Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't create DDS Logs


  • This topic is locked This topic is locked
23 replies to this topic

#1 mizzkat421

mizzkat421

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:15 AM

Posted 15 April 2012 - 02:33 PM

Hi, I have a redirect virus and I am trying to follow the instructions. I started step 7 under the preparation guide but after the black window shows it disappears and that's it. Can someone please advise?
Thanks,
7:)

BC AdBot (Login to Remove)

 


#2 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:15 AM

Posted 15 April 2012 - 09:26 PM

Hello and welcome. Please follow these guidelines while we work on your PC:
  • Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I’ve given you the “All clear.” Absence of symptoms does not mean your machine is clean!
  • Please do not run any scans or install/uninstall any applications without being directed to do so.
  • Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.
Posted Image Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in:
    %systemroot%\*. /rp /s
    netsvcs
  • Click the Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and paste them into your next post.
Posted Image Download aswMBR.exe to your desktop.
  • Double click the aswMBR.exe to run it
  • You will be asked if you want to use Avast! Free anti virus for scanning - select No
  • Click the "Scan" button to start scan
  • On completion of the scan click save log, save it to your desktop and post in your next reply.
Please include the following in your next post:
  • OTL.txt and Extras.txt logs
  • aswMBR log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#3 mizzkat421

mizzkat421
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:15 AM

Posted 16 April 2012 - 06:10 AM

Hi RPMcMurphy, thanks for replying. I will follow your instructions when I get home from work tonight. Just saw your reply.
Thanks in advance for your help!

7:)

#4 mizzkat421

mizzkat421
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:15 AM

Posted 16 April 2012 - 06:56 AM

Hi RPMcMurphy, I found some time to do this because I know this forum is very busy. Here are my logs:

OTL logfile created on: 4/16/2012 7:18:04 AM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\kathychef46\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 5.00 Gb Available Physical Memory | 83.28% Memory free
12.00 Gb Paging File | 10.42 Gb Available in Paging File | 86.89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 685.79 Gb Total Space | 537.35 Gb Free Space | 78.36% Space Free | Partition Type: NTFS
Drive I: | 232.88 Gb Total Space | 17.78 Gb Free Space | 7.63% Space Free | Partition Type: NTFS

Computer Name: KATHYCHEF46-PC | User Name: kathychef46 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/16 07:14:01 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\kathychef46\Desktop\OTL.exe
PRC - [2012/03/13 05:37:52 | 003,331,872 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\kathychef46\AppData\Local\Akamai\netsession_win.exe
PRC - [2012/03/06 19:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/03/06 19:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/01/27 11:51:05 | 002,253,688 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2010/12/08 05:24:16 | 005,247,624 | ---- | M] () -- C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe
PRC - [2010/08/20 19:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2010/08/11 20:19:16 | 000,781,536 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
PRC - [2010/05/04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2010/03/03 22:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/03/03 22:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2009/12/15 21:14:22 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2009/06/09 10:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2007/08/06 20:05:46 | 000,200,704 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files (x86)\PowerISO\PWRISOVM.EXE


========== Modules (No Company Name) ==========

MOD - [2012/04/10 22:08:11 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\262285b3d0afafc5059f3fe9be69bff5\System.Windows.Forms.ni.dll
MOD - [2012/04/10 22:08:05 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8177623eac8f15cf95b587625439eac7\System.Drawing.ni.dll
MOD - [2012/02/15 23:11:33 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\5be773440afa1e1f565f9021d8fd9730\IAStorUtil.ni.dll
MOD - [2012/02/15 20:30:11 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll
MOD - [2012/02/15 20:29:08 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
MOD - [2012/02/15 20:29:04 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll
MOD - [2012/02/15 20:29:03 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
MOD - [2011/10/14 19:34:42 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/12/08 05:24:16 | 005,247,624 | ---- | M] () -- C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe
MOD - [2010/12/08 05:23:52 | 000,100,352 | ---- | M] () -- C:\Program Files\Verizon V CAST Media Manager\avutil-50.dll
MOD - [2010/12/08 05:23:50 | 000,684,032 | ---- | M] () -- C:\Program Files\Verizon V CAST Media Manager\libexpat.dll
MOD - [2010/12/08 05:23:50 | 000,466,975 | ---- | M] () -- C:\Program Files\Verizon V CAST Media Manager\sqlite3.dll
MOD - [2010/08/11 20:19:34 | 000,077,024 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll
MOD - [2010/08/11 20:19:32 | 000,109,792 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll
MOD - [2010/08/11 20:19:32 | 000,072,928 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll
MOD - [2010/08/11 20:19:30 | 000,232,672 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll
MOD - [2010/08/11 20:19:30 | 000,126,176 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll
MOD - [2010/08/11 20:19:30 | 000,119,008 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll
MOD - [2010/08/11 20:19:26 | 001,121,504 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\libxml2.dll
MOD - [2010/08/11 20:19:16 | 000,781,536 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
MOD - [2009/12/15 21:14:22 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/03/06 19:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/06/09 10:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2012/04/14 07:03:19 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/01/27 11:51:05 | 002,253,688 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011/01/09 13:30:30 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/12/29 15:50:01 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2010/08/25 22:28:54 | 002,823,000 | ---- | M] (Dell, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe -- (NOBU)
SRV - [2010/08/20 19:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2010/05/04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) @C:\Program Files (x86)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/03 22:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/05 20:07:28 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe -- (GameConsoleService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/06 19:04:06 | 000,819,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012/03/06 19:04:04 | 000,337,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012/03/06 19:02:20 | 000,053,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012/03/06 19:01:57 | 000,059,224 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012/03/06 19:01:52 | 000,069,976 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/03/06 19:01:32 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/12/14 20:46:42 | 000,222,904 | ---- | M] (QFX Software Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\keyscrambler.sys -- (KeyScrambler)
DRV:64bit: - [2011/10/01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/08/01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/05/18 08:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/04/13 15:04:38 | 000,023,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/07/12 14:36:10 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/06/23 10:10:56 | 000,344,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/01/28 10:25:04 | 000,086,120 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 22:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/04/16 14:49:34 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2007/08/06 20:21:32 | 000,057,776 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2007/04/19 08:55:50 | 000,029,696 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem)
DRV:64bit: - [2007/04/19 08:55:50 | 000,027,648 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag)
DRV:64bit: - [2007/04/19 08:55:50 | 000,016,896 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus)
DRV:64bit: - [2006/11/01 14:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2011/03/16 18:59:28 | 000,036,792 | ---- | M] (IObit Information Technology) [File_System | Auto | Running] -- C:\Program Files (x86)\IObit\Protected Folder\pffilter.sys -- (PfFilter)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {C38522F3-1CFE-4AAC-B734-7335D64CC4CA}
IE:64bit: - HKLM\..\SearchScopes\{C38522F3-1CFE-4AAC-B734-7335D64CC4CA}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {1D8266EC-76B3-4DF0-BAE5-ABFDD8C208BB}
IE - HKLM\..\SearchScopes\{1D8266EC-76B3-4DF0-BAE5-ABFDD8C208BB}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60347
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 2A 5E 17 0F A9 21 B5 49 9B 30 0F B0 DC A5 90 3C [binary data]
IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {C38522F3-1CFE-4AAC-B734-7335D64CC4CA}
IE - HKCU\..\SearchScopes\{04F34ED7-C809-433B-95CF-2DFDB29E4F22}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=380920&p={searchTerms}
IE - HKCU\..\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}: "URL" = http://www.crawler.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=60347
IE - HKCU\..\SearchScopes\{F6F3A269-96BF-471D-AFD0-EC89B673D7EE}: "URL" = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.order.1: "Crawler Search"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=380920&ilc=12"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..extensions.enabledItems: {4176DFF4-4698-11DE-BEEB-45DA55D89593}:0.8.12
FF - prefs.js..extensions.enabledItems: {4B3803EA-5230-4DC3-A7FC-33638F3D3542}:1.3
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=380920&p="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_233.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files (x86)\McAfee\Supportability\MVT\npmvtplugin.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/04/04 20:41:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/04/04 22:07:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/12/26 17:41:13 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{8268DBBC-7A0D-11E1-826D-B8AC6F996F26}: C:\Users\kathychef46\AppData\Local\{8268DBBC-7A0D-11E1-826D-B8AC6F996F26}\ [2012/03/29 22:10:28 | 000,000,000 | ---D | M]

[2011/01/07 20:21:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kathychef46\AppData\Roaming\Mozilla\Extensions
[2012/04/15 13:21:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kathychef46\AppData\Roaming\Mozilla\Firefox\Profiles\6ehp8uoq.default\extensions
[2012/04/03 06:00:08 | 000,000,000 | ---D | M] (KeyScrambler) -- C:\Users\kathychef46\AppData\Roaming\Mozilla\Firefox\Profiles\6ehp8uoq.default\extensions\keyscrambler@qfx.software.corporation
[2012/04/04 22:07:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/03/02 00:39:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2012/04/04 20:41:04 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
() (No name found) -- C:\USERS\KATHYCHEF46\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6EHP8UOQ.DEFAULT\EXTENSIONS\LONXJYKCSQ@LONXJYKCSQ.ORG.XPI
[2012/04/04 22:07:43 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/07/25 05:47:42 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010/12/09 06:47:06 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012/04/04 22:07:40 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2007/07/26 14:05:16 | 000,001,329 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\crawlersrch.xml
[2011/03/04 12:21:49 | 000,002,024 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2012/04/04 22:07:40 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/07/26 22:46:57 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files (x86)\KeyScrambler\x64\KeyScramblerIE.dll (QFX Software Corporation)
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe (Dell, Inc.)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\kathychef46\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKCU..\Run: [HLBackupScheduler] C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe (Softthinks)
O4 - HKLM..\RunOnceEx: [Flags] Reg Error: Invalid data type. File not found
O4 - HKLM..\RunOnceEx: [Title] UnHackMe Rootkit Check File not found
O4 - Startup: C:\Users\kathychef46\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\kathychef46\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files (x86)\KeyScrambler\x64\KeyScramblerIE.dll (QFX Software Corporation)
O9 - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: real.com ([rhap-app-4-0] https in Trusted sites)
O15 - HKCU\..Trusted Domains: real.com ([rhapreg] https in Trusted sites)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} https://support.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.254.2 167.206.254.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CF99AD3B-79F5-4ADF-B15F-E6078C8F6F31}: DhcpNameServer = 167.206.254.2 167.206.254.1
O18:64bit: - Protocol\Handler\belarc - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/09/17 08:26:45 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2010/07/01 10:10:50 | 000,000,000 | RH-D | M] - I:\autorun -- [ NTFS ]
O32 - AutoRun File - [2002/10/16 08:56:50 | 000,000,036 | RH-- | M] () - I:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (MACHINE BootExecut)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


