Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with some type of virus and possible malware


  • This topic is locked This topic is locked
20 replies to this topic

#1 Taahirah

Taahirah

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:46 PM

Posted 22 August 2012 - 02:05 PM

Hi,

I brought my mother's laptop home with me because she needed help with removing whatever has infected her computer. Her grandson came to visit her for a month and she doesn't know what he did to her laptop. My mother is not computer savvy so I told her that I would take it home with me and try to get her some help for it.

She stated that when she turned the computer on that there was a screen that popped up about the FBI. She doesn't remember any exact details of the message. When she contacted her ISP they told her that it was a scam going around and that it was easy to remove but that she would need a professional to help her.

I have not personally seen the virus. Her laptop is running a bit slow especially Internet Explorer so I have to use Google Chrome. When I got her laptop I noticed that her virus program was turned off and I was not able to turn it on so I had to download AVG ANTI-VIRUS FREE EDITION 2012. I ran a full scan and it found 5 infections but was only able to remove 3 of the 5.

I downloaded Malwarebytes Anti-Malware and did a scan. I attached the report to this post. I also downloaded Spybot Search and Destroy and did a scan it turned up no results.

I followed most of the steps under Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help except for the following problems:
I was not able to Download and Run DDS. The black screen came up and I was able to click to download but the scan did not complete. The laptop froze and I had to manually shut the computer down to restart it. I created a GMER LOG and attached it to this post.

The laptop is a Dell Latitude D620 and the operation system is Windows 7. If I did any wrong or you need anything else please let me know. Your help would be much appreciated.

Thank you,
Taahirah

Attached Files



BC AdBot (Login to Remove)

 


#2 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:12:46 AM

Posted 26 August 2012 - 11:56 PM

Hi,

Please see if running DDS in safe mode works.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#3 Taahirah

Taahirah
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:46 PM

Posted 27 August 2012 - 05:41 PM

Thanks for your help. I tried to run DDS in safe mode and still no go. I followed the instructions on how to download, save, and run it but it still will not complete the scan. The instructions on the black window that came up states that the scan should take no more than 3 minutes. I left it alone for 1 1/2 hours and it still would not complete. When I tried to close it froze the laptop and I had to manually shut it down. I am not sure what's going on. May there's something on the laptop top preventing it from completing.

#4 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:12:46 AM

Posted 27 August 2012 - 11:31 PM

Hi,

Please download and run this version:
Double click it to run it. as it starts, click the + sign next to "Options for dds.txt" then remove the check from the box which says "check MBR"
Ensure there is a check next to "attach.txt"
Next, click Start. It should run and produce 2 logs for you, DDS.txt and Attach.txt
Save those logs and attach them in reply.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#5 Taahirah

Taahirah
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:46 PM

Posted 28 August 2012 - 10:42 AM

I am sorry but that did not work either. I had the exact same problem as I stated previously.

#6 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:12:46 AM

Posted 28 August 2012 - 12:10 PM

Hi,

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#7 Taahirah

Taahirah
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:46 PM

Posted 28 August 2012 - 02:26 PM

OTL logfile created on: 8/28/2012 2:37:37 PM - Run 1
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\Dell\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.25 Gb Available Physical Memory | 63.02% Memory free
3.98 Gb Paging File | 2.96 Gb Available in Paging File | 74.35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 55.89 Gb Total Space | 35.16 Gb Free Space | 62.90% Space Free | Partition Type: NTFS

Computer Name: JANDERSON733-PC | User Name: Dell | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Dell\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.0\ToolbarUpdater.exe ()
PRC - C:\Program Files\AVG Secure Search\vprot.exe ()
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgemcx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
PRC - C:\Program Files\AVG\AVG PC Tuneup\BoostSpeed.exe (AVG)
PRC - c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe (DivX, LLC)
PRC - C:\Program Files\Cisco\Cisco NAC Agent\NACAgentUI.exe (Cisco Systems, Inc.)
PRC - C:\Program Files\Cisco\Cisco NAC Agent\NACAgent.exe (Cisco Systems, Inc.)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.0\SiteSafety.dll ()
MOD - C:\Program Files\AVG Secure Search\vprot.exe ()
MOD - C:\Program Files\AVG\AVG PC Tuneup\madExcept_.bpl ()
MOD - C:\Program Files\AVG\AVG PC Tuneup\madBasic_.bpl ()
MOD - C:\Program Files\AVG\AVG PC Tuneup\madDisAsm_.bpl ()
MOD - C:\Program Files\Yahoo!\Messenger\yui.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()


========== Services (SafeList) ==========

SRV - (vToolbarUpdater12.2.0) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.0\ToolbarUpdater.exe ()
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (NisSrv) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (NACAgent) -- C:\Program Files\Cisco\Cisco NAC Agent\NACAgent.exe (Cisco Systems, Inc.)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)


