Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Cannot load malware tools and getting a avgnt.exe error on startup [Cl


  • This topic is locked This topic is locked

#1
joeyo256

joeyo256

    New Member

  • Member
  • Pip
  • 7 posts
Hi all

I have a few symtoms with this system and I haven't been able to find the source. On startup a splash screen comes up with a avgnt.exe error, see screen shot below. I also can't install any malware tools, I've been using my computer to xfer the programs into this one. lastly Avira wouldn't uninstall I did uninstall using REVO. I thought that would fix it, but of course it didn't. Below I have the screen shot and my latest OTL log.

Thanks in advanced.

Screen Shot

Error.jpg

OTL Log

OTL logfile created on: 2/21/2014 9:19:33 AM - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\linda\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.87 Gb Available Physical Memory | 43.46% Memory free
4.23 Gb Paging File | 3.12 Gb Available in Paging File | 73.80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 99.21 Gb Total Space | 60.97 Gb Free Space | 61.45% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.21 Gb Free Space | 62.09% Space Free | Partition Type: NTFS
Drive F: | 7.46 Gb Total Space | 5.58 Gb Free Space | 74.79% Space Free | Partition Type: FAT32
Drive G: | 6.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: LINDA-PC | User Name: linda | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Windows\System32\Macromed\Flash\FlashUtil32_12_0_0_70_ActiveX.exe (Adobe Systems Incorporated)
PRC - C:\Users\linda\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (SigmaTel, Inc.)
PRC - C:\Windows\System32\stacsv.exe (SigmaTel, Inc.)
PRC - C:\Program Files\Dell Network Assistant\hnm_svc.exe (SingleClick Systems)


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (LMIGuardianSvc) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.)
SRV - (TomTomHOMEService) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (GoToAssist) -- C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (STacSV) -- C:\Windows\System32\stacsv.exe (SigmaTel, Inc.)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (hnmsvc) -- C:\Program Files\Dell Network Assistant\hnm_svc.exe (SingleClick Systems)
SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe ()


========== Driver Services (SafeList) ==========

DRV - (UWProSys) -- C:\Program Files\CyberDefender\AntiSpyware\uwprosys.sys File not found
DRV - (mbr) -- C:\ComboFix\mbr.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\Users\linda\AppData\Local\Temp\catchme.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (LMIRfsClientNP) -- C:\Windows\System32\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (KMWDFILTER) -- C:\Windows\System32\drivers\KMWDFILTER.sys (Windows ® Codename Longhorn DDK provider)
DRV - (LMIRfsDriver) -- C:\Windows\System32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV - (CDAVFS) -- C:\Windows\System32\drivers\CDAVFS.sys (CyberDefender Corp.)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (SigmaTel, Inc.)
DRV - (bcm4sbxp) -- C:\Windows\System32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (dsunidrv) -- C:\Windows\System32\drivers\dsunidrv.sys (Gteko Ltd.)
DRV - (Packet) -- C:\Windows\System32\drivers\packet.sys (SingleClick Systems)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (e1express) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (DSproct) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {4722FEF0-F40F-4CDF-824A-C910EA32FD84}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...ie7&rlz=1I7DKUS


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3740740981-3820496719-748173504-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3740740981-3820496719-748173504-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3740740981-3820496719-748173504-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3740740981-3820496719-748173504-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3740740981-3820496719-748173504-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-3740740981-3820496719-748173504-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...ie7&rlz=1I7DKUS
IE - HKU\S-1-5-21-3740740981-3820496719-748173504-1000\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo....ms}&fr=chr-tyc8
IE - HKU\S-1-5-21-3740740981-3820496719-748173504-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)


[2008/06/09 13:04:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\linda\AppData\Roaming\Mozilla\Extensions
[2008/06/09 13:04:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\linda\AppData\Roaming\Mozilla\Extensions\[email protected]

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\32.0.1700.107\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\32.0.1700.107\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Wallet = C:\Users\linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2014/02/20 23:55:12 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKU\S-1-5-21-3740740981-3820496719-748173504-1000\..\Toolbar\WebBrowser: (no name) - {68FF9E0F-2E96-4467-87FA-1A8B9734C7E7} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (SigmaTel, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3740740981-3820496719-748173504-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3740740981-3820496719-748173504-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 65.32.5.111 65.32.5.112
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{94303015-FFFB-456C-8DAE-EF295954240B}: DhcpNameServer = 65.32.5.111 65.32.5.112
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\Vostro_NB_1280x864_01.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\Vostro_NB_1280x864_01.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/07/17 11:29:16 | 000,000,000 | RH-- | M] () - F:\autorun.wbcat -- [ FAT32 ]
O32 - AutoRun File - [2010/07/17 11:29:16 | 000,000,129 | ---- | M] () - F:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2008/05/06 07:26:23 | 000,000,309 | R--- | M] () - G:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2014/02/21 02:24:52 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2014/02/21 02:24:52 | 000,000,000 | ---D | C] -- C:\Users\linda\AppData\Local\temp
[2014/02/21 02:23:52 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014/02/21 01:38:19 | 000,000,000 | ---D | C] -- C:\Users\linda\AppData\Local\CrashDumps
[2014/02/21 01:36:11 | 000,000,000 | ---D | C] -- C:\Users\linda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2014/02/21 01:36:10 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2014/02/21 01:33:13 | 000,000,000 | ---D | C] -- C:\Users\linda\Desktop\RK_Quarantine
[2014/02/21 00:50:22 | 000,000,000 | ---D | C] -- C:\Users\linda\Desktop\FRST-OlderVersion
[2014/02/20 23:38:47 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2014/02/20 23:38:47 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2014/02/20 23:38:47 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2014/02/20 23:38:26 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/02/20 23:38:02 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2014/02/20 23:37:29 | 005,183,886 | R--- | C] (Swearware) -- C:\Users\linda\Desktop\ComboFix.exe
[2014/02/20 11:35:49 | 000,000,000 | ---D | C] -- C:\Users\linda\AppData\Roaming\Malwarebytes
[2014/02/20 11:35:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2014/02/20 11:35:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/02/20 11:35:34 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2014/02/20 11:35:34 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2014/02/19 16:14:21 | 000,000,000 | ---D | C] -- C:\FRST
[2014/02/19 16:13:05 | 001,142,784 | ---- | C] (Farbar) -- C:\Users\linda\Desktop\FRST.exe
[2014/02/19 12:55:22 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/02/19 10:33:13 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\linda\Desktop\aswmbr.exe
[2014/02/19 10:20:09 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\linda\Desktop\OTL.exe
[2014/02/18 21:52:33 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2014/02/18 21:52:30 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2014/02/18 21:52:30 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2014/02/18 21:52:29 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2014/02/18 21:52:29 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2014/02/18 21:52:26 | 001,806,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2014/02/18 21:52:26 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2014/02/18 21:52:23 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2014/02/18 15:54:45 | 002,050,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2014/02/18 15:54:44 | 000,335,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SysFxUI.dll
[2014/02/18 15:54:44 | 000,167,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\portcls.sys
[2014/02/18 15:54:44 | 000,130,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\drmk.sys
[2014/02/18 15:53:04 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscript.exe
[2014/02/18 15:53:04 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshcon.dll
[2014/02/18 15:52:47 | 000,596,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FWPUCLNT.DLL
[2014/02/18 10:17:50 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2014/02/18 10:17:50 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2014/02/18 10:17:50 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2014/02/18 10:17:50 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2014/02/18 10:17:50 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2014/02/18 10:17:50 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2014/02/18 10:17:49 | 001,069,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2014/02/18 10:17:49 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2014/02/18 10:17:38 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2014/02/18 10:17:29 | 000,102,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2014/02/18 10:17:05 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
[2014/02/18 10:17:05 | 000,006,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbd.sys
[2014/02/18 10:16:19 | 000,293,376 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2014/02/18 10:16:19 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2014/02/18 10:16:17 | 000,025,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidparse.sys
[2014/02/18 10:12:07 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/02/21 09:18:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/02/21 09:08:37 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/02/21 09:08:33 | 000,031,871 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2014/02/21 09:08:33 | 000,031,871 | ---- | M] () -- C:\ProgramData\nvModes.001
[2014/02/21 09:08:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/02/21 03:22:16 | 000,001,929 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/02/21 01:50:51 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/02/21 01:50:51 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/02/21 01:43:33 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/02/21 01:43:33 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/02/21 01:43:21 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/02/21 01:43:06 | 2145,583,104 | -HS- | M] () -- C:\hiberfil.sys
[2014/02/21 01:42:14 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2014/02/21 01:36:11 | 000,001,059 | ---- | M] () -- C:\Users\linda\Desktop\Revo Uninstaller.lnk
[2014/02/21 01:28:18 | 003,817,984 | ---- | M] () -- C:\Users\linda\Desktop\RogueKiller.exe
[2014/02/21 00:50:22 | 001,142,784 | ---- | M] (Farbar) -- C:\Users\linda\Desktop\FRST.exe
[2014/02/20 23:55:12 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2014/02/20 23:33:20 | 005,183,886 | R--- | M] (Swearware) -- C:\Users\linda\Desktop\ComboFix.exe
[2014/02/20 22:51:13 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2014/02/20 22:51:13 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2014/02/20 11:35:36 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/02/20 10:54:58 | 000,008,484 | ---- | M] () -- C:\Users\linda\AppData\Local\d3d9caps.dat
[2014/02/20 04:19:12 | 000,216,754 | ---- | M] () -- C:\Users\linda\AppData\Local\census.cache
[2014/02/20 04:18:53 | 000,154,198 | ---- | M] () -- C:\Users\linda\AppData\Local\ars.cache
[2014/02/19 10:33:13 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\linda\Desktop\aswmbr.exe
[2014/02/19 10:20:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\linda\Desktop\OTL.exe
[2014/02/19 09:05:01 | 000,280,040 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2014/02/18 10:48:19 | 000,000,036 | ---- | M] () -- C:\Users\linda\AppData\Local\housecall.guid.cache
[2014/02/05 03:56:17 | 001,806,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2014/02/05 03:49:56 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2014/02/05 03:49:14 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2014/02/05 03:48:56 | 000,065,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2014/02/05 03:48:40 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2014/02/05 03:47:57 | 000,607,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2014/02/05 03:47:16 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2014/02/05 03:46:50 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/02/21 01:36:11 | 000,001,059 | ---- | C] () -- C:\Users\linda\Desktop\Revo Uninstaller.lnk
[2014/02/21 01:33:00 | 003,817,984 | ---- | C] () -- C:\Users\linda\Desktop\RogueKiller.exe
[2014/02/20 23:38:47 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2014/02/20 23:38:47 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2014/02/20 23:38:47 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2014/02/20 23:38:47 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2014/02/20 23:38:47 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2014/02/20 22:13:07 | 2145,583,104 | -HS- | C] () -- C:\hiberfil.sys
[2014/02/20 11:35:36 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/02/20 04:19:12 | 000,216,754 | ---- | C] () -- C:\Users\linda\AppData\Local\census.cache
[2014/02/20 04:18:53 | 000,154,198 | ---- | C] () -- C:\Users\linda\AppData\Local\ars.cache
[2014/02/18 15:52:47 | 000,218,228 | ---- | C] () -- C:\Windows\System32\WFP.TMF
[2014/02/18 10:48:19 | 000,000,036 | ---- | C] () -- C:\Users\linda\AppData\Local\housecall.guid.cache
[2011/06/28 15:24:26 | 000,031,871 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2011/06/28 15:24:26 | 000,031,871 | ---- | C] () -- C:\ProgramData\nvModes.001
[2007/12/06 16:30:27 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2007/12/06 13:13:46 | 000,027,335 | ---- | C] () -- C:\Users\linda\AppData\Roaming\nvModes.001
[2007/12/06 13:08:00 | 000,027,335 | ---- | C] () -- C:\Users\linda\AppData\Roaming\nvModes.dat
[2007/12/06 13:07:07 | 000,008,484 | ---- | C] () -- C:\Users\linda\AppData\Local\d3d9caps.dat
[2007/11/30 15:54:34 | 000,005,120 | ---- | C] () -- C:\Users\linda\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2006/11/02 07:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 01:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2008/06/09 13:04:33 | 000,000,000 | ---D | M] -- C:\Users\linda\AppData\Roaming\TomTom

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:62E2D794

< End of report >
  • 0

Advertisements


#2
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hello linda, :wave: Welcome to the forums!
:welcome:. My name is godawgs and I will be assisting you with your Virus / Malware issues.
I will start working on your Malware issues. This may, or may not, solve other issues you have with your machine. The fixes are specific to your problem and should only be used for this issue on this machine!

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.
If you have not, please adhere to the guidelines below and then carefully follow all future instructions:

You must reply to posts within four days. If you haven't replied within that time, the topic will be closed! If you need additional time to complete things, just let me know.
If you're not sure, or if something unexpected happens, Do NOT continue! Stop and ask!

This board can notify you when a new reply is added to a topic. Please read this topic to find out how to do that.

Please do not run any tools unless instructed to do so.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability. Do as the instructions ask, nothing extra. Do Not run things twice unless instructed.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • If I ask a Question just answer it, don't run anything unless directed to.
Please read every post completely before doing anything.
  • Pay special attention to the NOTE: lines, or anything in red. These entries identify an individual issue or important step in the cleanup process.
  • Please make sure you are saving and printing the instructions out prior to each fix, this way you will have them on hand just in case you are unable to access this site. Some of the steps I will be asking you to do may require you to boot into Safe Mode and this process will be much easier for you to perform if the instructions are printed out for you to follow.
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
Logs from malware diagnostic or removal programs (OTL is one of them) can take some time to analyze.
  • I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forum, (sometimes :lol: )
  • Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
Lastly, Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. Some infections are so severe that we might encounter situations where the only recourse is to re-format and re-install your operating system. Don't worry, this only happens in severe cases, but, sadly, it does happen.
In light of this be prepared to back up your data. Have means of backing up your data available.

IMPORTANT:Change your browser(s) to download any tools to the desktop.
Follow the directions here
For FireFox check the dot beside "Always ask me where to save files."
For Chrome, check the box beside "Ask where to save each file before downloading"
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

When OTL runs the first time it creates a file named Extras.txt. It should be in the same directory you ran OTL from. Please post the contents of that file.