========== Files/Folders - Created Within 30 Days ==========

[2012/04/16 07:14:11 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\kathychef46\Desktop\aswMBR.exe
[2012/04/16 07:13:56 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\kathychef46\Desktop\OTL.exe
[2012/04/16 06:19:52 | 000,000,000 | ---D | C] -- C:\Users\kathychef46\AppData\Local\{0E43D7F3-B6EB-4870-9EB2-7994133FF143}
[2012/04/16 06:19:41 | 000,000,000 | ---D | C] -- C:\Users\kathychef46\AppData\Local\{84FB6323-7B22-49D5-93D3-878CF65EA344}
[2012/04/15 17:46:28 | 000,000,000 | ---D | C] -- C:\Users\kathychef46\AppData\Local\{24FBE8A3-855E-4B66-9996-4C5CE3CA93CC}
[2012/04/15 17:46:17 | 000,000,000 | ---D | C] -- C:\Users\kathychef46\AppData\Local\{D6712F79-BFF0-4300-B3FE-D40E7D88823E}
[2012/04/15 17:36:34 | 000,000,000 | ---D | C] -- C:\Users\kathychef46\AppData\Local\{1442ECE3-1F3C-4E6A-B123-71AD298BA1FE}
[2012/04/15 17:36:22 | 000,000,000 | ---D | C] -- C:\Users\kathychef46\AppData\Local\{9B0D122E-A21F-4A4D-8444-A7B88DDB1201}
[2012/04/15 16:11:24 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSSTDFMT.DLL
[2012/04/15 16:11:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
[2012/04/15 16:11:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpywareBlaster
[2012/04/15 16:06:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/04/15 16:04:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/04/15 16:04:26 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/04/15 15:49:24 | 000,000,000 | ---D | C] -- C:\Users\kathychef46\AppData\Local\{8FEFFBBB-F10D-46E1-B9BC-56AE0C4D01A4}
[2012/04/15 13:43:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/04/15 13:41:19 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/04/15 13:39:53 | 000,000,000 | ---D | C] -- C:\Users\kathychef46\Desktop\tdsskiller
[2012/04/15 12:49:01 | 000,607,260 | ---- | C] (Swearware) -- C:\Users\kathychef46\Desktop\dds.scr
[2012/04/14 13:16:55 | 000,000,000 | ---D | C] -- C:\Users\kathychef46\AppData\Local\{99D06269-0DA1-459F-B25C-4B956DC8B650}
[2012/04/14 13:16:44 | 000,000,000 | ---D | C] -- C:\Users\kathychef46\AppData\Local\{5C7FF264-4756-49AC-8E4F-231AD8E649D1}
[2012/04/14 13:15:18 | 000,000,000 | ---D | C] -- C:\Users\kathychef46\AppData\Local\{3BAAD647-8949-4EE5-9D8F-34768BE86A6D}
[2012/04/14 13:15:07 | 000,000,000 | ---D | C] -- C:\Users\kathychef46\AppData\Local\{8EF6427E-6BA6-4843-A191-100697001800}
[2012/04/14 12:52:24 | 000,000,000 | ---D | C] -- C:\Users\kathychef46\AppData\Local\{D1494A6B-DB27-4B6A-B1EB-8F68605F61F0}
[2012/04/14 12:52:13 | 000,000,000 | ---D | C] -- C:\Users\kathychef46\AppData\Local\{049276D9-009E-42F6-ABC4-B3FD10D2CC77}
[2012/04/13 20:42:21 | 000,000,000 | ---D | C] -- C:\Users\kathychef46\AppData\Local\{C360CD2F-5A7A-4DD8-9F6F-4AB6370E1994}
[2012/04/13 20:42:10 | 000,000,000 | ---D | C] -- C:\Users\kathychef46\AppData\Local\{B7C69ECD-A8D1-47A0-9E95-ADEF26517D0D}
[2012/04/13 19:07:46 | 000,000,000 | ---D | C] -- C:\Users\kathychef46\AppData\Local\{80F784F4-68A2-49F0-ADCE-2FC87B718CA3}
[2012/04/13 19:07:35 | 000,000,000 | ---D | C] -- C:\Users\kathychef46\AppData\Local\{8F068C36-A2A8-4103-A0B3-1F8E2B419FEA}
[2012/04/13 18:48:42 | 000,000,000 | ---D | C] -- C:\Users\kathychef46\AppData\Local\{607CF8A3-9BCC-43C4-8E33-B7DAA0F136A0}
[2012/04/13 18:18:56 | 000,000,000 | ---D | C] -- C:\Users\kathychef46\Documents\FILES FOR BACKUP
[2012/04/13 06:47:53 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012/04/13 06:46:27 | 000,000,000 | ---D | C] -- C:\Users\kathychef46\Documents\RegRun2
[2012/04/13 06:46:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\UnHackMe
[2012/04/12 21:15:58 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2012/04/12 18:45:21 | 000,000,000 | ---D | C] -- C:\Users\kathychef46\AppData\Local\{F3052D0D-24D6-4FAD-AB4C-34C622802B13}
[2012/04/12 06:20:37 | 000,000,000 | ---D | C] -- C:\Users\kathychef46\Documents\TORIN-SONGS
[2012/04/12 05:49:42 | 000,000,000 | ---D | C] -- C:\Users\kathychef46\Documents\Destinys Child - Rn'B - 1998-2006
[2012/04/11 19:26:17 | 000,000,000 | ---D | C] -- C:\Users\kathychef46\AppData\Local\{C4B689C2-92CA-40F3-B13C-25A52F7A3434}
[2012/04/11 06:38:01 | 000,000,000 | ---D | C] -- C:\Users\kathychef46\AppData\Local\{3B7F1764-FB13-443C-81EC-915D0E8D5DAF}
[2012/04/10 21:58:20 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/04/10 21:58:20 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/04/10 21:58:19 | 002,311,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/04/10 21:58:19 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/04/10 21:58:18 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/04/10 21:58:18 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/04/10 21:58:18 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/04/10 21:58:18 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/04/10 21:58:17 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/04/10 21:58:17 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/04/10 21:58:17 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/04/10 21:58:03 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/04/10 21:58:03 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/04/10 21:58:02 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/04/10 21:55:42 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012/04/10 21:55:42 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2012/04/10 21:55:42 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys
[2012/04/10 18:25:18 | 000,000,000 | ---D | C] -- C:\Users\kathychef46\AppData\Local\{6B19E354-AE03-4C76-809D-B338B3877A63}
[2012/04/10 06:24:53 | 000,000,000 | ---D | C] -- C:\Users\kathychef46\AppData\Local\{0A5ACFAF-A993-4A73-8706-FC98BEF01145}
[2012/04/09 19:03:09 | 008,741,536 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012/04/09 18:22:16 | 000,000,000 | ---D | C] -- C:\Users\kathychef46\AppData\Local\{2531938B-4565-44CC-BC3F-8F27FE0889E9}
[2012/04/09 18:15:07 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/04/09 05:31:32 | 000,000,000 | ---D | C] -- C:\Users\kathychef46\AppData\Local\{4ACF9369-1760-4756-ADFC-D6AE96AC8897}
[2012/04/07 20:54:09 | 000,000,000 | ---D | C] -- C:\Users\kathychef46\Documents\Super 8 (2011)HD.720p_(V)_
[2012/04/07 20:46:30 | 000,000,000 | ---D | C] -- C:\Users\kathychef46\Documents\Trilogy Of Terror
[2012/04/07 20:36:27 | 000,000,000 | ---D | C] -- C:\Users\kathychef46\Documents\The Grey 2012 720p BRRip-BOYKAYON
[2012/04/06 20:56:34 | 000,000,000 | ---D | C] -- C:\Users\kathychef46\AppData\Local\{7F782AF6-96ED-4EF9-8CD6-19AF87574BBA}
[2012/04/06 20:30:53 | 000,000,000 | ---D | C] -- C:\Users\kathychef46\Documents\Mission Imposible - Ghost Protocol (HD)
[2012/04/06 20:24:35 | 000,000,000 | ---D | C] -- C:\Users\kathychef46\Documents\MISSION IMPOSSIBLE . GHOST PROTOCOL
[2012/04/05 20:06:53 | 000,000,000 | ---D | C] -- C:\Users\kathychef46\Documents\Mission.Impossible.Ghost.Protocol.2011.720p.BRRip.x264.AC3-26K
[2012/04/05 19:54:11 | 000,000,000 | ---D | C] -- C:\Users\kathychef46\AppData\Local\{F53C893B-F19A-4D3A-BCC9-39FC74C01613}
[2012/04/04 22:01:24 | 000,000,000 | ---D | C] -- C:\Users\kathychef46\AppData\Local\{1106A33D-59AA-4220-AE9A-BAC9335C7AA1}
[2012/04/04 21:47:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hitman Pro 3.5
[2012/04/04 21:47:41 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2012/04/04 21:46:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2012/04/04 20:41:05 | 000,053,080 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012/04/04 20:36:44 | 000,000,000 | ---D | C] -- C:\Users\kathychef46\Documents\Hitman Pro 3.5.9 Build 129 - Fully Activated -BRiNGiT
[2012/04/04 20:07:59 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012/04/04 07:01:02 | 000,000,000 | ---D | C] -- C:\Users\kathychef46\AppData\Local\{BD79C05E-BC0C-4978-9C7F-AEF9AF8AD6C0}
[2012/04/03 19:00:36 | 000,000,000 | ---D | C] -- C:\Users\kathychef46\AppData\Local\{8CFA8C51-A74E-4E12-AAB1-8B6A70654952}
[2012/04/03 05:53:09 | 000,000,000 | ---D | C] -- C:\Users\kathychef46\AppData\Local\{042102F9-983D-40E3-8EA7-C45CED4440A2}
[2012/04/02 17:52:43 | 000,000,000 | ---D | C] -- C:\Users\kathychef46\AppData\Local\{84E96649-37A0-47CE-A333-A070716CD345}
[2012/03/31 20:45:53 | 000,000,000 | ---D | C] -- C:\Users\kathychef46\AppData\Local\{844A2A02-46CA-4EE1-9149-8923705DF086}
[2012/03/29 22:10:28 | 000,000,000 | ---D | C] -- C:\Users\kathychef46\AppData\Local\{8268DBBC-7A0D-11E1-826D-B8AC6F996F26}
[2012/03/29 19:58:17 | 000,000,000 | ---D | C] -- C:\Users\kathychef46\AppData\Local\{FD856A36-C817-442B-BBA6-19409D09B871}
[2012/03/28 20:27:41 | 000,000,000 | ---D | C] -- C:\Users\kathychef46\AppData\Local\{CF372160-F810-4F5D-913C-B4C9FE650534}