========== Driver Services (SafeList) ==========

DRV - (MRENDIS5) -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS File not found
DRV - (MREMPR5) -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS File not found
DRV - (MpKsle9241338) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BD6B4964-17B2-4092-8F24-F3621754D54F}\MpKsle9241338.sys File not found
DRV - (MpKsle1bcb081) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{50404C62-8FAB-47DE-B5BB-4C56D4E496AE}\MpKsle1bcb081.sys File not found
DRV - (MpKsl96108e45) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A20C762B-C8C7-4C4E-8AB8-CA1F081663D5}\MpKsl96108e45.sys File not found
DRV - (MpKsl8b6bb878) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{ADDA0EB4-ECDE-49C7-8B5E-1FF7C1742536}\MpKsl8b6bb878.sys File not found
DRV - (MpKsl864b7dd2) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A20C762B-C8C7-4C4E-8AB8-CA1F081663D5}\MpKsl864b7dd2.sys File not found
DRV - (MpKsl538ffdc1) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{50404C62-8FAB-47DE-B5BB-4C56D4E496AE}\MpKsl538ffdc1.sys File not found
DRV - (MpKsl5381907f) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BD6B4964-17B2-4092-8F24-F3621754D54F}\MpKsl5381907f.sys File not found
DRV - (MpKsl48244f2c) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9714B962-B5A9-422B-8F98-53C0CCDD7430}\MpKsl48244f2c.sys File not found
DRV - (MpKsl38d689a7) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F11422C1-2080-4A7B-ACD6-C6F69A628289}\MpKsl38d689a7.sys File not found
DRV - (MpKsl2cdf9501) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{EAC04B82-3D81-4D5A-AC03-2FDF47F71917}\MpKsl2cdf9501.sys File not found
DRV - (MpKsl27dd34d4) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A20C762B-C8C7-4C4E-8AB8-CA1F081663D5}\MpKsl27dd34d4.sys File not found
DRV - (MpKsl227e4e86) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D0568E35-64DC-4E1F-8838-75112C83298A}\MpKsl227e4e86.sys File not found
DRV - (MpKsl1f418bae) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1EB2F92C-7BAE-47DF-BC5D-0FD5BEF11618}\MpKsl1f418bae.sys File not found
DRV - (avgtp) -- C:\Windows\System32\drivers\avgtpx86.sys (AVG Technologies)
DRV - (AVGIDSHX) -- C:\Windows\System32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgtdix) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgldx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\Windows\System32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgmfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSShim) -- C:\Windows\System32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSFilter) -- C:\Windows\System32\drivers\avgidsfilterx.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSDriver) -- C:\Windows\System32\drivers\avgidsdriverx.sys (AVG Technologies CZ, s.r.o. )
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation)
DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (guardian2) -- C:\Windows\System32\drivers\oz776.sys (O2Micro)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (netw5v32) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation)
DRV - (JL2005C) -- C:\Windows\System32\drivers\jl2005c.sys (Windows ® 2000 DDK provider)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://my.yahoo.com/linksys
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/linksys
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.yahoo.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DA 26 58 E9 51 31 CC 01 [binary data]
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{8C71623F-9CB8-427B-B759-49094B8F420E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=06AF899C-9083-4D62-9E16-E3EC33F41932&apn_sauid=EDDF701F-7F21-4CFA-9FBD-2A1D35C7B8EE
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={294ECF93-E2FA-45F4-B4E9-7DD971E41AA4}&mid=c0998eed0b6247d68de0d15c83acdf4c-9df69be6e8a07f3de3e72c5c0cafee5db0a98b2d&lang=en&ds=AVG&pr=fr&d=2012-08-21 14:04:33&v=12.2.0.5&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_34: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.5.109: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.5.109: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.5.109: C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Dell\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Dell\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/01/01 00:13:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/01/01 00:13:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C3949AC2-4B17-43ee-B4F1-D26B9D42404D}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/07/09 13:08:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012/08/21 14:00:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\12.2.0.5\ [2012/08/21 14:05:22 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Dell\AppData\Local\Google\Chrome\Application\20.0.1132.47\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Dell\AppData\Local\Google\Chrome\Application\20.0.1132.47\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Dell\AppData\Local\Google\Chrome\Application\20.0.1132.47\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Dell\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Motive Plugin (Enabled) = C:\Program Files\Common Files\Motive\npMotive.dll
CHR - plugin: DivX OVS Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Dell\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll
CHR - Extension: AVG Secure Search = C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdgpjclefcppbhifgmbncakhhphkggdb\12.2.0.5_0\
CHR - Extension: YouTube = C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.0.900_0\
CHR - Extension: PageFont = C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\oekelhjjcnbokfighaanldppolhpibjn\2.6_0\
CHR - Extension: Gmail = C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 17:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\12.2.0.5\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\12.2.0.5\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [NACAgentUI] C:\Program Files\Cisco\Cisco NAC Agent\NACAgentUI.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [ROC_roc_ssl_v12] C:\Program Files\AVG Secure Search\ROC_roc_ssl_v12.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab (Java Plug-in 1.6.0_34)
O16 - DPF: {CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab (Java Plug-in 1.6.0_34)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab (Java Plug-in 1.6.0_34)
O16 - DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} https://pattcw.att.motive.com/wizlet/DSLActivation/static/installer/ATTInternetInstaller.cab (WebBrowserType Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{112B7706-6ABB-4A67-B0C8-CDC1CCB203DA}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3DD0E0F8-5825-4F0F-95C6-0F1BE722E9F0}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.0\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{91dee92c-116a-11e1-aaac-0015c54836bf}\Shell - "" = AutoRun
O33 - MountPoints2\{91dee92c-116a-11e1-aaac-0015c54836bf}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL http://theuashop.com/
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL http://theuashop.com/
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/28 14:35:21 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Users\Dell\Desktop\OTL.exe
[2012/08/21 18:02:40 | 000,477,168 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\npdeployJava1.dll
[2012/08/21 18:02:40 | 000,157,680 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012/08/21 18:02:40 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012/08/21 18:02:40 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012/08/21 18:02:20 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/08/21 18:00:13 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012/08/21 17:55:04 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/08/21 17:39:14 | 000,000,000 | ---D | C] -- C:\Users\Dell\AppData\Roaming\Malwarebytes
[2012/08/21 17:38:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/21 17:38:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/08/21 17:38:47 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/08/21 17:38:47 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/08/21 15:07:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/08/21 15:07:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/08/21 15:07:14 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2012/08/21 14:28:35 | 000,000,000 | ---D | C] -- C:\Users\Dell\AppData\Roaming\AVG
[2012/08/21 14:27:34 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012/08/21 14:27:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011
[2012/08/21 14:13:39 | 000,000,000 | ---D | C] -- C:\Users\Dell\AppData\Roaming\AVG2012
[2012/08/21 14:05:52 | 000,000,000 | ---D | C] -- C:\Users\Dell\AppData\Local\AVG Secure Search
[2012/08/21 14:05:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/08/21 14:05:21 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2012/08/21 14:04:28 | 000,027,496 | ---- | C] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
[2012/08/21 14:04:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2012/08/21 14:04:17 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search
[2012/08/21 14:00:25 | 000,000,000 | -H-D | C] -- C:\$AVG
[2012/08/21 14:00:24 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2012/08/21 14:00:24 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\AVG
[2012/08/14 18:44:52 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/08/14 18:44:47 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/08/14 18:44:47 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/08/14 18:44:46 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/08/14 18:44:45 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/08/14 18:44:45 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/08/14 18:44:44 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/08/14 18:11:16 | 000,400,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll
[2012/08/14 18:11:14 | 002,344,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/08/14 18:11:02 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browcli.dll

