooted itself.  Since that reboot, my Norton360 keeps popping up a message about every 5-10 seconds that says: "A recent attempt to attach your computer was blocked".  When I check the Security History there are several inbound intrusion attempts - all blocked, and the following:  risk Name: system Infected: trojan viknok Activity 3.  I immediately updated and ran Malwarebytes which found 3 registry keys with trojan.bho, 1 trojan backdoor and 1 adware.Deepdive.  I clicked "fix" and rebooted.  Now Malwarebytes - in tandem every few seconds with the same returning message from Norton says:  "Malicious website Blocked.  Domain:  (Blank).  IP:  (4 of them randomly) 5.45.65.190, 5.45.68.199, 5.45.67.216, 5.45.66.208.   Port:  0   Type:  Outbound  Process: (Blank).   Any help with this would be most appreciated!

 

Below is my OTL log per instructions.

 

 

OTL logfile created on: 6/28/2014 7:31:18 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Sheri\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.97 Gb Total Physical Memory | 0.59 Gb Available Physical Memory | 29.97% Memory free
3.81 Gb Paging File | 1.96 Gb Available in Paging File | 51.50% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.72 Gb Total Space | 169.45 Gb Free Space | 72.81% Space Free | Partition Type: NTFS
 
Computer Name: RHB2008 | User Name: Sheri | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/06/28 19:31:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sheri\My Documents\Downloads\OTL.exe
PRC - [2014/05/12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2014/05/12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2014/05/12 07:24:34 | 006,970,168 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
PRC - [2014/05/08 22:23:54 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/11/02 16:01:42 | 001,042,808 | R--- | M] (Western Digital Technologies, Inc.) -- C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe
PRC - [2013/11/02 15:54:34 | 000,270,704 | R--- | M] (Western Digital Technologies, Inc.) -- C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe
PRC - [2013/08/14 07:59:52 | 005,537,136 | R--- | M] (Western Digital Technologies, Inc.) -- C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe
PRC - [2012/05/15 05:18:00 | 001,262,400 | R--- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2011/09/21 19:40:13 | 000,443,248 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\3.8.3.6\MCUI32.exe
PRC - [2011/09/21 19:40:11 | 000,117,648 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\3.8.3.6\ccSvcHst.exe
PRC - [2009/02/03 11:49:00 | 001,024,000 | ---- | M] () -- C:\Program Files\Scan2PC\Scan2PC.exe
PRC - [2008/10/27 16:42:40 | 000,069,632 | ---- | M] () -- C:\Program Files\Scan2PC\Sc2PCSvc.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/26 10:57:28 | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2007/10/03 15:45:02 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/10/03 15:44:58 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007/07/25 15:25:30 | 000,393,944 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpsp.exe
PRC - [2007/01/31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2007/01/23 03:58:04 | 000,133,968 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\ASF Agent\ASFAgent.exe
PRC - [2006/12/07 16:52:14 | 000,140,184 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe
PRC - [2006/12/07 16:52:10 | 000,095,128 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpwdnt.exe
PRC - [2002/07/31 14:15:18 | 000,073,728 | ---- | M] (Iomega Corporation) -- C:\Program Files\Iomega\System32\AppServices.exe
PRC - [1999/06/04 17:39:20 | 000,067,584 | ---- | M] (IntelliQuest Communications, Inc.) -- C:\Program Files\Corel\WordPerfect Office 2000\Register\Remind32.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/05/08 22:23:53 | 003,578,992 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2013/11/02 12:43:56 | 001,218,560 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Management\6c422db78c17838c3eb9f9fcc01ca63f\System.Management.ni.dll
MOD - [2013/11/02 12:42:32 | 000,787,456 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\bfa9e814cb8b662508aa93ae387b434f\System.EnterpriseServices.ni.dll
MOD - [2013/11/02 12:42:32 | 000,236,032 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\bfa9e814cb8b662508aa93ae387b434f\System.EnterpriseServices.Wrapper.dll
MOD - [2013/11/02 12:42:31 | 000,649,728 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Transactions\102014a4f570b1dc944ff7eb8e1c6e2b\System.Transactions.ni.dll
MOD - [2013/11/02 12:42:30 | 001,021,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\9c1d0ae97ff2771c17212cd15d8c9831\System.Runtime.DurableInstancing.ni.dll
MOD - [2013/11/02 12:42:29 | 002,658,304 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\b5faab90a38802d89ccf6f9ac4bff440\System.Runtime.Serialization.ni.dll
MOD - [2013/11/02 12:42:29 | 000,143,360 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\d083ee23a4c0d8cf76ae9e95e52d0388\SMDiagnostics.ni.dll
MOD - [2013/11/02 12:42:19 | 000,011,776 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualC\b1560845b641faac0ca607b2dce8389a\Microsoft.VisualC.ni.dll
MOD - [2013/11/02 12:42:09 | 000,194,048 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\CustomMarshalers\c9786062fbb311c543497e28c1e1a0c5\CustomMarshalers.ni.dll