[2012/03/27 19:17:59 | 000,000,000 | ---D | C] -- C:\Users\kathychef46\AppData\Local\{35AA4B11-56AE-4AAF-8C52-2967B66E3021}
[2012/03/27 19:17:46 | 000,000,000 | ---D | C] -- C:\Users\kathychef46\AppData\Local\{9B9927B9-44D7-4A92-AF0B-37D11D88EC25}
[2012/03/27 07:17:20 | 000,000,000 | ---D | C] -- C:\Users\kathychef46\AppData\Local\{3230D848-4384-4029-947F-47A11CDA27E7}
[2012/03/27 07:17:06 | 000,000,000 | ---D | C] -- C:\Users\kathychef46\AppData\Local\{2A351CA4-AF21-4799-98A1-4ADB1F5F4F90}
[2012/03/26 19:10:31 | 000,000,000 | ---D | C] -- C:\Users\kathychef46\AppData\Local\{9166F814-D4A6-49EF-9372-221DCA44FD86}
[2012/03/26 19:10:18 | 000,000,000 | ---D | C] -- C:\Users\kathychef46\AppData\Local\{3AB9F34E-F5C3-41E9-8511-DA0933D86739}
[2012/03/26 07:09:41 | 000,000,000 | ---D | C] -- C:\Users\kathychef46\AppData\Local\{3F35FEB7-2264-43A0-AD4A-9E868386B776}
[2012/03/26 07:09:08 | 000,000,000 | ---D | C] -- C:\Users\kathychef46\AppData\Local\{876F51F8-70BA-4578-8D10-7DB580083606}
[2012/03/25 12:23:54 | 000,000,000 | ---D | C] -- C:\Users\kathychef46\AppData\Local\{516C59BB-F4C5-47EE-8442-7A481870DC61}
[2012/03/25 12:23:40 | 000,000,000 | ---D | C] -- C:\Users\kathychef46\AppData\Local\{42E25E95-75A3-4DD4-A3E7-500F8ECACEEE}
[2012/03/24 19:36:39 | 000,000,000 | ---D | C] -- C:\Users\kathychef46\AppData\Local\{720F0ED6-1757-4775-BC9D-BD464E8CA684}
[2012/03/24 19:36:11 | 000,000,000 | ---D | C] -- C:\Users\kathychef46\AppData\Local\{E1AEF808-EF37-4668-9E86-303389DAFAC3}
[2012/03/23 06:04:08 | 000,000,000 | ---D | C] -- C:\Users\kathychef46\AppData\Local\{E77E7070-AA6F-4EED-B746-8EFE1BA24727}
[2012/03/23 06:03:56 | 000,000,000 | ---D | C] -- C:\Users\kathychef46\AppData\Local\{FD23C51E-FF3D-411E-83AA-1BD010DF4A1E}
[2012/03/22 07:57:52 | 000,000,000 | ---D | C] -- C:\Users\kathychef46\AppData\Local\{889EE9CF-7409-49E5-9FAC-1DF72148940F}
[2012/03/22 07:57:38 | 000,000,000 | ---D | C] -- C:\Users\kathychef46\AppData\Local\{6DAED2A9-15D5-4E41-A93A-D93926FE1F51}
[2012/03/21 19:57:08 | 000,000,000 | ---D | C] -- C:\Users\kathychef46\AppData\Local\{BFE3F15E-D380-4FEF-832F-0B27CD6ADBF0}
[2012/03/21 19:56:53 | 000,000,000 | ---D | C] -- C:\Users\kathychef46\AppData\Local\{A2CBFBA5-FFAA-42A2-A11D-125CCA90FB5A}
[2012/03/21 07:00:33 | 000,000,000 | ---D | C] -- C:\Users\kathychef46\AppData\Local\{D21146A7-12E3-4B9D-B5E0-BB3A561141F6}
[2012/03/21 07:00:03 | 000,000,000 | ---D | C] -- C:\Users\kathychef46\AppData\Local\{F483C17D-7645-4024-AC2D-E65F9C6D082B}
[2012/03/20 18:18:04 | 000,000,000 | ---D | C] -- C:\Users\kathychef46\AppData\Local\{68BC2344-40DA-4F4E-A663-C19DC5C9CE68}
[2012/03/20 18:17:51 | 000,000,000 | ---D | C] -- C:\Users\kathychef46\AppData\Local\{B399217B-EB34-41D1-BDF6-63F663873830}
[2012/03/19 18:38:44 | 000,000,000 | ---D | C] -- C:\Users\kathychef46\AppData\Local\{8950F256-B664-4F79-AD91-AFF19263FB1B}
[2012/03/19 18:38:07 | 000,000,000 | ---D | C] -- C:\Users\kathychef46\AppData\Local\{CB88395A-6331-4511-8824-E124E258EEA4}
[2012/03/17 12:28:13 | 000,000,000 | ---D | C] -- C:\Users\kathychef46\AppData\Local\{C4B2C27E-0863-4D3E-8343-0F3EFFB348CF}
[2012/03/17 12:27:42 | 000,000,000 | ---D | C] -- C:\Users\kathychef46\AppData\Local\{826279B2-7236-4437-87A1-8C5569ABF399}
[1 C:\Users\kathychef46\Desktop\*.tmp files -> C:\Users\kathychef46\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/16 07:14:29 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\kathychef46\Desktop\aswMBR.exe
[2012/04/16 07:14:01 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\kathychef46\Desktop\OTL.exe
[2012/04/16 07:03:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/16 06:04:09 | 000,000,426 | ---- | M] () -- C:\Windows\tasks\vtscheduletask.job
[2012/04/15 16:52:07 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/15 16:52:07 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/15 16:44:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/15 16:43:43 | 536,076,287 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/15 16:11:24 | 000,001,085 | ---- | M] () -- C:\Users\kathychef46\Desktop\SpywareBlaster.lnk
[2012/04/15 16:06:30 | 000,001,288 | ---- | M] () -- C:\Users\kathychef46\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/04/15 16:06:30 | 000,001,264 | ---- | M] () -- C:\Users\kathychef46\Desktop\Spybot - Search & Destroy.lnk
[2012/04/15 16:05:32 | 000,002,052 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/04/15 16:04:27 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/15 15:56:38 | 000,025,160 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2012/04/15 15:39:24 | 000,607,260 | ---- | M] (Swearware) -- C:\Users\kathychef46\Desktop\dds.scr
[2012/04/15 13:39:34 | 002,052,353 | ---- | M] () -- C:\Users\kathychef46\Desktop\tdsskiller.zip
[2012/04/15 12:34:36 | 000,000,000 | ---- | M] () -- C:\Users\kathychef46\defogger_reenable
[2012/04/14 07:03:19 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/04/14 07:03:19 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/04/14 07:03:10 | 008,741,536 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012/04/13 21:50:42 | 000,006,247 | ---- | M] () -- C:\Users\kathychef46\Desktop\pp-txt - Shortcut.lnk
[2012/04/13 20:00:55 | 000,050,654 | ---- | M] () -- C:\Users\kathychef46\Desktop\Adidas_polkadots_TrackTop2.jpg
[2012/04/13 19:21:26 | 000,801,170 | ---- | M] () -- C:\Users\kathychef46\Desktop\redirect-virus-removal.pdf
[2012/04/13 19:15:08 | 000,050,477 | ---- | M] () -- C:\Users\kathychef46\Desktop\Defogger.exe
[2012/04/13 06:46:29 | 000,000,002 | RHS- | M] () -- C:\Windows\winstart.bat
[2012/04/13 06:46:29 | 000,000,002 | RHS- | M] () -- C:\Windows\SysWow64\AUTOEXEC.NT
[2012/04/12 21:15:58 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2012/04/10 22:00:49 | 000,811,322 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/04/10 22:00:49 | 000,672,404 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/04/10 22:00:49 | 000,126,272 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/04/04 22:07:46 | 000,002,050 | ---- | M] () -- C:\Users\kathychef46\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/04/04 21:55:58 | 000,001,108 | ---- | M] () -- C:\Windows\SysNative\.crusader
[2012/04/04 21:47:43 | 000,001,980 | ---- | M] () -- C:\Users\Public\Desktop\Hitman Pro 3.5.lnk
[2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/03/20 07:45:41 | 000,791,168 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[1 C:\Users\kathychef46\Desktop\*.tmp files -> C:\Users\kathychef46\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/15 16:11:24 | 000,001,085 | ---- | C] () -- C:\Users\kathychef46\Desktop\SpywareBlaster.lnk
[2012/04/15 16:06:30 | 000,001,288 | ---- | C] () -- C:\Users\kathychef46\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/04/15 16:06:30 | 000,001,264 | ---- | C] () -- C:\Users\kathychef46\Desktop\Spybot - Search & Destroy.lnk
[2012/04/15 16:05:32 | 000,002,052 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/04/15 16:04:27 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/15 13:39:28 | 002,052,353 | ---- | C] () -- C:\Users\kathychef46\Desktop\tdsskiller.zip
[2012/04/15 12:34:36 | 000,000,000 | ---- | C] () -- C:\Users\kathychef46\defogger_reenable
[2012/04/13 20:00:52 | 000,050,654 | ---- | C] () -- C:\Users\kathychef46\Desktop\Adidas_polkadots_TrackTop2.jpg
[2012/04/13 19:21:25 | 000,801,170 | ---- | C] () -- C:\Users\kathychef46\Desktop\redirect-virus-removal.pdf
[2012/04/13 19:15:07 | 000,050,477 | ---- | C] () -- C:\Users\kathychef46\Desktop\Defogger.exe
[2012/04/13 06:46:29 | 000,000,002 | RHS- | C] () -- C:\Windows\winstart.bat
[2012/04/13 06:46:29 | 000,000,002 | RHS- | C] () -- C:\Windows\SysWow64\AUTOEXEC.NT
[2012/04/09 18:15:08 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/04 21:55:58 | 000,001,108 | ---- | C] () -- C:\Windows\SysNative\.crusader
[2012/04/04 21:47:43 | 000,025,160 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2012/04/04 21:47:43 | 000,001,980 | ---- | C] () -- C:\Users\Public\Desktop\Hitman Pro 3.5.lnk
[2011/04/11 22:05:05 | 000,000,099 | ---- | C] () -- C:\Users\kathychef46\AppData\Local\fusioncache.dat
[2011/04/11 21:50:44 | 000,791,168 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/03/23 08:16:42 | 000,000,004 | ---- | C] () -- C:\Users\kathychef46\AppData\Roaming\39177A
[2011/03/23 08:16:41 | 000,870,128 | ---- | C] () -- C:\Users\kathychef46\AppData\Roaming\mcs.rma
[2011/01/30 20:48:16 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/01/17 00:30:23 | 000,162,304 | ---- | C] () -- C:\Windows\SysWow64\ztvunrar36.dll
[2011/01/17 00:30:23 | 000,077,312 | ---- | C] () -- C:\Windows\SysWow64\ztvunace26.dll