========== Files - Modified Within 30 Days ==========

[2012/08/28 14:35:35 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Dell\Desktop\OTL.exe
[2012/08/28 14:07:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2129522168-3534510490-47144919-1003UA.job
[2012/08/28 14:06:11 | 000,017,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/28 14:06:11 | 000,017,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/28 14:01:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/28 14:00:50 | 1602,842,624 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/28 10:46:47 | 105,136,162 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012/08/22 15:07:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2129522168-3534510490-47144919-1003Core.job
[2012/08/22 06:34:58 | 000,000,000 | ---- | M] () -- C:\Users\Dell\defogger_reenable
[2012/08/21 18:02:23 | 000,477,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\npdeployJava1.dll
[2012/08/21 18:02:23 | 000,473,072 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2012/08/21 18:02:23 | 000,157,680 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012/08/21 18:02:23 | 000,149,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012/08/21 18:02:23 | 000,149,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012/08/21 17:38:49 | 000,001,091 | ---- | M] () -- C:\Users\Dell\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/08/21 17:38:49 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/21 15:07:28 | 000,001,240 | ---- | M] () -- C:\Users\Dell\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/08/21 15:07:28 | 000,001,216 | ---- | M] () -- C:\Users\Dell\Desktop\Spybot - Search & Destroy.lnk
[2012/08/21 14:27:26 | 000,001,124 | ---- | M] () -- C:\Users\Dell\Application Data\Microsoft\Internet Explorer\Quick Launch\AVG PC Tuneup 2011.lnk
[2012/08/21 14:27:26 | 000,001,100 | ---- | M] () -- C:\Users\Dell\Desktop\AVG PC Tuneup 2011.lnk
[2012/08/21 14:05:34 | 000,000,935 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/08/21 14:04:28 | 000,027,496 | ---- | M] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
[2012/08/16 12:48:08 | 000,394,424 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/08/09 13:49:56 | 004,503,728 | ---- | M] () -- C:\ProgramData\go_0molg.pad

========== Files Created - No Company Name ==========

[2012/08/28 10:46:47 | 105,136,162 | ---- | C] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012/08/22 06:34:58 | 000,000,000 | ---- | C] () -- C:\Users\Dell\defogger_reenable
[2012/08/21 17:38:49 | 000,001,091 | ---- | C] () -- C:\Users\Dell\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/08/21 17:38:49 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/21 15:07:28 | 000,001,240 | ---- | C] () -- C:\Users\Dell\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/08/21 15:07:28 | 000,001,216 | ---- | C] () -- C:\Users\Dell\Desktop\Spybot - Search & Destroy.lnk
[2012/08/21 14:27:26 | 000,001,124 | ---- | C] () -- C:\Users\Dell\Application Data\Microsoft\Internet Explorer\Quick Launch\AVG PC Tuneup 2011.lnk
[2012/08/21 14:27:26 | 000,001,100 | ---- | C] () -- C:\Users\Dell\Desktop\AVG PC Tuneup 2011.lnk
[2012/08/21 14:05:34 | 000,000,935 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/07/10 15:21:11 | 004,503,728 | ---- | C] () -- C:\ProgramData\go_0molg.pad
[2011/06/29 16:49:45 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/06/14 23:36:58 | 000,118,784 | ---- | C] () -- C:\Windows\System32\PTTreeIcons.dll
[2011/01/01 00:09:27 | 000,815,104 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/01/01 00:09:27 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:0B4227B4