MOD - [2013/11/02 12:41:39 | 011,816,960 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\972dcf9830a64e9802aaca3a83cae24b\System.Web.ni.dll
MOD - [2013/11/02 12:40:33 | 000,978,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\1b7600e7fe5e152f21ba6d79f3c0c3b6\System.Configuration.ni.dll
MOD - [2013/10/25 16:25:17 | 006,813,184 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data\7294cfff4c5922b56ee89a6879ae8eef\System.Data.ni.dll
MOD - [2013/10/25 16:25:08 | 007,053,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\75d88257b5bc5a5d15dd4c37d8bb18bd\System.Core.ni.dll
MOD - [2013/10/25 16:25:08 | 005,628,928 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\884bcbd22130ebeb1211bc7bcc3910c9\System.Xml.ni.dll
MOD - [2013/10/25 16:25:04 | 001,014,272 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\71d887ce964fb69b7f03c4fe7a3f28ff\System.Configuration.ni.dll
MOD - [2013/10/25 16:24:54 | 009,099,776 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\de853615c8224ba5d9aa9b76276c6d98\System.ni.dll
MOD - [2013/10/25 16:24:47 | 014,416,896 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\cf58670896c5313b9b52f026f4455a5d\mscorlib.ni.dll
MOD - [2013/10/25 16:21:31 | 012,434,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\02257c6b67db33c194fa3beccf977afb\System.Windows.Forms.ni.dll
MOD - [2013/10/25 16:17:34 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2013/10/25 16:03:49 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\8f799a4688381624de3cfb1edbccb163\Accessibility.ni.dll
MOD - [2013/10/25 16:02:28 | 005,462,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\f93600ac836b9140e1df13bb0f6bfccf\System.Xml.ni.dll
MOD - [2013/10/25 16:02:11 | 001,593,344 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b34cb206ab0cec687c3730b14cdff57\System.Drawing.ni.dll
MOD - [2013/10/25 16:00:56 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\10df39542df7d48462451fc39bce8418\System.ni.dll
MOD - [2013/10/25 16:00:44 | 011,497,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\b14359470744c840c59fbe4e58034fd6\mscorlib.ni.dll
MOD - [2011/11/09 22:45:32 | 000,270,336 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/03/16 13:22:12 | 000,014,848 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\AxInterop.WBOCXLib.dll
MOD - [2009/02/03 11:49:00 | 001,024,000 | ---- | M] () -- C:\Program Files\Scan2PC\Scan2PC.exe
MOD - [2008/10/27 16:42:40 | 000,069,632 | ---- | M] () -- C:\Program Files\Scan2PC\Sc2PCSvc.exe
MOD - [2008/03/24 23:50:40 | 000,355,112 | ---- | M] () -- C:\WINDOWS\system32\msjetoledb40.dll
MOD - [2001/03/15 17:12:40 | 000,045,056 | ---- | M] () -- C:\Program Files\Scan2PC\MultiLng.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] --  -- (Iomega Activity Disk2)
SRV - [2014/05/12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/05/12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014/05/08 22:23:53 | 000,118,896 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/11/02 16:01:42 | 001,042,808 | R--- | M] (Western Digital Technologies, Inc.) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe -- (WDBackup)
SRV - [2013/11/02 15:54:34 | 000,270,704 | R--- | M] (Western Digital Technologies, Inc.) [Auto | Running] -- C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe -- (WDDriveService)
SRV - [2012/05/15 05:18:00 | 001,262,400 | R--- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2011/09/21 19:40:11 | 000,117,648 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton 360\Engine\3.8.3.6\ccSvcHst.exe -- (N360)
SRV - [2008/10/27 16:42:40 | 000,069,632 | ---- | M] () [Auto | Running] -- C:\Program Files\Scan2PC\Sc2PCSvc.exe -- (Scan2PC)
SRV - [2007/10/03 15:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2007/01/31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2007/01/23 03:58:04 | 000,133,968 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\ASF Agent\ASFAgent.exe -- (ASFAgent)
SRV - [2006/12/07 16:52:14 | 000,140,184 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe -- (DLSDB)
SRV - [2006/12/07 16:52:10 | 000,095,128 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpwdnt.exe -- (DLPWD)
SRV - [2002/07/31 14:15:18 | 000,073,728 | ---- | M] (Iomega Corporation) [Auto | Running] -- C:\Program Files\Iomega\System32\AppServices.exe -- (Iomega App Services)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2014/06/28 17:19:42 | 000,110,296 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2014/06/24 08:42:00 | 001,612,376 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20140628.001\NAVEX15.SYS -- (NAVEX15)
DRV - [2014/06/24 08:42:00 | 000,093,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20140628.001\NAVENG.SYS -- (NAVENG)
DRV - [2014/06/10 21:26:50 | 000,109,872 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2014/06/10 10:57:40 | 000,377,648 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2014/05/12 07:25:54 | 000,023,256 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2014/03/24 11:06:13 | 000,383,120 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20140627.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2012/04/18 12:08:05 | 000,123,840 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)
DRV - [2011/11/09 22:42:12 | 007,493,120 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2011/09/21 19:40:13 | 000,467,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0308030.006\cchpx86.sys -- (ccHP)
DRV - [2011/09/21 19:40:13 | 000,217,464 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0308030.006\symtdi.sys -- (SYMTDI)
DRV - [2011/09/21 19:40:13 | 000,089,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\N360\0308030.006\symfw.sys -- (SYMFW)
DRV - [2011/09/21 19:40:13 | 000,036,472 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\N360\0308030.006\symndis.sys -- (SYMNDIS)
DRV - [2011/09/21 19:40:13 | 000,033,144 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\N360\0308030.006\symids.sys -- (SYMIDS)
DRV - [2009/08/22 03:26:08 | 000,310,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0308030.006\SymEFA.sys -- (SymEFA)
DRV - [2009/08/22 03:26:08 | 000,308,272 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\N360\0308030.006\srtsp.sys -- (SRTSP)
DRV - [2009/08/22 03:26:08 | 000,259,632 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0308030.006\BHDrvx86.sys -- (BHDrvx86)
DRV - [2009/08/22 03:26:08 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0308030.006\srtspx.sys -- (SRTSPX)
DRV - [2009/08/22 03:25:58 | 000,036,400 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIMMP)
DRV - [2009/08/22 03:25:58 | 000,036,400 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIM)
DRV - [2009/08/18 18:35:03 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2008/05/06 17:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2007/09/24 19:12:48 | 000,392,960 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)
DRV - [2007/07/23 18:42:12 | 000,045,056 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI)
DRV - [2007/07/23 15:05:20 | 000,009,104 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLADResM.SYS -- (DLADResM)
DRV - [2007/07/23 15:04:58 | 000,037,360 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2007/07/23 15:04:56 | 000,098,448 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2007/07/23 15:04:56 | 000,093,552 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2007/07/23 15:04:54 | 000,027,216 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2007/07/23 15:04:52 | 000,032,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2007/07/23 15:04:52 | 000,016,304 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2007/07/23 15:04:50 | 000,108,752 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2007/07/23 14:49:44 | 000,030,064 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/07/23 14:49:44 | 000,014,576 | ---- | M] (Roxio) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2002/07/31 14:15:18 | 000,030,258 | ---- | M] (Iomega Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\IomDisk.sys -- (iomdisk)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3080531
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.co...html?channel=us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3080531
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...referrer:source?}
IE - HKLM\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/w...&q={SEARCHTERMS}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3080531
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.co...html?channel=us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co...html?channel=us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope = {75B00F9C-761F-4AD3-BCCC-2E381BB0C095}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\..\SearchScopes\{75B00F9C-761F-4AD3-BCCC-2E381BB0C095}: "URL" = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/w...&q={SEARCHTERMS}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:27.0.1
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll File not found
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Documents and Settings\Sheri\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2011/10/12 20:06:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2013/01/19 14:32:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Sheri\Application Data\Mozilla\Extensions
[2014/06/16 21:23:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Sheri\Application Data\Mozilla\Firefox\Profiles\ogj8wc0c.default\extensions
[2014/06/25 08:07:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2014/05/08 22:23:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/05/08 22:23:54 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2004/08/04 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.8.3.6\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.8.3.6\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.8.3.6\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.8.3.6\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DLPSP] C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE (Dell Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WD Quick View] C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe (Western Digital Technologies, Inc.)