========== Custom Scans ==========

< %systemroot%\*. /rp /s >

< End of report >

OTL Extras logfile created on: 4/16/2012 7:18:04 AM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\kathychef46\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 5.00 Gb Available Physical Memory | 83.28% Memory free
12.00 Gb Paging File | 10.42 Gb Available in Paging File | 86.89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 685.79 Gb Total Space | 537.35 Gb Free Space | 78.36% Space Free | Partition Type: NTFS
Drive I: | 232.88 Gb Total Space | 17.78 Gb Free Space | 7.63% Space Free | Partition Type: NTFS

Computer Name: KATHYCHEF46-PC | User Name: kathychef46 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = JSFile] -- C:\Program Files (x86)\Macromedia\Dreamweaver MX\Dreamweaver.exe (Macromedia, Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.js [@ = JSFile] -- C:\Program Files (x86)\Macromedia\Dreamweaver MX\Dreamweaver.exe (Macromedia, Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [open] -- "C:\Program Files (x86)\Macromedia\Dreamweaver MX\Dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
jsfile [open] -- "C:\Program Files (x86)\Macromedia\Dreamweaver MX\Dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{41BC9E31-0D39-462E-8E4C-767B21A3B1C3}" = MobileMe Control Panel
"{4316E318-85EC-42C3-9535-C7B49B8CAD21}" = AxCrypt 1.7.2126.0
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{C73A3942-84C8-4597-9F9B-EE227DCBA758}" = Dell Dock
"{D1399216-81B2-457C-A0F7-73B9A2EF6902}" = PDFill PDF Editor with FREE Writer and FREE Tools
"{D1829BE5-F305-4576-9593-C66FC7E0B008}" = iCloud
"{D66F0C3C-24F2-4463-9E2F-4381E5C40A26}" = iTunes
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"HitmanPro35" = Hitman Pro 3.5
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"NVIDIA Drivers" = NVIDIA Drivers

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java™ 6 Update 26
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2BD5C305-1B27-4D41-B690-7A61172D2FEB}" = Macromedia Flash 8
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33B5B641-7843-48A9-A8FE-4501869D0B92}" = Geometry Solved!
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{39C7807F-E1AB-4817-8914-CAA80252967E}" = SymbolSource
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{47BBA5AA-CA6F-4A41-858D-A7A776F29A8B}" = Google SketchUp 8
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F3E17F8-F1C8-4A4B-9EB8-1EE2D190CDA9}" = Adobe Setup
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6CC56991-D80B-42EB-B2AF-85D6F822D8EA}" = Algebra Solved!
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7741FA25-9898-4D16-9900-72D44F3C56F0}" = SoftPlan 2012 Trial
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7EC66A95-AC2D-4127-940B-0445A526AB2F}" = Dell DataSafe Online
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{842BEE12-CCCB-43F4-ABAF-CBA6DFE2583D}" = Nero BurnLite 10
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{885A63EA-382B-4DD4-A755-14809B8557D6}" = Macromedia Flash Player 8
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B4AB829-DFD3-436D-B808-D9733D76C590}" = Macromedia Dreamweaver MX
"{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}" = Macromedia Flash 8 Video Encoder
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA31EA7B-7917-4000-949B-38E91F848A25}" = Internet Explorer
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB627AF2-9C7E-4DBD-816B-3B2646B81E89}" = Nero BurnLite 10
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{B8B4D43C-EAA0-4EEC-B93E-D4D012316286}" = Free DWG Viewer 7.0
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{D7A1BF13-4DA3-4391-855D-D61ADADF74A6}_is1" = Full Video Converter Free 9
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E51E08E3-BBD2-40AD-8F9F-4BF9DEA54B44}" = Algebra 2 Solved!
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E69BB189-4B20-46AE-93CF-59099F05FC3F}" = OutlookTools 2
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F47C37A4-7189-430A-B81D-739FF8A7A554}" = Consumer In-Home Service Agreement
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FDF64A37-4842-48CD-A424-2C38444D36FD}" = LG Android Drivers
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"Adobe_a04a925a57548091300ada368235fc6" = Adobe Illustrator CS3
"Akamai" = Akamai NetSession Interface Service
"avast" = avast! Free Antivirus
"Belarc Advisor" = Belarc Advisor 8.2
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Core FTP LE 2.1" = Core FTP LE 2.1
"Dell Dock" = Dell Dock
"ESET Online Scanner" = ESET Online Scanner v3
"FastStone Photo Resizer" = FastStone Photo Resizer 3.0
"FLV.com FLV Converter_is1" = FLV.com FLV Converter V 2.92
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.2
"GoToAssist" = GoToAssist 8.0.0.514
"HTMLKit_is1" = HTML-Kit
"ImgBurn" = ImgBurn
"KeyScrambler" = KeyScrambler
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"McAfee Virtual Technician" = McAfee Virtual Technician
"Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US)
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"PowerISO" = PowerISO
"Protected Folder_is1" = Protected Folder
"SpywareBlaster_is1" = SpywareBlaster 4.6
"TeamViewer 6" = TeamViewer 6
"TUGZip_is1" = TUGZip 3.5
"uTorrent" = µTorrent
"V CAST Music with Rhapsody" = V CAST Music with Rhapsody
"Verizon V CAST Media Manager" = Verizon V CAST Media Manager
"WildTangent dell Master Uninstall" = WildTangent Games
"Winamp" = Winamp
"WinAVIVideoConverter_is1" = WinAVIVideoConverter
"WinLiveSuite" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-16 07:23:42
-----------------------------
07:23:42.725 OS Version: Windows x64 6.1.7601 Service Pack 1
07:23:42.725 Number of processors: 2 586 0x170A
07:23:42.725 ComputerName: KATHYCHEF46-PC UserName: kathychef46
07:23:45.034 Initialize success
07:23:45.127 AVAST engine defs: 12041600
07:23:54.035 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
07:23:54.035 Disk 0 Vendor: ST3750528AS CC46 Size: 715404MB BusType: 3
07:23:54.051 Disk 0 MBR read successfully
07:23:54.066 Disk 0 MBR scan
07:23:54.066 Disk 0 Windows VISTA default MBR code
07:23:54.066 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
07:23:54.066 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 13118 MB offset 81920
07:23:54.082 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 702245 MB offset 26947584
07:23:54.113 Disk 0 scanning C:\Windows\system32\drivers
07:24:00.728 Service scanning
07:24:15.377 Modules scanning
07:24:15.377 Disk 0 trace - called modules:
07:24:15.392 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
07:24:15.892 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80063af1a0]
07:24:15.892 3 CLASSPNP.SYS[fffff880019c443f] -> nt!IofCallDriver -> [0xfffffa8005ec9930]
07:24:15.892 5 ACPI.sys[fffff88000f417a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8005ecf060]
07:24:16.656 AVAST engine scan C:\Windows
07:24:17.935 AVAST engine scan C:\Windows\system32
07:26:07.388 AVAST engine scan C:\Windows\system32\drivers
07:26:14.814 AVAST engine scan C:\Users\kathychef46
07:44:52.480 File: C:\Users\kathychef46\AppData\Local\Temp\nse58A0.tmp\sgpeue.dll **INFECTED** Win32:Malware-gen
07:48:47.092 AVAST engine scan C:\ProgramData
07:50:35.546 Scan finished successfully
07:52:37.476 Disk 0 MBR has been saved successfully to "C:\Users\kathychef46\Desktop\MBR.dat"
07:52:37.476 The log file has been saved successfully to "C:\Users\kathychef46\Desktop\aswMBR.txt"

Thanks again!
7:)

#5 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:15 AM

Posted 16 April 2012 - 04:16 PM

Posted Image P2P - I see you have P2P software (uTorrent) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to malware infections. Please see this post for more information. I recommend that you uninstall these now. You can do so via Control Panel >> Add or Remove Programs. If you choose to keep these applications, please do not use them until we are done.

Please do this next:

Posted Image Disable Spybot S&D's TeaTimer
  • Launch Spybot S&D, go to the Mode menu and make sure "Advanced Mode" is selected.
  • On the left hand side, click on Tools, then click on the Resident Icon in the list.
  • Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
  • Click on the "System Startup" icon in the List
  • Uncheck the "TeaTimer" box and "OK" any prompts.
  • If Teatimer gives you a warning that changes were made, click the "Allow Change" box when prompted.
  • Exit Spybot S&D when done and reboot your computer.
(When we are done, you can re-enable Teatimer using the same steps but this time place a check next to "Resident TeaTimer" and check the "TeaTimer" box in System Startup.)

Posted Image Run OTL.exe
  • Copy/paste the following text written inside of the box below into the Custom Scans/Fixes box located at the bottom of OTL

    :OTL
    () (No name found) -- C:\USERS\KATHYCHEF46\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6EHP8UOQ.DEFAULT\EXTENSIONS\LONXJYKCSQ@LONXJYKCSQ.ORG.XPI
    IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found
    FF - user.js - File not found
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O4 - HKLM..\RunOnceEx: [Flags] Reg Error: Invalid data type. File not found
    O4 - HKLM..\RunOnceEx: [Title] UnHackMe Rootkit Check File not found
    O4 - Startup: C:\Users\kathychef46\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
    :Files
    C:\Users\kathychef46\AppData\Local\Temp\nse58A0.tmp\sgpeue.dll
    :Commands
    [EmptyTemp]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, it will reboot when it is done and produce a log
Posted Image Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • If you have trouble, stop and post back. Do not try to repeatedly run comboFix!
  • When finished, it will produce a report for you.
.
Note: If after running ComboFix you receive a message stating, "Illegal Operation Attempted on a registery key that has been marked for deletion" rebooting your computer will resolve the problem.

Please include the following in your next post:
  • OTL Fix log
  • ComboFix log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#6 mizzkat421

mizzkat421
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:15 AM

Posted 16 April 2012 - 05:28 PM

Hi RPMcMurphy, I uninstalled utorrent, thanks for the advice. Ok I got to the step to run OTL.exe and followed your instructions but after it finished the box disappeared and no log was produced. I didn't want to go any further. Please advise on what to do now.

Thanks
7:)

#7 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:15 AM

Posted 16 April 2012 - 06:15 PM

It should be a .txt file located in this folder: C:\_OTL\MovedFiles

If you still don't see it go ahead and continue on with ComboFix.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#8 mizzkat421

mizzkat421
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:15 AM

Posted 16 April 2012 - 08:02 PM

Ok found it.