I have a few questions:

What malware tools have you tried to install?
What error messages do you get?
Why did you use Revo Uninstaller to uninstall Avira?
Did you try to uninstall Avira through the Installed Programs list in Control Panel?
Why are you having to transfer programs from your computer to this one?
I see that tou have run ComboFix. Please post the log also. You can find it at C:\ComboFix.txt.

By the way, the avgnt.exe error you are getting is because Ariva didn't get completely uninstalled.


Things For Your Next Post:
Please post the logs in the order requested. Please don't attach the logs unless I request it.
1. Answer my questions.
2. The ComboFix log
3. The Extras.txt log
  • 0

#3
joeyo256

joeyo256

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hi godawgs

First let me explain. My name is Joey, Linda is my aunt and this is the little nugget she droped on me while I am on vaca. The avgnt.exe error was there when I got it. I will give you the combo fix logs and answer all your questions when I get back to the homestead.

Thanks for the quick reply

Joey
  • 0

#4
joeyo256

joeyo256

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Back

I will answer your questions to the best of my ability.

Question 1 I first tried Housecall and aswmbr because Avira was disabled and I wanted to see if I could get lucky and find some sort viruse that would give me a path to a fix. Both were clean. This brings me to your question 5. I am using IE and when I try to download any tools from the site the splash comes up on the bottom to run, save, or cancel. I choose save and try save to the desktop (I'm not a total nub, I know that these programs like to be run from the desktop)It says the file couldn't be downloaded. After that I went to my own laptop, downloaded OTL, Malwarebytes Anti-malware(this corrected 15 issues), Fubar recovery(I ran it but did not let it fix anything) and of couse Combo fix.(I think this is the one that found QooBox in the c drive. I know thats bad). After that I pretty much packed it up and asked for help from you fine people. I still run XP and I don't have the expertise to trouble shoot Win Vista and above.

As far as Uninstalling Avira, Questions 3&4. I tried to uninstall avira normally but it failed. I tried just for giggles to delete the folder and it said I didn't have permission to delete the folder. My aunt has Admin rights so I would think I would be able to do this. I then turned to REVO which removed the entry in the add/ remove list but left the folder even though I directed it to remove it.

I think that should answer all your questions and again thank you for your help. I'm heading home tomorrow, driving from Fla to NYC. I will be taking the computer with me so we can still continue to work on it.

Here is the ComboFix.txt log

ComboFix 14-02-20.01 - linda 02/21/2014 2:12.2.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.2045.1347 [GMT -5:00]
Running from: c:\users\linda\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Outdated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Outdated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2014-01-21 to 2014-02-21 )))))))))))))))))))))))))))))))
.
.
2014-02-21 07:22 . 2014-02-21 07:22 -------- d-----w- c:\users\linda\AppData\Local\temp
2014-02-21 07:22 . 2014-02-21 07:22 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2014-02-21 07:22 . 2014-02-21 07:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-02-20 16:35 . 2014-02-20 16:35 -------- d-----w- c:\users\linda\AppData\Roaming\Malwarebytes
2014-02-20 16:35 . 2014-02-20 16:35 -------- d-----w- c:\programdata\Malwarebytes
2014-02-20 16:35 . 2014-02-20 16:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2014-02-20 16:35 . 2013-04-04 19:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-02-19 21:14 . 2014-02-21 05:51 -------- d-----w- C:\FRST
2014-02-19 17:55 . 2014-02-19 17:55 -------- d-----w- C:\_OTL
2014-02-18 20:54 . 2013-10-30 00:35 2050560 ----a-w- c:\windows\system32\win32k.sys
2014-02-18 20:54 . 2013-10-30 02:12 335360 ----a-w- c:\windows\system32\SysFxUI.dll
2014-02-18 20:54 . 2013-10-30 01:43 130048 ----a-w- c:\windows\system32\drivers\drmk.sys
2014-02-18 20:54 . 2013-10-30 00:43 167936 ----a-w- c:\windows\system32\drivers\portcls.sys
2014-02-18 20:54 . 2013-12-05 02:12 1248768 ----a-w- c:\windows\system32\msxml3.dll
2014-02-18 20:53 . 2013-10-11 02:08 36864 ----a-w- c:\windows\system32\wshcon.dll
2014-02-18 20:53 . 2013-10-11 02:08 131072 ----a-w- c:\windows\system32\wshom.ocx
2014-02-18 20:53 . 2013-10-11 02:08 172032 ----a-w- c:\windows\system32\scrrun.dll
2014-02-18 20:53 . 2013-10-11 00:35 135168 ----a-w- c:\windows\system32\cscript.exe
2014-02-18 20:53 . 2013-10-11 00:35 155648 ----a-w- c:\windows\system32\wscript.exe
2014-02-18 20:53 . 2013-10-03 12:45 297984 ----a-w- c:\windows\system32\gdi32.dll
2014-02-18 20:52 . 2013-10-03 12:45 993792 ----a-w- c:\windows\system32\crypt32.dll
2014-02-18 20:52 . 2013-10-11 02:08 444928 ----a-w- c:\windows\system32\IKEEXT.DLL
2014-02-18 20:52 . 2013-10-22 07:19 158208 ----a-w- c:\windows\system32\imagehlp.dll
2014-02-18 20:52 . 2013-10-11 02:07 596480 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2014-02-18 15:18 . 2014-02-18 15:18 -------- d-----w- c:\program files\GUM7020.tmp
2014-02-18 15:18 . 2014-02-18 15:18 49940480 ----a-w- c:\program files\GUT7021.tmp
2014-02-18 15:16 . 2013-06-26 23:01 527064 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2014-02-18 15:16 . 2013-07-04 04:21 532480 ----a-w- c:\windows\system32\comctl32.dll
2014-02-18 15:16 . 2013-06-04 04:16 34304 ----a-w- c:\windows\system32\atmlib.dll
2014-02-18 15:16 . 2013-06-04 01:49 293376 ----a-w- c:\windows\system32\atmfd.dll
2014-02-18 15:16 . 2013-07-03 02:10 25472 ----a-w- c:\windows\system32\drivers\hidparse.sys
2014-02-18 15:16 . 2013-07-05 04:53 905664 ----a-w- c:\windows\system32\drivers\tcpip.sys
2014-02-18 15:16 . 2013-06-15 13:22 15872 ----a-w- c:\windows\system32\icaapi.dll
2014-02-18 15:16 . 2013-06-15 11:23 24064 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
2014-02-18 15:12 . 2013-07-17 19:41 2048 ----a-w- c:\windows\system32\tzres.dll
2014-02-18 15:11 . 2013-07-10 09:47 783360 ----a-w- c:\windows\system32\rpcrt4.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-21 03:51 . 2012-04-08 14:46 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-02-21 03:51 . 2011-06-14 21:39 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-12-04 384800]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-06-27 405504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-02-18 20:20 1211720 ----a-w- c:\program files\Google\Chrome\Application\32.0.1700.107\Installer\chrmstp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2011-06-28 20:20 114176 ----a-w- c:\windows\System32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2014-02-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 03:51]
.
2014-02-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-08 14:55]
.
2014-02-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-08 14:55]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 65.32.5.111 65.32.5.112
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-02-21 02:22
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3740740981-3820496719-748173504-1000_Classes\CLSID]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-3740740981-3820496719-748173504-1000_Classes\CLSID\{80A95F12-94C2-4B1D-8AE3-F0CBE5E96E85}]
@DACL=(02 0000)
@="Avira Addon"
.
[HKEY_USERS\S-1-5-21-3740740981-3820496719-748173504-1000_Classes\CLSID\{EB959CA4-408B-4465-9CF5-7EBA7B885153}]
@DACL=(02 0000)
@="Avira Addon"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2014-02-21 02:24:48
ComboFix-quarantined-files.txt 2014-02-21 07:24
ComboFix2.txt 2014-02-21 05:01
.
Pre-Run: 65,340,825,600 bytes free
Post-Run: 65,431,158,784 bytes free
.
- - End Of File - - 8F3030595364AA66DF67D6FF2CC3C6F7
5C616939100B85E558DA92B899A0FC36


The Extras.txt is not on my desktop and I don't think one was generated when I did the scan. I have both the FRST.txt and Additions.txt from a Fubar scan if that will help.

Thanks again and I look forward to your next reply.

Edited by joeyo256, 21 February 2014 - 09:46 PM.

  • 0

#5
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Sorry for the name confusion Joey.

...thank you for your help. I'm heading home tomorrow, driving from Fla to NYC. I will be taking the computer with me so we can still continue to work on it.

You are welcome. Have a safe travel.

Thanks for the information. First of all, there isn't an antivirus program on this computer. So I want you to disconnect it from the internet and only re-connect it to come here and read my posts ot post your replies. Once we have completely gotten Avira uninstalled and seen what else is going on we will get an AV program on the computer and then you can re-connect it to the internet permanently.

I understand that there is a problem downloading files using IE. But we need to see if you can download files using a different browser, like Firefox. So when you download these next tools please use Firefox.

Fubar recovery(I ran it but did not let it fix anything)

I want you to post the FRST.txt log and the Addition.txt log in your next reply.

...Combo fix.(I think this is the one that found QooBox in the c drive. I know thats bad).

Actually, the Qoobox folder is created when ComboFix runs. So it's not bad.

The Extras.txt is not on my desktop and I don't think one was generated when I did the scan.

OTL only produces the Extras.txt log on the first run of the tool. Since this was the 5th run no log was produced. I will post instructions on how to force OTL to give us an Extras.txt log.

I also see that you have run RogueKiller. Please post the RKreport.txt log in your next reply. It should be on the desktop.

I want you to delete the aswMBR.exe file that is on the desktop. Then we will download a fresh copy and run a new scan.


Step-1.

Run aswMBR
  • Download aswMBR.exe to your desktop.
  • Right click the aswMBR.exe file and click Run as Administrator. If you get a UAC window, allow the file to run.
  • If it asks you if you want to download the latest virus definitions, click Yes
  • Be sure the A/V Scan: is set to QuickScan
  • Click the "Scan" button to start the scan
    Posted Image
  • On completion of the scan click save log. Save it to your desktop and post in your next reply.
    Posted Image
NOTE: When you run aswMBR, if it is shutdown automatically, then it is most likely the infection detecting that aswMBR is running and terminating it. In this situation you should rename the executable (aswMBR.exe) to iexplore.exe and try it again.


Step-2.

Posted Image OTL Custom Scan

1. Please copy the text in the Quote box below, (Do Not copy the word Quote), and paste it in the Posted Image box in OTL. To do that:
  • Highlight everything inside the quote box, (except the word Quote), right click the mouse and click Copy.

createrestorepoint
baseservices
/md5start
rcss.dll
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
dir "%systemdrive%\*" /S /A:L /C


2. Re-open Posted Imageon the desktop. To do that:
  • Vista / 7 Users: Right click on the icon and click Run as Administrator)
Make sure all other windows are closed.
  • You will see a console like the one below:

    Posted Image
  • Click the box beside Scan All Users at the top of the console
  • Make sure the Output box at the top is set to Standard Output.
  • In the Extra Registry section click the radio button beside Use SafeList<---Very Important
  • Check the boxes beside LOP Check and Purity Check.
  • Place the mouse pointer inside thePosted Image box, right click and click Paste. This will put the above script inside OTL
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so.
  • Let the scan run uninterrupted.
  • When the scan completes, it will open OTL.Txt on the desktop. The Extras.txt file will be minimized on the taskbar. These files are also saved in the same location as OTL (it should be on your desktop).
  • Please copy the contents of these files and paste them into your reply. To do that:
  • On the OTL.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
  • Right click inside the forum post window then click Paste. This will paste the contents of the OTL.txt file in the in the post window.
Repeat for the Extras.txt file.


Things For Your Next Post:
Please post the logs in the order requested. Please don't attach the logs unless I request it.
1. Let me know if you were able to download aswMBR using Firefox.
2. The new aswMBR.txt log
3. The RKreport.txt log
4. The FRST.txt log
5. The Addition.txt log
6. The new OTL.txt log
7. The new Extras.txt log
  • 0

#6
joeyo256

joeyo256

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hi Godawgs:

I read your post and I'll have all info for you tonight. Had realy crappy signal at the hotel where we stopped at. Sorry about the delay.
  • 0

#7
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
No problem. If you want to wait till you get home that's fine. Just let me know if it's gonna be longer than 4 days and I won't close the topic.
  • 0

#8
joeyo256

joeyo256

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hi godawgs:

I successfully deleted and recopied aswMBR to the desktop using Chrome, because it was already installed.