< End of report >

OTL Extras logfile created on: 8/28/2012 2:37:37 PM - Run 1
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\Dell\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.25 Gb Available Physical Memory | 63.02% Memory free
3.98 Gb Paging File | 2.96 Gb Available in Paging File | 74.35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 55.89 Gb Total Space | 35.16 Gb Free Space | 62.90% Space Free | Partition Type: NTFS

Computer Name: JANDERSON733-PC | User Name: Dell | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{067A3F22-49BC-4213-B9CE-6F0200FCD965}" = lport=445 | protocol=6 | dir=in | app=system |
"{1A75D46E-6A08-472D-9821-9E00832A37E6}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{24E8EF06-1636-438F-BE0A-73490577C993}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{26504BBD-8CC4-482B-83DC-304C94F78DEA}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{278A698B-20AB-47F1-A623-45EAD91862E7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3C9D9478-5C39-42EF-B06B-C5B6348A43C0}" = rport=10243 | protocol=6 | dir=out | app=system |
"{4C461FD3-924C-4279-A65C-6C5BBE0A9C88}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4DDEB61D-7D3A-4253-ADE7-C0ADDEEF7969}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5433D35A-FE30-4D1A-A689-D167623CD30E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{68DB8DD0-76E6-4721-8D17-5FCAD07C53EE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7457DB69-A752-447B-8E21-648442418C77}" = lport=10243 | protocol=6 | dir=in | app=system |
"{74A11739-D7D7-41D3-A21F-E3C7443A5CDB}" = lport=2869 | protocol=6 | dir=in | app=system |
"{835E446D-6111-4F95-BD6B-7C133D57A4C6}" = rport=138 | protocol=17 | dir=out | app=system |
"{83D3DAD7-003F-4872-8431-F50685ED212B}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{85CA1893-C2E3-47FC-B981-2AB56F4AE6DC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{905989C8-5092-462D-9A55-CCB6F7E72730}" = rport=139 | protocol=6 | dir=out | app=system |
"{9AC18928-952C-45EB-8F5D-7E7005AEA91C}" = lport=138 | protocol=17 | dir=in | app=system |
"{9C840DCE-3437-4C8F-9BB7-6BA1782CC534}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9EA5E00B-A1FD-44D0-80ED-F6BB691F9E06}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A9064807-8B56-46C8-8641-8E45D17565FE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{AD31E7C1-2863-4F1D-816E-C6E450B94490}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B346EEF4-8ECC-4A02-AEE9-EA896988B5F7}" = lport=139 | protocol=6 | dir=in | app=system |
"{BE81B028-072B-4125-ADF0-BB5FDBE247C7}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C0165AC3-E56E-4CD3-82F6-0F09C47496D6}" = lport=137 | protocol=17 | dir=in | app=system |
"{C02284A4-678F-4591-807D-A9053F85EDCC}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{D2A7BDF5-0D5B-40D4-8B54-D0078E7438A1}" = rport=445 | protocol=6 | dir=out | app=system |
"{DB63AEFB-F428-411D-9495-D92AE1AFDA97}" = rport=137 | protocol=17 | dir=out | app=system |
"{E5E13E06-5A37-4795-AE4E-C92C12955B65}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FAD85CB8-3D72-41F4-B1CD-DB2DD6A9D4E4}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{007F8904-295A-4618-B385-1FCB2C2606C7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{01A4142B-1771-470B-AC2F-A9507DCEBAA6}" = protocol=58 | dir=in | app=system |
"{07B82A4D-84F1-4129-95B1-259608BD4C12}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{155ED687-9C3D-45DB-8C86-6CF26A43FDBB}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{2543C2F3-2519-4A3C-AD6B-131C9D4D0C3E}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{2ACADEAB-D841-435D-9491-7CAC7EFED09D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2CA53098-AA50-4E52-9DBB-1A8CAE0A4EA0}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{3125BC46-E795-4F66-A71A-71BA6BA3B024}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{5B1DF079-470E-43AC-8EB8-C46E7C7FFEC3}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{67654D32-E696-4AC7-AEF9-3B13235870E0}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{7CC3D574-6D34-4E45-88D1-35EE309D2CC8}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{7DC85C7F-4396-458A-8D8B-D91133967FC9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{80C5A296-87B3-43D8-84BF-7A6D17832D08}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8DFBDDBD-AFC4-41B2-8745-E1537CEC1ED3}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{93555B1E-7AF9-4E04-B8C3-737CDBE18CDD}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{956A03EB-B668-4CF0-9CEB-69CB159D59A9}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{95DB4127-30AE-4FCC-8DE0-4AA4507CC27C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A24B2E0B-04D8-41A5-B2AC-D3DEBEB3FC87}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{A28D0A6D-67A6-48A1-95D0-FB61DA41B6D9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A2DF1EDA-E227-47C1-961A-4187F5897545}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{AFB08E5B-F6ED-43E9-BF4F-E1DC9C1DA357}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BCF9C347-D331-45C6-ADE4-9C3E2C2A795F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BE2E2543-441C-4A74-BB4C-1E280205D9F7}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{C13A93B1-F0B8-4D33-B0AF-E48A04592369}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D55DF2B0-F021-4433-8C18-AC54FA4EE183}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{DC0BA8FF-3CE9-408F-AEEC-FF6A684BF1B2}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{E64B022D-D556-4E02-B565-EB1A5BB26575}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{F9C960D3-350C-469A-A90C-5D3C77A2156D}" = protocol=6 | dir=out | app=system |
"{FD688B9C-C14B-4B27-A053-62497C2664C1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
"{00040409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Disc 2
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216034FF}" = Java™ 6 Update 34
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6D12EC75-E7D3-4EAD-AB10-E1F3AFF94AA6}" = AVG 2012
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{B143D835-EBAF-4A39-8B31-1868FF4166C1}" = AVG 2012
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6FC0292-2F77-4907-BF0E-61B23F5E10BD}" = Cisco NAC Agent
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"AIMars" = Kidz Cam Photo Editing Software
"AVG" = AVG 2012
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"DivX Setup.divx.com" = DivX Setup
"Dual Mode Camera_is1" = Uninstall Dual Mode Camera
"HDMI" = Intel® Graphics Media Accelerator Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"RealPlayer 15.0" = RealPlayer
"VLC media player" = VLC media player 1.0.1
"Xvid_is1" = Xvid 1.2.1 final uninstall
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 5/11/2012 12:29:03 PM | Computer Name = janderson733-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 5/11/2012 12:29:04 PM | Computer Name = janderson733-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 5/11/2012 12:31:42 PM | Computer Name = janderson733-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 5/11/2012 12:31:43 PM | Computer Name = janderson733-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 5/26/2012 8:49:54 PM | Computer Name = janderson733-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16421 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1660 Start
Time: 01cd3ba014556859 Termination Time: 20 Application Path: C:\Program Files\Internet
Explorer\iexplore.exe Report Id:

Error - 6/12/2012 11:50:32 PM | Computer Name = janderson733-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 7/3/2012 3:19:24 AM | Computer Name = janderson733-PC | Source = Application Hang | ID = 1002
Description = The program chrome.exe version 19.0.1084.56 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 9d4 Start
Time: 01cd58e738845f23 Termination Time: 0 Application Path: C:\Users\Dell\AppData\Local\Google\Chrome\Application\chrome.exe

Report
Id: 3f9dddee-c4df-11e1-8c4c-0015c54836bf

Error - 8/9/2012 1:52:32 PM | Computer Name = janderson733-PC | Source = Microsoft-Windows-CAPI2 | ID = 512
Description = The Cryptographic Services service failed to initialize the VSS backup
"System Writer" object. Details: Could not query the status of the EventSystem service.

System
Error: A system shutdown is in progress. .

Error - 8/21/2012 5:47:58 PM | Computer Name = janderson733-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16448,
time stamp: 0x4fecf1b7 Faulting module name: unknown, version: 0.0.0.0, time stamp:
0x00000000 Exception code: 0x00000000 Fault offset: 0x00000000 Faulting process id:
0xb94 Faulting application start time: 0x01cd7fc23b0ecce1 Faulting application path:
C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: unknown Report
Id: ded38ee7-ebd9-11e1-acae-0015c54836bf

Error - 8/21/2012 6:47:24 PM | Computer Name = janderson733-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program files\spybot
- search & destroy\DelZip179.dll" on line 8. The value "*" of attribute "language"
in element "assemblyIdentity" is invalid.

[ Media Center Events ]
Error - 11/19/2011 2:57:34 PM | Computer Name = janderson733-PC | Source = MCUpdate | ID = 0
Description = 1:57:33 PM - Error connecting to the internet. 1:57:34 PM - Unable
to contact server..

Error - 11/19/2011 2:57:45 PM | Computer Name = janderson733-PC | Source = MCUpdate | ID = 0
Description = 1:57:39 PM - Error connecting to the internet. 1:57:39 PM - Unable
to contact server..

Error - 11/19/2011 3:57:53 PM | Computer Name = janderson733-PC | Source = MCUpdate | ID = 0
Description = 2:57:53 PM - Error connecting to the internet. 2:57:53 PM - Unable
to contact server..

Error - 11/19/2011 3:58:05 PM | Computer Name = janderson733-PC | Source = MCUpdate | ID = 0
Description = 2:57:58 PM - Error connecting to the internet. 2:57:58 PM - Unable
to contact server..