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnceEx\\Flags deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnceEx\\Title deleted successfully.
C:\Users\kathychef46\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk moved successfully.
========== FILES ==========
C:\Users\kathychef46\AppData\Local\Temp\nse58A0.tmp\sgpeue.dll moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: kathychef46
->Temp folder emptied: 8318720 bytes
->Temporary Internet Files folder emptied: 190160406 bytes
->Java cache emptied: 3051930 bytes
->FireFox cache emptied: 1098830695 bytes
->Flash cache emptied: 4911 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 93850846 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 17964794875 bytes

Total Files Cleaned = 18,462.00 mb


OTL by OldTimer - Version 3.2.39.2 log created on 04162012_193141

ComboFix 12-04-16.02 - kathychef46 04/16/2012 20:27:01.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6143.4839 [GMT -4:00]
Running from: c:\users\kathychef46\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\kathychef46\GoToAssistDownloadHelper.exe
I:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2012-03-17 to 2012-04-17 )))))))))))))))))))))))))))))))
.
.
2012-04-17 00:46 . 2012-04-17 00:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-16 23:31 . 2012-04-16 23:31 -------- d-----w- C:\_OTL
2012-04-15 20:11 . 2010-01-10 22:40 118784 ----a-w- c:\windows\SysWow64\MSSTDFMT.DLL
2012-04-15 20:11 . 2012-04-15 20:11 -------- d-----w- c:\program files (x86)\SpywareBlaster
2012-04-15 20:04 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-15 17:43 . 2012-04-15 17:43 -------- d-----w- c:\program files (x86)\ESET
2012-04-15 17:41 . 2012-04-15 19:44 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-13 10:47 . 2012-04-13 10:47 -------- d-----w- c:\windows\Sun
2012-04-13 10:46 . 2012-04-13 10:46 2 --shatr- c:\windows\winstart.bat
2012-04-13 10:46 . 2012-04-13 21:18 -------- d-----w- c:\program files (x86)\UnHackMe
2012-04-13 10:06 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F29D0E62-A6B1-46A0-B85C-408C5EA2A69B}\mpengine.dll
2012-04-13 01:15 . 2012-04-13 01:15 12872 ----a-w- c:\windows\system32\bootdelete.exe
2012-04-11 01:57 . 2012-04-11 01:57 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2012-04-11 01:55 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-11 01:55 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-11 01:55 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-11 01:55 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-11 01:55 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-11 01:55 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-11 01:55 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-09 23:03 . 2012-04-14 11:03 8741536 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-09 22:15 . 2012-04-14 11:03 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-05 02:07 . 2012-04-05 02:07 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll
2012-04-05 02:07 . 2012-04-05 02:07 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-04-05 02:07 . 2012-04-05 02:07 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2012-04-05 02:07 . 2012-04-05 02:07 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll
2012-04-05 02:07 . 2012-04-05 02:07 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-04-05 01:47 . 2012-04-15 19:56 25160 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2012-04-05 01:47 . 2012-04-05 01:47 -------- d-----w- c:\program files\Hitman Pro 3.5
2012-04-05 01:46 . 2012-04-05 01:56 -------- d-----w- c:\programdata\Hitman Pro
2012-04-05 00:41 . 2012-03-06 23:02 53080 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-04-05 00:07 . 2012-04-05 00:08 -------- d-----w- c:\programdata\HitmanPro
2012-03-30 02:10 . 2012-03-30 02:10 -------- d-----w- c:\users\kathychef46\AppData\Local\{8268DBBC-7A0D-11E1-826D-B8AC6F996F26}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-14 11:03 . 2011-12-21 00:45 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-06 23:15 . 2011-07-26 12:02 41184 ----a-w- c:\windows\avastSS.scr
2012-03-06 23:15 . 2011-07-26 12:02 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-03-06 23:15 . 2011-07-26 12:03 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-06 23:04 . 2011-07-26 12:03 819032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-06 23:04 . 2011-07-26 12:04 337240 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-06 23:01 . 2011-07-26 12:04 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-06 23:01 . 2011-07-26 12:03 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-03-06 23:01 . 2011-07-26 12:04 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-02-23 13:18 . 2011-07-26 12:28 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-17 06:38 . 2012-03-13 23:39 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-13 23:39 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-13 23:39 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-13 23:39 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-14 16:09 . 2012-02-14 16:09 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-02-10 06:36 . 2012-03-13 23:40 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-13 23:40 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-03 04:34 . 2012-03-13 23:40 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-01-25 06:38 . 2012-03-13 23:39 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-01-25 06:38 . 2012-03-13 23:39 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-01-25 06:33 . 2012-03-13 23:39 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HLBackupScheduler"="c:\program files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe" [2010-12-08 5247624]
"Akamai NetSession Interface"="c:\users\kathychef46\AppData\Local\Akamai\netsession_win.exe" [2012-03-13 3331872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2007-08-07 200704]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-12-16 498160]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]
.
c:\users\kathychef46\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-5-28 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 RasAuto32;Remote Access Auto Connection Manager ;c:\windows\system32\msvidc3232.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 253088]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 PfFilter;PfFilter;c:\program files (x86)\IObit\Protected Folder\pffilter.sys [2011-03-16 36792]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2010-08-20 689472]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-01-27 2253688]
S3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 11:03]
.
2012-04-16 c:\windows\Tasks\vtscheduletask.job
- c:\program files (x86)\McAfee\Supportability\MVT\MvtApp.exe [2011-07-26 18:25]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-21 8306208]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
TCP: DhcpNameServer = 167.206.254.2 167.206.254.1
FF - ProfilePath - c:\users\kathychef46\AppData\Roaming\Mozilla\Firefox\Profiles\6ehp8uoq.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=380920&p=
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-92666525.sys
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f5,8e,f3,78,a0,43,83,4b,8e,b8,c7,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f5,8e,f3,78,a0,43,83,4b,8e,b8,c7,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
.
**************************************************************************
.
Completion time: 2012-04-16 20:54:31 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-17 00:54
.
Pre-Run: 596,044,099,584 bytes free
Post-Run: 595,670,265,856 bytes free
.
- - End Of File - - A193B6DF83F6DEF990757FEC041A331F

#9 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:15 AM

Posted 16 April 2012 - 08:54 PM

Please do this next:

Posted Image You have this program installed, Malwarebytes' Anti-Malware (MBAM). Please update it and run a scan.

Open MBAM
  • Click the Update tab
  • Click Check for Updates
  • If an update is found, it will download and install the latest version.
  • The program will close to update and reopen.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Uncheck any entries from C:\System Volume Information, C:\_OTL\MovedFiles or C:\Qoobox
  • Make sure that everything else is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Please include the following in your next post:
  • MBAM log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#10 mizzkat421

mizzkat421
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:15 AM

Posted 17 April 2012 - 05:42 AM

Here you go:

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.17.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
kathychef46 :: KATHYCHEF46-PC [administrator]

4/17/2012 5:35:58 AM
mbam-log-2012-04-17 (05-35-58).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 495490
Time elapsed: 1 hour(s), 1 minute(s), 8 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#11 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:15 AM

Posted 17 April 2012 - 07:32 AM

How is your computer running now? Please do this next:

Posted Image Run OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    :OTL
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>
  • Then click the Run Fix button at the top
  • Let the program run unhindered, it will reboot when it is done and produce a log
Posted Image Go to thisLINK to run an online scannner from ESET.
  • Note: For browsers other than Internet Explorer, you will need to download and install esetsmartinstaller_enu.exe. Click on it and save the file to a convenient location. Double click on it to install and a new window will open.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • If you are using Internet Explorer, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic.
Please include the following in your next post:
  • How is your computer running now?
  • OTL Fix log
  • ESET log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#12 mizzkat421

mizzkat421
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:15 AM

Posted 17 April 2012 - 05:16 PM

Hi RPMcMurphy it still has the redirect virus. Ok going to do your next set of instructions now.

#13 mizzkat421

mizzkat421
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:15 AM

Posted 18 April 2012 - 04:30 AM

Here you go:

========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!

OTL by OldTimer - Version 3.2.39.2 log created on 04172012_182037

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=96b310bfe2dfc5458408d1d96555a509
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-04-18 01:27:23
# local_time=2012-04-17 09:27:23 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 22109368 22109368 0 0
# compatibility_mode=5893 16776574 100 94 0 86245425 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=318410
# found=4
# cleaned=0
# scan_time=10467
C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application (unable to clean) 00000000000000000000000000000000 I
I:\KATHYCHEF46-PC\Backup Set 2011-07-26 070916\Backup Files 2011-07-26 070916\Backup files 12.zip a variant of Java/Agent.A trojan (unable to clean) 00000000000000000000000000000000 I
I:\OLD-COMPUTER\OLD FILES\new3\author keith\gamer-reloaded.zip PHP/Obfuscated.B application (unable to clean) 00000000000000000000000000000000 I
ESETSmartInstaller@High as downloader log:
all ok

#14 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:15 AM

Posted 18 April 2012 - 10:28 PM

If you are still being redirected, please do this (if you are not, let me know):

Posted Image Double click on OTL to open it
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open a notepad window. OTL.Txt. This is saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of that file.
Posted Image Please download MiniToolBox and run it.

Check the following items:
  • Flush DNS
  • List content of Hosts
  • List IP configuration
Click Go and copy/paste the log (Result.txt) into your next post.
Please include the following in your next post:
  • How is your computer running now?
  • OTL log
  • MiniToolBox log

Edited by RPMcMurphy, 18 April 2012 - 10:28 PM.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#15 mizzkat421

mizzkat421
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:15 AM

Posted 19 April 2012 - 05:05 AM

Yes it's still redirecting, just checked. I wasn't suppose to do anything with the files the EST scanner found right? Asking because I didn't.

Ok here is the logs:

OTL logfile created on: 4/19/2012 5:54:29 AM - Run 2
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\kathychef46\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 4.77 Gb Available Physical Memory | 79.56% Memory free
12.00 Gb Paging File | 10.66 Gb Available in Paging File | 88.83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 685.79 Gb Total Space | 552.91 Gb Free Space | 80.62% Space Free | Partition Type: NTFS
Drive I: | 232.88 Gb Total Space | 17.78 Gb Free Space | 7.63% Space Free | Partition Type: NTFS

Computer Name: KATHYCHEF46-PC | User Name: kathychef46 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\kathychef46\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\kathychef46\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe ()
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (SoftThinks SAS)
PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\262285b3d0afafc5059f3fe9be69bff5\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8177623eac8f15cf95b587625439eac7\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\5be773440afa1e1f565f9021d8fd9730\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe ()
MOD - C:\Program Files\Verizon V CAST Media Manager\avutil-50.dll ()
MOD - C:\Program Files\Verizon V CAST Media Manager\libexpat.dll ()
MOD - C:\Program Files\Verizon V CAST Media Manager\sqlite3.dll ()
MOD - C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (TeamViewer6) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (GoToAssist) -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (NOBU) -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe (Dell, Inc.)
SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (SoftThinks SAS)
SRV - (NAUpdate) @C:\Program Files (x86) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (IAStorDataMgrSvc) Intel® -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (GameConsoleService) -- C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe (WildTangent, Inc.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (KeyScrambler) -- C:\Windows\SysNative\drivers\keyscrambler.sys (QFX Software Corporation)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (dc3d) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (NuidFltr) -- C:\Windows\SysNative\drivers\nuidfltr.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys (Research In Motion Limited)
DRV:64bit: - (SCDEmu) -- C:\Windows\SysNative\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV:64bit: - (USBModem) -- C:\Windows\SysNative\drivers\lgx64modem.sys (LG Electronics Inc.)
DRV:64bit: - (UsbDiag) -- C:\Windows\SysNative\drivers\lgx64diag.sys (LG Electronics Inc.)
DRV:64bit: - (usbbus) -- C:\Windows\SysNative\drivers\lgx64bus.sys (LG Electronics Inc.)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (PfFilter) -- C:\Program Files (x86)\IObit\Protected Folder\pffilter.sys (IObit Information Technology)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {C38522F3-1CFE-4AAC-B734-7335D64CC4CA}
IE:64bit: - HKLM\..\SearchScopes\{C38522F3-1CFE-4AAC-B734-7335D64CC4CA}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {1D8266EC-76B3-4DF0-BAE5-ABFDD8C208BB}
IE - HKLM\..\SearchScopes\{1D8266EC-76B3-4DF0-BAE5-ABFDD8C208BB}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 2A 5E 17 0F A9 21 B5 49 9B 30 0F B0 DC A5 90 3C [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {C38522F3-1CFE-4AAC-B734-7335D64CC4CA}
IE - HKCU\..\SearchScopes\{04F34ED7-C809-433B-95CF-2DFDB29E4F22}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=380920&p={searchTerms}
IE - HKCU\..\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}: "URL" = http://www.crawler.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=60347
IE - HKCU\..\SearchScopes\{F6F3A269-96BF-471D-AFD0-EC89B673D7EE}: "URL" = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.order.1: "Crawler Search"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=380920&ilc=12"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..extensions.enabledItems: {4176DFF4-4698-11DE-BEEB-45DA55D89593}:0.8.12
FF - prefs.js..extensions.enabledItems: {4B3803EA-5230-4DC3-A7FC-33638F3D3542}:1.3
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=380920&p="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_233.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files (x86)\McAfee\Supportability\MVT\npmvtplugin.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/04/04 20:41:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/04/04 22:07:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/12/26 17:41:13 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{8268DBBC-7A0D-11E1-826D-B8AC6F996F26}: C:\Users\kathychef46\AppData\Local\{8268DBBC-7A0D-11E1-826D-B8AC6F996F26}\ [2012/03/29 22:10:28 | 000,000,000 | ---D | M]