I don't have a RKreport.txt on my desktop

The aswMBR.txt, FRST.txt, Additions.txt, new OTL.txt, new Extras.txt are posted below.


aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2014-02-24 16:07:49
-----------------------------
16:07:49.011 OS Version: Windows 6.0.6002 Service Pack 2
16:07:49.011 Number of processors: 2 586 0xF0D
16:07:49.011 ComputerName: LINDA-PC UserName: linda
16:07:50.321 Initialize success
16:11:03.907 AVAST engine defs: 14022401
16:12:20.861 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
16:12:20.861 Disk 0 Vendor: FUJITSU_ 0085 Size: 114473MB BusType: 3
16:12:21.002 Disk 0 MBR read successfully
16:12:21.002 Disk 0 MBR scan
16:12:21.033 Disk 0 Windows VISTA default MBR code
16:12:21.033 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 78 MB offset 63
16:12:21.064 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10240 MB offset 161792
16:12:21.095 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 101593 MB offset 21133312
16:12:21.111 Disk 0 Partition - 00 0F Extended LBA 2560 MB offset 229195776
16:12:21.158 Disk 0 Partition 4 00 DD MSDOS5.0 2559 MB offset 229197824
16:12:21.173 Disk 0 scanning sectors +234438656
16:12:21.298 Disk 0 scanning C:\Windows\system32\drivers
16:12:36.430 Service scanning
16:13:14.572 Modules scanning
16:13:23.074 Disk 0 trace - called modules:
16:13:23.168 ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll
16:13:23.183 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x858871d0]
16:13:23.199 3 CLASSPNP.SYS[87fa28b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x84a17030]
16:13:24.057 AVAST engine scan C:\Windows
16:13:28.082 AVAST engine scan C:\Windows\system32
16:18:22.142 AVAST engine scan C:\Windows\system32\drivers
16:18:40.706 AVAST engine scan C:\Users\linda
16:21:24.163 AVAST engine scan C:\ProgramData
16:22:25.970 Scan finished successfully
16:32:24.136 Disk 0 MBR has been saved successfully to "C:\Users\linda\Desktop\MBR.dat"
16:32:24.152 The log file has been saved successfully to "C:\Users\linda\Desktop\aswMBR.txt"





FRST.txt



Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-02-2014
Ran by linda (administrator) on LINDA-PC on 21-02-2014 00:50:52
Running from C:\Users\linda\Desktop
Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(SingleClick Systems) C:\Program Files\Dell Network Assistant\hnm_svc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(SigmaTel, Inc.) C:\Windows\system32\STacSV.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
(Conexant Systems, Inc.) C:\Windows\system32\DRIVERS\xaudio.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
(SigmaTel, Inc.) C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil32_12_0_0_70_ActiveX.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [39792 2008-01-11] (Adobe Systems Incorporated)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [384800 2012-12-04] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [SigmatelSysTrayApp] - C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe [405504 2007-06-27] (SigmaTel, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope {4722FEF0-F40F-4CDF-824A-C910EA32FD84} URL =
SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://search.yahoo....ms}&fr=chr-tyc8
BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - CyberDefender Security Toolbar - {68FF9E0F-2E96-4467-87FA-1A8B9734C7E7} - No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [260384] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [260384] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [260384] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [260384] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [260384] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [260384] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [260384] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [260384] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 19 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [260384] (Avira Operations GmbH & Co. KG)
Tcpip\Parameters: [DhcpNameServer] 65.32.5.111 65.32.5.112

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\32.0.1700.107\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\32.0.1700.107\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (YouTube) - C:\Users\linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-11-08]
CHR Extension: (Google Search) - C:\Users\linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-11-08]
CHR Extension: (Google Wallet) - C:\Users\linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-19]
CHR Extension: (Gmail) - C:\Users\linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-11-08]

========================== Services (Whitelisted) =================

S2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [85280 2012-12-04] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [109344 2012-12-04] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [565024 2012-12-04] (Avira Operations GmbH & Co. KG)
S3 DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [70656 2007-03-19] ()
R2 hnmsvc; C:\Program Files\Dell Network Assistant\hnm_svc.exe [112176 2007-05-25] (SingleClick Systems)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 STacSV; C:\Windows\system32\STacSV.exe [94208 2007-06-27] (SigmaTel, Inc.)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [83432 2012-12-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [133824 2012-12-04] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [36552 2012-12-04] (Avira Operations GmbH & Co. KG)
S3 CDAVFS; C:\Windows\System32\DRIVERS\CDAVFS.sys [67424 2007-12-08] (CyberDefender Corp.)
S3 KMWDFILTER; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [17408 2008-10-09] (Windows ® Codename Longhorn DDK provider)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R2 Packet; C:\Windows\System32\DRIVERS\packet.sys [12672 2006-12-18] (SingleClick Systems)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
R3 STHDA; C:\Windows\System32\drivers\stwrt.sys [326656 2007-06-27] (SigmaTel, Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
R3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S4 LMIRfsClientNP; No ImagePath
S3 UWProSys; \??\C:\Program Files\CyberDefender\AntiSpyware\uwprosys.sys [X]
U3 mbr; \??\C:\Users\linda\AppData\Local\Temp\mbr.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-21 00:50 - 2014-02-21 00:50 - 00000000 ____D () C:\Users\linda\Desktop\FRST-OlderVersion
2014-02-21 00:01 - 2014-02-21 00:01 - 00009046 _____ () C:\ComboFix.txt
2014-02-20 23:38 - 2014-02-21 00:02 - 00000000 ____D () C:\Qoobox
2014-02-20 23:38 - 2014-02-20 23:59 - 00000000 ____D () C:\Windows\erdnt
2014-02-20 23:38 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-02-20 23:38 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-02-20 23:38 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-02-20 23:38 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-02-20 23:38 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-02-20 23:38 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe
2014-02-20 23:38 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe
2014-02-20 23:38 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe
2014-02-20 23:37 - 2014-02-20 23:33 - 05183886 ____R (Swearware) C:\Users\linda\Desktop\ComboFix.exe
2014-02-20 11:57 - 2014-02-20 11:57 - 00000795 _____ () C:\Windows\setupact.log
2014-02-20 11:57 - 2014-02-20 11:57 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-20 11:35 - 2014-02-20 11:35 - 00000908 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-20 11:35 - 2014-02-20 11:35 - 00000000 ____D () C:\Users\linda\AppData\Roaming\Malwarebytes
2014-02-20 11:35 - 2014-02-20 11:35 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-20 11:35 - 2014-02-20 11:35 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-02-20 11:35 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-02-20 09:57 - 2014-02-20 09:57 - 00380416 _____ () C:\Users\linda\Downloads\1187qokh.exe
2014-02-20 04:19 - 2014-02-20 04:19 - 00216754 _____ () C:\Users\linda\AppData\Local\census.cache
2014-02-20 04:18 - 2014-02-20 04:18 - 00154198 _____ () C:\Users\linda\AppData\Local\ars.cache
2014-02-19 16:15 - 2014-02-19 16:15 - 00018555 _____ () C:\Users\linda\Desktop\Addition.txt
2014-02-19 16:14 - 2014-02-21 00:50 - 00008836 _____ () C:\Users\linda\Desktop\FRST.txt
2014-02-19 16:14 - 2014-02-21 00:50 - 00000000 ____D () C:\FRST
2014-02-19 16:13 - 2014-02-21 00:50 - 01142784 _____ (Farbar) C:\Users\linda\Desktop\FRST.exe
2014-02-19 16:03 - 2014-02-19 16:03 - 00003484 _____ () C:\Users\linda\Documents\temp.txt
2014-02-19 12:55 - 2014-02-19 12:55 - 00000000 ____D () C:\_OTL
2014-02-19 10:54 - 2014-02-20 09:45 - 00080294 _____ () C:\Users\linda\Desktop\OTL.Txt
2014-02-19 10:33 - 2014-02-19 10:33 - 04745728 _____ (AVAST Software) C:\Users\linda\Desktop\aswmbr.exe
2014-02-19 10:20 - 2014-02-19 10:20 - 00602112 _____ (OldTimer Tools) C:\Users\linda\Desktop\OTL.exe
2014-02-19 10:19 - 2014-02-19 10:19 - 00602112 _____ (OldTimer Tools) C:\Users\linda\Downloads\OTL.exe
2014-02-18 21:52 - 2014-02-05 03:58 - 12345344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-18 21:52 - 2014-02-05 03:56 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-18 21:52 - 2014-02-05 03:53 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-18 21:52 - 2014-02-05 03:51 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-18 21:52 - 2014-02-05 03:50 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-18 21:52 - 2014-02-05 03:49 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-18 21:52 - 2014-02-05 03:49 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-18 21:52 - 2014-02-05 03:48 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-18 21:52 - 2014-02-05 03:48 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-18 21:52 - 2014-02-05 03:48 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-18 21:52 - 2014-02-05 03:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-18 21:52 - 2014-02-05 03:48 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-18 21:52 - 2014-02-05 03:47 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-18 21:52 - 2014-02-05 03:47 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-18 21:52 - 2014-02-05 03:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-18 21:52 - 2014-02-05 03:46 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-18 15:54 - 2013-12-04 21:12 - 01248768 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-18 15:54 - 2013-10-29 21:12 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll
2014-02-18 15:54 - 2013-10-29 20:43 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2014-02-18 15:54 - 2013-10-29 19:43 - 00167936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2014-02-18 15:54 - 2013-10-29 19:35 - 02050560 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-02-18 15:53 - 2013-10-10 21:08 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2014-02-18 15:53 - 2013-10-10 21:08 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2014-02-18 15:53 - 2013-10-10 21:08 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wshcon.dll
2014-02-18 15:53 - 2013-10-10 19:35 - 00155648 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2014-02-18 15:53 - 2013-10-10 19:35 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2014-02-18 15:53 - 2013-10-03 07:45 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-02-18 15:52 - 2013-10-22 02:19 - 00158208 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2014-02-18 15:52 - 2013-10-10 21:08 - 00444928 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2014-02-18 15:52 - 2013-10-10 21:07 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2014-02-18 15:52 - 2013-10-10 19:39 - 00218228 _____ () C:\Windows\system32\WFP.TMF
2014-02-18 15:52 - 2013-10-03 07:45 - 00993792 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-02-18 10:48 - 2014-02-18 10:48 - 00000036 _____ () C:\Users\linda\AppData\Local\housecall.guid.cache
2014-02-18 10:18 - 2014-02-18 10:18 - 49940480 _____ () C:\Program Files\GUT7021.tmp
2014-02-18 10:18 - 2014-02-18 10:18 - 00000000 ____D () C:\Program Files\GUM7020.tmp
2014-02-18 10:17 - 2013-08-26 21:47 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2014-02-18 10:17 - 2013-08-26 21:47 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2014-02-18 10:17 - 2013-08-26 21:47 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2014-02-18 10:17 - 2013-08-26 21:47 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2014-02-18 10:17 - 2013-08-26 20:52 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-18 10:17 - 2013-08-26 20:50 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2014-02-18 10:17 - 2013-08-26 20:32 - 00683008 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-18 10:17 - 2013-08-26 20:28 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2014-02-18 10:17 - 2013-08-26 20:28 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2014-02-18 10:17 - 2013-07-31 22:16 - 00638400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-02-18 10:17 - 2013-07-31 21:49 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-02-18 10:17 - 2013-07-20 05:44 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2014-02-18 10:17 - 2013-06-28 21:07 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-02-18 10:17 - 2013-06-28 21:07 - 00197632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-02-18 10:17 - 2013-06-28 21:06 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-02-18 10:17 - 2011-05-05 08:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-02-18 10:17 - 2011-05-05 08:54 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-02-18 10:16 - 2013-07-04 23:53 - 00905664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-02-18 10:16 - 2013-07-03 23:21 - 00532480 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2014-02-18 10:16 - 2013-07-02 21:10 - 00025472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2014-02-18 10:16 - 2013-06-26 18:01 - 00527064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2014-02-18 10:16 - 2013-06-15 08:22 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll
2014-02-18 10:16 - 2013-06-15 06:23 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-02-18 10:16 - 2013-06-03 23:16 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2014-02-18 10:16 - 2013-06-03 20:49 - 00293376 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2014-02-18 10:12 - 2013-07-17 14:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-02-18 10:11 - 2013-07-10 04:47 - 00783360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll

==================== One Month Modified Files and Folders =======

2014-02-21 00:51 - 2012-04-08 09:46 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-21 00:50 - 2014-02-21 00:50 - 00000000 ____D () C:\Users\linda\Desktop\FRST-OlderVersion
2014-02-21 00:50 - 2014-02-19 16:14 - 00008836 _____ () C:\Users\linda\Desktop\FRST.txt
2014-02-21 00:50 - 2014-02-19 16:14 - 00000000 ____D () C:\FRST
2014-02-21 00:50 - 2014-02-19 16:13 - 01142784 _____ (Farbar) C:\Users\linda\Desktop\FRST.exe
2014-02-21 00:18 - 2012-04-08 09:56 - 00000884 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-21 00:02 - 2014-02-20 23:38 - 00000000 ____D () C:\Qoobox
2014-02-21 00:02 - 2006-11-02 05:33 - 00703388 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-21 00:01 - 2014-02-21 00:01 - 00009046 _____ () C:\ComboFix.txt
2014-02-21 00:01 - 2006-11-02 06:18 - 00000000 __RHD () C:\Users\Default
2014-02-21 00:01 - 2006-11-02 06:18 - 00000000 ___RD () C:\Users\Public
2014-02-20 23:59 - 2014-02-20 23:38 - 00000000 ____D () C:\Windows\erdnt
2014-02-20 23:58 - 2007-11-23 20:18 - 01873279 _____ () C:\Windows\WindowsUpdate.log
2014-02-20 23:56 - 2006-11-02 05:23 - 00000215 _____ () C:\Windows\system.ini
2014-02-20 23:54 - 2012-10-26 18:42 - 00016802 _____ () C:\Windows\PFRO.log
2014-02-20 23:54 - 2012-04-08 09:56 - 00000880 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-20 23:54 - 2011-06-28 15:24 - 00031871 _____ () C:\ProgramData\nvModes.dat
2014-02-20 23:54 - 2011-06-28 15:24 - 00031871 _____ () C:\ProgramData\nvModes.001
2014-02-20 23:54 - 2006-11-02 07:58 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-20 23:54 - 2006-11-02 07:45 - 00003568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-20 23:54 - 2006-11-02 07:45 - 00003568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-20 23:53 - 2007-11-23 20:30 - 00000012 _____ () C:\Windows\bthservsdp.dat
2014-02-20 23:53 - 2006-11-02 07:58 - 00032638 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-02-20 23:53 - 2006-11-02 05:22 - 33816576 _____ () C:\Windows\system32\config\COMPON~3.bak
2014-02-20 23:53 - 2006-11-02 05:22 - 32505856 _____ () C:\Windows\system32\config\software.bak
2014-02-20 23:53 - 2006-11-02 05:22 - 17039360 _____ () C:\Windows\system32\config\system.bak
2014-02-20 23:53 - 2006-11-02 05:22 - 00262144 _____ () C:\Windows\system32\config\security.bak
2014-02-20 23:53 - 2006-11-02 05:22 - 00262144 _____ () C:\Windows\system32\config\sam.bak
2014-02-20 23:53 - 2006-11-02 05:22 - 00262144 _____ () C:\Windows\system32\config\default.bak
2014-02-20 23:51 - 2007-11-30 15:43 - 00000000 ____D () C:\Users\linda
2014-02-20 23:33 - 2014-02-20 23:37 - 05183886 ____R (Swearware) C:\Users\linda\Desktop\ComboFix.exe
2014-02-20 22:51 - 2012-04-08 09:46 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-02-20 22:51 - 2011-06-14 16:39 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-02-20 11:57 - 2014-02-20 11:57 - 00000795 _____ () C:\Windows\setupact.log
2014-02-20 11:57 - 2014-02-20 11:57 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-20 11:56 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\security
2014-02-20 11:35 - 2014-02-20 11:35 - 00000908 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-20 11:35 - 2014-02-20 11:35 - 00000000 ____D () C:\Users\linda\AppData\Roaming\Malwarebytes
2014-02-20 11:35 - 2014-02-20 11:35 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-20 11:35 - 2014-02-20 11:35 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-02-20 10:54 - 2007-12-06 13:07 - 00008484 _____ () C:\Users\linda\AppData\Local\d3d9caps.dat
2014-02-20 09:57 - 2014-02-20 09:57 - 00380416 _____ () C:\Users\linda\Downloads\1187qokh.exe
2014-02-20 09:45 - 2014-02-19 10:54 - 00080294 _____ () C:\Users\linda\Desktop\OTL.Txt
2014-02-20 04:19 - 2014-02-20 04:19 - 00216754 _____ () C:\Users\linda\AppData\Local\census.cache
2014-02-20 04:18 - 2014-02-20 04:18 - 00154198 _____ () C:\Users\linda\AppData\Local\ars.cache
2014-02-19 16:15 - 2014-02-19 16:15 - 00018555 _____ () C:\Users\linda\Desktop\Addition.txt
2014-02-19 16:03 - 2014-02-19 16:03 - 00003484 _____ () C:\Users\linda\Documents\temp.txt
2014-02-19 12:55 - 2014-02-19 12:55 - 00000000 ____D () C:\_OTL
2014-02-19 12:34 - 2012-10-23 06:48 - 00000000 ____D () C:\ProgramData\Avira
2014-02-19 12:34 - 2012-10-23 06:48 - 00000000 ____D () C:\Program Files\Avira
2014-02-19 10:33 - 2014-02-19 10:33 - 04745728 _____ (AVAST Software) C:\Users\linda\Desktop\aswmbr.exe
2014-02-19 10:27 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-02-19 10:20 - 2014-02-19 10:20 - 00602112 _____ (OldTimer Tools) C:\Users\linda\Desktop\OTL.exe
2014-02-19 10:19 - 2014-02-19 10:19 - 00602112 _____ (OldTimer Tools) C:\Users\linda\Downloads\OTL.exe
2014-02-19 09:31 - 2007-11-30 15:44 - 00000000 ____D () C:\Users\linda\AppData\Local\Google
2014-02-19 09:26 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\rescache
2014-02-19 09:23 - 2007-11-23 20:32 - 00000000 ____D () C:\Program Files\Digital Line Detect
2014-02-19 09:23 - 2007-11-23 20:31 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-02-19 09:05 - 2006-11-02 07:44 - 00280040 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-02-18 22:12 - 2013-11-04 11:43 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-18 15:21 - 2012-11-08 12:38 - 00001929 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-18 15:21 - 2012-10-30 15:56 - 00000000 ____D () C:\ProgramData\Google
2014-02-18 11:51 - 2012-02-23 00:00 - 00000000 ____D () C:\Hijack This
2014-02-18 10:48 - 2014-02-18 10:48 - 00000036 _____ () C:\Users\linda\AppData\Local\housecall.guid.cache
2014-02-18 10:44 - 2012-10-23 07:55 - 00000000 ____D () C:\Users\linda\AppData\Local\DoNotTrackPlus
2014-02-18 10:18 - 2014-02-18 10:18 - 49940480 _____ () C:\Program Files\GUT7021.tmp
2014-02-18 10:18 - 2014-02-18 10:18 - 00000000 ____D () C:\Program Files\GUM7020.tmp
2014-02-18 10:04 - 2006-11-02 07:35 - 00000000 ____D () C:\Windows\system32\XPSViewer
2014-02-05 03:58 - 2014-02-18 21:52 - 12345344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-05 03:56 - 2014-02-18 21:52 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-05 03:53 - 2014-02-18 21:52 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-05 03:51 - 2014-02-18 21:52 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-05 03:50 - 2014-02-18 21:52 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-05 03:49 - 2014-02-18 21:52 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-05 03:49 - 2014-02-18 21:52 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-05 03:48 - 2014-02-18 21:52 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-05 03:48 - 2014-02-18 21:52 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-05 03:48 - 2014-02-18 21:52 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-05 03:48 - 2014-02-18 21:52 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-05 03:48 - 2014-02-18 21:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-05 03:47 - 2014-02-18 21:52 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-05 03:47 - 2014-02-18 21:52 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-05 03:47 - 2014-02-18 21:52 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-05 03:46 - 2014-02-18 21:52 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-04 19:09 - 2006-11-02 05:24 - 85946576 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-21 00:02