Error - 5/18/2012 10:05:54 PM | Computer Name = janderson733-PC | Source = MCUpdate | ID = 0
Description = 10:05:54 PM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP
status 404: The requested URL does not exist on the server. )

Error - 5/18/2012 11:06:22 PM | Computer Name = janderson733-PC | Source = MCUpdate | ID = 0
Description = 11:06:20 PM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP
status 404: The requested URL does not exist on the server. )

Error - 5/19/2012 12:40:02 PM | Computer Name = janderson733-PC | Source = MCUpdate | ID = 0
Description = 12:39:55 PM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP
status 404: The requested URL does not exist on the server. )

Error - 5/19/2012 1:40:11 PM | Computer Name = janderson733-PC | Source = MCUpdate | ID = 0
Description = 1:40:10 PM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP
status 404: The requested URL does not exist on the server. )

Error - 5/19/2012 7:05:11 PM | Computer Name = janderson733-PC | Source = MCUpdate | ID = 0
Description = 7:05:10 PM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP
status 404: The requested URL does not exist on the server. )

Error - 5/21/2012 3:38:10 PM | Computer Name = janderson733-PC | Source = MCUpdate | ID = 0
Description = 3:38:09 PM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP
status 404: The requested URL does not exist on the server. )

[ System Events ]
Error - 8/28/2012 11:08:06 AM | Computer Name = janderson733-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 8/28/2012 11:08:06 AM | Computer Name = janderson733-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 8/28/2012 11:39:41 AM | Computer Name = janderson733-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 11:09:06 AM on ?8/?28/?2012 was unexpected.

Error - 8/28/2012 11:39:57 AM | Computer Name = JANDERSON733-PC | Source = Microsoft Antimalware | ID = 5101
Description = %%860 grace period has expired. Protection against viruses, spyware,
and other potentially unwanted software is disabled. Expiration Reason: %%873 Expiration
Date (UTC): ?8/?28/?2012 3:39:57 PM Error Code: 0x80092003 Error Description: An
error occurred while reading or writing to a file.

Error - 8/28/2012 11:40:59 AM | Computer Name = janderson733-PC | Source = Service Control Manager | ID = 7023
Description = The Microsoft Antimalware Service service terminated with the following
error: %%-2147017840

Error - 8/28/2012 11:59:52 AM | Computer Name = janderson733-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 11:53:27 AM on ?8/?28/?2012 was unexpected.

Error - 8/28/2012 12:00:09 PM | Computer Name = janderson733-PC | Source = Microsoft Antimalware | ID = 5101
Description = %%860 grace period has expired. Protection against viruses, spyware,
and other potentially unwanted software is disabled. Expiration Reason: %%873 Expiration
Date (UTC): ?8/?28/?2012 4:00:09 PM Error Code: 0x80092003 Error Description: An
error occurred while reading or writing to a file.

Error - 8/28/2012 12:00:52 PM | Computer Name = janderson733-PC | Source = Service Control Manager | ID = 7023
Description = The Microsoft Antimalware Service service terminated with the following
error: %%-2147017840

Error - 8/28/2012 2:01:13 PM | Computer Name = janderson733-PC | Source = Microsoft Antimalware | ID = 5101
Description = %%860 grace period has expired. Protection against viruses, spyware,
and other potentially unwanted software is disabled. Expiration Reason: %%873 Expiration
Date (UTC): ?8/?28/?2012 6:01:13 PM Error Code: 0x80092003 Error Description: An
error occurred while reading or writing to a file.

Error - 8/28/2012 2:01:51 PM | Computer Name = janderson733-PC | Source = Service Control Manager | ID = 7023
Description = The Microsoft Antimalware Service service terminated with the following
error: %%-2147017840


< End of report >

#8 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:12:46 AM

Posted 28 August 2012 - 11:27 PM

Hi


Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully first.

Please continue as follows:

  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
    Remember to re-enable them afterwards.

  • Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds log (if you can make it run this time).


A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

Edited by Blade81, 28 August 2012 - 11:27 PM.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#9 Taahirah

Taahirah
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:46 PM

Posted 29 August 2012 - 01:51 PM

I don't know what is going on with this laptop. I followed the instructions for running ComboFix but it would not complete the scan. I left it for a while and then came back and nothing. I tried to do it in safemode and I had the same problem. Basically, I had the same issue I had with DDS.

#10 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:12:46 AM

Posted 29 August 2012 - 02:29 PM

Hi,

Make sure you have ComboFix.exe file on your desktop (not in any subfolder there).

Then press window button + R and copy-paste the following command there to run ComboFix:
"%USERPROFILE%\Desktop\ComboFix.exe" /nombr

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#11 Taahirah

Taahirah
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:46 PM

Posted 29 August 2012 - 08:46 PM

DDS still will not work. Here's the ComboFix Report:

ComboFix 12-08-29.03 - Dell 08/29/2012 21:19:42.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2038.1198 [GMT -4:00]
Running from: c:\users\Dell\Desktop\ComboFix.exe
Command switches used :: /nombr
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\go_0molg.pad
.
.
((((((((((((((((((((((((( Files Created from 2012-07-28 to 2012-08-30 )))))))))))))))))))))))))))))))
.
.
2012-08-30 01:28 . 2012-08-30 01:28 -------- d-----w- c:\users\Dell\AppData\Local\temp
2012-08-30 01:28 . 2012-08-30 01:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-21 22:02 . 2012-08-21 22:02 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-08-21 22:02 . 2012-08-21 22:02 -------- d-----w- c:\program files\Java
2012-08-21 22:00 . 2012-08-21 22:00 -------- d-----w- c:\programdata\McAfee
2012-08-21 21:39 . 2012-08-21 21:39 -------- d-----w- c:\users\Dell\AppData\Roaming\Malwarebytes
2012-08-21 21:38 . 2012-08-21 21:38 -------- d-----w- c:\programdata\Malwarebytes
2012-08-21 21:38 . 2012-08-21 21:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-08-21 21:38 . 2012-07-03 17:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-21 19:07 . 2012-08-21 21:36 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-08-21 19:07 . 2012-08-21 19:07 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-08-21 18:28 . 2012-08-21 18:28 -------- d-----w- c:\users\Dell\AppData\Roaming\AVG
2012-08-21 18:05 . 2012-08-21 18:05 -------- d-----w- c:\users\Dell\AppData\Local\AVG Secure Search
2012-08-21 18:05 . 2012-08-21 18:05 -------- d-----w- c:\programdata\AVG Secure Search
2012-08-21 18:04 . 2012-08-21 18:04 27496 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2012-08-21 18:04 . 2012-08-21 18:04 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2012-08-21 18:04 . 2012-08-21 18:05 -------- d-----w- c:\program files\AVG Secure Search
2012-08-21 18:00 . 2012-08-21 18:00 -------- d-----w- C:\$AVG
2012-08-21 18:00 . 2012-08-30 01:12 -------- d-----w- c:\windows\system32\drivers\AVG
2012-08-21 18:00 . 2012-08-21 18:26 -------- d-----w- c:\programdata\AVG2012
2012-08-21 17:39 . 2012-08-01 22:51 7023536 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{29BEEB5C-3797-4FD6-8726-61B0303C1380}\mpengine.dll
2012-08-14 22:11 . 2012-05-05 07:44 400896 ----a-w- c:\windows\system32\srcore.dll
2012-08-14 22:11 . 2012-07-18 17:10 2344448 ----a-w- c:\windows\system32\win32k.sys
2012-08-14 22:11 . 2012-02-11 05:44 492032 ----a-w- c:\windows\system32\win32spl.dll
2012-08-14 22:11 . 2012-02-11 05:41 316928 ----a-w- c:\windows\system32\spoolsv.exe
2012-08-14 22:11 . 2012-07-04 21:23 41472 ----a-w- c:\windows\system32\browcli.dll
2012-08-14 22:11 . 2012-07-04 21:23 102912 ----a-w- c:\windows\system32\browser.dll
2012-08-14 22:11 . 2012-05-14 04:37 768512 ----a-w- c:\windows\system32\localspl.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-21 22:02 . 2011-01-03 14:20 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-07-09 17:08 . 2012-07-09 17:08 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-07-09 17:08 . 2012-07-09 17:08 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-06-06 05:09 . 2012-07-11 16:49 1389568 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 05:09 . 2012-07-11 16:49 1236992 ----a-w- c:\windows\system32\msxml3.dll
2012-06-02 22:19 . 2012-06-22 00:40 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-22 00:40 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-22 00:40 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-22 00:40 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-22 00:40 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-22 00:40 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-22 00:40 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-22 00:39 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:12 . 2012-06-22 00:39 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 04:51 . 2012-07-11 16:49 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 04:51 . 2012-07-11 16:49 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 04:50 . 2012-07-11 16:49 369336 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 04:48 . 2012-07-11 16:49 225280 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 04:47 . 2012-07-11 16:49 219136 ----a-w- c:\windows\system32\ncrypt.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn1\yt.dll" [2012-06-11 1524056]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-08-21 18:04 2045024 ----a-w- c:\program files\AVG Secure Search\12.2.0.5\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-01-03 20:31 1514152 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\12.2.0.5\AVG Secure Search_toolbar.dll" [2012-08-21 2045024]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2011-06-16 6276408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-12-09 1226608]
"DivX Download Manager"="c:\program files\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-24 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-24 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-24 150552]
"NACAgentUI"="c:\program files\Cisco\Cisco NAC Agent\NACAgentUI.exe" [2010-07-09 487680]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-01-03 1391272]
"TkBellExe"="c:\program files\Real\RealPlayer\Update\realsched.exe" [2012-07-09 296096]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-08-21 1162848]
"ROC_roc_ssl_v12"="c:\program files\AVG Secure Search\ROC_roc_ssl_v12.exe" [2012-08-21 1020512]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 MpKsl1f418bae;MpKsl1f418bae;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1EB2F92C-7BAE-47DF-BC5D-0FD5BEF11618}\MpKsl1f418bae.sys [x]
R1 MpKsl227e4e86;MpKsl227e4e86;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D0568E35-64DC-4E1F-8838-75112C83298A}\MpKsl227e4e86.sys [x]
R1 MpKsl27dd34d4;MpKsl27dd34d4;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A20C762B-C8C7-4C4E-8AB8-CA1F081663D5}\MpKsl27dd34d4.sys [x]
R1 MpKsl2cdf9501;MpKsl2cdf9501;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EAC04B82-3D81-4D5A-AC03-2FDF47F71917}\MpKsl2cdf9501.sys [x]
R1 MpKsl38d689a7;MpKsl38d689a7;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F11422C1-2080-4A7B-ACD6-C6F69A628289}\MpKsl38d689a7.sys [x]
R1 MpKsl48244f2c;MpKsl48244f2c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9714B962-B5A9-422B-8F98-53C0CCDD7430}\MpKsl48244f2c.sys [x]
R1 MpKsl5381907f;MpKsl5381907f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BD6B4964-17B2-4092-8F24-F3621754D54F}\MpKsl5381907f.sys [x]
R1 MpKsl538ffdc1;MpKsl538ffdc1;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{50404C62-8FAB-47DE-B5BB-4C56D4E496AE}\MpKsl538ffdc1.sys [x]
R1 MpKsl864b7dd2;MpKsl864b7dd2;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A20C762B-C8C7-4C4E-8AB8-CA1F081663D5}\MpKsl864b7dd2.sys [x]
R1 MpKsl8b6bb878;MpKsl8b6bb878;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{ADDA0EB4-ECDE-49C7-8B5E-1FF7C1742536}\MpKsl8b6bb878.sys [x]
R1 MpKsl96108e45;MpKsl96108e45;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A20C762B-C8C7-4C4E-8AB8-CA1F081663D5}\MpKsl96108e45.sys [x]
R1 MpKsle1bcb081;MpKsle1bcb081;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{50404C62-8FAB-47DE-B5BB-4C56D4E496AE}\MpKsle1bcb081.sys [x]
R1 MpKsle9241338;MpKsle9241338;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BD6B4964-17B2-4092-8F24-F3621754D54F}\MpKsle9241338.sys [x]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [x]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [x]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [x]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [x]
S2 NACAgent;Cisco NAC Agent;c:\program files\Cisco\Cisco NAC Agent\NACAgent.exe [x]
S2 vToolbarUpdater12.2.0;vToolbarUpdater12.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.0\ToolbarUpdater.exe [x]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfilterx.sys [x]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [x]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2129522168-3534510490-47144919-1003Core.job
- c:\users\Dell\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-21 18:58]
.
2012-08-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2129522168-3534510490-47144919-1003UA.job
- c:\users\Dell\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-21 18:58]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://my.yahoo.com/linksys
TCP: DhcpNameServer = 192.168.1.254
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.0\ViProtocol.dll
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-08-29 21:30:47
ComboFix-quarantined-files.txt 2012-08-30 01:30
.
Pre-Run: 37,413,662,720 bytes free
Post-Run: 37,448,884,224 bytes free
.
- - End Of File - - 148BF400BE6556EB6C9206A661CD3135