[2011/01/07 20:21:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kathychef46\AppData\Roaming\Mozilla\Extensions
[2012/04/15 13:21:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kathychef46\AppData\Roaming\Mozilla\Firefox\Profiles\6ehp8uoq.default\extensions
[2012/04/03 06:00:08 | 000,000,000 | ---D | M] (KeyScrambler) -- C:\Users\kathychef46\AppData\Roaming\Mozilla\Firefox\Profiles\6ehp8uoq.default\extensions\keyscrambler@qfx.software.corporation
[2012/04/04 22:07:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/03/02 00:39:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2012/04/04 20:41:04 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
() (No name found) -- C:\USERS\KATHYCHEF46\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6EHP8UOQ.DEFAULT\EXTENSIONS\LONXJYKCSQ@LONXJYKCSQ.ORG.XPI
[2012/04/04 22:07:43 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/07/25 05:47:42 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010/12/09 06:47:06 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012/04/04 22:07:40 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2007/07/26 14:05:16 | 000,001,329 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\crawlersrch.xml
[2011/03/04 12:21:49 | 000,002,024 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2012/04/04 22:07:40 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/04/16 20:49:33 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files (x86)\KeyScrambler\x64\KeyScramblerIE.dll (QFX Software Corporation)
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe (Dell, Inc.)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\kathychef46\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKCU..\Run: [HLBackupScheduler] C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe ()
O4 - Startup: C:\Users\kathychef46\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9:64bit: - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files (x86)\KeyScrambler\x64\KeyScramblerIE.dll (QFX Software Corporation)
O9 - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: real.com ([rhap-app-4-0] https in Trusted sites)
O15 - HKCU\..Trusted Domains: real.com ([rhapreg] https in Trusted sites)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} https://support.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.254.2 167.206.254.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CF99AD3B-79F5-4ADF-B15F-E6078C8F6F31}: DhcpNameServer = 167.206.254.2 167.206.254.1
O18:64bit: - Protocol\Handler\belarc - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/09/17 08:26:45 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2010/07/01 10:10:50 | 000,000,000 | R--D | M] - I:\autorun -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/18 21:38:59 | 000,000,000 | ---D | C] -- C:\Users\kathychef46\AppData\Local\{19B34319-0EA8-4144-A302-F2752C66B575}
[2012/04/18 21:38:48 | 000,000,000 | ---D | C] -- C:\Users\kathychef46\AppData\Local\{9001E865-37BA-4CB9-A1A8-71D8A6FB58B9}
[2012/04/18 21:37:51 | 000,000,000 | ---D | C] -- C:\Users\kathychef46\AppData\Local\{69F3CBA4-E904-4211-BB5B-77146E99E1AC}
[2012/04/18 21:37:40 | 000,000,000 | ---D | C] -- C:\Users\kathychef46\AppData\Local\{C89FBF79-B584-41DF-9FE9-B250B507457F}
[2012/04/18 20:07:34 | 000,000,000 | ---D | C] -- C:\Users\kathychef46\AppData\Local\{9E57D374-0C80-4030-880D-7A4CC5603E0B}
[2012/04/18 20:07:22 | 000,000,000 | ---D | C] -- C:\Users\kathychef46\AppData\Local\{571AD444-452F-4D32-A0FE-A73D8F925BA3}
[2012/04/18 05:47:42 | 000,000,000 | ---D | C] -- C:\Users\kathychef46\AppData\Local\{0A3F500A-427C-4655-AD47-FA3A1D569D27}
[2012/04/18 05:47:30 | 000,000,000 | ---D | C] -- C:\Users\kathychef46\AppData\Local\{018F3D15-DC38-409F-A27E-60DC13055DC9}
[2012/04/17 18:25:57 | 002,322,184 | ---- | C] (ESET) -- C:\Users\kathychef46\Desktop\esetsmartinstaller_enu.exe
[2012/04/16 20:49:42 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/04/16 20:46:57 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/04/16 20:25:08 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/04/16 20:25:08 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/04/16 20:25:08 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/04/16 20:25:01 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/04/16 19:31:41 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/04/16 18:21:18 | 004,465,601 | R--- | C] (Swearware) -- C:\Users\kathychef46\Desktop\ComboFix.exe
[2012/04/16 18:14:25 | 000,000,000 | ---D | C] -- C:\Users\kathychef46\Desktop\VIRUS-FIX
[2012/04/16 07:14:11 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\kathychef46\Desktop\aswMBR.exe
[2012/04/16 07:13:56 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\kathychef46\Desktop\OTL.exe
[2012/04/16 06:19:52 | 000,000,000 | ---D | C] -- C:\Users\kathychef46\AppData\Local\{0E43D7F3-B6EB-4870-9EB2-7994133FF143}
[2012/04/16 06:19:41 | 000,000,000 | ---D | C] -- C:\Users\kathychef46\AppData\Local\{84FB6323-7B22-49D5-93D3-878CF65EA344}
[2012/04/15 17:46:28 | 000,000,000 | ---D | C] -- C:\Users\kathychef46\AppData\Local\{24FBE8A3-855E-4B66-9996-4C5CE3CA93CC}
[2012/04/15 17:46:17 | 000,000,000 | ---D | C] -- C:\Users\kathychef46\AppData\Local\{D6712F79-BFF0-4300-B3FE-D40E7D88823E}
[2012/04/15 17:36:34 | 000,000,000 | ---D | C] -- C:\Users\kathychef46\AppData\Local\{1442ECE3-1F3C-4E6A-B123-71AD298BA1FE}
[2012/04/15 17:36:22 | 000,000,000 | ---D | C] -- C:\Users\kathychef46\AppData\Local\{9B0D122E-A21F-4A4D-8444-A7B88DDB1201}
[2012/04/15 16:11:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
[2012/04/15 16:11:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpywareBlaster
[2012/04/15 16:06:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/04/15 16:04:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/04/15 16:04:26 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/04/15 15:49:24 | 000,000,000 | ---D | C] -- C:\Users\kathychef46\AppData\Local\{8FEFFBBB-F10D-46E1-B9BC-56AE0C4D01A4}
[2012/04/15 13:43:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/04/15 13:41:19 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/04/15 12:49:01 | 000,607,260 | ---- | C] (Swearware) -- C:\Users\kathychef46\Desktop\dds.scr
[2012/04/14 13:16:55 | 000,000,000 | ---D | C] -- C:\Users\kathychef46\AppData\Local\{99D06269-0DA1-459F-B25C-4B956DC8B650}
[2012/04/14 13:16:44 | 000,000,000 | ---D | C] -- C:\Users\kathychef46\AppData\Local\{5C7FF264-4756-49AC-8E4F-231AD8E649D1}
[2012/04/14 13:15:18 | 000,000,000 | ---D | C] -- C:\Users\kathychef46\AppData\Local\{3BAAD647-8949-4EE5-9D8F-34768BE86A6D}
[2012/04/14 13:15:07 | 000,000,000 | ---D | C] -- C:\Users\kathychef46\AppData\Local\{8EF6427E-6BA6-4843-A191-100697001800}
[2012/04/14 12:52:24 | 000,000,000 | ---D | C] -- C:\Users\kathychef46\AppData\Local\{D1494A6B-DB27-4B6A-B1EB-8F68605F61F0}
[2012/04/14 12:52:13 | 000,000,000 | ---D | C] -- C:\Users\kathychef46\AppData\Local\{049276D9-009E-42F6-ABC4-B3FD10D2CC77}
[2012/04/13 20:42:21 | 000,000,000 | ---D | C] -- C:\Users\kathychef46\AppData\Local\{C360CD2F-5A7A-4DD8-9F6F-4AB6370E1994}
[2012/04/13 20:42:10 | 000,000,000 | ---D | C] -- C:\Users\kathychef46\AppData\Local\{B7C69ECD-A8D1-47A0-9E95-ADEF26517D0D}
[2012/04/13 19:07:46 | 000,000,000 | ---D | C] -- C:\Users\kathychef46\AppData\Local\{80F784F4-68A2-49F0-ADCE-2FC87B718CA3}
[2012/04/13 19:07:35 | 000,000,000 | ---D | C] -- C:\Users\kathychef46\AppData\Local\{8F068C36-A2A8-4103-A0B3-1F8E2B419FEA}
[2012/04/13 18:48:42 | 000,000,000 | ---D | C] -- C:\Users\kathychef46\AppData\Local\{607CF8A3-9BCC-43C4-8E33-B7DAA0F136A0}
[2012/04/13 18:18:56 | 000,000,000 | ---D | C] -- C:\Users\kathychef46\Documents\FILES FOR BACKUP
[2012/04/13 06:47:53 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012/04/13 06:46:27 | 000,000,000 | ---D | C] -- C:\Users\kathychef46\Documents\RegRun2
[2012/04/13 06:46:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\UnHackMe
[2012/04/12 21:15:58 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2012/04/12 18:45:21 | 000,000,000 | ---D | C] -- C:\Users\kathychef46\AppData\Local\{F3052D0D-24D6-4FAD-AB4C-34C622802B13}
[2012/04/12 06:20:37 | 000,000,000 | ---D | C] -- C:\Users\kathychef46\Documents\TORIN-SONGS
[2012/04/12 05:49:42 | 000,000,000 | ---D | C] -- C:\Users\kathychef46\Documents\Destinys Child - Rn'B - 1998-2006
[2012/04/11 19:26:17 | 000,000,000 | ---D | C] -- C:\Users\kathychef46\AppData\Local\{C4B689C2-92CA-40F3-B13C-25A52F7A3434}
[2012/04/11 06:38:01 | 000,000,000 | ---D | C] -- C:\Users\kathychef46\AppData\Local\{3B7F1764-FB13-443C-81EC-915D0E8D5DAF}
[2012/04/10 18:25:18 | 000,000,000 | ---D | C] -- C:\Users\kathychef46\AppData\Local\{6B19E354-AE03-4C76-809D-B338B3877A63}
[2012/04/10 06:24:53 | 000,000,000 | ---D | C] -- C:\Users\kathychef46\AppData\Local\{0A5ACFAF-A993-4A73-8706-FC98BEF01145}
[2012/04/09 18:22:16 | 000,000,000 | ---D | C] -- C:\Users\kathychef46\AppData\Local\{2531938B-4565-44CC-BC3F-8F27FE0889E9}
[2012/04/09 05:31:32 | 000,000,000 | ---D | C] -- C:\Users\kathychef46\AppData\Local\{4ACF9369-1760-4756-ADFC-D6AE96AC8897}
[2012/04/07 20:54:09 | 000,000,000 | ---D | C] -- C:\Users\kathychef46\Documents\Super 8 (2011)HD.720p_(V)_
[2012/04/07 20:46:30 | 000,000,000 | ---D | C] -- C:\Users\kathychef46\Documents\Trilogy Of Terror
[2012/04/07 20:36:27 | 000,000,000 | ---D | C] -- C:\Users\kathychef46\Documents\The Grey 2012 720p BRRip-BOYKAYON
[2012/04/06 20:56:34 | 000,000,000 | ---D | C] -- C:\Users\kathychef46\AppData\Local\{7F782AF6-96ED-4EF9-8CD6-19AF87574BBA}
[2012/04/06 20:30:53 | 000,000,000 | ---D | C] -- C:\Users\kathychef46\Documents\Mission Imposible - Ghost Protocol (HD)
[2012/04/06 20:24:35 | 000,000,000 | ---D | C] -- C:\Users\kathychef46\Documents\MISSION IMPOSSIBLE . GHOST PROTOCOL
[2012/04/05 20:06:53 | 000,000,000 | ---D | C] -- C:\Users\kathychef46\Documents\Mission.Impossible.Ghost.Protocol.2011.720p.BRRip.x264.AC3-26K
[2012/04/05 19:54:11 | 000,000,000 | ---D | C] -- C:\Users\kathychef46\AppData\Local\{F53C893B-F19A-4D3A-BCC9-39FC74C01613}
[2012/04/04 22:01:24 | 000,000,000 | ---D | C] -- C:\Users\kathychef46\AppData\Local\{1106A33D-59AA-4220-AE9A-BAC9335C7AA1}
[2012/04/04 21:47:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hitman Pro 3.5
[2012/04/04 21:47:41 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2012/04/04 21:46:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2012/04/04 20:41:05 | 000,053,080 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012/04/04 20:36:44 | 000,000,000 | ---D | C] -- C:\Users\kathychef46\Documents\Hitman Pro 3.5.9 Build 129 - Fully Activated -BRiNGiT
[2012/04/04 20:07:59 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012/04/04 07:01:02 | 000,000,000 | ---D | C] -- C:\Users\kathychef46\AppData\Local\{BD79C05E-BC0C-4978-9C7F-AEF9AF8AD6C0}
[2012/04/03 19:00:36 | 000,000,000 | ---D | C] -- C:\Users\kathychef46\AppData\Local\{8CFA8C51-A74E-4E12-AAB1-8B6A70654952}
[2012/04/03 05:53:09 | 000,000,000 | ---D | C] -- C:\Users\kathychef46\AppData\Local\{042102F9-983D-40E3-8EA7-C45CED4440A2}
[2012/04/02 17:52:43 | 000,000,000 | ---D | C] -- C:\Users\kathychef46\AppData\Local\{84E96649-37A0-47CE-A333-A070716CD345}
[2012/03/31 20:45:53 | 000,000,000 | ---D | C] -- C:\Users\kathychef46\AppData\Local\{844A2A02-46CA-4EE1-9149-8923705DF086}
[2012/03/29 22:10:28 | 000,000,000 | ---D | C] -- C:\Users\kathychef46\AppData\Local\{8268DBBC-7A0D-11E1-826D-B8AC6F996F26}
[2012/03/29 19:58:17 | 000,000,000 | ---D | C] -- C:\Users\kathychef46\AppData\Local\{FD856A36-C817-442B-BBA6-19409D09B871}
[2012/03/28 20:27:41 | 000,000,000 | ---D | C] -- C:\Users\kathychef46\AppData\Local\{CF372160-F810-4F5D-913C-B4C9FE650534}
[2012/03/27 19:17:59 | 000,000,000 | ---D | C] -- C:\Users\kathychef46\AppData\Local\{35AA4B11-56AE-4AAF-8C52-2967B66E3021}
[2012/03/27 19:17:46 | 000,000,000 | ---D | C] -- C:\Users\kathychef46\AppData\Local\{9B9927B9-44D7-4A92-AF0B-37D11D88EC25}
[2012/03/27 07:17:20 | 000,000,000 | ---D | C] -- C:\Users\kathychef46\AppData\Local\{3230D848-4384-4029-947F-47A11CDA27E7}
[2012/03/27 07:17:06 | 000,000,000 | ---D | C] -- C:\Users\kathychef46\AppData\Local\{2A351CA4-AF21-4799-98A1-4ADB1F5F4F90}
[2012/03/26 19:10:31 | 000,000,000 | ---D | C] -- C:\Users\kathychef46\AppData\Local\{9166F814-D4A6-49EF-9372-221DCA44FD86}
[2012/03/26 19:10:18 | 000,000,000 | ---D | C] -- C:\Users\kathychef46\AppData\Local\{3AB9F34E-F5C3-41E9-8511-DA0933D86739}
[2012/03/26 07:09:41 | 000,000,000 | ---D | C] -- C:\Users\kathychef46\AppData\Local\{3F35FEB7-2264-43A0-AD4A-9E868386B776}
[2012/03/26 07:09:08 | 000,000,000 | ---D | C] -- C:\Users\kathychef46\AppData\Local\{876F51F8-70BA-4578-8D10-7DB580083606}
[2012/03/25 12:23:54 | 000,000,000 | ---D | C] -- C:\Users\kathychef46\AppData\Local\{516C59BB-F4C5-47EE-8442-7A481870DC61}
[2012/03/25 12:23:40 | 000,000,000 | ---D | C] -- C:\Users\kathychef46\AppData\Local\{42E25E95-75A3-4DD4-A3E7-500F8ECACEEE}
[2012/03/24 19:36:39 | 000,000,000 | ---D | C] -- C:\Users\kathychef46\AppData\Local\{720F0ED6-1757-4775-BC9D-BD464E8CA684}
[2012/03/24 19:36:11 | 000,000,000 | ---D | C] -- C:\Users\kathychef46\AppData\Local\{E1AEF808-EF37-4668-9E86-303389DAFAC3}
[2012/03/23 06:04:08 | 000,000,000 | ---D | C] -- C:\Users\kathychef46\AppData\Local\{E77E7070-AA6F-4EED-B746-8EFE1BA24727}
[2012/03/23 06:03:56 | 000,000,000 | ---D | C] -- C:\Users\kathychef46\AppData\Local\{FD23C51E-FF3D-411E-83AA-1BD010DF4A1E}
[2012/03/22 07:57:52 | 000,000,000 | ---D | C] -- C:\Users\kathychef46\AppData\Local\{889EE9CF-7409-49E5-9FAC-1DF72148940F}
[2012/03/22 07:57:38 | 000,000,000 | ---D | C] -- C:\Users\kathychef46\AppData\Local\{6DAED2A9-15D5-4E41-A93A-D93926FE1F51}
[2012/03/21 19:57:08 | 000,000,000 | ---D | C] -- C:\Users\kathychef46\AppData\Local\{BFE3F15E-D380-4FEF-832F-0B27CD6ADBF0}
[2012/03/21 19:56:53 | 000,000,000 | ---D | C] -- C:\Users\kathychef46\AppData\Local\{A2CBFBA5-FFAA-42A2-A11D-125CCA90FB5A}
[2012/03/21 07:00:33 | 000,000,000 | ---D | C] -- C:\Users\kathychef46\AppData\Local\{D21146A7-12E3-4B9D-B5E0-BB3A561141F6}
[2012/03/21 07:00:03 | 000,000,000 | ---D | C] -- C:\Users\kathychef46\AppData\Local\{F483C17D-7645-4024-AC2D-E65F9C6D082B}
[2012/03/20 18:18:04 | 000,000,000 | ---D | C] -- C:\Users\kathychef46\AppData\Local\{68BC2344-40DA-4F4E-A663-C19DC5C9CE68}
[2012/03/20 18:17:51 | 000,000,000 | ---D | C] -- C:\Users\kathychef46\AppData\Local\{B399217B-EB34-41D1-BDF6-63F663873830}