==================== End Of Log ============================


Additions.txt


Additional scan result of Farbar Recovery Scan Tool (x86) Version: 16-02-2014
Ran by linda at 2014-02-19 16:15:23
Running from C:\Users\linda\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Disabled - Out of date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Disabled - Out of date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Adobe Flash Player 12 ActiveX (Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Reader 8.1.2 (Version: 8.1.2 - Adobe Systems Incorporated)
Avira Free Antivirus (Version: 13.0.0.2832 - Avira)
Bejeweled Deluxe 1.87 (Version: - )
Broadcom Management Programs (Version: 10.15.03 - Broadcom Corporation)
Browser Address Error Redirector (Version: 1.00.0000 - Dell)
Canon iP1700 (Version: - )
Canon iP1700 User Registration (Version: - )
Canon My Printer (Version: - )
Canon Utilities Easy-PhotoPrint (Version: - )
Conexant HDA D330 MDC V.92 Modem (Version: - )
Dell Getting Started Guide (Version: 1.00.0000 - Dell Inc.)
Dell Network Assistant (Version: 3.0.0.0 - Dell Inc.)
Dell Touchpad (Version: 9.1.18.6 - Synaptics)
DellSupport (Version: 6.0.3075 - Dell)
Easy-WebPrint (Version: - )
Google Chrome (Version: 32.0.1700.107 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (Version: 7.5.4805.320 - Google Inc.)
Google Update Helper (Version: 1.3.22.5 - Google Inc.) Hidden
GoToAssist 8.0.0.480 (Version: - )
Java™ SE Runtime Environment 6 (Version: 1.6.0.0 - Sun Microsystems, Inc.)
MediaDirect (Version: 4.7 - Dell)
Microsoft .NET Framework 3.5 SP1 (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Works (Version: 08.05.0818 - Microsoft Corporation)
Modem Diagnostic Tool (Version: 1.0.20.0 - Dell)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0 - Microsoft Corporation)
My Web Search (Smiley Central) (Version: - My Web Search) <==== ATTENTION
NetWaiting (Version: 2.5.44 - BVRP Software, Inc)
NVIDIA Drivers (Version: 1.3 - NVIDIA Corporation)
OutlookAddinSetup (Version: 1.0.0 - CyberLink)
Product Documentation Launcher (Version: 1.00.0000 - Dell Inc.)
QuickSet (Version: 8.0.13 - Dell Inc.)
TomTom HOME 2.7.6.2056 (Version: 2.7.6.2056 - TomTom)
TomTom HOME Visual Studio Merge Modules (Version: 1.0.2 - TomTom International B.V.)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3 - Microsoft Corporation)
User's Guides (Version: - )
Windows Mobile Device Center (Version: 6.1.6965.0 - Microsoft Corporation)
Windows Mobile Device Center Driver Update (Version: 6.1.6965.0 - Microsoft Corporation)
Yahoo! Install Manager (Version: - )
Yahoo! Search Protection (Version: - )
Yahoo! Software Update (Version: - )
Yahoo! Toolbar (Version: - Yahoo! Inc.)

==================== Restore Points =========================

26-03-2013 16:08:48 Windows Update
22-09-2013 14:37:07 Windows Update
24-09-2013 13:58:08 Windows Update
24-09-2013 14:38:42 Removed Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
04-11-2013 16:33:11 Windows Update
21-01-2014 03:15:33 Windows Update
18-02-2014 15:02:47 Windows Update
19-02-2014 02:43:51 Windows Update
19-02-2014 14:17:03 Removed Avira SearchFree Toolbar plus Web Protection.
19-02-2014 14:21:52 Removed Digital Line Detect
19-02-2014 14:23:16 Removed Digital Line Detect
19-02-2014 15:43:25 OTL Restore Point - 2/19/2014 10:43:25 AM
19-02-2014 17:55:33 OTL Restore Point - 2/19/2014 12:55:33 PM

==================== Hosts content: ==========================

2006-11-02 05:23 - 2006-09-18 16:41 - 00000736 ___RA C:\Windows\system32\Drivers\etc\hosts
::1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {12DE47EE-6ECD-4F82-B0E4-00966E8C1B52} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-04-08] (Google Inc.)
Task: {18DFD9FC-082E-4E9B-8285-5F21D2B4EDAE} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {1BD18F9B-E3A1-447D-A7EC-649334D7122A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-18] (Adobe Systems Incorporated)
Task: {3FFD07BD-15DD-4EC2-8538-510CD88F6BC3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-04-08] (Google Inc.)
Task: {55BD247C-30C4-456B-9FEA-901D9092B71B} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {5916F864-469C-4391-8604-E4EA141A2699} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-05] ()
Task: {8B0E6FAB-F43A-4988-AF0A-A21646C212F0} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {9ED703A9-5FFD-40D5-895A-4385EE1509DE} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation)
Task: {E615A689-89A4-4516-AA9D-B9828A42287A} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============


==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:62E2D794

==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============

Name: Microsoft 6to4 Adapter #2
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver


==================== Event log errors: =========================

Application errors:
==================
Error: (02/19/2014 01:04:23 PM) (Source: Application Hang) (User: )
Description: The program OTL.exe version 3.2.69.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 11bc
Start Time: 01cf2d9b89359ebf
Termination Time: 0

Error: (02/19/2014 00:35:31 PM) (Source: Application Error) (User: )
Description: Faulting application setup.exe_Avira Free Antivirus, version 13.4.0.304, time stamp 0x50ab7465, faulting module MSVCR100.dll, version 6.0.6002.18881, time stamp 0x51da3e27, exception code 0xc0000135, fault offset 0x00009f5d,
process id 0xd80, application start time 0xsetup.exe_Avira Free Antivirus0.

Error: (02/19/2014 00:25:48 PM) (Source: Application Error) (User: )
Description: Faulting application setup.exe_Avira Free Antivirus, version 13.4.0.304, time stamp 0x50ab7465, faulting module MSVCR100.dll, version 6.0.6002.18881, time stamp 0x51da3e27, exception code 0xc0000135, fault offset 0x00009f5d,
process id 0xa5c, application start time 0xsetup.exe_Avira Free Antivirus0.

Error: (02/19/2014 00:25:26 PM) (Source: Application Error) (User: )
Description: Faulting application setup.exe_Avira Free Antivirus, version 13.4.0.304, time stamp 0x50ab7465, faulting module MSVCR100.dll, version 6.0.6002.18881, time stamp 0x51da3e27, exception code 0xc0000135, fault offset 0x00009f5d,
process id 0xfc8, application start time 0xsetup.exe_Avira Free Antivirus0.

Error: (02/19/2014 00:24:31 PM) (Source: Application Error) (User: )
Description: Faulting application setup.exe_Avira Free Antivirus, version 13.4.0.304, time stamp 0x50ab7465, faulting module MSVCR100.dll, version 6.0.6002.18881, time stamp 0x51da3e27, exception code 0xc0000135, fault offset 0x00009f5d,
process id 0xcdc, application start time 0xsetup.exe_Avira Free Antivirus0.

Error: (02/19/2014 00:21:44 PM) (Source: Application Error) (User: )
Description: Faulting application wsctool.exe, version 13.4.0.267, time stamp 0x50a25f1b, faulting module MSVCR100.dll, version 6.0.6002.18881, time stamp 0x51da3e27, exception code 0xc0000135, fault offset 0x00009f5d,
process id 0x103c, application start time 0xwsctool.exe0.

Error: (02/19/2014 09:23:15 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {53b84dbf-b950-48ac-943e-2c573a20a80b}

Error: (02/19/2014 09:21:52 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {53b84dbf-b950-48ac-943e-2c573a20a80b}

Error: (02/18/2014 01:59:13 PM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16455, time stamp 0x507284ba, faulting module MSHTML.dll, version 9.0.8112.16455, time stamp 0x50728e5d, exception code 0xc0000005, fault offset 0x003a17cd,
process id 0x7d8, application start time 0xiexplore.exe0.

Error: (02/18/2014 01:58:49 PM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16455, time stamp 0x507284ba, faulting module MSHTML.dll, version 9.0.8112.16455, time stamp 0x50728e5d, exception code 0xc0000005, fault offset 0x003a17cd,
process id 0x7b0, application start time 0xiexplore.exe0.


System errors:
=============
Error: (02/19/2014 09:05:29 AM) (Source: Service Control Manager) (User: )
Description: My Web Search Service%%3

Error: (02/19/2014 09:05:29 AM) (Source: Service Control Manager) (User: )
Description: LogMeIn Kernel Information Provider%%2

Error: (02/19/2014 09:05:29 AM) (Source: Service Control Manager) (User: )
Description: Avira Web ProtectionAvira Real-Time Protection%%1053

Error: (02/19/2014 09:05:29 AM) (Source: Service Control Manager) (User: )
Description: Avira Real-Time Protection%%1053

Error: (02/19/2014 09:05:29 AM) (Source: Service Control Manager) (User: )
Description: 30000Avira Real-Time Protection

Error: (02/19/2014 09:05:29 AM) (Source: Service Control Manager) (User: )
Description: Avira Scheduler%%1053

Error: (02/19/2014 09:05:29 AM) (Source: Service Control Manager) (User: )
Description: 30000Avira Scheduler

Error: (02/19/2014 09:01:42 AM) (Source: Service Control Manager) (User: )
Description: My Web Search Service%%3

Error: (02/19/2014 09:01:42 AM) (Source: Service Control Manager) (User: )
Description: LogMeIn Kernel Information Provider%%2

Error: (02/19/2014 09:01:42 AM) (Source: Service Control Manager) (User: )
Description: Avira Web ProtectionAvira Real-Time Protection%%1053


Microsoft Office Sessions:
=========================
Error: (02/19/2014 01:04:23 PM) (Source: Application Hang)(User: )
Description: OTL.exe3.2.69.011bc01cf2d9b89359ebf0

Error: (02/19/2014 00:35:31 PM) (Source: Application Error)(User: )
Description: setup.exe_Avira Free Antivirus13.4.0.30450ab7465MSVCR100.dll6.0.6002.1888151da3e27c000013500009f5dd8001cf2d98fcc4e69f

Error: (02/19/2014 00:25:48 PM) (Source: Application Error)(User: )
Description: setup.exe_Avira Free Antivirus13.4.0.30450ab7465MSVCR100.dll6.0.6002.1888151da3e27c000013500009f5da5c01cf2d97a136814f

Error: (02/19/2014 00:25:26 PM) (Source: Application Error)(User: )
Description: setup.exe_Avira Free Antivirus13.4.0.30450ab7465MSVCR100.dll6.0.6002.1888151da3e27c000013500009f5dfc801cf2d9793df021f

Error: (02/19/2014 00:24:31 PM) (Source: Application Error)(User: )
Description: setup.exe_Avira Free Antivirus13.4.0.30450ab7465MSVCR100.dll6.0.6002.1888151da3e27c000013500009f5dcdc01cf2d977345c34f

Error: (02/19/2014 00:21:44 PM) (Source: Application Error)(User: )
Description: wsctool.exe13.4.0.26750a25f1bMSVCR100.dll6.0.6002.1888151da3e27c000013500009f5d103c01cf2d9706320e8f

Error: (02/19/2014 09:23:15 AM) (Source: VSS)(User: )
Description: 0x80070005

Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {53b84dbf-b950-48ac-943e-2c573a20a80b}

Error: (02/19/2014 09:21:52 AM) (Source: VSS)(User: )
Description: 0x80070005

Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {53b84dbf-b950-48ac-943e-2c573a20a80b}

Error: (02/18/2014 01:59:13 PM) (Source: Application Error)(User: )
Description: iexplore.exe9.0.8112.16455507284baMSHTML.dll9.0.8112.1645550728e5dc0000005003a17cd7d801cf2cdb820bb035

Error: (02/18/2014 01:58:49 PM) (Source: Application Error)(User: )
Description: iexplore.exe9.0.8112.16455507284baMSHTML.dll9.0.8112.1645550728e5dc0000005003a17cd7b001cf2cdaed5c7c85


CodeIntegrity Errors:
===================================
Date: 2009-08-24 18:12:28.969
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CyberDefender\AdPresenter\cdNetAd.dll because the set of per-page image hashes could not be found on the system.