O4 - HKCU..\Run: [\\ATHIRDWAY4\EPSON Stylus Photo 1400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBUA.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [Auto EPSON Stylus Photo 1400 Series on ATHIRDWAY5] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBUA.EXE (SEIKO EPSON CORPORATION)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Corel Registration.lnk = C:\Program Files\Corel\WordPerfect Office 2000\Register\Remind32.exe (IntelliQuest Communications, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Scan2PC.lnk = C:\Program Files\Scan2PC\Scan2PC.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E2767B52-AE2E-464B-B056-033613273C8E}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.8.3.6\CoIEPlg.dll (Symantec Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Sheri\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Sheri\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 17:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/06/28 13:47:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/06/28 13:47:06 | 000,053,208 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2014/06/28 13:47:06 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware
[2012/02/06 07:11:15 | 001,393,736 | ---- | C] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Documents and Settings\Sheri\gotomypc_635.exe
[2011/02/25 16:53:13 | 001,062,984 | ---- | C] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Documents and Settings\Sheri\gotomypc_540.exe
[2010/07/31 09:36:19 | 001,063,320 | ---- | C] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Documents and Settings\Sheri\gotomypc_533.exe
[2009/10/31 16:06:48 | 000,726,008 | ---- | C] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Documents and Settings\Sheri\gotomypc_438.exe
[2008/07/25 20:24:41 | 000,721,912 | ---- | C] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Documents and Settings\Sheri\gotomypc_428.exe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/06/28 17:19:42 | 000,110,296 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2014/06/28 17:18:45 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\Sheri\Desktop\Microsoft Office Outlook 2003.lnk
[2014/06/28 16:51:58 | 000,008,192 | ---- | M] () -- C:\WINDOWS\System32\WDPABKP.dat
[2014/06/28 16:51:39 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/06/28 16:49:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/06/28 13:47:11 | 000,000,812 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2014/06/28 13:23:23 | 000,321,220 | --S- | M] () -- C:\WINDOWS\System32\pznqblv.zvc
[2014/06/28 00:00:10 | 000,000,602 | ---- | M] () -- C:\WINDOWS\tasks\____Volume_721bb26a_5aa8_11dd_8124_806d6172696f__uuid_73656761_7465_7375_636b_0090a93a295d_SmartWare_.job
[2014/06/26 20:15:46 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Sheri\Desktop\Microsoft Office Word 2003.lnk
[2014/06/23 20:00:00 | 000,000,622 | ---- | M] () -- C:\WINDOWS\tasks\Norton Internet Security - Run Full System Scan - Sheri.job
[2014/06/23 09:26:44 | 000,002,495 | ---- | M] () -- C:\Documents and Settings\Sheri\Desktop\Microsoft Office Excel 2003.lnk
[2014/06/18 09:48:54 | 000,002,082 | ---- | M] () -- C:\Documents and Settings\Sheri\Desktop\KWMREMOTE.RDP
[2014/06/18 09:43:32 | 000,000,000 | -H-- | M] () -- C:\Documents and Settings\Sheri\My Documents\Default.rdp
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/06/28 13:47:11 | 000,000,812 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2014/06/28 13:23:23 | 000,321,220 | --S- | C] () -- C:\WINDOWS\System32\pznqblv.zvc
[2014/06/18 09:48:54 | 000,002,082 | ---- | C] () -- C:\Documents and Settings\Sheri\Desktop\KWMREMOTE.RDP
[2014/06/18 09:43:32 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Sheri\My Documents\Default.rdp
[2013/10/24 06:37:17 | 000,712,898 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1553111627-2839410608-560607022-1005-0.dat
[2013/10/24 06:37:15 | 000,356,774 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2013/10/16 18:26:04 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\WDPABKP.dat
[2013/06/26 18:45:44 | 000,000,014 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2013/06/26 18:39:20 | 001,074,636 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2013/06/26 18:39:20 | 001,074,636 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2013/06/26 18:39:20 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2013/06/26 18:39:18 | 002,807,708 | R--- | C] () -- C:\WINDOWS\System32\nvdata.data
[2013/06/26 18:32:39 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/09/06 17:23:46 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2012/03/25 11:33:00 | 000,000,436 | RHS- | C] () -- C:\Documents and Settings\Sheri\ntuser.pol
[2011/05/18 15:58:02 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\Sheri\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2008/10/12 16:07:06 | 000,007,680 | ---- | C] () -- C:\Documents and Settings\Sheri\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/07 18:28:04 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Sheri\Application Data\PFP90JPR.{PB
[2008/09/07 18:28:04 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Sheri\Application Data\PFP90JCM.{PB
[2008/09/01 13:00:40 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Sheri\Local Settings\Application Data\FASTWiz.html
[2008/07/25 19:35:11 | 000,262,908 | ---- | C] () -- C:\Documents and Settings\Sheri\REBOOT=ReallySuppress
[2008/07/25 19:35:11 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Sheri\Local Settings\Application Data\fusioncache.dat
 
========== ZeroAccess Check ==========
 
[2004/08/11 17:21:56 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2010/04/16 11:09:07 | 001,509,888 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2013/12/01 11:08:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013/03/13 20:36:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2014/02/16 13:01:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Package Cache
[2009/06/27 09:00:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2009/02/22 19:18:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2014/02/16 12:59:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Western Digital
[2011/12/26 15:00:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/08/18 18:35:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
[2013/10/16 18:08:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sheri\Application Data\com.wd.WDMyCloud
[2009/06/01 04:51:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sheri\Application Data\Leadertech
[2009/02/22 20:02:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sheri\Application Data\PC-FAX TX
 
========== Purity Check ==========
 
 

< End of report >

[Advertisements]

Hi  Irishlass1021  

 

 

 I'm 23red, and it'll be my pleasure to assist you with your problem.  I am currently reviewing your log.  In the meantime, I'd be grateful if you would note the following:

 

•  Please make sure to carefully read every post completely before doing anything.
 
•  If you're not sure, or if something unexpected happens do not continue! Stop and ask!  It is not a problem.
 
•  Please do not run any other scans or other software on your computer unless asked as it may make this repair more difficult.
 
•  Please stick with me until all malware is gone from your system.  Malware removal is not an instant process, just because you no longer see any symptoms it does not necessarily mean your system is completely clear.

 

•  Please copy/paste to Notepad and save my instructions as a text file on your desktop, or print them out, as you may not be able to access this thread at times.

 

• Back up your data. I will not knowingly suggest your any course that might damage your system but sometimes Malware infections are so severe that only option we have is to re-format and re-install the operating system.

 

•  As I am currently in training, I will be helping you under the supervision of our Expert Teachers.   As such, there will likely be a delay between posts.   I do my best to respond as quick as I can.  I, like everyone else here am also a volunteer and sometimes life keeps me busy 

 

•  Thank you for your understanding and I appreciate your patience.

 

May you please locate and post the Extras.txt produced when you ran OTL?  It should be located at  C:\Documents and Settings\Sheri\My Documents\Downloads. 

 

While you're in there may you also please copy and paste OTL on your Desktop ~ it works best from there. 

 

Also ~ Please click on the Follow this topic button at the top of the page and the forum will notify you when posts are made for you here.

[23red]

Hi  Irishlass1021  

 

 

 I'm 23red, and it'll be my pleasure to assist you with your problem.  I am currently reviewing your log.  In the meantime, I'd be grateful if you would note the following:

 

•  Please make sure to carefully read every post completely before doing anything.
 
•  If you're not sure, or if something unexpected happens do not continue! Stop and ask!  It is not a problem.
 
•  Please do not run any other scans or other software on your computer unless asked as it may make this repair more difficult.
 
•  Please stick with me until all malware is gone from your system.  Malware removal is not an instant process, just because you no longer see any symptoms it does not necessarily mean your system is completely clear.

 

•  Please copy/paste to Notepad and save my instructions as a text file on your desktop, or print them out, as you may not be able to access this thread at times.

 

• Back up your data. I will not knowingly suggest your any course that might damage your system but sometimes Malware infections are so severe that only option we have is to re-format and re-install the operating system.

 

•  As I am currently in training, I will be helping you under the supervision of our Expert Teachers.   As such, there will likely be a delay between posts.   I do my best to respond as quick as I can.  I, like everyone else here am also a volunteer and sometimes life keeps me busy 

 

•  Thank you for your understanding and I appreciate your patience.

 

May you please locate and post the Extras.txt produced when you ran OTL?  It should be located at  C:\Documents and Settings\Sheri\My Documents\Downloads. 

 

While you're in there may you also please copy and paste OTL on your Desktop ~ it works best from there. 

 

Also ~ Please click on the Follow this topic button at the top of the page and the forum will notify you when posts are made for you here.

[Dakeyras]

Currently being assisted here.

This topic is now closed.