#12 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:12:46 AM

Posted 29 August 2012 - 11:45 PM

DDS still will not work.

That's ok. On some machines it simply doesn't work no matter how trouble-free the system is :)


* Go here to run an online scanner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is UNchecked and the option Scan unwanted applications is checkmarked.
  • Click Scan
  • Wait for the scan to finish and copy-paste findings back here. How's the system doing?

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#13 Taahirah

Taahirah
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:46 PM

Posted 30 August 2012 - 09:40 AM

ESET Online Scanner did not generate a report for me to copy and paste. I did see that when it was finished that no threats were found. The system seems to be fine. Like I said when I got the laptop I did not see the FBI virus that mom said was on here. Should I run the ESET Online Scanner since no report generated?

#14 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:12:46 AM

Posted 31 August 2012 - 12:16 AM

Should I run the ESET Online Scanner since no report generated?

No need to rerun since no threats was found.


Let's see the final steps next :)


THESE STEPS ARE VERY IMPORTANT

Let's reset system restore
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.

A To disable the System Restore feature:

1. Click on the Start button.
2. Hover over the Computer option, right click on it and then click Properties.
3. On the left hand side, click Advanced Settings.
4. If asked to permit the action, click on Allow.
5. Click on the System Protection tab.
6. Select c: drive and click Configure...
7. Select Turn off protection
8. Press OK.
Repeat steps 6-8 for each hard drive.

B. Reboot.

C Turn ON System Restore.
Follow the steps like you did when disabling system restore but on step 7. select Restore system settings and previous versions of files -option.


Now lets uninstall ComboFix:
  • Click START then RUN
  • Now copy-paste Combofix /uninstall in the runbox and click OK


Next we remove OTL.

  • Double-click OTL.exe.
  • Click the CleanUp! button.
  • Select Yes when the
    Begin cleanup Process?
    prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.

Note: If you receive a warning from your firewall or other security programs regarding OTL attempting to contact the internet, please allow it to do so.


UPDATING WINDOWS AND INTERNET EXPLORER

IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site to get the critical updates.


Download and run Secunia Personal Software Inspector (PSI) and fix its findings. Leave the program installed so you'll stay alarmed about vulnerable components in future too.


Just a final reminder for you. I am trying to stress these two points.
UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.
Make sure all of your security programs are up to date.
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.


Once again, please post and tell me how things are going with your system... problems etc.

Have a great day,
Blade B)

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#15 Taahirah

Taahirah
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:46 PM

Posted 31 August 2012 - 09:25 AM

Every thing went well up until I tried to install critical updates. The critical update was Windows 7 Service Pack 1 KB976932. It said failed and the error message was Code 80004005 Windows update encountered an unknown error. I tried to install this update when I first got my mom's laptop and it would not work then.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users