Date: 2009-08-24 18:12:28.868
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CyberDefender\AdPresenter\cdNetAd.dll because the set of per-page image hashes could not be found on the system.

Date: 2009-08-24 18:12:28.760
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CyberDefender\AdPresenter\cdNetAd.dll because the set of per-page image hashes could not be found on the system.

Date: 2009-08-24 18:12:28.627
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CyberDefender\AdPresenter\cdNetAd.dll because the set of per-page image hashes could not be found on the system.

Date: 2009-08-24 18:12:28.505
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CyberDefender\AdPresenter\cdNetAd.dll because the set of per-page image hashes could not be found on the system.

Date: 2009-08-24 18:12:28.381
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CyberDefender\AdPresenter\cdNetAd.dll because the set of per-page image hashes could not be found on the system.

Date: 2009-08-24 18:12:28.269
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CyberDefender\AdPresenter\cdNetAd.dll because the set of per-page image hashes could not be found on the system.

Date: 2009-08-24 18:12:28.175
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CyberDefender\AdPresenter\cdNetAd.dll because the set of per-page image hashes could not be found on the system.

Date: 2009-08-24 18:12:28.083
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CyberDefender\AdPresenter\cdNetAd.dll because the set of per-page image hashes could not be found on the system.

Date: 2009-08-24 18:12:27.942
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CyberDefender\AdPresenter\cdNetAd.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 51%
Total physical RAM: 2045.45 MB
Available physical RAM: 981.97 MB
Total Pagefile: 4336.18 MB
Available Pagefile: 3348.8 MB
Total Virtual: 2047.88 MB
Available Virtual: 1906.41 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:99.21 GB) (Free:58.2 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:6.21 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 112 GB) (Disk ID: 08000000)
Partition 1: (Not Active) - (Size=78 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=99 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=3 GB) - (Type=OF Extended)

==================== End Of Log ============================


new OTL.txt


OTL logfile created on: 2/24/2014 4:42:46 PM - Run 7
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\linda\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.29 Gb Available Physical Memory | 64.68% Memory free
4.24 Gb Paging File | 3.57 Gb Available in Paging File | 84.28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 99.21 Gb Total Space | 60.29 Gb Free Space | 60.77% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.20 Gb Free Space | 62.02% Space Free | Partition Type: NTFS

Computer Name: LINDA-PC | User Name: linda | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/02/19 20:03:06 | 000,859,464 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2014/02/19 10:20:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\linda\Desktop\OTL.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2010/08/24 04:38:18 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2007/06/27 05:17:00 | 000,094,208 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007/05/25 12:38:46 | 000,112,176 | ---- | M] (SingleClick Systems) -- C:\Program Files\Dell Network Assistant\hnm_svc.exe


========== Modules (No Company Name) ==========

MOD - [2014/02/19 20:03:05 | 000,394,568 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\33.0.1750.117\ppgooglenaclpluginchrome.dll
MOD - [2014/02/19 20:03:03 | 004,060,488 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\33.0.1750.117\pdf.dll
MOD - [2014/02/19 20:02:56 | 001,647,432 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\33.0.1750.117\ffmpegsumo.dll
MOD - [2014/02/19 20:02:54 | 000,051,016 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\33.0.1750.117\chrome_elf.dll


========== Services (SafeList) ==========

SRV - [2014/02/20 22:51:15 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/12/04 10:20:08 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/12/04 10:19:47 | 000,565,024 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2012/12/04 10:19:45 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/12/29 08:41:28 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2010/08/24 04:38:18 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/11/30 18:55:31 | 000,016,936 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [Disabled | Stopped] -- C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe -- (GoToAssist)
SRV - [2007/06/27 05:17:00 | 000,094,208 | ---- | M] (SigmaTel, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007/05/31 10:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 10:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/05/25 12:38:46 | 000,112,176 | ---- | M] (SingleClick Systems) [Auto | Running] -- C:\Program Files\Dell Network Assistant\hnm_svc.exe -- (hnmsvc)
SRV - [2007/03/19 13:44:44 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\CyberDefender\AntiSpyware\uwprosys.sys -- (UWProSys)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\linda\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\linda\AppData\Local\Temp\aswMBR.sys -- (aswMBR)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/12/04 10:20:15 | 000,133,824 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012/12/04 10:20:15 | 000,083,432 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012/12/04 10:20:15 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012/08/27 14:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2011/12/29 08:41:30 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2009/06/16 13:59:00 | 009,768,640 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/10/09 14:42:42 | 000,017,408 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV - [2008/07/24 17:46:08 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2007/12/08 12:27:26 | 000,067,424 | ---- | M] (CyberDefender Corp.) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\CDAVFS.sys -- (CDAVFS)
DRV - [2007/06/27 05:17:04 | 000,326,656 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/05/11 01:40:28 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2007/05/09 07:46:12 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/05/09 07:46:08 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/05/09 07:46:08 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/04/29 00:24:30 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/02/25 13:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/12/18 20:01:20 | 000,012,672 | ---- | M] (SingleClick Systems) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\packet.sys -- (Packet)
DRV - [2006/11/02 02:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 02:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2006/10/05 18:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {4722FEF0-F40F-4CDF-824A-C910EA32FD84}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...ie7&rlz=1I7DKUS


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3740740981-3820496719-748173504-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3740740981-3820496719-748173504-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3740740981-3820496719-748173504-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3740740981-3820496719-748173504-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3740740981-3820496719-748173504-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-3740740981-3820496719-748173504-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...ie7&rlz=1I7DKUS
IE - HKU\S-1-5-21-3740740981-3820496719-748173504-1000\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo....ms}&fr=chr-tyc8
IE - HKU\S-1-5-21-3740740981-3820496719-748173504-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)


[2008/06/09 13:04:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\linda\AppData\Roaming\Mozilla\Extensions
[2008/06/09 13:04:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\linda\AppData\Roaming\Mozilla\Extensions\[email protected]

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\33.0.1750.117\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\33.0.1750.117\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\33.0.1750.117\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Wallet = C:\Users\linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2014/02/20 23:55:12 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKU\S-1-5-21-3740740981-3820496719-748173504-1000\..\Toolbar\WebBrowser: (no name) - {68FF9E0F-2E96-4467-87FA-1A8B9734C7E7} - No CLSID value found.
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3740740981-3820496719-748173504-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3740740981-3820496719-748173504-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{94303015-FFFB-456C-8DAE-EF295954240B}: DhcpNameServer = 209.18.47.61 209.18.47.62
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\Vostro_NB_1280x864_01.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\Vostro_NB_1280x864_01.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2014/02/24 16:06:00 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\linda\Desktop\aswmbr.exe
[2014/02/21 16:04:55 | 010,285,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\linda\Desktop\mbam-setup-1.75.0.1300.exe
[2014/02/21 02:24:52 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2014/02/21 02:24:52 | 000,000,000 | ---D | C] -- C:\Users\linda\AppData\Local\temp
[2014/02/21 02:23:52 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014/02/21 01:38:19 | 000,000,000 | ---D | C] -- C:\Users\linda\AppData\Local\CrashDumps
[2014/02/21 01:36:11 | 000,000,000 | ---D | C] -- C:\Users\linda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2014/02/21 01:36:10 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2014/02/21 01:33:13 | 000,000,000 | ---D | C] -- C:\Users\linda\Desktop\RK_Quarantine
[2014/02/21 00:50:22 | 000,000,000 | ---D | C] -- C:\Users\linda\Desktop\FRST-OlderVersion
[2014/02/20 23:38:47 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2014/02/20 23:38:47 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2014/02/20 23:38:47 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2014/02/20 23:38:26 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/02/20 23:38:02 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2014/02/20 23:37:29 | 005,183,886 | R--- | C] (Swearware) -- C:\Users\linda\Desktop\ComboFix.exe
[2014/02/20 11:35:49 | 000,000,000 | ---D | C] -- C:\Users\linda\AppData\Roaming\Malwarebytes
[2014/02/20 11:35:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2014/02/20 11:35:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/02/20 11:35:34 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2014/02/20 11:35:34 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2014/02/19 16:14:21 | 000,000,000 | ---D | C] -- C:\FRST
[2014/02/19 16:13:05 | 001,142,784 | ---- | C] (Farbar) -- C:\Users\linda\Desktop\FRST.exe
[2014/02/19 12:55:22 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/02/19 10:20:09 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\linda\Desktop\OTL.exe
[2014/02/18 21:52:33 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2014/02/18 21:52:30 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2014/02/18 21:52:30 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2014/02/18 21:52:29 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2014/02/18 21:52:29 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2014/02/18 21:52:26 | 001,806,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2014/02/18 21:52:26 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2014/02/18 21:52:23 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2014/02/18 15:54:45 | 002,050,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2014/02/18 15:54:44 | 000,335,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SysFxUI.dll
[2014/02/18 15:54:44 | 000,167,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\portcls.sys
[2014/02/18 15:54:44 | 000,130,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\drmk.sys
[2014/02/18 15:53:04 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscript.exe
[2014/02/18 15:53:04 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshcon.dll
[2014/02/18 15:52:47 | 000,596,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FWPUCLNT.DLL
[2014/02/18 10:17:50 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2014/02/18 10:17:50 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2014/02/18 10:17:50 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2014/02/18 10:17:50 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2014/02/18 10:17:50 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2014/02/18 10:17:50 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2014/02/18 10:17:49 | 001,069,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2014/02/18 10:17:49 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2014/02/18 10:17:38 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2014/02/18 10:17:29 | 000,102,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2014/02/18 10:17:05 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
[2014/02/18 10:17:05 | 000,006,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbd.sys
[2014/02/18 10:16:19 | 000,293,376 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2014/02/18 10:16:19 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2014/02/18 10:16:17 | 000,025,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidparse.sys
[2014/02/18 10:12:07 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/02/24 16:32:24 | 000,000,512 | ---- | M] () -- C:\Users\linda\Desktop\MBR.dat
[2014/02/24 16:18:52 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/02/24 16:02:59 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\linda\Desktop\aswmbr.exe
[2014/02/24 15:51:50 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/02/24 15:51:50 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/02/24 15:51:15 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/02/24 15:45:40 | 000,031,871 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2014/02/24 15:45:38 | 000,031,871 | ---- | M] () -- C:\ProgramData\nvModes.001
[2014/02/24 15:45:35 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/02/24 15:45:27 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/02/24 15:45:27 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/02/24 15:45:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/02/24 15:45:12 | 2145,583,104 | -HS- | M] () -- C:\hiberfil.sys
[2014/02/23 23:35:47 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2014/02/21 16:04:55 | 010,285,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\linda\Desktop\mbam-setup-1.75.0.1300.exe
[2014/02/21 09:47:22 | 000,111,273 | ---- | M] () -- C:\Users\linda\Desktop\Error.jpg
[2014/02/21 03:22:16 | 000,001,929 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/02/21 01:36:11 | 000,001,059 | ---- | M] () -- C:\Users\linda\Desktop\Revo Uninstaller.lnk
[2014/02/21 01:28:18 | 003,817,984 | ---- | M] () -- C:\Users\linda\Desktop\RogueKiller.exe
[2014/02/21 00:50:22 | 001,142,784 | ---- | M] (Farbar) -- C:\Users\linda\Desktop\FRST.exe
[2014/02/20 23:55:12 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2014/02/20 23:33:20 | 005,183,886 | R--- | M] (Swearware) -- C:\Users\linda\Desktop\ComboFix.exe
[2014/02/20 22:51:13 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2014/02/20 22:51:13 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2014/02/20 11:35:36 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/02/20 10:54:58 | 000,008,484 | ---- | M] () -- C:\Users\linda\AppData\Local\d3d9caps.dat
[2014/02/20 04:19:12 | 000,216,754 | ---- | M] () -- C:\Users\linda\AppData\Local\census.cache
[2014/02/20 04:18:53 | 000,154,198 | ---- | M] () -- C:\Users\linda\AppData\Local\ars.cache
[2014/02/19 10:20:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\linda\Desktop\OTL.exe
[2014/02/19 09:05:01 | 000,280,040 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2014/02/18 10:48:19 | 000,000,036 | ---- | M] () -- C:\Users\linda\AppData\Local\housecall.guid.cache
[2014/02/05 03:56:17 | 001,806,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2014/02/05 03:49:56 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2014/02/05 03:49:14 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2014/02/05 03:48:56 | 000,065,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2014/02/05 03:48:40 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2014/02/05 03:47:57 | 000,607,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2014/02/05 03:47:16 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2014/02/05 03:46:50 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/02/24 16:32:24 | 000,000,512 | ---- | C] () -- C:\Users\linda\Desktop\MBR.dat
[2014/02/21 09:47:21 | 000,111,273 | ---- | C] () -- C:\Users\linda\Desktop\Error.jpg
[2014/02/21 01:36:11 | 000,001,059 | ---- | C] () -- C:\Users\linda\Desktop\Revo Uninstaller.lnk
[2014/02/21 01:33:00 | 003,817,984 | ---- | C] () -- C:\Users\linda\Desktop\RogueKiller.exe
[2014/02/20 23:38:47 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2014/02/20 23:38:47 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2014/02/20 23:38:47 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2014/02/20 23:38:47 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2014/02/20 23:38:47 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2014/02/20 22:13:07 | 2145,583,104 | -HS- | C] () -- C:\hiberfil.sys
[2014/02/20 11:35:36 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/02/20 04:19:12 | 000,216,754 | ---- | C] () -- C:\Users\linda\AppData\Local\census.cache
[2014/02/20 04:18:53 | 000,154,198 | ---- | C] () -- C:\Users\linda\AppData\Local\ars.cache
[2014/02/18 15:52:47 | 000,218,228 | ---- | C] () -- C:\Windows\System32\WFP.TMF
[2014/02/18 10:48:19 | 000,000,036 | ---- | C] () -- C:\Users\linda\AppData\Local\housecall.guid.cache
[2011/06/28 15:24:26 | 000,031,871 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2011/06/28 15:24:26 | 000,031,871 | ---- | C] () -- C:\ProgramData\nvModes.001
[2007/12/06 16:30:27 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2007/12/06 13:13:46 | 000,027,335 | ---- | C] () -- C:\Users\linda\AppData\Roaming\nvModes.001
[2007/12/06 13:08:00 | 000,027,335 | ---- | C] () -- C:\Users\linda\AppData\Roaming\nvModes.dat
[2007/12/06 13:07:07 | 000,008,484 | ---- | C] () -- C:\Users\linda\AppData\Local\d3d9caps.dat
[2007/11/30 15:54:34 | 000,005,120 | ---- | C] () -- C:\Users\linda\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2006/11/02 07:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 01:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2008/06/09 13:04:33 | 000,000,000 | ---D | M] -- C:\Users\linda\AppData\Roaming\TomTom