========== Files - Modified Within 30 Days ==========

[2012/04/19 05:51:53 | 000,396,041 | ---- | M] () -- C:\Users\kathychef46\Desktop\MiniToolBox.exe
[2012/04/19 05:30:23 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/19 05:30:23 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/19 05:22:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/19 05:22:09 | 536,076,287 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/18 22:03:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/18 21:39:23 | 001,587,870 | ---- | M] () -- C:\Users\kathychef46\Desktop\Test and Change Core Beliefs-pdf.axx
[2012/04/18 21:39:23 | 000,047,806 | ---- | M] () -- C:\Users\kathychef46\Desktop\CORE BELIEFS THOUGHT JOURNAL-pdf.axx
[2012/04/18 21:39:22 | 000,016,014 | ---- | M] () -- C:\Users\kathychef46\Desktop\CORE BELIEFS THOUGHT JOURNAL-docx.axx
[2012/04/18 05:53:49 | 000,797,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/04/18 05:53:49 | 000,672,404 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/04/18 05:53:49 | 000,126,272 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/04/18 05:46:08 | 000,033,916 | ---- | M] () -- C:\Users\kathychef46\Documents\My T-Mobile-bill-4-18-12.pdf
[2012/04/18 01:00:01 | 000,000,426 | ---- | M] () -- C:\Windows\tasks\vtscheduletask.job
[2012/04/17 18:25:58 | 002,322,184 | ---- | M] (ESET) -- C:\Users\kathychef46\Desktop\esetsmartinstaller_enu.exe
[2012/04/17 05:27:29 | 001,213,628 | ---- | M] () -- C:\Users\kathychef46\Desktop\akamai.png
[2012/04/16 20:49:33 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/04/16 18:21:24 | 004,465,601 | R--- | M] (Swearware) -- C:\Users\kathychef46\Desktop\ComboFix.exe
[2012/04/16 07:14:29 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\kathychef46\Desktop\aswMBR.exe
[2012/04/16 07:14:01 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\kathychef46\Desktop\OTL.exe
[2012/04/15 16:11:24 | 000,001,085 | ---- | M] () -- C:\Users\kathychef46\Desktop\SpywareBlaster.lnk
[2012/04/15 16:06:30 | 000,001,288 | ---- | M] () -- C:\Users\kathychef46\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/04/15 16:06:30 | 000,001,264 | ---- | M] () -- C:\Users\kathychef46\Desktop\Spybot - Search & Destroy.lnk
[2012/04/15 16:05:32 | 000,002,052 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/04/15 16:04:27 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/15 15:56:38 | 000,025,160 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2012/04/15 15:39:24 | 000,607,260 | ---- | M] (Swearware) -- C:\Users\kathychef46\Desktop\dds.scr
[2012/04/15 13:39:34 | 002,052,353 | ---- | M] () -- C:\Users\kathychef46\Desktop\tdsskiller.zip
[2012/04/15 12:34:36 | 000,000,000 | ---- | M] () -- C:\Users\kathychef46\defogger_reenable
[2012/04/13 21:50:42 | 000,006,247 | ---- | M] () -- C:\Users\kathychef46\Desktop\pp-txt - Shortcut.lnk
[2012/04/13 20:00:55 | 000,050,654 | ---- | M] () -- C:\Users\kathychef46\Desktop\Adidas_polkadots_TrackTop2.jpg
[2012/04/13 19:21:26 | 000,801,170 | ---- | M] () -- C:\Users\kathychef46\Desktop\redirect-virus-removal.pdf
[2012/04/13 19:15:08 | 000,050,477 | ---- | M] () -- C:\Users\kathychef46\Desktop\Defogger.exe
[2012/04/13 06:46:29 | 000,000,002 | RHS- | M] () -- C:\Windows\winstart.bat
[2012/04/13 06:46:29 | 000,000,002 | RHS- | M] () -- C:\Windows\SysWow64\AUTOEXEC.NT
[2012/04/12 21:15:58 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2012/04/04 22:07:46 | 000,002,050 | ---- | M] () -- C:\Users\kathychef46\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/04/04 21:55:58 | 000,001,108 | ---- | M] () -- C:\Windows\SysNative\.crusader
[2012/04/04 21:47:43 | 000,001,980 | ---- | M] () -- C:\Users\Public\Desktop\Hitman Pro 3.5.lnk
[2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/03/20 07:45:41 | 000,791,168 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== Files Created - No Company Name ==========

[2012/04/19 05:51:51 | 000,396,041 | ---- | C] () -- C:\Users\kathychef46\Desktop\MiniToolBox.exe
[2012/04/18 21:39:23 | 000,047,806 | ---- | C] () -- C:\Users\kathychef46\Desktop\CORE BELIEFS THOUGHT JOURNAL-pdf.axx
[2012/04/18 21:39:22 | 001,587,870 | ---- | C] () -- C:\Users\kathychef46\Desktop\Test and Change Core Beliefs-pdf.axx
[2012/04/18 21:39:22 | 000,016,014 | ---- | C] () -- C:\Users\kathychef46\Desktop\CORE BELIEFS THOUGHT JOURNAL-docx.axx
[2012/04/18 05:46:08 | 000,033,916 | ---- | C] () -- C:\Users\kathychef46\Documents\My T-Mobile-bill-4-18-12.pdf
[2012/04/17 05:27:29 | 001,213,628 | ---- | C] () -- C:\Users\kathychef46\Desktop\akamai.png
[2012/04/16 20:25:08 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/04/16 20:25:08 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/04/16 20:25:08 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/04/16 20:25:08 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/04/16 20:25:08 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/04/15 16:11:24 | 000,001,085 | ---- | C] () -- C:\Users\kathychef46\Desktop\SpywareBlaster.lnk
[2012/04/15 16:06:30 | 000,001,288 | ---- | C] () -- C:\Users\kathychef46\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/04/15 16:06:30 | 000,001,264 | ---- | C] () -- C:\Users\kathychef46\Desktop\Spybot - Search & Destroy.lnk
[2012/04/15 16:05:32 | 000,002,052 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/04/15 16:04:27 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/15 13:39:28 | 002,052,353 | ---- | C] () -- C:\Users\kathychef46\Desktop\tdsskiller.zip
[2012/04/15 12:34:36 | 000,000,000 | ---- | C] () -- C:\Users\kathychef46\defogger_reenable
[2012/04/13 20:00:52 | 000,050,654 | ---- | C] () -- C:\Users\kathychef46\Desktop\Adidas_polkadots_TrackTop2.jpg
[2012/04/13 19:21:25 | 000,801,170 | ---- | C] () -- C:\Users\kathychef46\Desktop\redirect-virus-removal.pdf
[2012/04/13 19:15:07 | 000,050,477 | ---- | C] () -- C:\Users\kathychef46\Desktop\Defogger.exe
[2012/04/13 06:46:29 | 000,000,002 | RHS- | C] () -- C:\Windows\winstart.bat
[2012/04/13 06:46:29 | 000,000,002 | RHS- | C] () -- C:\Windows\SysWow64\AUTOEXEC.NT
[2012/04/09 18:15:08 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/04 21:55:58 | 000,001,108 | ---- | C] () -- C:\Windows\SysNative\.crusader
[2012/04/04 21:47:43 | 000,025,160 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2012/04/04 21:47:43 | 000,001,980 | ---- | C] () -- C:\Users\Public\Desktop\Hitman Pro 3.5.lnk
[2011/04/11 22:05:05 | 000,000,099 | ---- | C] () -- C:\Users\kathychef46\AppData\Local\fusioncache.dat
[2011/04/11 21:50:44 | 000,791,168 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/03/23 08:16:42 | 000,000,004 | ---- | C] () -- C:\Users\kathychef46\AppData\Roaming\39177A
[2011/03/23 08:16:41 | 000,870,128 | ---- | C] () -- C:\Users\kathychef46\AppData\Roaming\mcs.rma
[2011/01/30 20:48:16 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/01/17 00:30:23 | 000,162,304 | ---- | C] () -- C:\Windows\SysWow64\ztvunrar36.dll
[2011/01/17 00:30:23 | 000,077,312 | ---- | C] () -- C:\Windows\SysWow64\ztvunace26.dll

========== LOP Check ==========

[2012/03/07 09:50:04 | 000,000,000 | ---D | M] -- C:\Users\kathychef46\AppData\Roaming\CoreFTP
[2011/10/12 14:53:31 | 000,000,000 | ---D | M] -- C:\Users\kathychef46\AppData\Roaming\FLV.com FLV Converter
[2011/10/12 15:08:20 | 000,000,000 | ---D | M] -- C:\Users\kathychef46\AppData\Roaming\Full
[2011/09/17 08:48:19 | 000,000,000 | ---D | M] -- C:\Users\kathychef46\AppData\Roaming\IGC
[2011/03/06 13:26:22 | 000,000,000 | ---D | M] -- C:\Users\kathychef46\AppData\Roaming\ImgBurn
[2011/12/26 21:49:30 | 000,000,000 | ---D | M] -- C:\Users\kathychef46\AppData\Roaming\IObit
[2011/01/09 13:01:05 | 000,000,000 | ---D | M] -- C:\Users\kathychef46\AppData\Roaming\NexusFont
[2011/01/11 00:29:29 | 000,000,000 | ---D | M] -- C:\Users\kathychef46\AppData\Roaming\Obsidium
[2011/12/14 20:48:27 | 000,000,000 | ---D | M] -- C:\Users\kathychef46\AppData\Roaming\pdfforge
[2011/05/03 09:03:15 | 000,000,000 | ---D | M] -- C:\Users\kathychef46\AppData\Roaming\Philipp Winterberg
[2011/01/09 12:12:34 | 000,000,000 | ---D | M] -- C:\Users\kathychef46\AppData\Roaming\Proxima Software
[2011/07/26 23:26:16 | 000,000,000 | ---D | M] -- C:\Users\kathychef46\AppData\Roaming\QFX Software
[2011/08/09 17:19:28 | 000,000,000 | ---D | M] -- C:\Users\kathychef46\AppData\Roaming\SoftGrid Client
[2011/07/27 21:00:56 | 000,000,000 | ---D | M] -- C:\Users\kathychef46\AppData\Roaming\TP
[2011/01/20 19:39:02 | 000,000,000 | ---D | M] -- C:\Users\kathychef46\AppData\Roaming\Windows Live Writer
[2012/02/21 15:29:24 | 000,032,528 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/04/18 01:00:01 | 000,000,426 | ---- | M] () -- C:\Windows\Tasks\vtscheduletask.job

========== Purity Check ==========



< End of report >

MiniToolBox by Farbar Version: 18-01-2012
Ran by kathychef46 (administrator) on 19-04-2012 at 05:59:39
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.
========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = Local Area Connection (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : kathychef46-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : B8-AC-6F-DF-49-C8
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::9567:79b2:c040:feef%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.100(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Thursday, April 19, 2012 5:22:36 AM
Lease Expires . . . . . . . . . . : Friday, April 20, 2012 5:22:36 AM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 246983791
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-AD-63-9B-B8-AC-6F-DF-49-C8
DNS Servers . . . . . . . . . . . : 167.206.254.2
167.206.254.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{CF99AD3B-79F5-4ADF-B15F-E6078C8F6F31}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:45c:151b:e745:2830(Preferred)
Link-local IPv6 Address . . . . . : fe80::45c:151b:e745:2830%13(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: vdns2.srv.hcvlny.cv.net
Address: 167.206.254.2

Name: google.com
Addresses: 74.125.226.228
74.125.226.229
74.125.226.226
74.125.226.233
74.125.226.230
74.125.226.227
74.125.226.232
74.125.226.224
74.125.226.238
74.125.226.225
74.125.226.231


Pinging google.com [74.125.226.238] with 32 bytes of data:
Reply from 74.125.226.238: bytes=32 time=11ms TTL=55
Reply from 74.125.226.238: bytes=32 time=10ms TTL=55

Ping statistics for 74.125.226.238:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 10ms, Maximum = 11ms, Average = 10ms
Server: vdns2.srv.hcvlny.cv.net
Address: 167.206.254.2

Name: yahoo.com
Addresses: 72.30.38.140
98.139.183.24
209.191.122.70


Pinging yahoo.com [72.30.38.140] with 32 bytes of data:
Reply from 72.30.38.140: bytes=32 time=129ms TTL=50
Reply from 72.30.38.140: bytes=32 time=118ms TTL=49

Ping statistics for 72.30.38.140:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 118ms, Maximum = 129ms, Average = 123ms
Server: vdns2.srv.hcvlny.cv.net
Address: 167.206.254.2

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
10...b8 ac 6f df 49 c8 ......Realtek PCIe GBE Family Controller
1...........................Software Loopback Interface 1
11...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
12...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.100 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.100 276
192.168.1.100 255.255.255.255 On-link 192.168.1.100 276
192.168.1.255 255.255.255.255 On-link 192.168.1.100 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.100 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.100 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
13 58 ::/0 On-link
1 306 ::1/128 On-link
13 58 2001::/32 On-link
13 306 2001:0:4137:9e76:45c:151b:e745:2830/128
On-link
10 276 fe80::/64 On-link
13 306 fe80::/64 On-link
13 306 fe80::45c:151b:e745:2830/128
On-link
10 276 fe80::9567:79b2:c040:feef/128
On-link
1 306 ff00::/8 On-link
13 306 ff00::/8 On-link
10 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

**** End of log ****




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users