========== Purity Check ==========



========== Custom Scans ==========

========== Base Services ==========
SRV - [2006/11/02 04:46:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\aelupsvc.dll -- (AeLookupSvc)
SRV - [2008/01/19 02:33:43 | 000,033,280 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\appinfo.dll -- (Appinfo)
SRV - [2008/01/19 02:33:01 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\alg.exe -- (ALG)
SRV - [2009/04/11 01:28:23 | 000,758,784 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\qmgr.dll -- (BITS)
SRV - [2009/04/11 01:28:18 | 000,334,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\BFE.DLL -- (BFE)
SRV - [2011/11/16 09:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\lsass.exe -- (KeyIso)
SRV - [2009/04/11 01:28:19 | 000,268,800 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\es.dll -- (EventSystem)
SRV - [2008/01/19 02:33:49 | 000,081,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\browser.dll -- (Browser)
SRV - [2013/07/07 23:16:55 | 000,133,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\cryptsvc.dll -- (CryptSvc)
SRV - [2009/04/11 01:28:24 | 000,550,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (DcomLaunch)
SRV - [2009/04/11 01:28:18 | 000,204,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcsvc.dll -- (Dhcp)
SRV - [2011/03/02 10:44:27 | 000,086,528 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dnsrslvr.dll -- (Dnscache)
SRV - [2008/01/19 02:34:08 | 000,057,344 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\eapsvc.dll -- (EapHost)
SRV - [2009/04/11 01:28:19 | 000,026,112 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\hidserv.dll -- (hidserv)
SRV - [2008/01/19 02:34:34 | 000,288,256 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\ipnathlp.dll -- (SharedAccess)
SRV - [2009/04/11 01:28:20 | 000,364,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV - [2009/04/11 01:28:24 | 000,311,808 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\swprv.dll -- (swprv)
SRV - [2008/01/19 02:34:49 | 000,045,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\mmcss.dll -- (MMCSS)
SRV - [2008/01/19 02:35:36 | 000,274,432 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netman.dll -- (Netman)
SRV - [2008/01/19 02:35:36 | 000,237,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\netprofm.dll -- (netprofm)
SRV - [2008/01/19 02:35:38 | 000,168,448 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nlasvc.dll -- (NlaSvc)
SRV - [2008/01/19 02:35:57 | 000,018,432 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nsisvc.dll -- (nsi)
SRV - [2009/04/11 01:28:25 | 000,222,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpnpmgr.dll -- (PlugPlay)
SRV - [2010/08/17 09:11:37 | 000,128,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\spoolsv.exe -- (Spooler)
SRV - [2011/11/16 09:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lsass.exe -- (ProtectedStorage)
SRV - [2009/04/11 01:28:19 | 000,564,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\emdmgmt.dll -- (EMDMgmt)
SRV - [2008/01/19 02:36:15 | 000,090,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasauto.dll -- (RasAuto)
SRV - [2009/04/11 01:28:24 | 000,262,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\rasmans.dll -- (RasMan)
SRV - [2009/04/11 01:28:24 | 000,550,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (RpcSs)
SRV - [2008/01/19 02:36:20 | 000,019,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\seclogon.dll -- (seclogon)
SRV - [2011/11/16 09:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lsass.exe -- (SamSs)
SRV - [2009/04/11 01:28:26 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wscsvc.dll -- (wscsvc)
SRV - [2010/09/06 11:20:29 | 000,125,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\srvsvc.dll -- (LanmanServer)
SRV - [2009/07/10 06:47:42 | 000,247,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (ShellHWDetection)
SRV - [2009/04/11 01:27:49 | 003,408,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\SLsvc.exe -- (slsvc)
SRV - [2010/11/04 13:55:12 | 000,601,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\schedsvc.dll -- (Schedule)
SRV - [2009/04/11 01:28:24 | 000,242,688 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\tapisrv.dll -- (TapiSrv)
SRV - [2009/07/10 06:47:42 | 000,247,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (Themes)
SRV - [2009/04/11 01:28:23 | 000,153,088 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\profsvc.dll -- (ProfSvc)
SRV - [2009/04/11 01:28:10 | 001,055,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\VSSVC.exe -- (VSS)
SRV - [2009/04/11 01:28:18 | 000,315,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (Audiosrv)
SRV - [2009/04/11 01:28:18 | 000,315,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (AudioEndpointBuilder)
SRV - [2008/01/19 02:36:20 | 000,104,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sdrsvc.dll -- (SDRSVC)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/04/11 01:28:25 | 001,017,856 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wevtsvc.dll -- (Eventlog)
SRV - [2009/04/11 01:28:20 | 000,407,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\MPSSVC.dll -- (MpsSvc)
SRV - [2009/04/11 01:28:25 | 000,453,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wiaservc.dll -- (stisvc)
SRV - [2009/04/11 01:27:45 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\msiexec.exe -- (msiserver)
SRV - [2009/04/11 01:28:25 | 000,162,304 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wbem\WMIsvc.dll -- (Winmgmt)
SRV - [2012/06/02 17:19:17 | 001,933,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wuaueng.dll -- (wuauserv)
SRV - [2009/04/11 01:28:18 | 000,175,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\dot3svc.dll -- (dot3svc)
SRV - [2009/07/11 14:01:42 | 000,513,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wlansvc.dll -- (Wlansvc)
SRV - [2009/06/10 06:42:23 | 000,160,256 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wkssvc.dll -- (LanmanWorkstation)

< MD5 for: EXPLORER.EXE >
[2008/10/29 01:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 22:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2007/11/30 16:05:06 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2007/11/30 16:05:06 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\erdnt\cache\explorer.exe
[2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/27 21:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 04:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/19 02:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: SVCHOST.EXE >
[2006/11/02 04:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
[2008/01/19 02:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\erdnt\cache\svchost.exe
[2008/01/19 02:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/19 02:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/19 02:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\erdnt\cache\userinit.exe
[2008/01/19 02:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/19 02:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006/11/02 04:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 01:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\erdnt\cache\winlogon.exe
[2009/04/11 01:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 01:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006/11/02 04:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/01/19 02:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< dir "%systemdrive%\*" /S /A:L /C >
Volume in drive C is OS
Volume Serial Number is 4AFF-81A7
Directory of C:\
11/30/2007 03:39 PM <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\ProgramData
11/30/2007 03:39 PM <JUNCTION> Application Data [C:\ProgramData]
11/30/2007 03:39 PM <JUNCTION> Desktop [C:\Users\Public\Desktop]
11/30/2007 03:39 PM <JUNCTION> Documents [C:\Users\Public\Documents]
11/30/2007 03:39 PM <JUNCTION> Favorites [C:\Users\Public\Favorites]
11/30/2007 03:39 PM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
11/30/2007 03:39 PM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users
11/30/2007 03:39 PM <SYMLINKD> All Users [C:\ProgramData]
11/30/2007 03:39 PM <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\All Users
11/30/2007 03:39 PM <JUNCTION> Application Data [C:\ProgramData]
11/30/2007 03:39 PM <JUNCTION> Desktop [C:\Users\Public\Desktop]
11/30/2007 03:39 PM <JUNCTION> Documents [C:\Users\Public\Documents]
11/30/2007 03:39 PM <JUNCTION> Favorites [C:\Users\Public\Favorites]
11/30/2007 03:39 PM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
11/30/2007 03:39 PM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default
11/30/2007 03:39 PM <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
11/30/2007 03:39 PM <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
11/30/2007 03:39 PM <JUNCTION> My Documents [C:\Users\Default\Documents]
11/30/2007 03:39 PM <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
11/30/2007 03:39 PM <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
11/30/2007 03:39 PM <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
11/30/2007 03:39 PM <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
11/30/2007 03:39 PM <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
11/30/2007 03:39 PM <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
11/30/2007 03:39 PM <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
11/30/2007 03:39 PM <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
11/30/2007 03:39 PM <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
11/30/2007 03:39 PM <JUNCTION> My Music [C:\Users\Default\Music]
11/30/2007 03:39 PM <JUNCTION> My Pictures [C:\Users\Default\Pictures]
11/30/2007 03:39 PM <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\linda
11/30/2007 03:43 PM <JUNCTION> Application Data [C:\Users\linda\AppData\Roaming]
11/30/2007 03:43 PM <JUNCTION> Cookies [C:\Users\linda\AppData\Roaming\Microsoft\Windows\Cookies]
11/30/2007 03:43 PM <JUNCTION> Local Settings [C:\Users\linda\AppData\Local]
11/30/2007 03:43 PM <JUNCTION> My Documents [C:\Users\linda\Documents]
11/30/2007 03:43 PM <JUNCTION> NetHood [C:\Users\linda\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
11/30/2007 03:43 PM <JUNCTION> PrintHood [C:\Users\linda\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
11/30/2007 03:43 PM <JUNCTION> Recent [C:\Users\linda\AppData\Roaming\Microsoft\Windows\Recent]
11/30/2007 03:43 PM <JUNCTION> SendTo [C:\Users\linda\AppData\Roaming\Microsoft\Windows\SendTo]
11/30/2007 03:43 PM <JUNCTION> Start Menu [C:\Users\linda\AppData\Roaming\Microsoft\Windows\Start Menu]
11/30/2007 03:43 PM <JUNCTION> Templates [C:\Users\linda\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\linda\AppData\Local
11/30/2007 03:43 PM <JUNCTION> Application Data [C:\Users\linda\AppData\Local]
11/30/2007 03:43 PM <JUNCTION> History [C:\Users\linda\AppData\Local\Microsoft\Windows\History]
11/30/2007 03:43 PM <JUNCTION> Temporary Internet Files [C:\Users\linda\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\linda\Documents
11/30/2007 03:43 PM <JUNCTION> My Music [C:\Users\linda\Music]
11/30/2007 03:43 PM <JUNCTION> My Pictures [C:\Users\linda\Pictures]
11/30/2007 03:43 PM <JUNCTION> My Videos [C:\Users\linda\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
11/30/2007 03:39 PM <JUNCTION> My Music [C:\Users\Public\Music]
11/30/2007 03:39 PM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
11/30/2007 03:39 PM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
49 Dir(s) 63,589,146,624 bytes free

========== Alternate Data Streams ==========

@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:62E2D794

< End of report >


new Extras.txt


OTL Extras logfile created on: 2/24/2014 4:42:46 PM - Run 7
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\linda\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.29 Gb Available Physical Memory | 64.68% Memory free
4.24 Gb Paging File | 3.57 Gb Available in Paging File | 84.28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 99.21 Gb Total Space | 60.29 Gb Free Space | 60.77% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.20 Gb Free Space | 62.02% Space Free | Partition Type: NTFS

Computer Name: LINDA-PC | User Name: linda | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3740740981-3820496719-748173504-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{16004E31-C571-4E75-A3E5-0DD38F9D8720}" = lport=10421 | protocol=17 | dir=in | name=singleclick discovery protocol |
"{4C761CF8-62D6-46AC-850C-51BB20BD2B84}" = lport=139 | protocol=6 | dir=in | name=netbios file/printer sharing |
"{5D625896-65ED-4410-8988-1D4D57F4CF1B}" = lport=10426 | protocol=17 | dir=in | name=singleclick icc |
"{8DCAA03B-1CED-4828-88C4-6844122F8FF3}" = lport=137 | protocol=17 | dir=in | name=netbios name service |
"{A734CF19-9C86-490D-8188-4A68D1D5AAC0}" = lport=138 | protocol=17 | dir=in | name=netbios datagram service |
"{CFC0533F-08D8-4B21-A229-51691FB9500D}" = lport=445 | protocol=6 | dir=in | name=microsoft directory services |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{095B703A-EA15-424E-9E1A-714F5B2B2CF5}" = protocol=6 | dir=in | app=c:\users\linda\appdata\local\cyberdefender internet security\antispyware\cdas9f5b.exe |
"{24D9DDBD-93F7-47EB-9B7C-435B7C3299CC}" = protocol=17 | dir=in | app=c:\users\linda\appdata\local\cyberdefender internet security\antispyware\cdas9f5b.exe |
"{2DA422B6-7C86-4A96-84DD-D9AFF7C978FD}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{58864C04-3305-4DAF-AAF0-B6D4CECD9772}" = protocol=6 | dir=in | app=c:\program files\dell network assistant\ezi_hnm2.exe |
"{6E55E3BE-8C7F-4933-8621-63BF47D997AD}" = protocol=6 | dir=in | app=c:\users\linda\appdata\local\cyberdefender internet security\antispyware\cdas9f5b.exe |
"{7191A3AD-EA14-46FD-AA2B-732C562D6646}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dms\clmsservice.exe |
"{7A7A8A60-CF3A-4933-96D3-D517D01EEA00}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{A0ABE4A5-ACDB-4222-B5F1-5A4CBDF46E8E}" = dir=in | app=c:\program files\dell\mediadirect\powercinema.exe |
"{A2877808-033B-46B4-BFC1-69351A406980}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{A582B0A1-9293-41D5-9740-5379A13316DC}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{B5BA2E7A-01AF-4060-B404-BA4ED45077BD}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{C4CA67A7-7A27-43D9-906D-E1F8AE0BAD47}" = protocol=17 | dir=in | app=c:\program files\dell network assistant\ezi_hnm2.exe |
"{D2851431-71EB-423C-A2A9-61A4BC525D93}" = protocol=17 | dir=in | app=c:\users\linda\appdata\local\cyberdefender internet security\antispyware\cdas9f5b.exe |
"{DD0428C6-CFBB-4CDD-B28F-963476F59126}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dmp\clbrowserengine.exe |
"{F9E6644B-4317-4B23-9B2F-08DAAE35EC74}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe |
"TCP Query User{14B76D03-BC11-4EA2-A434-BD4A7388AA11}C:\program files\cyberdefender\antispyware\cdas1ed6.exe" = protocol=6 | dir=in | app=c:\program files\cyberdefender\antispyware\cdas1ed6.exe |
"TCP Query User{88E463A9-D211-47AA-8926-E130766BCC3A}C:\program files\cyberdefender\antispyware\cdasa36f.exe" = protocol=6 | dir=in | app=c:\program files\cyberdefender\antispyware\cdasa36f.exe |
"TCP Query User{CBBD837B-F2C6-4F83-8507-7B6CA7F2EDF4}C:\program files\dell network assistant\ezi_hnm2.exe" = protocol=6 | dir=in | app=c:\program files\dell network assistant\ezi_hnm2.exe |
"TCP Query User{D8D9838D-F61B-4D2B-9630-B65CA2A3184C}C:\program files\cyberdefender\antispyware\cdas1ed6.exe" = protocol=6 | dir=in | app=c:\program files\cyberdefender\antispyware\cdas1ed6.exe |
"UDP Query User{4F660316-1855-4A02-88C7-F09CBCD6DEA7}C:\program files\cyberdefender\antispyware\cdasa36f.exe" = protocol=17 | dir=in | app=c:\program files\cyberdefender\antispyware\cdasa36f.exe |
"UDP Query User{684766AD-C06B-4226-AB33-3E280D9B331E}C:\program files\cyberdefender\antispyware\cdas1ed6.exe" = protocol=17 | dir=in | app=c:\program files\cyberdefender\antispyware\cdas1ed6.exe |
"UDP Query User{76F2103C-211E-4BF8-AF2B-C7FD61ED91D9}C:\program files\cyberdefender\antispyware\cdas1ed6.exe" = protocol=17 | dir=in | app=c:\program files\cyberdefender\antispyware\cdas1ed6.exe |
"UDP Query User{941831F9-DDE8-4BCE-9BCE-EF34380F84E0}C:\program files\dell network assistant\ezi_hnm2.exe" = protocol=17 | dir=in | app=c:\program files\dell network assistant\ezi_hnm2.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0240BDFB-2995-4A3F-8C96-18D41282B716}" = Dell Network Assistant
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP1700" = Canon iP1700
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F0C4457-8E64-491B-8D7B-991504365D1E}" = QuickSet
"{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Product Documentation Launcher
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile Device Center
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile Device Center Driver Update
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"Adobe Flash Player ActiveX" = Adobe Flash Player 12 ActiveX
"Bejeweled Deluxe 1.87" = Bejeweled Deluxe 1.87
"Canon iP1700 User Registration" = Canon iP1700 User Registration
"CanonMyPrinter" = Canon My Printer
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-WebPrint" = Easy-WebPrint
"Google Chrome" = Google Chrome
"GoToAssist" = GoToAssist 8.0.0.480
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
"Revo Uninstaller" = Revo Uninstaller 1.85
"SynTPDeinstKey" = Dell Touchpad
"TomTom HOME" = TomTom HOME 2.7.6.2056
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 9/6/2011 5:02:53 PM | Computer Name = linda-PC | Source = MsiInstaller | ID = 11314
Description =

Error - 9/8/2011 2:47:36 PM | Computer Name = linda-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16421 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: b94 Start Time: 01cc6e572b4d2bf4 Termination Time: 200

Error - 9/8/2011 4:51:28 PM | Computer Name = linda-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16421 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 974 Start Time: 01cc6e68e74c9caf Termination Time: 156

Error - 9/13/2011 4:00:57 PM | Computer Name = linda-PC | Source = MsiInstaller | ID = 11314
Description =

Error - 9/13/2011 4:08:00 PM | Computer Name = linda-PC | Source = MsiInstaller | ID = 11314
Description =

Error - 10/24/2011 11:40:52 PM | Computer Name = linda-PC | Source = Application Hang | ID = 1002
Description = The program cdas1ed6.exe version 2.12.20.17 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: f98 Start Time: 01cc92c7a1521300 Termination Time: 0

Error - 10/27/2011 5:34:01 PM | Computer Name = linda-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 10/31/2011 9:59:58 AM | Computer Name = linda-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 9.0.8112.16421, time stamp
0x4d76255d, faulting module CybDefCom.dll_unloaded, version 0.0.0.0, time stamp
0x45cce8e9, exception code 0xc0000005, fault offset 0x042101b2, process id 0xa9c,
application start time 0x01cc97d515331e42.

Error - 11/1/2011 4:48:58 PM | Computer Name = linda-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 9.0.8112.16421, time stamp
0x4d76255d, faulting module CybDefCom.dll_unloaded, version 0.0.0.0, time stamp
0x45cce8e9, exception code 0xc0000005, fault offset 0x04ef4966, process id 0xa10,
application start time 0x01cc98d7228e2909.

Error - 11/3/2011 9:58:03 AM | Computer Name = linda-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16421 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: ae8 Start Time: 01cc9a307a7dd45a Termination Time: 20

Error - 11/12/2011 6:28:47 PM | Computer Name = linda-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 9.0.8112.16421, time stamp
0x4d76255d, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x08c60e08, process id 0x59c, application start time
0x01cca189f9848344.

[ System Events ]
Error - 2/23/2014 10:46:51 PM | Computer Name = linda-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 2/23/2014 10:46:51 PM | Computer Name = linda-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 2/23/2014 10:46:51 PM | Computer Name = linda-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 2/23/2014 10:46:51 PM | Computer Name = linda-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 2/23/2014 10:46:51 PM | Computer Name = linda-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 2/24/2014 4:46:57 PM | Computer Name = linda-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 2/24/2014 4:46:57 PM | Computer Name = linda-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 2/24/2014 4:46:57 PM | Computer Name = linda-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 2/24/2014 4:46:57 PM | Computer Name = linda-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 2/24/2014 4:46:57 PM | Computer Name = linda-PC | Source = Service Control Manager | ID = 7001
Description =


< End of report >


I hope this helps
  • 0

#9
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Please delete the copy of RogueKiller.exr on the desktop. We will download a fresh copy.


Run RogueKiller

NOTE: If using IE8 or better the Smartscreen Filter will need to be disabled. Directions for disabling the SmartScreen Filter in IE 8, 9 and 10 can be found: here

  • Click here to go to the RogueKiller download page.
  • Scroll down to the RogueKiller download section and click the RogueKiller icon (Not the RogueKiller 64 icon) and save the RogueKiller.exe file to the desktop.
  • Quit all programs and close all browsers.
  • Right click the RogueKiller icon and click Run as Administrator to run the program.
    NOTE: If this is the first time you have used the program you will need to accept the User Agreement.
  • Wait until Prescan has finished ...This may take a few minutes, especially if it is the first time you have used the program.
  • Click on Scan

    Posted Image
  • Wait for the end of the scan.
  • DO NOT delete anything at this time.
  • The report has been created on the desktop.
Please post:
All RKreport.txt text files located on your desktop.
NOTE: If RogueKiller has been blocked, do not hesitate to try a few times more. If it really won't run, rename it to winlogon.exe (or winlogon.com) and try again.


Things For Your Next Post:
Please post the logs in the order requested. Please don't attach the logs unless I request it.
1. the RKreport.txt log
  • 0

#10
joeyo256

joeyo256

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
I did what you asked and here is RKreport.txt

RKreport.txt


RogueKiller V8.8.9 [Feb 24 2014] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://forum.adlice.com
Website : http://www.adlice.co...es/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : linda [Admin rights]
Mode : Scan -- Date : 02/26/2014 18:33:49
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
[Address] SSDT[75] : NtCreateSection @ 0x81E7AF95 -> HOOKED (Unknown @ 0x8A4C4826)
[Address] SSDT[276] : NtRequestWaitReplyPort @ 0x81E8D132 -> HOOKED (Unknown @ 0x8A4C4830)
[Address] SSDT[289] : NtSetContextThread @ 0x81EDC2CF -> HOOKED (Unknown @ 0x8A4C482B)
[Address] SSDT[314] : NtSetSecurityObject @ 0x81E09027 -> HOOKED (Unknown @ 0x8A4C4835)
[Address] SSDT[332] : NtSystemDebugControl @ 0x81E41EE9 -> HOOKED (Unknown @ 0x8A4C483A)
[Address] SSDT[334] : NtTerminateProcess @ 0x81E3A16B -> HOOKED (Unknown @ 0x8A4C47C7)
[Address] Shadow SSDT[573] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x8A4C484E)
[Address] Shadow SSDT[576] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0x8A4C4853)

¤¤¤ External Hives: ¤¤¤
-> D:\windows\system32\config\SYSTEM | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> D:\windows\system32\config\SOFTWARE | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> D:\windows\system32\config\SECURITY | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> D:\windows\system32\config\SAM | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> D:\windows\system32\config\DEFAULT | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> D:\Users\Default\NTUSER.DAT | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) FUJITSU MHY2120BH +++++
--- User ---
[MBR] 6af416bc207ff7e61cd9b11e5e7d935d
[BSP] 597689f9fd584ba824a36be87199a262 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 78 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 161792 | Size: 10240 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 21133312 | Size: 101593 Mo
3 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 229195776 | Size: 2560 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_02262014_183349.txt >>
  • 0

#11
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Thanks for the logs. Are you still getting the avgnt.exe error at startup?

Step-1.

Malicious program uninstall (IF present)

1. Please click the Start Orb Posted Image, click Control Panel. Under the Programs or Programs and Features heading click Uninstall a program
2. In the list of programs installed, locate the following program(s):

My Web Search

3. Right click each program and click Uninstall
4. After the programs have been uninstalled, close the Installed Programs window and the Control Panel.
5. Reboot the computer.


Step-2.

Posted Image OTL Fix

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

1. Please copy all of the text in the quote box below (Do Not copy the word Quote. To do this, highlight everything
inside the quote box (except the word Quote) , right click and click Copy.

:COMMANDS
[createrestorepoint]

:OTL
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\CyberDefender\AntiSpyware\uwprosys.sys -- (UWProSys)
DRV - [2007/12/08 12:27:26 | 000,067,424 | ---- | M] (CyberDefender Corp.) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\CDAVFS.sys -- (CDAVFS)
IE - HKLM\..\SearchScopes,DefaultScope = {4722FEF0-F40F-4CDF-824A-C910EA32FD84}
O3 - HKU\S-1-5-21-3740740981-3820496719-748173504-1000\..\Toolbar\WebBrowser: (no name) - {68FF9E0F-2E96-4467-87FA-1A8B9734C7E7} - No CLSID value found.

:FILES
ipconfig /flushdns /c
C:\Windows\System32\drivers\CDAVFS.sys
C:\Program Files\CyberDefender

:REG
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{095B703A-EA15-424E-9E1A-714F5B2B2CF5}" = -
"{24D9DDBD-93F7-47EB-9B7C-435B7C3299CC}" = -
"{6E55E3BE-8C7F-4933-8621-63BF47D997AD}" = -
"{D2851431-71EB-423C-A2A9-61A4BC525D93}" = -
"TCP Query User{14B76D03-BC11-4EA2-A434-BD4A7388AA11}C:\program files\cyberdefender\antispyware\cdas1ed6.exe" = -
"TCP Query User{88E463A9-D211-47AA-8926-E130766BCC3A}C:\program files\cyberdefender\antispyware\cdasa36f.exe" = -
"TCP Query User{D8D9838D-F61B-4D2B-9630-B65CA2A3184C}C:\program files\cyberdefender\antispyware\cdas1ed6.exe" = -
"UDP Query User{4F660316-1855-4A02-88C7-F09CBCD6DEA7}C:\program files\cyberdefender\antispyware\cdasa36f.exe" = -
"UDP Query User{684766AD-C06B-4226-AB33-3E280D9B331E}C:\program files\cyberdefender\antispyware\cdas1ed6.exe" = -
"UDP Query User{76F2103C-211E-4BF8-AF2B-C7FD61ED91D9}C:\program files\cyberdefender\antispyware\cdas1ed6.exe" = -

:COMMANDS
[emptytemp]


Warning: This fix is relevant for this system and no other. If you are not this user, DO NOT follow these directions as they could damage the workings of your system.

2. Please re-open Posted Image on your desktop. To do that:
  • Vista and 7 users: Right click the icon and click Run as Administrator
3. Place the mouse pointer inside the Posted Image textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the Posted Image button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the Posted Image button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).


Step-3.

AppRemover

Please download AppRemover and save it to the desktop.

  • Double click the AppRemover.exe file to open the application. Vista and Windpws 7 users may need to right click the file and click Run as Administrator to start the application. The GUI console will open:

    Posted Image
  • Click Start. AppRemover will begin scanning your system for installed security programs.

    Posted Image
  • When it has finished you will be presented with a list of installed security applications and public file sharing applications that are installed.

    Posted Image
  • Please click the box beside the following applications (if present):
    • Avira Antivirus
    • CyberDefender (if present)
  • Click the Remove Selected Applications or Nextbutton. You will see the circle rotating while the program(s) are being removed.
  • When the uninstallation process has finished you may be prompted to restart the computer. If prompted, restart your computer before exiting AppRemover.
  • If you aren't prompted to restart the computer, then exit the AppRemover program and then reboot the computer.

Step-4.

Avira Registry cleaner

Click here to download the Avira Refistry Cleaner and save the avira_registry_cleaner_en.exe file to the desktop.

Right click the file and click Run as Administrator to start the application. It will scan the Registry for any left over Avira entries.


Step-5.

Run OTL again and click the Posted Image button. Post the log it produces in your next reply.


Things For Your Next Post:
Please post the logs in the order requested. Please don't attach the logs unless I request it.
1. Let me know if you were able to find My Web Search and uninstall it.
2. Let me know if you had any problems with the AppRemover uninstalls
3. The new OTL.txt log
  • 0

#12
joeyo256

joeyo256

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hi Godawgs:

Sorry about the delay, I had to work late the past few days. I did what you asked and here are the answers to your questions.


I didn't find My Web Search under Programs and Features.

After running your OTL fix file I ran App Remover. The only App that was there was Malwarebytes Anti-Malware.

I ran Avira Registry Cleaner and It generated the same error as Avira which still isn't removed from the system.



OTL.txt


OTL logfile created on: 3/2/2014 7:09:02 PM - Run 8
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\linda\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.14 Gb Available Physical Memory | 57.05% Memory free
4.22 Gb Paging File | 3.37 Gb Available in Paging File | 79.86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 99.21 Gb Total Space | 60.23 Gb Free Space | 60.71% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.20 Gb Free Space | 62.02% Space Free | Partition Type: NTFS

Computer Name: LINDA-PC | User Name: linda | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/02/19 20:03:06 | 000,859,464 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2014/02/19 10:20:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\linda\Desktop\OTL.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2011/06/28 15:20:11 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
PRC - [2010/08/24 04:38:18 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2007/06/27 05:17:00 | 000,094,208 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007/05/25 12:38:46 | 000,112,176 | ---- | M] (SingleClick Systems) -- C:\Program Files\Dell Network Assistant\hnm_svc.exe


========== Modules (No Company Name) ==========

MOD - [2014/02/19 20:03:05 | 000,394,568 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\33.0.1750.117\ppgooglenaclpluginchrome.dll
MOD - [2014/02/19 20:03:03 | 004,060,488 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\33.0.1750.117\pdf.dll
MOD - [2014/02/19 20:02:56 | 001,647,432 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\33.0.1750.117\ffmpegsumo.dll
MOD - [2014/02/19 20:02:54 | 000,051,016 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\33.0.1750.117\chrome_elf.dll


========== Services (SafeList) ==========

SRV - [2014/02/20 22:51:15 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/12/04 10:20:08 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/12/04 10:19:47 | 000,565,024 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2012/12/04 10:19:45 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/12/29 08:41:28 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2010/08/24 04:38:18 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/11/30 18:55:31 | 000,016,936 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [Disabled | Stopped] -- C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe -- (GoToAssist)
SRV - [2007/06/27 05:17:00 | 000,094,208 | ---- | M] (SigmaTel, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007/05/31 10:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 10:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/05/25 12:38:46 | 000,112,176 | ---- | M] (SingleClick Systems) [Auto | Running] -- C:\Program Files\Dell Network Assistant\hnm_svc.exe -- (hnmsvc)
SRV - [2007/03/19 13:44:44 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\linda\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2014/02/26 18:29:24 | 000,026,624 | ---- | M] () [Kernel | On_Demand | Unknown] -- C:\Windows\System32\TrueSight.sys -- (TrueSight)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/12/04 10:20:15 | 000,133,824 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012/12/04 10:20:15 | 000,083,432 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012/12/04 10:20:15 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012/08/27 14:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2011/12/29 08:41:30 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2009/06/16 13:59:00 | 009,768,640 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/10/09 14:42:42 | 000,017,408 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV - [2008/07/24 17:46:08 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2007/06/27 05:17:04 | 000,326,656 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/05/11 01:40:28 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2007/05/09 07:46:12 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/05/09 07:46:08 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/05/09 07:46:08 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/04/29 00:24:30 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/02/25 13:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/12/18 20:01:20 | 000,012,672 | ---- | M] (SingleClick Systems) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\packet.sys -- (Packet)
DRV - [2006/11/02 02:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 02:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2006/10/05 18:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...ie7&rlz=1I7DKUS

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...ie7&rlz=1I7DKUS
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo....ms}&fr=chr-tyc8
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)


[2008/06/09 13:04:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\linda\AppData\Roaming\Mozilla\Extensions
[2008/06/09 13:04:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\linda\AppData\Roaming\Mozilla\Extensions\[email protected]

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\33.0.1750.117\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\33.0.1750.117\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\33.0.1750.117\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Wallet = C:\Users\linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2014/02/20 23:55:12 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{94303015-FFFB-456C-8DAE-EF295954240B}: DhcpNameServer = 209.18.47.61 209.18.47.62
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\Vostro_NB_1280x864_01.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\Vostro_NB_1280x864_01.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2014/02/27 18:15:11 | 011,493,480 | ---- | C] (OPSWAT, Inc.) -- C:\Users\linda\Desktop\AppRemover.exe
[2014/02/27 17:06:22 | 000,000,000 | ---D | C] -- C:\Users\linda\Desktop\OTLLogs
[2014/02/27 16:33:33 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[2014/02/26 18:28:40 | 000,000,000 | ---D | C] -- C:\Users\linda\Desktop\RK_Quarantine
[2014/02/26 18:23:49 | 000,000,000 | ---D | C] -- C:\Users\linda\Desktop\New Folder
[2014/02/24 16:06:00 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\linda\Desktop\aswmbr.exe
[2014/02/21 16:04:55 | 010,285,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\linda\Desktop\mbam-setup-1.75.0.1300.exe
[2014/02/21 02:24:52 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2014/02/21 02:24:52 | 000,000,000 | ---D | C] -- C:\Users\linda\AppData\Local\temp
[2014/02/21 02:23:52 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014/02/21 01:38:19 | 000,000,000 | ---D | C] -- C:\Users\linda\AppData\Local\CrashDumps
[2014/02/21 01:36:11 | 000,000,000 | ---D | C] -- C:\Users\linda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2014/02/21 01:36:10 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2014/02/21 00:50:22 | 000,000,000 | ---D | C] -- C:\Users\linda\Desktop\FRST-OlderVersion
[2014/02/20 23:38:47 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2014/02/20 23:38:47 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2014/02/20 23:38:47 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2014/02/20 23:38:26 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/02/20 23:38:02 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2014/02/20 23:37:29 | 005,183,886 | R--- | C] (Swearware) -- C:\Users\linda\Desktop\ComboFix.exe
[2014/02/20 11:35:49 | 000,000,000 | ---D | C] -- C:\Users\linda\AppData\Roaming\Malwarebytes
[2014/02/20 11:35:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2014/02/20 11:35:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/02/20 11:35:34 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2014/02/20 11:35:34 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2014/02/19 16:14:21 | 000,000,000 | ---D | C] -- C:\FRST
[2014/02/19 16:13:05 | 001,142,784 | ---- | C] (Farbar) -- C:\Users\linda\Desktop\FRST.exe
[2014/02/19 12:55:22 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/02/19 10:20:09 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\linda\Desktop\OTL.exe

========== Files - Modified Within 30 Days ==========

[2014/03/02 19:05:32 | 000,221,776 | ---- | M] () -- C:\Users\linda\Desktop\avira_registry_cleaner_en.exe
[2014/03/02 19:04:59 | 000,642,218 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/03/02 19:04:59 | 000,119,378 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/03/02 18:59:16 | 000,031,871 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2014/03/02 18:59:15 | 000,031,871 | ---- | M] () -- C:\ProgramData\nvModes.001
[2014/03/02 18:59:12 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/03/02 18:59:11 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/03/02 18:59:06 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/03/02 18:58:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/03/02 18:58:48 | 2145,583,104 | -HS- | M] () -- C:\hiberfil.sys
[2014/02/27 18:20:59 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2014/02/27 18:18:39 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/02/27 18:13:15 | 011,493,480 | ---- | M] (OPSWAT, Inc.) -- C:\Users\linda\Desktop\AppRemover.exe
[2014/02/27 16:51:15 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/02/26 18:29:24 | 000,026,624 | ---- | M] () -- C:\Windows\System32\TrueSight.sys
[2014/02/26 18:26:28 | 003,818,496 | ---- | M] () -- C:\Users\linda\Desktop\RogueKiller.exe
[2014/02/24 16:02:59 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\linda\Desktop\aswmbr.exe
[2014/02/21 16:04:55 | 010,285,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\linda\Desktop\mbam-setup-1.75.0.1300.exe
[2014/02/21 09:47:22 | 000,111,273 | ---- | M] () -- C:\Users\linda\Desktop\Error.jpg
[2014/02/21 03:22:16 | 000,001,929 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/02/21 01:36:11 | 000,001,059 | ---- | M] () -- C:\Users\linda\Desktop\Revo Uninstaller.lnk
[2014/02/21 00:50:22 | 001,142,784 | ---- | M] (Farbar) -- C:\Users\linda\Desktop\FRST.exe
[2014/02/20 23:55:12 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2014/02/20 23:33:20 | 005,183,886 | R--- | M] (Swearware) -- C:\Users\linda\Desktop\ComboFix.exe
[2014/02/20 11:35:36 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/02/20 10:54:58 | 000,008,484 | ---- | M] () -- C:\Users\linda\AppData\Local\d3d9caps.dat
[2014/02/20 04:19:12 | 000,216,754 | ---- | M] () -- C:\Users\linda\AppData\Local\census.cache
[2014/02/20 04:18:53 | 000,154,198 | ---- | M] () -- C:\Users\linda\AppData\Local\ars.cache
[2014/02/19 10:20:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\linda\Desktop\OTL.exe
[2014/02/19 09:05:01 | 000,280,040 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2014/02/18 10:48:19 | 000,000,036 | ---- | M] () -- C:\Users\linda\AppData\Local\housecall.guid.cache

========== Files Created - No Company Name ==========

[2014/03/02 19:06:22 | 000,221,776 | ---- | C] () -- C:\Users\linda\Desktop\avira_registry_cleaner_en.exe
[2014/02/26 18:29:24 | 000,026,624 | ---- | C] () -- C:\Windows\System32\TrueSight.sys
[2014/02/26 18:27:06 | 003,818,496 | ---- | C] () -- C:\Users\linda\Desktop\RogueKiller.exe
[2014/02/21 09:47:21 | 000,111,273 | ---- | C] () -- C:\Users\linda\Desktop\Error.jpg
[2014/02/21 01:36:11 | 000,001,059 | ---- | C] () -- C:\Users\linda\Desktop\Revo Uninstaller.lnk
[2014/02/20 23:38:47 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2014/02/20 23:38:47 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2014/02/20 23:38:47 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2014/02/20 23:38:47 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2014/02/20 23:38:47 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2014/02/20 22:13:07 | 2145,583,104 | -HS- | C] () -- C:\hiberfil.sys
[2014/02/20 11:35:36 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/02/20 04:19:12 | 000,216,754 | ---- | C] () -- C:\Users\linda\AppData\Local\census.cache
[2014/02/20 04:18:53 | 000,154,198 | ---- | C] () -- C:\Users\linda\AppData\Local\ars.cache
[2014/02/18 15:52:47 | 000,218,228 | ---- | C] () -- C:\Windows\System32\WFP.TMF
[2014/02/18 10:48:19 | 000,000,036 | ---- | C] () -- C:\Users\linda\AppData\Local\housecall.guid.cache
[2011/06/28 15:24:26 | 000,031,871 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2011/06/28 15:24:26 | 000,031,871 | ---- | C] () -- C:\ProgramData\nvModes.001
[2007/12/06 16:30:27 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2007/12/06 13:13:46 | 000,027,335 | ---- | C] () -- C:\Users\linda\AppData\Roaming\nvModes.001
[2007/12/06 13:08:00 | 000,027,335 | ---- | C] () -- C:\Users\linda\AppData\Roaming\nvModes.dat
[2007/12/06 13:07:07 | 000,008,484 | ---- | C] () -- C:\Users\linda\AppData\Local\d3d9caps.dat
[2007/11/30 15:54:34 | 000,005,120 | ---- | C] () -- C:\Users\linda\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2006/11/02 07:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 01:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2008/06/09 13:04:33 | 000,000,000 | ---D | M] -- C:\Users\linda\AppData\Roaming\TomTom

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:62E2D794

< End of report >
  • 0

#13
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Thanks for the logs. Let's remove the rest of Avira that I see on the system and run some other tools.


Step-1.

Posted Image OTL Fix

Please close all open windows and browsers

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

1. Please copy all of the text in the quote box below (Do Not copy the word Quote. To do this, highlight everything
inside the quote box (except the word Quote) , right click and click Copy.

:COMMANDS
[createrestorepoint]

:OTL
SRV - [2012/12/04 10:20:08 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/12/04 10:19:47 | 000,565,024 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2012/12/04 10:19:45 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
DRV - [2012/12/04 10:20:15 | 000,133,824 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012/12/04 10:20:15 | 000,083,432 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012/12/04 10:20:15 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012/08/27 14:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)

:FILES
C:\Program Files\Avira
ipconfig /release /c
ipconfig /renew /c
netsh winsock reset catalog /c
netsh int ip reset reset.log /c
ipconfig /flushdns /c

:COMMANDS
[emptytemp]


Warning: This fix is relevant for this system and no other. If you are not this user, DO NOT follow these directions as they could damage the workings of your system.

2. Please re-open Posted Image on your desktop. To do that:
  • Vista and 7 users: Right click the icon and click Run as Administrator
3. Place the mouse pointer inside the Posted Image textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the Posted Image button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the Posted Image button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).


Step-2.

AdwCleaner by Xplode

Download AdwCleaner. Click here and then click the Download Now @ BleepingComputer button. Save the file to the desktop.

NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.
  • Right click the AdwCleaner icon Posted Image on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.

    Posted Image
  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above the progress bar you will see Pending. Please uncheck elements you don't want to remove. Do Not delete anything at this time.
  • Click the Report button to get the log.
  • Copy and Paste it into your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[R0].txt.
  • Click the X in the upper right corner of the program or click the File menu and click Exit to close the program.
NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.


Things For Your Next Post:
Please post the logs in the order requested. Please don't attach the logs unless I request it.
1. The OTL fixes log
2. The AdwCleaner[R0].txt log
  • 0

#14
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP