Jump to content

Suzi Newman

Members
  • Content Count

    12
  • Joined

  • Last visited

About Suzi Newman

  • Rank
    Member
  • Birthday 10/02/1965

Profile Information

  • Gender
    Female
  • Location
    Louisiana

Previous Fields

  • System Specifications:
    HP Mini running Windows xp
  • Teams:
    Nothing Selected
  1. Thank you so very much for your help and this amazing service offered here! I just have one more question before your rid of me...lol I followed the steps above and have read both links. I am currently downloading Outpost firewall protection. As you know I also have Avira anti-virus and Malware bytes. The second page I read "How did I get infected" recommended 3 or 4 other programs that should be downloaded, should I download all of the ones they suggest or will any of them conflict with what I already have?
  2. Here is the log: ComboFix 12-08-25.04 - Suzi 08/26/2012 18:33:35.2.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.511 [GMT -5:00] Running from: c:documents and settingsSuziDesktopComboFix.exe Command switches used :: c:documents and settingsSuziDesktopCFScript.txt AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7} . WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . . ((((((((((((((((((((((((( Files Created from 2012-07-26 to 2012-08-26 ))))))))))))))))))))))))))))))) . . 2012-08-26 04:08 . 2012-08-26 04:08 -------- d-----w- C:_OTL 2012-08-25 22:38 . 2012-08-25 22:48 -------- d-----w- C:Hijackthis 2012-08-24 13:41 . 2012-08-24 13:41 -------- d-----w- c:documents and settingsAll UsersApplication DataPCPitstop 2012-08-24 13:39 . 2012-08-24 13:39 -------- d-----w- c:program filesPCPitstop 2012-08-24 09:58 . 2012-08-24 14:21 -------- d-----w- c:documents and settingsGuest 2012-08-23 12:01 . 2012-08-24 02:21 -------- d-----w- c:documents and settingsSuziLocal SettingsApplication DataPaint.NET 2012-08-23 11:59 . 2012-08-23 11:59 -------- d-----w- c:documents and settingsSuziLocal SettingsApplication DataFreeEditorEditTemp 2012-08-23 11:50 . 2011-03-02 10:43 175616 ----a-w- c:windowssystem32unrar.dll 2012-08-23 11:50 . 2012-08-23 11:50 -------- d-----w- c:program filesK-Lite Codec Pack 2012-08-23 11:49 . 2012-08-23 12:03 -------- d-----w- c:program filesFree Editor 2012-08-23 11:22 . 2012-08-23 11:22 -------- d-----w- c:documents and settingsSuziLocal SettingsApplication DataSoftware Assist 2012-08-23 11:22 . 2012-08-25 04:32 -------- d-----w- c:program filesSoftware Assist 2012-08-20 01:07 . 2012-08-21 12:20 -------- d-----w- c:documents and settingsAll UsersApplication DataYTD Video Downloader 2012-08-20 01:07 . 2012-08-20 01:07 -------- d-----w- c:program filesGreenTree Applications 2012-08-20 00:16 . 2012-08-21 12:21 -------- d-----w- c:documents and settingsSuziApplication Datavlc 2012-08-20 00:15 . 2012-08-25 20:13 -------- d-----w- c:program filesVideoLAN 2012-08-19 23:59 . 2012-08-19 23:59 -------- d-----w- c:documents and settingsAll UsersApplication DataWeCareReminder 2012-08-19 23:55 . 2012-08-23 11:22 -------- d-----w- c:documents and settingsAll UsersApplication DataTarma Installer 2012-08-19 14:52 . 2012-08-19 14:52 -------- d-----w- c:program filesTweaks 2012-08-17 00:32 . 2012-08-19 14:13 -------- d-----w- c:documents and settingsAll UsersApplication Datafirebird 2012-08-17 00:30 . 2012-08-17 00:30 -------- d-----w- c:documents and settingsSuziApplication DataChrysanth 2012-08-17 00:30 . 2012-08-17 00:30 -------- d-----w- c:program filesChrysanth 2012-08-17 00:08 . 2012-08-17 00:08 249856 ------w- c:windowsSetup1.exe 2012-08-17 00:08 . 2012-08-17 00:08 73216 ----a-w- c:windowsST6UNST.EXE 2012-08-16 23:52 . 2012-08-16 23:52 -------- d-----w- C:myDiary 2012-08-07 18:49 . 2012-08-07 18:49 4608000 ----a-w- c:documents and settingsAll UsersApplication DataReadOnlyInstaller.msi 2012-08-07 14:25 . 2012-08-07 14:25 -------- d-----w- c:documents and settingsSuziLocal SettingsApplication DataSun 2012-08-02 04:14 . 2012-08-02 04:38 -------- d-----w- c:documents and settingsSuziLocal SettingsApplication DataGoogle 2012-08-02 04:12 . 2012-08-02 04:14 -------- d-----w- c:documents and settingsSuziLocal SettingsApplication DataDeployment 2012-08-01 13:37 . 2012-08-01 13:37 -------- d-----w- c:program filesCommon FilesJava 2012-08-01 13:36 . 2012-08-01 13:36 -------- d-----w- c:program filesOracle 2012-08-01 13:36 . 2012-08-01 13:36 -------- d-----w- c:documents and settingsSuziApplication DataOracle 2012-08-01 13:35 . 2012-08-01 13:35 -------- d-----w- c:documents and settingsAll UsersApplication DataMcAfee 2012-07-30 11:37 . 2012-07-30 11:37 -------- d-----w- c:documents and settingsSuziApplication DataTemplate . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-08-25 04:22 . 2012-04-29 23:52 426184 ----a-w- c:windowssystem32FlashPlayerApp.exe 2012-08-25 04:22 . 2012-01-26 18:40 70344 ----a-w- c:windowssystem32FlashPlayerCPLApp.cpl 2012-07-06 13:58 . 2008-04-15 12:00 78336 ----a-w- c:windowssystem32browser.dll 2012-07-06 03:07 . 2012-04-30 00:28 143872 ----a-w- c:windowssystem32javacpl.cpl 2012-07-06 03:06 . 2012-04-30 00:28 772544 ----a-w- c:windowssystem32npdeployJava1.dll 2012-07-04 14:05 . 2011-12-31 01:19 139784 ----a-w- c:windowssystem32driversrdpwd.sys 2012-07-03 18:46 . 2012-03-03 19:47 22344 ----a-w- c:windowssystem32driversmbam.sys 2012-07-03 13:40 . 2012-01-12 16:53 1866112 ----a-w- c:windowssystem32win32k.sys 2012-07-02 17:49 . 2011-12-19 08:13 916992 ----a-w- c:windowssystem32wininet.dll 2012-07-02 17:49 . 2011-12-19 08:13 1469440 ------w- c:windowssystem32inetcpl.cpl 2012-07-02 17:49 . 2007-08-14 17:44 43520 ------w- c:windowssystem32licmgr10.dll 2012-07-02 12:05 . 2011-10-31 20:57 385024 ------w- c:windowssystem32html.iec 2012-06-07 01:59 . 2012-06-07 01:59 1070152 ----a-w- c:windowssystem32MSCOMCTL.OCX 2012-06-05 15:50 . 2010-06-14 07:41 1172480 ----a-w- c:windowssystem32msxml3.dll 2012-06-05 15:50 . 2009-07-31 18:05 1372672 ----a-w- c:windowssystem32msxml6.dll 2012-06-04 22:35 . 2009-10-04 18:33 222448 ----a-w- c:windowssystem32muweb.dll 2012-06-04 04:32 . 2011-11-16 14:21 152576 ----a-w- c:windowssystem32schannel.dll 2012-06-02 20:19 . 2007-07-31 18:18 22040 ----a-w- c:windowssystem32wucltui.dll.mui 2012-06-02 20:19 . 2009-10-03 19:46 210968 ----a-w- c:windowssystem32wuweb.dll 2012-06-02 20:19 . 2009-10-03 19:46 329240 ----a-w- c:windowssystem32wucltui.dll 2012-06-02 20:19 . 2009-10-03 19:46 219160 ----a-w- c:windowssystem32wuaucpl.cpl 2012-06-02 20:19 . 2007-07-31 18:19 15384 ----a-w- c:windowssystem32wuaucpl.cpl.mui 2012-06-02 20:19 . 2009-10-03 19:46 53784 ----a-w- c:windowssystem32wuauclt.exe 2012-06-02 20:19 . 2009-10-03 19:46 97304 ----a-w- c:windowssystem32cdm.dll 2012-06-02 20:19 . 2008-04-15 12:00 35864 ----a-w- c:windowssystem32wups.dll 2012-06-02 20:19 . 2007-07-31 18:19 45080 ----a-w- c:windowssystem32wups2.dll 2012-06-02 20:19 . 2007-07-31 18:19 15384 ----a-w- c:windowssystem32wuapi.dll.mui 2012-06-02 20:19 . 2007-07-31 18:18 17944 ----a-w- c:windowssystem32wuaueng.dll.mui 2012-06-02 20:19 . 2009-10-03 19:46 577048 ----a-w- c:windowssystem32wuapi.dll 2012-06-02 20:19 . 2009-10-03 19:46 1933848 ----a-w- c:windowssystem32wuaueng.dll 2012-06-02 20:18 . 2009-10-04 18:33 275696 ----a-w- c:windowssystem32mucltui.dll 2012-06-02 20:18 . 2009-06-18 18:59 17136 ----a-w- c:windowssystem32mucltui.dll.mui 2012-05-31 13:22 . 2011-09-28 07:06 599040 ----a-w- c:windowssystem32crypt32.dll 2012-02-16 14:40 . 2012-02-25 17:56 134104 ----a-w- c:program filesmozilla firefoxcomponentsbrowsercomps.dll . . ((((((((((((((((((((((((((((( [email protected]_16.25.41 ))))))))))))))))))))))))))))))))))))))))) . + 2012-08-26 23:19 . 2012-08-26 23:19 16384 c:windowstempPerflib_Perfdata_7f4.dat + 2008-06-25 01:26 . 2012-08-26 23:23 71910 c:windowssystem32perfc009.dat - 2008-06-25 01:26 . 2012-08-26 15:51 71910 c:windowssystem32perfc009.dat + 2008-06-25 01:26 . 2012-08-26 23:23 442140 c:windowssystem32perfh009.dat - 2008-06-25 01:26 . 2012-08-26 15:51 442140 c:windowssystem32perfh009.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun] "Skype"="c:program filesSkypePhoneSkype.exe" [2008-11-06 21755688] . [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] "IgfxTray"="c:windowssystem32igfxtray.exe" [2008-02-15 135168] "HotKeysCmds"="c:windowssystem32hkcmd.exe" [2008-02-15 159744] "Persistence"="c:windowssystem32igfxpers.exe" [2008-02-15 131072] "SysTrayApp"="c:program filesIDTWDMsttray.exe" [2009-03-30 483428] "AESTFltr"="c:windowssystem32AESTFltr.exe" [2009-02-18 737280] "SynTPEnh"="c:program filesSynapticsSynTPSynTPEnh.exe" [2009-01-16 1418536] "HP Mobile Broadband"="c:swsetupHPQWWANHPMobileBroadband.exe" [2009-01-09 455224] "Microsoft Default Manager"="c:program filesMicrosoftSearch Enhancement PackDefault ManagerDefMgr.exe" [2009-02-06 224616] "hpWirelessAssistant"="c:program filesHewlett-PackardHP Wireless AssistantHPWAMain.exe" [2008-04-15 488752] "avgnt"="c:program filesAviraAntiVir Desktopavgnt.exe" [2012-08-09 348664] "Everything"="c:program filesEverythingEverything.exe" [2009-03-13 602624] "SunJavaUpdateSched"="c:program filesCommon FilesJavaJava Updatejusched.exe" [2012-01-17 252296] "Adobe Reader Speed Launcher"="c:program filesAdobeReader 9.0ReaderReader_sl.exe" [2009-10-03 35696] "Adobe ARM"="c:program filesCommon FilesAdobeARM1.0AdobeARM.exe" [2009-09-04 935288] . c:documents and settingsSuziStart MenuProgramsStartup PdaNet Desktop.lnk - c:program filesPdaNet for AndroidPdaNetPC.exe [2012-2-26 484976] . [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWdf01000.sys] @="Driver" . [HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList] "%windir%Network Diagnosticxpnetdiag.exe"= "%windir%system32sessmgr.exe"= "c:Program FilesMicrosoft OfficeOffice12ONENOTE.EXE"= "c:Program FilesMessengermsmsgs.exe"= "c:Program FilesWindows LiveMessengerwlcsdk.exe"= "c:Program FilesWindows LiveMessengermsnmsgr.exe"= "c:Program FilesTeamViewerVersion7TeamViewer.exe"= "c:Program FilesTeamViewerVersion7TeamViewer_Service.exe"= "c:Program FilesMalwarebytes' Anti-Malwarembam.exe"= "c:Program FilesAviraAntiVir Desktopavcenter.exe"= "c:Program FilesSkypePhoneSkype.exe"= . [HKLM~servicessharedaccessparametersfirewallpolicystandardprofileGloballyOpenPortsList] "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management . R1 avkmgr;avkmgr;c:windowssystem32driversavkmgr.sys [1/26/2012 2:36 PM 36000] R2 AntiVirSchedulerService;Avira Scheduler;c:program filesAviraAntiVir Desktopsched.exe [1/26/2012 2:36 PM 86224] R3 AESTAud;AE Audio Service;c:windowssystem32driversAESTAud.sys [5/7/2009 6:23 PM 113664] R3 pneteth;PdaNet Broadband;c:windowssystem32driverspneteth.sys [2/26/2012 6:55 PM 13440] R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:windowssystem32driversssadbus.sys [2/26/2012 6:55 PM 121192] S2 gupdate;Google Update Service (gupdate);c:program filesGoogleUpdateGoogleUpdate.exe [7/21/2012 9:20 AM 116648] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:windowssystem32MacromedFlashFlashPlayerUpdateService.exe [4/29/2012 6:52 PM 250056] S3 cpuz128;cpuz128; [x] S3 gupdatem;Google Update Service (gupdatem);c:program filesGoogleUpdateGoogleUpdate.exe [7/21/2012 9:20 AM 116648] S3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:windowssystem32DRIVERSl1c51x86.sys --> c:windowssystem32DRIVERSl1c51x86.sys [?] S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:windowssystem32driversNwUsbCdFil.sys [9/23/2008 4:10 PM 20480] S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:windowssystem32driversnwusbser2.sys [7/26/2009 2:45 PM 174336] S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:windowssystem32DriversRTS5121.sys --> c:windowssystem32DriversRTS5121.sys [?] S3 Rts516xIR;Realtek IR Driver;c:windowssystem32DRIVERSRts516xIR.sys --> c:windowssystem32DRIVERSRts516xIR.sys [?] S4 PCPitstop Scheduling;PCPitstop Scheduling;c:program filesPCPitstopPCPitstopScheduleService.exe [8/24/2012 8:39 AM 77312] . Contents of the 'Scheduled Tasks' folder . 2012-08-26 c:windowsTasksAdobe Flash Player Updater.job - c:windowssystem32MacromedFlashFlashPlayerUpdateService.exe [2012-04-29 04:22] . 2012-08-26 c:windowsTasksGoogleUpdateTaskMachineCore.job - c:program filesGoogleUpdateGoogleUpdate.exe [2012-07-21 14:20] . 2012-08-26 c:windowsTasksGoogleUpdateTaskMachineUA.job - c:program filesGoogleUpdateGoogleUpdate.exe [2012-07-21 14:20] . 2012-08-20 c:windowsTasksGoogleUpdateTaskUserS-1-5-21-3722816078-4193266709-504252426-1009Core.job - c:documents and settingsSuziLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe [2012-08-02 04:14] . 2012-08-26 c:windowsTasksGoogleUpdateTaskUserS-1-5-21-3722816078-4193266709-504252426-1009UA.job - c:documents and settingsSuziLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe [2012-08-02 04:14] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/?ilc=17 IE: E&xport to Microsoft Excel - c:progra~1MICROS~2Office12EXCEL.EXE/3000 FF - ProfilePath - c:documents and settingsSuziApplication DataMozillaFirefoxProfiles03u3rlxy.default FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/ FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=685749&p= FF - prefs.js: network.proxy.type - 0 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-08-26 18:54 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(3552) c:windowssystem32WININET.dll c:windowssystem32ieframe.dll c:windowssystem32webcheck.dll c:windowssystem32WPDShServiceObj.dll c:windowssystem32PortableDeviceTypes.dll c:windowssystem32PortableDeviceApi.dll . Completion time: 2012-08-26 19:05:07 ComboFix-quarantined-files.txt 2012-08-27 00:05 ComboFix2.txt 2012-08-26 16:36 . Pre-Run: 140,761,341,952 bytes free Post-Run: 140,763,418,624 bytes free . - - End Of File - - 165E2DE9AFCBB232C41DAB786AE21472
  3. I hope I didnt mess up (I know how much you probably hate reading those words) When I started the combofix program and said yes to windows recovery console it ran for a few seconds then this popped up - " Windows recovery failed to download required files, aborting, shall continue scanning for malware" it then had an "ok" button and I pushed ok.. Hope this didnt make this a pain in the butt for you.. Here is the combofix log: ComboFix 12-08-25.04 - Suzi 08/26/2012 11:18:58.1.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.640 [GMT -5:00] Running from: c:documents and settingsSuziDesktopComboFix.exe AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7} . WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:documents and settingsAll UsersApplication Datauninstaller.exe c:documents and settingsSuziApplication DataMo[email protected]crossrider.com c:documents and settingsSuziApplication DataMo[email protected]crossrider.comchrome.manifest c:documents and settingsSuziApplication DataMo[email protected]crossrider.comchromecontentbackground.html c:documents and settingsSuziApplication DataMo[email protected]crossrider.comchromecontentbrowser.xul c:documents and settingsSuziApplication DataMo[email protected]crossrider.comchromecontentcrossrider.js c:documents and settingsSuziApplication DataMo[email protected]crossrider.comchromecontentcrossriderapi.js c:documents and settingsSuziApplication DataMo[email protected]crossrider.comchromecontentdialog.js c:documents and settingsSuziApplication DataMo[email protected]crossrider.comchromecontentoptions.js c:documents and settingsSuziApplication DataMo[email protected]crossrider.comchromecontentoptions.xul c:documents and settingsSuziApplication DataMo[email protected]crossrider.comchromecontentsearch_dialog.xul c:documents and settingsSuziApplication DataMo[email protected]crossrider.comchromecontentupdate.html c:documents and settingsSuziApplication DataMo[email protected]crossrider.comdefaultspreferencesprefs.js c:documents and settingsSuziApplication DataMo[email protected]crossrider.cominstall.rdf c:documents and settingsSuziApplication DataMo[email protected]crossrider.comlocaleen-UStranslations.dtd c:documents and settingsSuziApplication DataMo[email protected]crossrider.comskinbutton1.png c:documents and settingsSuziApplication DataMo[email protected]crossrider.comskinbutton2.png c:documents and settingsSuziApplication DataMo[email protected]crossrider.comskinbutton3.png c:documents and settingsSuziApplication DataMo[email protected]crossrider.comskinbutton4.png c:documents and settingsSuziApplication DataMo[email protected]crossrider.comskinbutton5.png c:documents and settingsSuziApplication DataMo[email protected]crossrider.comskincrossrider_statusbar.png c:documents and settingsSuziApplication DataMo[email protected]crossrider.comskinicon128.png c:documents and settingsSuziApplication DataMo[email protected]crossrider.comskinicon16.png c:documents and settingsSuziApplication DataMo[email protected]crossrider.comskinicon24.png c:documents and settingsSuziApplication DataMo[email protected]crossrider.comskinicon48.png c:documents and settingsSuziApplication DataMo[email protected]crossrider.comskinpanelarrow-up.png c:documents and settingsSuziApplication DataMo[email protected]crossrider.comskinpopup.css c:documents and settingsSuziApplication DataMo[email protected]crossrider.comskinpopup.html c:documents and settingsSuziApplication DataMo[email protected]crossrider.comskinpopup_binding.xml c:documents and settingsSuziApplication DataMo[email protected]crossrider.comskinskin.css c:documents and settingsSuziApplication DataMo[email protected]crossrider.comskinupdate.css c:program filesHPHPBTWD.exe c:program filesInternet ExplorerSET180.tmp c:program filesInternet ExplorerSET185.tmp c:windowsDownloaded Program Filesf3initialsetup1.0.1.1.inf c:windowssystem32_000005_.tmp.dll c:windowssystem32URTTemp c:windowssystem32URTTempfusion.dll c:windowssystem32URTTempmscoree.dll c:windowssystem32URTTempmscoree.dll.local c:windowssystem32URTTempmscorsn.dll c:windowssystem32URTTempmscorwks.dll c:windowssystem32URTTempmsvcr71.dll c:windowssystem32URTTempregtlib.exe . . ((((((((((((((((((((((((( Files Created from 2012-07-26 to 2012-08-26 ))))))))))))))))))))))))))))))) . . 2012-08-26 04:08 . 2012-08-26 04:08 -------- d-----w- C:_OTL 2012-08-25 22:38 . 2012-08-25 22:48 -------- d-----w- C:Hijackthis 2012-08-24 13:41 . 2012-08-24 13:41 -------- d-----w- c:documents and settingsAll UsersApplication DataPCPitstop 2012-08-24 13:39 . 2012-08-24 13:39 -------- d-----w- c:program filesPCPitstop 2012-08-24 09:58 . 2012-08-24 14:21 -------- d-----w- c:documents and settingsGuest 2012-08-23 12:01 . 2012-08-24 02:21 -------- d-----w- c:documents and settingsSuziLocal SettingsApplication DataPaint.NET 2012-08-23 11:59 . 2012-08-23 11:59 -------- d-----w- c:documents and settingsSuziLocal SettingsApplication DataFreeEditorEditTemp 2012-08-23 11:50 . 2011-03-02 10:43 175616 ----a-w- c:windowssystem32unrar.dll 2012-08-23 11:50 . 2012-08-23 11:50 -------- d-----w- c:program filesK-Lite Codec Pack 2012-08-23 11:49 . 2012-08-23 12:03 -------- d-----w- c:program filesFree Editor 2012-08-23 11:22 . 2012-08-23 11:22 -------- d-----w- c:documents and settingsSuziLocal SettingsApplication DataSoftware Assist 2012-08-23 11:22 . 2012-08-25 04:32 -------- d-----w- c:program filesSoftware Assist 2012-08-20 01:07 . 2012-08-21 12:20 -------- d-----w- c:documents and settingsAll UsersApplication DataYTD Video Downloader 2012-08-20 01:07 . 2012-08-20 01:07 -------- d-----w- c:program filesGreenTree Applications 2012-08-20 00:16 . 2012-08-21 12:21 -------- d-----w- c:documents and settingsSuziApplication Datavlc 2012-08-20 00:15 . 2012-08-25 20:13 -------- d-----w- c:program filesVideoLAN 2012-08-19 23:59 . 2012-08-19 23:59 -------- d-----w- c:documents and settingsAll UsersApplication DataWeCareReminder 2012-08-19 23:55 . 2012-08-23 11:22 -------- d-----w- c:documents and settingsAll UsersApplication DataTarma Installer 2012-08-19 14:52 . 2012-08-19 14:52 -------- d-----w- c:program filesTweaks 2012-08-17 00:32 . 2012-08-19 14:13 -------- d-----w- c:documents and settingsAll UsersApplication Datafirebird 2012-08-17 00:30 . 2012-08-17 00:30 -------- d-----w- c:documents and settingsSuziApplication DataChrysanth 2012-08-17 00:30 . 2012-08-17 00:30 -------- d-----w- c:program filesChrysanth 2012-08-17 00:08 . 2012-08-17 00:08 249856 ------w- c:windowsSetup1.exe 2012-08-17 00:08 . 2012-08-17 00:08 73216 ----a-w- c:windowsST6UNST.EXE 2012-08-16 23:52 . 2012-08-16 23:52 -------- d-----w- C:myDiary 2012-08-07 18:49 . 2012-08-07 18:49 4608000 ----a-w- c:documents and settingsAll UsersApplication DataReadOnlyInstaller.msi 2012-08-07 14:25 . 2012-08-07 14:25 -------- d-----w- c:documents and settingsSuziLocal SettingsApplication DataSun 2012-08-02 04:14 . 2012-08-02 04:38 -------- d-----w- c:documents and settingsSuziLocal SettingsApplication DataGoogle 2012-08-02 04:12 . 2012-08-02 04:14 -------- d-----w- c:documents and settingsSuziLocal SettingsApplication DataDeployment 2012-08-01 13:37 . 2012-08-01 13:37 -------- d-----w- c:program filesCommon FilesJava 2012-08-01 13:36 . 2012-08-01 13:36 -------- d-----w- c:program filesOracle 2012-08-01 13:36 . 2012-08-01 13:36 -------- d-----w- c:documents and settingsSuziApplication DataOracle 2012-08-01 13:35 . 2012-08-01 13:35 -------- d-----w- c:documents and settingsAll UsersApplication DataMcAfee 2012-07-30 11:37 . 2012-07-30 11:37 -------- d-----w- c:documents and settingsSuziApplication DataTemplate . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-08-25 04:22 . 2012-04-29 23:52 426184 ----a-w- c:windowssystem32FlashPlayerApp.exe 2012-08-25 04:22 . 2012-01-26 18:40 70344 ----a-w- c:windowssystem32FlashPlayerCPLApp.cpl 2012-07-06 13:58 . 2008-04-15 12:00 78336 ----a-w- c:windowssystem32browser.dll 2012-07-06 03:07 . 2012-04-30 00:28 143872 ----a-w- c:windowssystem32javacpl.cpl 2012-07-06 03:06 . 2012-04-30 00:28 772544 ----a-w- c:windowssystem32npdeployJava1.dll 2012-07-04 14:05 . 2011-12-31 01:19 139784 ----a-w- c:windowssystem32driversrdpwd.sys 2012-07-03 18:46 . 2012-03-03 19:47 22344 ----a-w- c:windowssystem32driversmbam.sys 2012-07-03 13:40 . 2012-01-12 16:53 1866112 ----a-w- c:windowssystem32win32k.sys 2012-07-02 17:49 . 2011-12-19 08:13 916992 ----a-w- c:windowssystem32wininet.dll 2012-07-02 17:49 . 2011-12-19 08:13 1469440 ------w- c:windowssystem32inetcpl.cpl 2012-07-02 17:49 . 2007-08-14 17:44 43520 ------w- c:windowssystem32licmgr10.dll 2012-07-02 12:05 . 2011-10-31 20:57 385024 ------w- c:windowssystem32html.iec 2012-06-07 01:59 . 2012-06-07 01:59 1070152 ----a-w- c:windowssystem32MSCOMCTL.OCX 2012-06-05 15:50 . 2010-06-14 07:41 1172480 ----a-w- c:windowssystem32msxml3.dll 2012-06-05 15:50 . 2009-07-31 18:05 1372672 ----a-w- c:windowssystem32msxml6.dll 2012-06-04 22:35 . 2009-10-04 18:33 222448 ----a-w- c:windowssystem32muweb.dll 2012-06-04 04:32 . 2011-11-16 14:21 152576 ----a-w- c:windowssystem32schannel.dll 2012-06-02 20:19 . 2007-07-31 18:18 22040 ----a-w- c:windowssystem32wucltui.dll.mui 2012-06-02 20:19 . 2009-10-03 19:46 210968 ----a-w- c:windowssystem32wuweb.dll 2012-06-02 20:19 . 2009-10-03 19:46 329240 ----a-w- c:windowssystem32wucltui.dll 2012-06-02 20:19 . 2009-10-03 19:46 219160 ----a-w- c:windowssystem32wuaucpl.cpl 2012-06-02 20:19 . 2007-07-31 18:19 15384 ----a-w- c:windowssystem32wuaucpl.cpl.mui 2012-06-02 20:19 . 2009-10-03 19:46 53784 ----a-w- c:windowssystem32wuauclt.exe 2012-06-02 20:19 . 2009-10-03 19:46 97304 ----a-w- c:windowssystem32cdm.dll 2012-06-02 20:19 . 2008-04-15 12:00 35864 ----a-w- c:windowssystem32wups.dll 2012-06-02 20:19 . 2007-07-31 18:19 45080 ----a-w- c:windowssystem32wups2.dll 2012-06-02 20:19 . 2007-07-31 18:19 15384 ----a-w- c:windowssystem32wuapi.dll.mui 2012-06-02 20:19 . 2007-07-31 18:18 17944 ----a-w- c:windowssystem32wuaueng.dll.mui 2012-06-02 20:19 . 2009-10-03 19:46 577048 ----a-w- c:windowssystem32wuapi.dll 2012-06-02 20:19 . 2009-10-03 19:46 1933848 ----a-w- c:windowssystem32wuaueng.dll 2012-06-02 20:18 . 2009-10-04 18:33 275696 ----a-w- c:windowssystem32mucltui.dll 2012-06-02 20:18 . 2009-06-18 18:59 17136 ----a-w- c:windowssystem32mucltui.dll.mui 2012-05-31 13:22 . 2011-09-28 07:06 599040 ----a-w- c:windowssystem32crypt32.dll 2012-02-16 14:40 . 2012-02-25 17:56 134104 ----a-w- c:program filesmozilla firefoxcomponentsbrowsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun] "Skype"="c:program filesSkypePhoneSkype.exe" [2008-11-06 21755688] . [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] "IgfxTray"="c:windowssystem32igfxtray.exe" [2008-02-15 135168] "HotKeysCmds"="c:windowssystem32hkcmd.exe" [2008-02-15 159744] "Persistence"="c:windowssystem32igfxpers.exe" [2008-02-15 131072] "SysTrayApp"="c:program filesIDTWDMsttray.exe" [2009-03-30 483428] "AESTFltr"="c:windowssystem32AESTFltr.exe" [2009-02-18 737280] "SynTPEnh"="c:program filesSynapticsSynTPSynTPEnh.exe" [2009-01-16 1418536] "HP Mobile Broadband"="c:swsetupHPQWWANHPMobileBroadband.exe" [2009-01-09 455224] "Microsoft Default Manager"="c:program filesMicrosoftSearch Enhancement PackDefault ManagerDefMgr.exe" [2009-02-06 224616] "hpWirelessAssistant"="c:program filesHewlett-PackardHP Wireless AssistantHPWAMain.exe" [2008-04-15 488752] "avgnt"="c:program filesAviraAntiVir Desktopavgnt.exe" [2012-08-09 348664] "Everything"="c:program filesEverythingEverything.exe" [2009-03-13 602624] "SunJavaUpdateSched"="c:program filesCommon FilesJavaJava Updatejusched.exe" [2012-01-17 252296] "Adobe Reader Speed Launcher"="c:program filesAdobeReader 9.0ReaderReader_sl.exe" [2009-10-03 35696] "Adobe ARM"="c:program filesCommon FilesAdobeARM1.0AdobeARM.exe" [2009-09-04 935288] . c:documents and settingsSuziStart MenuProgramsStartup PdaNet Desktop.lnk - c:program filesPdaNet for AndroidPdaNetPC.exe [2012-2-26 484976] . [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWdf01000.sys] @="Driver" . [HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList] "%windir%Network Diagnosticxpnetdiag.exe"= "%windir%system32sessmgr.exe"= "c:Program FilesMicrosoft OfficeOffice12ONENOTE.EXE"= "c:Program FilesMessengermsmsgs.exe"= "c:Program FilesWindows LiveMessengerwlcsdk.exe"= "c:Program FilesWindows LiveMessengermsnmsgr.exe"= "c:Program FilesTeamViewerVersion7TeamViewer.exe"= "c:Program FilesTeamViewerVersion7TeamViewer_Service.exe"= "c:Program FilesMalwarebytes' Anti-Malwarembam.exe"= "c:Program FilesAviraAntiVir Desktopavcenter.exe"= "c:Program FilesSkypePhoneSkype.exe"= . [HKLM~servicessharedaccessparametersfirewallpolicystandardprofileGloballyOpenPortsList] "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management . R1 avkmgr;avkmgr;c:windowssystem32driversavkmgr.sys [1/26/2012 2:36 PM 36000] R2 AntiVirSchedulerService;Avira Scheduler;c:program filesAviraAntiVir Desktopsched.exe [1/26/2012 2:36 PM 86224] R3 AESTAud;AE Audio Service;c:windowssystem32driversAESTAud.sys [5/7/2009 6:23 PM 113664] R3 pneteth;PdaNet Broadband;c:windowssystem32driverspneteth.sys [2/26/2012 6:55 PM 13440] R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:windowssystem32driversssadbus.sys [2/26/2012 6:55 PM 121192] S2 gupdate;Google Update Service (gupdate);c:program filesGoogleUpdateGoogleUpdate.exe [7/21/2012 9:20 AM 116648] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:windowssystem32MacromedFlashFlashPlayerUpdateService.exe [4/29/2012 6:52 PM 250056] S3 cpuz128;cpuz128; [x] S3 gupdatem;Google Update Service (gupdatem);c:program filesGoogleUpdateGoogleUpdate.exe [7/21/2012 9:20 AM 116648] S3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:windowssystem32DRIVERSl1c51x86.sys --> c:windowssystem32DRIVERSl1c51x86.sys [?] S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:windowssystem32driversNwUsbCdFil.sys [9/23/2008 4:10 PM 20480] S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:windowssystem32driversnwusbser2.sys [7/26/2009 2:45 PM 174336] S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:windowssystem32DriversRTS5121.sys --> c:windowssystem32DriversRTS5121.sys [?] S3 Rts516xIR;Realtek IR Driver;c:windowssystem32DRIVERSRts516xIR.sys --> c:windowssystem32DRIVERSRts516xIR.sys [?] S4 PCPitstop Scheduling;PCPitstop Scheduling;c:program filesPCPitstopPCPitstopScheduleService.exe [8/24/2012 8:39 AM 77312] . Contents of the 'Scheduled Tasks' folder . 2012-08-26 c:windowsTasksAdobe Flash Player Updater.job - c:windowssystem32MacromedFlashFlashPlayerUpdateService.exe [2012-04-29 04:22] . 2012-08-26 c:windowsTasksGoogleUpdateTaskMachineCore.job - c:program filesGoogleUpdateGoogleUpdate.exe [2012-07-21 14:20] . 2012-08-26 c:windowsTasksGoogleUpdateTaskMachineUA.job - c:program filesGoogleUpdateGoogleUpdate.exe [2012-07-21 14:20] . 2012-08-20 c:windowsTasksGoogleUpdateTaskUserS-1-5-21-3722816078-4193266709-504252426-1009Core.job - c:documents and settingsSuziLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe [2012-08-02 04:14] . 2012-08-26 c:windowsTasksGoogleUpdateTaskUserS-1-5-21-3722816078-4193266709-504252426-1009UA.job - c:documents and settingsSuziLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe [2012-08-02 04:14] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/?ilc=17 IE: E&xport to Microsoft Excel - c:progra~1MICROS~2Office12EXCEL.EXE/3000 TCP: DhcpNameServer = 8.8.8.8 FF - ProfilePath - c:documents and settingsSuziApplication DataMozillaFirefoxProfiles03u3rlxy.default FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/ FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=685749&p= FF - prefs.js: network.proxy.type - 0 FF - user.js: extensions.funmoods.hmpg - true FF - user.js: extensions.funmoods.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1QzutDtDtByCtAyB0B0DtAzyyEtByD0FtD0FtN0D0Tzu0CtBtAtBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=463652123 FF - user.js: extensions.funmoods.dfltSrch - false FF - user.js: extensions.funmoods.srchPrvdr - Search FF - user.js: extensions.funmoods.dnsErr - true FF - user.js: extensions.funmoods_i.newTab - true FF - user.js: extensions.funmoods.newTabUrl - hxxp://start.funmoods.com/?f=2&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1QzutDtDtByCtAyB0B0DtAzyyEtByD0FtD0FtN0D0Tzu0CtBtAtBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=463652123 FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://start.funmoods.com/?f=3&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1QzutDtDtByCtAyB0B0DtAzyyEtByD0FtD0FtN0D0Tzu0CtBtAtBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=463652123&q= FF - user.js: extensions.funmoods.id - 002637BD39425F0F FF - user.js: extensions.funmoods.instlDay - 15571 FF - user.js: extensions.funmoods.vrsn - 1.5.23.22 FF - user.js: extensions.funmoods.vrsni - 1.5.23.22 FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2218:54 FF - user.js: extensions.funmoods.prtnrId - funmoods FF - user.js: extensions.funmoods.prdct - funmoods FF - user.js: extensions.funmoods.aflt - axl FF - user.js: extensions.funmoods_i.smplGrp - none FF - user.js: extensions.funmoods.tlbrId - base FF - user.js: extensions.funmoods.instlRef - axl FF - user.js: extensions.funmoods.dfltLng - FF - user.js: extensions.funmoods.excTlbr - false FF - user.js: extensions.funmoods.autoRvrt - false FF - user.js: extensions.funmoods.envrmnt - production FF - user.js: extensions.funmoods.isdcmntcmplt - true FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0 . - - - - ORPHANS REMOVED - - - - . HKLM-Run-HP BTW Detect Program - c:program filesHPHPBTWD.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-08-26 11:25 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . Completion time: 2012-08-26 11:36:26 ComboFix-quarantined-files.txt 2012-08-26 16:36 . Pre-Run: 140,868,812,800 bytes free Post-Run: 140,816,244,736 bytes free . - - End Of File - - 2C89A3BDDF5807E09955EB6491907C4E
  4. All processes killed ========== PROCESSES ========== ========== OTL ========== HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerSearchScopesDefaultScope| /E : value set successfully! HKEY_CURRENT_USERSOFTWAREMicrosoftInternet ExplorerSearchScopesDefaultScope| /E : value set successfully! Registry key [email protected]/VMP deleted successfully. C:Program FilesViewpointViewpoint Experience TechnologynpViewpoint.dll moved successfully. C:Program FilesMozilla Firefoxextensions{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}chromelocalezh-TWffjcext folder moved successfully. C:Program FilesMozilla Firefoxextensions{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}chromelocalezh-TW folder moved successfully. C:Program FilesMozilla Firefoxextensions{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}chromelocalezh-CNffjcext folder moved successfully. C:Program FilesMozilla Firefoxextensions{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}chromelocalezh-CN folder moved successfully. C:Program FilesMozilla Firefoxextensions{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}chromelocalesv-SEffjcext folder moved successfully. C:Program FilesMozilla Firefoxextensions{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}chromelocalesv-SE folder moved successfully. C:Program FilesMozilla Firefoxextensions{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}chromelocaleko-KRffjcext folder moved successfully. C:Program FilesMozilla Firefoxextensions{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}chromelocaleko-KR folder moved successfully. C:Program FilesMozilla Firefoxextensions{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}chromelocaleja-JPffjcext folder moved successfully. C:Program FilesMozilla Firefoxextensions{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}chromelocaleja-JP folder moved successfully. C:Program FilesMozilla Firefoxextensions{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}chromelocaleit-ITffjcext folder moved successfully. C:Program FilesMozilla Firefoxextensions{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}chromelocaleit-IT folder moved successfully. C:Program FilesMozilla Firefoxextensions{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}chromelocalefr-FRffjcext folder moved successfully. C:Program FilesMozilla Firefoxextensions{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}chromelocalefr-FR folder moved successfully. C:Program FilesMozilla Firefoxextensions{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}chromelocalees-ESffjcext folder moved successfully. C:Program FilesMozilla Firefoxextensions{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}chromelocalees-ES folder moved successfully. C:Program FilesMozilla Firefoxextensions{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}chromelocaleen-USffjcext folder moved successfully. C:Program FilesMozilla Firefoxextensions{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}chromelocaleen-US folder moved successfully. C:Program FilesMozilla Firefoxextensions{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}chromelocalede-DEffjcext folder moved successfully. C:Program FilesMozilla Firefoxextensions{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}chromelocalede-DE folder moved successfully. C:Program FilesMozilla Firefoxextensions{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}chromelocale folder moved successfully. C:Program FilesMozilla Firefoxextensions{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}chromecontentffjcext folder moved successfully. C:Program FilesMozilla Firefoxextensions{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}chromecontent folder moved successfully. C:Program FilesMozilla Firefoxextensions{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}chrome folder moved successfully. C:Program FilesMozilla Firefoxextensions{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} folder moved successfully. File C:Program FilesViewpointViewpoint Experience TechnologynpViewpoint.dll not found. Registry key HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{02478D38-C3F9-4efb-9B51-7695ECA05670} deleted successfully. Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{02478D38-C3F9-4efb-9B51-7695ECA05670} not found. Registry value HKEY_LOCAL_MACHINESoftwareMicrosoftInternet ExplorerToolbarLocked deleted successfully. Registry value HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarWebBrowser{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} deleted successfully. Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} not found. Registry key HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionInternet SettingsZoneMapDomainsfacebook.comwww deleted successfully. Registry key HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionInternet SettingsZoneMapDomainsyahoo.comlogin deleted successfully. C:Documents and SettingsSuziLocal SettingsApplication Datafunmoods-speeddial.crx moved successfully. File C:Documents and SettingsSuziLocal SettingsApplication Datafunmoods-speeddial.crx not found. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32902 bytes ->Flash cache emptied: 321 bytes User: Guest ->Temp folder emptied: 3374 bytes ->Temporary Internet Files folder emptied: 33099 bytes ->Flash cache emptied: 321 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 5997386 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Suzi ->Temp folder emptied: 82765222 bytes ->Temporary Internet Files folder emptied: 1868594 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 85138911 bytes ->Google Chrome cache emptied: 6157010 bytes ->Flash cache emptied: 3050 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%System32 .tmp files removed: 43246316 bytes %systemroot%System32dllcache .tmp files removed: 9926392 bytes %systemroot%System32drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 16098284 bytes %systemroot%system32configsystemprofileLocal SettingsTemp folder emptied: 121646082 bytes %systemroot%system32configsystemprofileLocal SettingsTemporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 15789426 bytes Total Files Cleaned = 371.00 mb OTL by OldTimer - Version 3.2.59.0 log created on 08262012_012320 FilesFolders moved on Reboot... PendingFileRenameOperations files... Registry entries deleted on Reboot... I looked on Chrome and the only search engines listed are google, yahoo and bing...yay
  5. Here is the OTL log: OTL logfile created on: 8/25/2012 11:18:13 PM - Run 1 OTL by OldTimer - Version 3.2.59.0 Folder = C:Documents and SettingsSuziDesktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1015.23 Mb Total Physical Memory | 619.18 Mb Available Physical Memory | 60.99% Memory free 2.39 Gb Paging File | 2.01 Gb Available in Paging File | 84.25% Paging File free Paging file location(s): C:pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:WINDOWS | %ProgramFiles% = C:Program Files Drive C: | 149.04 Gb Total Space | 130.93 Gb Free Space | 87.85% Space Free | Partition Type: NTFS Computer Name: PC279151865318 | User Name: Suzi | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/08/25 23:00:29 | 000,598,016 | ---- | M] (OldTimer Tools) -- C:Documents and SettingsSuziDesktopOTL.exe PRC - [2012/08/09 16:53:03 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:Program FilesAviraAntiVir Desktopavgnt.exe PRC - [2012/07/05 22:07:00 | 000,161,704 | ---- | M] (Oracle Corporation) -- C:Program FilesOracleJavaFX 2.1 Runtimebinjqs.exe PRC - [2012/05/18 23:58:40 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:Program FilesAviraAntiVir Desktopsched.exe PRC - [2012/05/18 23:58:40 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:Program FilesAviraAntiVir Desktopavshadow.exe PRC - [2012/05/18 23:58:39 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:Program FilesAviraAntiVir Desktopavguard.exe PRC - [2012/01/26 21:04:18 | 000,484,976 | ---- | M] () -- C:Program FilesPdaNet for AndroidPdaNetPC.exe PRC - [2009/03/30 18:02:08 | 000,319,488 | ---- | M] () -- C:Program FilesHPHPBTWD.exe PRC - [2009/03/30 15:47:00 | 000,483,428 | ---- | M] (IDT, Inc.) -- C:Program FilesIDTWDMsttray.exe PRC - [2009/03/30 15:47:00 | 000,254,042 | ---- | M] (IDT, Inc.) -- c:Program FilesIDTWDMstacsv.exe PRC - [2009/03/12 20:18:48 | 000,602,624 | ---- | M] () -- C:Program FilesEverythingEverything.exe PRC - [2009/02/18 16:41:56 | 000,737,280 | ---- | M] (Andrea Electronics Corporation) -- C:WINDOWSsystem32AESTFltr.exe PRC - [2008/04/15 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:WINDOWSexplorer.exe ========== Modules (No Company Name) ========== MOD - [2012/05/18 23:58:41 | 000,398,288 | ---- | M] () -- C:Program FilesAviraAntiVir Desktopsqlite3.dll MOD - [2012/01/26 21:04:18 | 000,484,976 | ---- | M] () -- C:Program FilesPdaNet for AndroidPdaNetPC.exe MOD - [2009/03/30 18:02:08 | 000,319,488 | ---- | M] () -- C:Program FilesHPHPBTWD.exe MOD - [2009/03/12 20:18:48 | 000,602,624 | ---- | M] () -- C:Program FilesEverythingEverything.exe MOD - [2008/04/15 07:00:00 | 000,059,904 | ---- | M] () -- C:WINDOWSsystem32devenum.dll MOD - [2008/04/15 07:00:00 | 000,014,336 | ---- | M] () -- C:WINDOWSsystem32msdmo.dll ========== Services (SafeList) ========== SRV - [2012/08/24 23:22:35 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:WINDOWSsystem32MacromedFlashFlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/07/05 22:07:00 | 000,161,704 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:Program FilesOracleJavaFX 2.1 Runtimebinjqs.exe -- (JavaQuickStarterService) SRV - [2012/05/18 23:58:40 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:Program FilesAviraAntiVir Desktopsched.exe -- (AntiVirSchedulerService) SRV - [2012/05/18 23:58:39 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:Program FilesAviraAntiVir Desktopavguard.exe -- (AntiVirService) SRV - [2009/03/30 15:47:00 | 000,254,042 | ---- | M] (IDT, Inc.) [Auto | Running] -- c:Program FilesIDTWDMstacsv.exe -- (STacSV) SRV - [2008/10/21 12:50:02 | 000,077,312 | ---- | M] () [Disabled | Stopped] -- C:Program FilesPCPitstopPCPitstopScheduleService.exe -- (PCPitstop Scheduling) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- system32DRIVERSRts5161ccid.sys -- (USBCCID) DRV - File not found [Kernel | On_Demand | Stopped] -- system32DRIVERSRts516xIR.sys -- (Rts516xIR) DRV - File not found [Kernel | On_Demand | Stopped] -- System32DriversRTS5121.sys -- (RSUSBSTOR) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PCTINDIS5) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | On_Demand | Stopped] -- system32DRIVERSpctnullport.sys -- (Nmea) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | On_Demand | Stopped] -- system32DRIVERSl1c51x86.sys -- (L1c) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (cpuz128) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2012/05/18 23:58:41 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:WINDOWSsystem32driversavipbb.sys -- (avipbb) DRV - [2012/05/18 23:58:41 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:WINDOWSsystem32driversavgntflt.sys -- (avgntflt) DRV - [2011/11/25 03:26:04 | 000,013,440 | ---- | M] (June Fabrics Technology Inc.) [Kernel | On_Demand | Running] -- C:WINDOWSsystem32driverspneteth.sys -- (pneteth) DRV - [2011/09/16 02:55:04 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:WINDOWSsystem32driversavkmgr.sys -- (avkmgr) DRV - [2011/01/12 23:15:08 | 000,121,192 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:WINDOWSsystem32driversssadbus.sys -- (ssadbus) DRV - [2010/06/17 18:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:WINDOWSsystem32driversssmdrv.sys -- (ssmdrv) DRV - [2009/05/07 18:25:14 | 001,735,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:WINDOWSsystem32driversBCMWL5.SYS -- (BCM43XX) DRV - [2009/03/30 15:47:00 | 001,550,891 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:WINDOWSsystem32driverssthda.sys -- (STHDA) DRV - [2009/03/19 13:55:06 | 000,113,664 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:WINDOWSsystem32driversAESTAud.sys -- (AESTAud) DRV - [2008/09/23 16:10:48 | 000,024,840 | ---- | M] () [Kernel | On_Demand | Running] -- C:WINDOWSsystem32driversswmsflt.sys -- (swmsflt) DRV - [2008/09/23 16:10:46 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driversPCASp50.sys -- (PCASp50) DRV - [2008/09/23 16:10:42 | 000,222,720 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:WINDOWSsystem32driversNWADIenum.sys -- (NWADI) DRV - [2008/09/23 16:10:42 | 000,174,336 | R--- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driversnwusbser2.sys -- (NWUSBPort2) DRV - [2008/09/23 16:10:42 | 000,174,336 | R--- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driversnwusbser.sys -- (NWUSBPort) DRV - [2008/09/23 16:10:42 | 000,174,336 | R--- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driversnwusbmdm.sys -- (NWUSBModem) DRV - [2008/09/23 16:10:42 | 000,020,480 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driversNwUsbCdFil.sys -- (NWUSBCDFIL) DRV - [2006/11/02 10:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:WINDOWSsystem32driverswinusb.sys -- (WinUSB) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM..SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM..SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM..SearchScopes{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM..SearchScopes{7C5AA3FF-F56B-4A27-B01C-9B34E46F084A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPNTDF IE - HKLM..SearchScopes{C1A2A748-9F61-42DA-A5A3-22D4089CE36D}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://www.yahoo.com/?ilc=17 IE - HKCU..SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU..SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU..SearchScopes{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU..SearchScopes{7C5AA3FF-F56B-4A27-B01C-9B34E46F084A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE - HKCU..SearchScopes{C1A2A748-9F61-42DA-A5A3-22D4089CE36D}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl IE - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Yahoo" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=685749&ilc=12" FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/" FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=685749&p=" FF - prefs.js..network.proxy.type: 0 FF - [email protected]/FlashPlayer: C:WINDOWSsystem32MacromedFlashNPSWF32_11_3_300_271.dll () FF - [email protected]/ShockwavePlayer: C:WINDOWSsystem32AdobeDirectornp32dsw.dll (Adobe Systems, Inc.) FF - [email protected]/GoogleEarthPlugin: C:Program FilesGoogleGoogle Earthpluginnpgeplugin.dll (Google) FF - [email protected]/DTPlugin,version=10.5.1: C:WINDOWSsystem32npDeployJava1.dll (Oracle Corporation) FF - [email protected]/JavaPlugin,version=10.5.1: C:Program FilesOracleJavaFX 2.1 Runtimebinplugin2npjp2.dll (Oracle Corporation) FF - [email protected]/NpCtrl,version=1.0: c:Program FilesMicrosoft Silverlight4.1.10329.0npctrl.dll ( Microsoft Corporation) FF - [email protected]/WPF,version=3.5: c:WINDOWSMicrosoft.NETFrameworkv3.5Windows Presentation FoundationNPWPF.dll (Microsoft Corporation) FF - [email protected]/Google Update;version=3: C:Program FilesGoogleUpdate1.3.21.115npGoogleUpdate3.dll (Google Inc.) FF - [email protected]/Google Update;version=9: C:Program FilesGoogleUpdate1.3.21.115npGoogleUpdate3.dll (Google Inc.) FF - [email protected]/VMP: C:Program FilesViewpointViewpoint Experience TechnologynpViewpoint.dll () FF - [email protected]/Google Update;version=3: C:Documents and SettingsSuziLocal SettingsApplication DataGoogleUpdate1.3.21.115npGoogleUpdate3.dll (Google Inc.) FF - [email protected]/Google Update;version=9: C:Documents and SettingsSuziLocal SettingsApplication DataGoogleUpdate1.3.21.115npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINEsoftwaremozillaMozilla Firefox 10.0.2extensionsComponents: C:Program FilesMozilla Firefoxcomponents [2012/02/25 12:56:20 | 000,000,000 | ---D | M] [2012/02/26 18:25:07 | 000,000,000 | ---D | M] (No name found) -- C:Documents and SettingsSuziApplication DataMozillaExtensions [2012/08/25 11:31:46 | 000,000,000 | ---D | M] (No name found) -- C:Documents and SettingsSuziApplication DataMozillaFirefoxProfiles03u3rlxy.defaultextensions [2012/08/25 11:31:46 | 000,000,000 | ---D | M] ("Software Assist") -- C:Documents and SettingsSuziApplication DataMo[email protected]crossrider.com [2012/04/29 19:28:06 | 000,000,000 | ---D | M] (No name found) -- C:Program FilesMozilla Firefoxextensions [2012/04/29 19:28:06 | 000,000,000 | ---D | M] (Java Console) -- C:Program FilesMozilla Firefoxextensions{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} [2012/02/16 09:40:42 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:Program Filesmozilla firefoxcomponentsbrowsercomps.dll [2012/02/16 05:42:53 | 000,002,252 | ---- | M] () -- C:Program Filesmozilla firefoxsearchpluginsbing.xml [2012/02/16 05:42:53 | 000,002,040 | ---- | M] () -- C:Program Filesmozilla firefoxsearchpluginstwitter.xml ========== Chrome ========== CHR - homepage: CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}, CHR - homepage: CHR - plugin: Shockwave Flash (Enabled) = C:Documents and SettingsSuziLocal SettingsApplication DataGoogleChromeApplication21.0.1180.60PepperFlashpepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:Documents and SettingsSuziLocal SettingsApplication DataGoogleChromeApplication21.0.1180.83gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:WINDOWSsystem32MacromedFlashNPSWF32_11_3_300_268.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:Documents and SettingsSuziLocal SettingsApplication DataGoogleChromeApplication21.0.1180.83ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:Documents and SettingsSuziLocal SettingsApplication DataGoogleChromeApplication21.0.1180.83pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:Program FilesAdobeReader 9.0ReaderBrowsernppdf32.dll CHR - plugin: Microsoftu00AE DRM (Enabled) = C:Program FilesWindows Media Playernpdrmv2.dll CHR - plugin: Microsoftu00AE DRM (Enabled) = C:Program FilesWindows Media Playernpwmsdrm.dll CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:Program FilesWindows Media Playernpdsplay.dll CHR - plugin: Google Update (Enabled) = C:Program FilesGoogleUpdate1.3.21.115npGoogleUpdate3.dll CHR - plugin: Google Earth Plugin (Enabled) = C:Program FilesGoogleGoogle Earthpluginnpgeplugin.dll CHR - plugin: Java Platform SE 7 U5 (Enabled) = C:Program FilesOracleJavaFX 2.1 Runtimebinplugin2npjp2.dll CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:WINDOWSsystem32npDeployJava1.dll CHR - plugin: MetaStream 3 Plugin (Enabled) = C:Program FilesViewpointViewpoint Experience TechnologynpViewpoint.dll CHR - plugin: Shockwave for Director (Enabled) = C:WINDOWSsystem32AdobeDirectornp32dsw.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:Program FilesMicrosoft Silverlight4.1.10329.0npctrl.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:WINDOWSMicrosoft.NETFrameworkv3.5Windows Presentation FoundationNPWPF.dll CHR - Extension: Bejeweled = C:Documents and SettingsSuziLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionsadpkifcfcacgmnggcbpbjbkdijciiigm2_1 CHR - Extension: YouTube = C:Documents and SettingsSuziLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionsblpcfgokakmgnkcojhhkbfbldkacnbeo4.2.5_0 CHR - Extension: SpeedDial = C:Documents and SettingsSuziLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionscjpglkicenollcignonpgiafdgfeehoj4.0_0 CHR - Extension: Google Search = C:Documents and SettingsSuziLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionscoobgpohoikkiipiblmjeljniedjpjpf0.0.0.19_0 CHR - Extension: Search by Image (by Google) = C:Documents and SettingsSuziLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionsdajedkncpodkggklbegccjpmnglmnflm1.1.1_1 CHR - Extension: Read Later Fast = C:Documents and SettingsSuziLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionsdecdfngdidijkdjgbknlnepdljfaepji1.5.2_0 CHR - Extension: Pandora = C:Documents and SettingsSuziLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionsfbangkleohkafngihneedemihgfeikcl1.0_0 CHR - Extension: Web Lab = C:Documents and SettingsSuziLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionsfgacgeibpdjllcjckbmgecpahipdjabe1.0_0 CHR - Extension: Quick Pinterest = C:Documents and SettingsSuziLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionskoknjbkknnhiigohiagkpaechjmplakb1.5.1_0 CHR - Extension: Picasa = C:Documents and SettingsSuziLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionsonlgmecjpnejhfeofkgbfgnmdlipdejb6.2.2_0 O1 HOSTS File: ([2008/04/15 07:00:00 | 000,000,734 | ---- | M]) - C:WINDOWSsystem32driversetchosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll (Skype Technologies S.A.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesOracleJavaFX 2.1 Runtimebinssv.dll (Oracle Corporation) O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:Program FilesMSNToolbar3.0.0559.0msneshellx.dll (Microsoft Corp.) O2 - BHO: (WeCareReminder Class) - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:Documents and SettingsAll UsersApplication DataWeCareReminderIEHelperv2.5.0.dll (We-Care.com) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program FilesOracleJavaFX 2.1 Runtimebinjp2ssv.dll (Oracle Corporation) O3 - HKLM..Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:Program FilesMSNToolbar3.0.0559.0msneshellx.dll (Microsoft Corp.) O3 - HKLM..Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU..ToolbarWebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found. O4 - HKLM..Run: [AESTFltr] C:WINDOWSSystem32AESTFltr.exe (Andrea Electronics Corporation) O4 - HKLM..Run: [avgnt] C:Program FilesAviraAntiVir Desktopavgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..Run: [Everything] C:Program FilesEverythingEverything.exe () O4 - HKLM..Run: [HP BTW Detect Program] C:Program FilesHPHPBTWD.exe () O4 - HKLM..Run: [HP Mobile Broadband] c:SWsetupHPQWWANHPMobileBroadband.exe (Hewlett-Packard Company) O4 - HKLM..Run: [sysTrayApp] C:Program FilesIDTWDMsttray.exe (IDT, Inc.) O4 - Startup: C:Documents and SettingsSuziStart MenuProgramsStartupPdaNet Desktop.lnk = C:Program FilesPdaNet for AndroidPdaNetPC.exe () O6 - HKLMSoftwarePoliciesMicrosoftInternet ExplorerInfodelivery present O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: HonorAutoRunSetting = 1 O7 - HKCUSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll (Skype Technologies S.A.) O15 - HKCU..Trusted Domains: facebook.com ([www] https in Trusted sites) O15 - HKCU..Trusted Domains: yahoo.com ([login] https in Trusted sites) O16 - DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} http://utilities.pcpitstop.com/Exterminate2/pcpitstopAntiVirus.dll (PCPitstop AntiVirus) O17 - HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 8.8.8.8 O17 - HKLMSystemCCSServicesTcpipParametersInterfaces{62745325-20C1-4F0C-A6BD-2AC3CD7BA611}: DhcpNameServer = 8.8.8.8 O18 - ProtocolHandlerskype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:Program FilesCommon FilesSkypeSkype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:WINDOWSexplorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:WINDOWSsystem32userinit.exe) - C:WINDOWSsystem32userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:Documents and SettingsSuziLocal SettingsApplication DataMicrosoftWallpaper1.bmp O24 - Desktop BackupWallPaper: C:Documents and SettingsSuziLocal SettingsApplication DataMicrosoftWallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM..comfile [open] -- "%1" %* O35 - HKLM..exefile [open] -- "%1" %* O37 - HKLM...com [@ = comfile] -- "%1" %* O37 - HKLM...exe [@ = exefile] -- "%1" %* O38 - SubSystemsWindows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystemsWindows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012/08/25 23:08:41 | 000,000,000 | ---D | C] -- C:_OTL [2012/08/25 22:59:47 | 000,598,016 | ---- | C] (OldTimer Tools) -- C:Documents and SettingsSuziDesktopOTL.exe [2012/08/25 17:38:03 | 000,000,000 | ---D | C] -- C:Hijackthis [2012/08/25 17:22:51 | 000,000,000 | R--D | C] -- C:Documents and SettingsAll UsersDocumentsMy Videos [2012/08/25 17:21:55 | 000,607,260 | R--- | C] (Swearware) -- C:Documents and SettingsSuziMy Documentsdds.com [2012/08/25 17:12:39 | 000,000,000 | ---D | C] -- C:Documents and SettingsSuziDesktopDDS [2012/08/25 12:39:00 | 000,000,000 | ---D | C] -- C:Documents and SettingsSuziDesktopLogs [2012/08/24 09:00:16 | 001,483,696 | ---- | C] (PC Pitstop LLC ) -- C:Documents and SettingsSuziMy Documentspcmatic-setup-0008.exe [2012/08/24 08:41:03 | 000,000,000 | ---D | C] -- C:Documents and SettingsAll UsersApplication DataPCPitstop [2012/08/24 08:39:48 | 000,000,000 | ---D | C] -- C:Documents and SettingsAll UsersStart MenuProgramsPC Pitstop [2012/08/24 08:39:46 | 000,000,000 | ---D | C] -- C:Program FilesPCPitstop [2012/08/24 08:36:35 | 002,103,688 | ---- | C] (PC Pitstop LLC ) -- C:Documents and SettingsSuziMy Documentsexterminate2-setup-0004.exe [2012/08/24 05:36:23 | 016,476,616 | ---- | C] (Microsoft Corporation) -- C:Documents and SettingsSuziMy DocumentsWindows-KB890830-V4.11.exe [2012/08/23 07:02:31 | 000,000,000 | ---D | C] -- C:Documents and SettingsSuziDesktopEDITED [2012/08/23 07:01:27 | 000,000,000 | ---D | C] -- C:Documents and SettingsSuziLocal SettingsApplication DataPaint.NET [2012/08/23 06:59:59 | 000,000,000 | ---D | C] -- C:Documents and SettingsSuziLocal SettingsApplication DataFreeEditorEditTemp [2012/08/23 06:50:08 | 000,000,000 | ---D | C] -- C:Program FilesK-Lite Codec Pack [2012/08/23 06:49:58 | 000,000,000 | ---D | C] -- C:Documents and SettingsAll UsersStart MenuProgramsFree Editor [2012/08/23 06:49:42 | 000,000,000 | ---D | C] -- C:Program FilesFree Editor [2012/08/23 06:22:07 | 000,000,000 | ---D | C] -- C:Documents and SettingsSuziLocal SettingsApplication DataSoftware Assist [2012/08/23 06:22:02 | 000,000,000 | ---D | C] -- C:Program FilesSoftware Assist [2012/08/21 08:36:46 | 000,000,000 | ---D | C] -- C:Documents and SettingsSuziDesktopfb [2012/08/19 20:09:47 | 000,000,000 | ---D | C] -- C:Documents and SettingsSuziDesktopyou tube catches [2012/08/19 20:09:35 | 000,000,000 | ---D | C] -- C:Documents and SettingsSuziMy DocumentsNew Folder [2012/08/19 20:07:53 | 000,000,000 | ---D | C] -- C:Documents and SettingsAll UsersApplication DataYTD Video Downloader [2012/08/19 20:07:44 | 000,000,000 | ---D | C] -- C:Documents and SettingsAll UsersStart MenuProgramsYTD Video Downloader [2012/08/19 20:07:41 | 000,000,000 | ---D | C] -- C:Program FilesGreenTree Applications [2012/08/19 19:16:59 | 000,000,000 | ---D | C] -- C:Documents and SettingsSuziApplication Datavlc [2012/08/19 19:15:18 | 000,000,000 | ---D | C] -- C:Program FilesVideoLAN [2012/08/19 18:59:04 | 000,000,000 | ---D | C] -- C:Documents and SettingsAll UsersApplication DataWeCareReminder [2012/08/19 18:55:33 | 000,000,000 | ---D | C] -- C:Documents and SettingsAll UsersApplication DataTarma Installer [2012/08/19 18:51:45 | 000,000,000 | R--D | C] -- C:Documents and SettingsSuziStart MenuProgramsAdministrative Tools [2012/08/19 18:51:44 | 000,000,000 | R--D | C] -- C:Documents and SettingsSuziMy DocumentsMy Videos [2012/08/19 09:52:26 | 000,000,000 | ---D | C] -- C:Documents and SettingsAll UsersStart MenuProgramsTweaks [2012/08/19 09:52:24 | 000,000,000 | ---D | C] -- C:Program FilesTweaks [2012/08/16 19:32:22 | 000,000,000 | ---D | C] -- C:Documents and SettingsAll UsersApplication Datafirebird [2012/08/16 19:30:37 | 000,000,000 | ---D | C] -- C:Documents and SettingsSuziMy DocumentsMy Chrysanth [2012/08/16 19:30:37 | 000,000,000 | ---D | C] -- C:Documents and SettingsSuziApplication DataChrysanth [2012/08/16 19:30:19 | 000,000,000 | ---D | C] -- C:Program FilesChrysanth [2012/08/16 19:08:52 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:WINDOWSSetup1.exe [2012/08/16 19:08:51 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:WINDOWSST6UNST.EXE [2012/08/16 18:52:29 | 000,000,000 | ---D | C] -- C:myDiary [2012/08/07 09:25:17 | 000,000,000 | ---D | C] -- C:Documents and SettingsSuziLocal SettingsApplication DataSun [2012/08/01 23:39:25 | 000,000,000 | ---D | C] -- C:Documents and SettingsSuziStart MenuProgramsGoogle Chrome [2012/08/01 23:14:06 | 000,000,000 | ---D | C] -- C:Documents and SettingsSuziLocal SettingsApplication DataGoogle [2012/08/01 23:12:31 | 000,000,000 | ---D | C] -- C:Documents and SettingsSuziLocal SettingsApplication DataDeployment [2012/08/01 08:37:25 | 000,000,000 | ---D | C] -- C:Program FilesCommon FilesJava [2012/08/01 08:36:41 | 000,000,000 | ---D | C] -- C:Program FilesOracle [2012/08/01 08:36:32 | 000,000,000 | ---D | C] -- C:Documents and SettingsSuziApplication DataOracle [2012/08/01 08:36:27 | 000,227,760 | ---- | C] (Oracle Corporation) -- C:WINDOWSSystem32javaws.exe [2012/08/01 08:36:19 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:WINDOWSSystem32javaw.exe [2012/08/01 08:36:19 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:WINDOWSSystem32java.exe [2012/08/01 08:35:34 | 000,000,000 | ---D | C] -- C:Documents and SettingsAll UsersApplication DataMcAfee [2012/07/30 06:37:29 | 000,000,000 | ---D | C] -- C:Documents and SettingsSuziApplication DataTemplate [48 C:WINDOWSSystem32*.tmp files -> C:WINDOWSSystem32*.tmp -> ] [21 C:WINDOWSSystem32dllcache*.tmp files -> C:WINDOWSSystem32dllcache*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/08/25 23:19:00 | 000,000,974 | ---- | M] () -- C:WINDOWStasksGoogleUpdateTaskUserS-1-5-21-3722816078-4193266709-504252426-1008UA.job [2012/08/25 23:15:16 | 000,000,830 | ---- | M] () -- C:WINDOWStasksAdobe Flash Player Updater.job [2012/08/25 23:00:29 | 000,598,016 | ---- | M] (OldTimer Tools) -- C:Documents and SettingsSuziDesktopOTL.exe [2012/08/25 22:55:46 | 000,442,140 | ---- | M] () -- C:WINDOWSSystem32perfh009.dat [2012/08/25 22:55:46 | 000,071,910 | ---- | M] () -- C:WINDOWSSystem32perfc009.dat [2012/08/25 22:51:41 | 000,000,880 | ---- | M] () -- C:WINDOWStasksGoogleUpdateTaskMachineCore.job [2012/08/25 22:51:41 | 000,000,416 | ---- | M] () -- C:WINDOWStasksPCConfidential.job [2012/08/25 22:51:22 | 000,002,048 | --S- | M] () -- C:WINDOWSbootstat.dat [2012/08/25 22:51:17 | 1064,620,032 | -HS- | M] () -- C:hiberfil.sys [2012/08/25 17:30:00 | 000,000,884 | ---- | M] () -- C:WINDOWStasksGoogleUpdateTaskMachineUA.job [2012/08/25 17:29:05 | 000,000,974 | ---- | M] () -- C:WINDOWStasksGoogleUpdateTaskUserS-1-5-21-3722816078-4193266709-504252426-1009UA.job [2012/08/25 17:22:19 | 000,607,260 | R--- | M] (Swearware) -- C:Documents and SettingsSuziMy Documentsdds.com [2012/08/25 13:43:41 | 000,001,821 | ---- | M] () -- C:Documents and SettingsSuziDesktopAvira Free Antivirus Profile Scan for Rootkits and active malware.LNK [2012/08/25 12:19:00 | 000,000,922 | ---- | M] () -- C:WINDOWStasksGoogleUpdateTaskUserS-1-5-21-3722816078-4193266709-504252426-1008Core.job [2012/08/24 23:22:33 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:WINDOWSSystem32FlashPlayerApp.exe [2012/08/24 23:22:32 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:WINDOWSSystem32FlashPlayerCPLApp.cpl [2012/08/24 09:01:30 | 001,483,696 | ---- | M] (PC Pitstop LLC ) -- C:Documents and SettingsSuziMy Documentspcmatic-setup-0008.exe [2012/08/24 08:39:48 | 000,001,778 | ---- | M] () -- C:Documents and SettingsSuziDesktopPC Pitstop Exterminate2.lnk [2012/08/24 08:37:13 | 002,103,688 | ---- | M] (PC Pitstop LLC ) -- C:Documents and SettingsSuziMy Documentsexterminate2-setup-0004.exe [2012/08/24 05:41:39 | 016,476,616 | ---- | M] (Microsoft Corporation) -- C:Documents and SettingsSuziMy DocumentsWindows-KB890830-V4.11.exe [2012/08/23 06:49:58 | 000,000,713 | ---- | M] () -- C:Documents and SettingsAll UsersDesktopFree Editor.lnk [2012/08/23 06:15:19 | 000,001,729 | ---- | M] () -- C:Documents and SettingsAll UsersDesktopAdobe Reader 9.lnk [2012/08/23 05:51:08 | 000,011,527 | ---- | M] () -- C:Documents and SettingsSuziDesktopMeditation - pg 86, 87 & 88.pdf [2012/08/22 22:03:53 | 001,127,948 | ---- | M] () -- C:Documents and SettingsSuziDesktopIMG_20120822_144841.JPG [2012/08/22 06:34:37 | 000,002,277 | ---- | M] () -- C:Documents and SettingsSuziDesktopGoogle Chrome.lnk [2012/08/22 06:34:37 | 000,002,255 | ---- | M] () -- C:Documents and SettingsSuziApplication DataMicrosoftInternet ExplorerQuick LaunchGoogle Chrome.lnk [2012/08/20 08:33:01 | 018,563,935 | ---- | M] () -- C:Documents and SettingsSuziMy DocumentsVOICE OF TRUTH with lyrics.flv [2012/08/20 08:27:27 | 020,447,678 | ---- | M] () -- C:Documents and SettingsSuziMy DocumentsEast To West - Casting Crowns (Music Video With Lyrics).flv [2012/08/20 08:19:29 | 017,103,276 | ---- | M] () -- C:Documents and SettingsSuziMy DocumentsCasting Crowns - Who am I (LIVE) - With Lyrics_Subtitles.flv [2012/08/20 08:10:33 | 010,008,445 | ---- | M] () -- C:Documents and SettingsSuziMy DocumentsHere I am to Worship.flv [2012/08/20 08:06:17 | 007,926,943 | ---- | M] () -- C:Documents and SettingsSuziMy DocumentsLord I Lift Your Name On High (worship video w_ lyrics).flv [2012/08/20 07:59:44 | 016,571,908 | ---- | M] () -- C:Documents and SettingsSuziMy DocumentsDays Of Elijah-Worship songs With Lyrics.mp4 [2012/08/20 07:53:12 | 019,300,285 | ---- | M] () -- C:Documents and SettingsSuziMy DocumentsGrace Like rain Todd Agnew Lyrics.flv [2012/08/20 07:46:45 | 033,797,195 | ---- | M] () -- C:Documents and SettingsSuziMy Documentsbetter is one day - matt redman ( christian song _ with lyrics ).flv [2012/08/19 20:29:00 | 000,000,922 | ---- | M] () -- C:WINDOWStasksGoogleUpdateTaskUserS-1-5-21-3722816078-4193266709-504252426-1009Core.job [2012/08/19 20:22:54 | 005,933,600 | ---- | M] () -- C:Documents and SettingsSuziMy DocumentsPraise and Worship Songs with Lyrics Shout to the Lord.flv [2012/08/19 20:07:44 | 000,000,942 | ---- | M] () -- C:Documents and SettingsAll UsersDesktopYTD Video Downloader.lnk [2012/08/19 18:59:08 | 000,033,958 | ---- | M] () -- C:Documents and SettingsAll UsersApplication Datauninstaller.exe [2012/08/19 18:54:19 | 000,384,844 | ---- | M] () -- C:Documents and SettingsSuziLocal SettingsApplication Datafunmoods-speeddial.crx [2012/08/19 10:07:57 | 000,000,687 | ---- | M] () -- C:Documents and SettingsSuziDesktopEfficient Diary.lnk [2012/08/19 09:52:26 | 000,000,842 | ---- | M] () -- C:Documents and SettingsAll UsersDesktopFile Extractor.lnk [2012/08/17 06:48:21 | 000,243,128 | ---- | M] () -- C:WINDOWSSystem32FNTCACHE.DAT [2012/08/16 19:08:53 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:WINDOWSSetup1.exe [2012/08/16 19:08:51 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:WINDOWSST6UNST.EXE [2012/08/15 16:07:08 | 000,001,158 | ---- | M] () -- C:WINDOWSSystem32wpa.dbl [2012/08/11 23:37:51 | 000,002,257 | ---- | M] () -- C:Documents and SettingsAll UsersDesktopSkype.lnk [2012/08/07 13:49:20 | 004,608,000 | ---- | M] () -- C:Documents and SettingsAll UsersApplication DataReadOnlyInstaller.msi [2012/08/01 09:40:02 | 000,000,270 | ---- | M] () -- C:Documents and SettingsSuziApplication Datawklnhst.dat [2012/08/01 08:36:02 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:WINDOWSSystem32javaw.exe [2012/08/01 08:36:02 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:WINDOWSSystem32java.exe [2012/07/29 14:18:15 | 000,016,714 | ---- | M] () -- C:Documents and SettingsSuziMy Documentsfacebook_-755996876.jpg [48 C:WINDOWSSystem32*.tmp files -> C:WINDOWSSystem32*.tmp -> ] [21 C:WINDOWSSystem32dllcache*.tmp files -> C:WINDOWSSystem32dllcache*.tmp -> ] ========== Files Created - No Company Name ========== [2012/08/25 13:43:41 | 000,001,821 | ---- | C] () -- C:Documents and SettingsSuziDesktopAvira Free Antivirus Profile Scan for Rootkits and active malware.LNK [2012/08/24 08:39:48 | 000,001,778 | ---- | C] () -- C:Documents and SettingsSuziDesktopPC Pitstop Exterminate2.lnk [2012/08/23 06:50:15 | 000,175,616 | ---- | C] () -- C:WINDOWSSystem32unrar.dll [2012/08/23 06:49:58 | 000,000,713 | ---- | C] () -- C:Documents and SettingsAll UsersDesktopFree Editor.lnk [2012/08/23 06:15:19 | 000,001,804 | ---- | C] () -- C:Documents and SettingsAll UsersStart MenuProgramsAdobe Reader 9.lnk [2012/08/23 06:15:19 | 000,001,729 | ---- | C] () -- C:Documents and SettingsAll UsersDesktopAdobe Reader 9.lnk [2012/08/23 05:51:49 | 000,011,527 | ---- | C] () -- C:Documents and SettingsSuziDesktopMeditation - pg 86, 87 & 88.pdf [2012/08/22 22:03:52 | 001,127,948 | ---- | C] () -- C:Documents and SettingsSuziDesktopIMG_20120822_144841.JPG [2012/08/20 08:28:58 | 018,563,935 | ---- | C] () -- C:Documents and SettingsSuziMy DocumentsVOICE OF TRUTH with lyrics.flv [2012/08/20 08:23:54 | 020,447,678 | ---- | C] () -- C:Documents and SettingsSuziMy DocumentsEast To West - Casting Crowns (Music Video With Lyrics).flv [2012/08/20 08:15:29 | 017,103,276 | ---- | C] () -- C:Documents and SettingsSuziMy DocumentsCasting Crowns - Who am I (LIVE) - With Lyrics_Subtitles.flv [2012/08/20 08:06:58 | 010,008,445 | ---- | C] () -- C:Documents and SettingsSuziMy DocumentsHere I am to Worship.flv [2012/08/20 08:03:31 | 007,926,943 | ---- | C] () -- C:Documents and SettingsSuziMy DocumentsLord I Lift Your Name On High (worship video w_ lyrics).flv [2012/08/20 07:56:25 | 016,571,908 | ---- | C] () -- C:Documents and SettingsSuziMy DocumentsDays Of Elijah-Worship songs With Lyrics.mp4 [2012/08/20 07:49:06 | 019,300,285 | ---- | C] () -- C:Documents and SettingsSuziMy DocumentsGrace Like rain Todd Agnew Lyrics.flv [2012/08/20 07:37:53 | 033,797,195 | ---- | C] () -- C:Documents and SettingsSuziMy Documentsbetter is one day - matt redman ( christian song _ with lyrics ).flv [2012/08/19 20:14:02 | 005,933,600 | ---- | C] () -- C:Documents and SettingsSuziMy DocumentsPraise and Worship Songs with Lyrics Shout to the Lord.flv [2012/08/19 20:07:44 | 000,000,942 | ---- | C] () -- C:Documents and SettingsAll UsersDesktopYTD Video Downloader.lnk [2012/08/19 18:59:08 | 000,033,958 | ---- | C] () -- C:Documents and SettingsAll UsersApplication Datauninstaller.exe [2012/08/19 18:54:26 | 000,384,844 | ---- | C] () -- C:Documents and SettingsSuziLocal SettingsApplication Datafunmoods-speeddial.crx [2012/08/19 10:07:57 | 000,000,687 | ---- | C] () -- C:Documents and SettingsSuziDesktopEfficient Diary.lnk [2012/08/19 09:52:26 | 000,000,842 | ---- | C] () -- C:Documents and SettingsAll UsersDesktopFile Extractor.lnk [2012/08/07 13:49:20 | 004,608,000 | ---- | C] () -- C:Documents and SettingsAll UsersApplication DataReadOnlyInstaller.msi [2012/08/01 23:39:30 | 000,002,277 | ---- | C] () -- C:Documents and SettingsSuziDesktopGoogle Chrome.lnk [2012/08/01 23:39:30 | 000,002,255 | ---- | C] () -- C:Documents and SettingsSuziApplication DataMicrosoftInternet ExplorerQuick LaunchGoogle Chrome.lnk [2012/08/01 23:14:08 | 000,000,974 | ---- | C] () -- C:WINDOWStasksGoogleUpdateTaskUserS-1-5-21-3722816078-4193266709-504252426-1009UA.job [2012/08/01 23:14:08 | 000,000,922 | ---- | C] () -- C:WINDOWStasksGoogleUpdateTaskUserS-1-5-21-3722816078-4193266709-504252426-1009Core.job [2012/07/30 06:37:28 | 000,000,270 | ---- | C] () -- C:Documents and SettingsSuziApplication Datawklnhst.dat [2012/07/29 14:18:48 | 000,016,714 | ---- | C] () -- C:Documents and SettingsSuziMy Documentsfacebook_-755996876.jpg [2012/03/03 17:59:46 | 000,000,253 | ---- | C] () -- C:WINDOWSWININIT.INI [2012/02/25 11:58:54 | 000,003,072 | ---- | C] () -- C:WINDOWSSystem32iacenc.dll ========== LOP Check ========== [2012/08/19 09:13:50 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication Datafirebird [2012/03/03 15:07:35 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataIObit [2012/08/24 08:41:03 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataPCPitstop [2012/01/26 13:19:36 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataSprint [2012/08/23 06:22:13 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataTarma Installer [2009/05/07 18:33:03 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataUninstall [2009/05/07 18:36:13 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataViewpoint [2012/08/19 18:59:05 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataWeCareReminder [2009/10/18 13:51:25 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataWinferno [2012/08/21 07:20:09 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataYTD Video Downloader [2012/08/16 19:30:37 | 000,000,000 | ---D | M] -- C:Documents and SettingsSuziApplication DataChrysanth [2012/07/14 00:17:28 | 000,000,000 | ---D | M] -- C:Documents and SettingsSuziApplication DataElevatedDiagnostics [2012/04/29 09:21:40 | 000,000,000 | ---D | M] -- C:Documents and SettingsSuziApplication DataiComment [2012/08/21 09:59:25 | 000,000,000 | ---D | M] -- C:Documents and SettingsSuziApplication DataIObit [2012/08/01 08:36:32 | 000,000,000 | ---D | M] -- C:Documents and SettingsSuziApplication DataOracle [2012/07/30 06:37:30 | 000,000,000 | ---D | M] -- C:Documents and SettingsSuziApplication DataTemplate [2012/08/25 22:51:41 | 000,000,416 | ---- | M] () -- C:WINDOWSTasksPCConfidential.job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%*.* > [2009/06/18 03:34:06 | 000,000,211 | -HS- | M] () -- C:boot.ini [2012/07/13 23:04:37 | 000,001,971 | ---- | M] () -- C:hdd.log [2012/08/25 22:51:17 | 1064,620,032 | -HS- | M] () -- C:hiberfil.sys [2009/05/07 18:36:15 | 000,000,442 | -H-- | M] () -- C:IPH.PH [2008/04/15 07:00:00 | 000,047,564 | RHS- | M] () -- C:ntdetect.com [2008/04/15 07:00:00 | 000,250,048 | RHS- | M] () -- C:ntldr [2012/08/25 22:51:14 | 1598,029,824 | -HS- | M] () -- C:pagefile.sys < %systemroot%Fonts*.com > [2006/04/18 17:39:28 | 000,026,040 | ---- | M] () -- C:WINDOWSFontsGlobalMonospace.CompositeFont [2006/06/29 16:53:56 | 000,026,489 | ---- | M] () -- C:WINDOWSFontsGlobalSansSerif.CompositeFont [2006/04/18 17:39:28 | 000,029,779 | ---- | M] () -- C:WINDOWSFontsGlobalSerif.CompositeFont [2006/06/29 16:58:52 | 000,030,808 | ---- | M] () -- C:WINDOWSFontsGlobalUserInterface.CompositeFont < %systemroot%Fonts*.dll > < %systemroot%Fonts*.ini > [2008/06/24 20:12:00 | 000,000,067 | -HS- | M] () -- C:WINDOWSFontsdesktop.ini < %systemroot%Fonts*.ini2 > < %systemroot%Fonts*.exe > < %systemroot%system32spoolprtprocsw32x86*.* > [2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:WINDOWSsystem32spoolprtprocsw32x86filterpipelineprintproc.dll [2006/10/26 21:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:WINDOWSsystem32spoolprtprocsw32x86msonpppr.dll [2008/07/06 05:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:WINDOWSsystem32spoolprtprocsw32x86printfilterpipelinesvc.exe < %systemroot%REPAIR*.bak1 > < %systemroot%REPAIR*.ini > < %systemroot%system32*.jpg > < %systemroot%*.jpg > < %systemroot%*.png > < %systemroot%*.scr > < %systemroot%*._sy > < %APPDATA%AdobeUpdate*.* > < %ALLUSERSPROFILE%Favorites*.* > < %APPDATA%Microsoft*.* > < %PROGRAMFILES%*.* > < %APPDATA%Update*.* > < %systemroot%*. /mp /s > < %systemroot%System32config*.sav > [2008/06/24 13:05:34 | 000,094,208 | ---- | M] () -- C:WINDOWSSystem32configdefault.sav [2008/06/24 13:05:34 | 001,064,960 | ---- | M] () -- C:WINDOWSSystem32configsoftware.sav [2008/06/24 13:05:32 | 000,905,216 | ---- | M] () -- C:WINDOWSSystem32configsystem.sav < %PROGRAMFILES%bak. /s > < %systemroot%system32bak. /s > < %ALLUSERSPROFILE%Start Menu*.lnk /x > [2008/06/24 20:12:32 | 000,000,294 | -HS- | M] () -- C:Documents and SettingsAll UsersStart Menudesktop.ini < %systemroot%system32configsystemprofile*.dat /x > < %systemroot%*.config > < %systemroot%system32*.db > < %PROGRAMFILES%Internet Explorer*.dat > < %APPDATA%MicrosoftInternet ExplorerQuick Launch*.lnk /x > [2012/02/25 16:23:49 | 000,000,060 | -HS- | M] () -- C:Documents and SettingsSuziApplication DataMicrosoftInternet ExplorerQuick Launchdesktop.ini [2008/06/24 20:17:08 | 000,000,079 | ---- | M] () -- C:Documents and SettingsSuziApplication DataMicrosoftInternet ExplorerQuick LaunchShow Desktop.scf < %USERPROFILE%Desktop*.exe > [2012/08/25 23:00:29 | 000,598,016 | ---- | M] (OldTimer Tools) -- C:Documents and SettingsSuziDesktopOTL.exe < %PROGRAMFILES%Common Files*.* > < %systemroot%*.src > < %systemroot%install*.* > < %systemroot%system32DLL*.* > < %systemroot%system32HelpFiles*.* > < %systemroot%system32rundll*.* > < %systemroot%winn32*.* > < %systemroot%Java*.* > < %systemroot%system32test*.* > < %systemroot%system32Rundll32*.* > < %systemroot%AppPatchCustom*.* > [2011/12/19 03:04:46 | 000,000,698 | ---- | M] () -- C:WINDOWSAppPatchCustom{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb < HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsWindowsUpdateAU > < HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionWindowsUpdateAuto UpdateResultsInstall|LastSuccessTime /rs > HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionWindowsUpdateAuto UpdateResultsInstallLastSuccessTime: 2012-08-17 11:38:53 < End of report > Again thank you so much for your help!
  6. Thank you so much for your help! Here is the Extras Log: OTL Extras logfile created on: 8/25/2012 11:18:14 PM - Run 1 OTL by OldTimer - Version 3.2.59.0 Folder = C:Documents and SettingsSuziDesktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1015.23 Mb Total Physical Memory | 619.18 Mb Available Physical Memory | 60.99% Memory free 2.39 Gb Paging File | 2.01 Gb Available in Paging File | 84.25% Paging File free Paging file location(s): C:pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:WINDOWS | %ProgramFiles% = C:Program Files Drive C: | 149.04 Gb Total Space | 130.93 Gb Free Space | 87.85% Space Free | Partition Type: NTFS Computer Name: PC279151865318 | User Name: Suzi | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINESOFTWAREClasses<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .html [@ = FirefoxHTML] -- C:Program FilesMozilla Firefoxfirefox.exe (Mozilla Corporation) [HKEY_CURRENT_USERSOFTWAREClasses<extension>] .html [@ = ChromeHTML.2GYDN7B64J6JRI6FRS2WBYTBAI] -- C:Documents and SettingsSuziLocal SettingsApplication DataGoogleChromeApplicationchrome.exe (Google Inc.) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINESOFTWAREClasses<key>shell[command]command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* http [open] -- "C:Program FilesMozilla Firefoxfirefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) https [open] -- "C:Program FilesMozilla Firefoxfirefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%system32rundll32.exe %SystemRoot%system32shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoring] [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringAhnlabAntiVirus] [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringKasperskyAntiVirus] [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringMcAfeeAntiVirus] [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringMcAfeeFirewall] [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringPandaAntiVirus] [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringPandaFirewall] [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringSophosAntiVirus] [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringSymantecAntiVirus] [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringSymantecFirewall] [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringTinyFirewall] [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringTrendAntiVirus] [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringTrendFirewall] [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionSystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSr] "Start" = 0 [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyDomainProfile] [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfileGloballyOpenPortsList] "5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management "80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In) ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyDomainProfileAuthorizedApplicationsList] [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfileAuthorizedApplicationsList] "C:Program FilesTeamViewerVersion7TeamViewer.exe" = C:Program FilesTeamViewerVersion7TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH) "C:Program FilesTeamViewerVersion7TeamViewer_Service.exe" = C:Program FilesTeamViewerVersion7TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH) "C:Program FilesMalwarebytes' Anti-Malwarembam.exe" = C:Program FilesMalwarebytes' Anti-Malwarembam.exe:*:Enabled:Malwarebytes Anti-Malware -- (Malwarebytes Corporation) "C:Program FilesAviraAntiVir Desktopavcenter.exe" = C:Program FilesAviraAntiVir Desktopavcenter.exe:*:Enabled:Start Avira Free Antivirus -- (Avira Operations GmbH & Co. KG) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstall] "{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1 "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works "{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YTD Video Downloader 3.9 "{1BF14E04-85DE-480C-9A04-EB36744C66B4}_is1" = Free Editor "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java 6 Update 32 "{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java 7 Update 5 "{286D2FF4-8AED-4147-B79D-A81874CCA7E4}" = Microsoft Live Search Toolbar "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant "{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CCC7F68-A437-4559-A840-F5E010934951}" = HP Driver Diagnostics "{4F2AF17E-94F0-4F22-943D-216CE46AC502}" = HP Mobile Broadband Setup Utility "{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8 "{69DAC00A-7665-4E9B-B441-093D40736429}" = HP BatteryCheck 2.10 A2 "{6FABA483-0BAD-4EFA-9B1C-599CC4F6677D}" = HP User Guides 0139 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12 "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{909B62B0-8ACA-4061-A83B-09CAEF609619}" = MSXML 6.0 Parser "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP) "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support "{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2 "{AE469025-08BA-4B2A-915D-CC7765132419}" = Default Manager "{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger "{B618B8E1-FB71-4237-8361-C3EA3EF15EF7}" = ASPCA Reminder by We-Care.com v4.1.18.1 "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp "{DF802C05-4660-418c-970C-B988ADB1D316}" = Microsoft Live Search Toolbar "{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio "{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Avira AntiVir Desktop" = Avira Free Antivirus "Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter "Everything" = Everything 1.2.1.371 "HDMI" = Intel® Graphics Media Accelerator Driver "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "ie8" = Windows Internet Explorer 8 "KLiteCodecPack_is1" = K-Lite Codec Pack 8.7.0 (Standard) "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300 "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox 10.0.2 (x86 en-US)" = Mozilla Firefox 10.0.2 (x86 en-US) "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "MSNINST" = MSN "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "PC Pitstop Exterminate2_is1" = PC Pitstop Exterminate2 2.0 "PdaNet_is1" = PdaNet for Android 3.25 "Software Assist" = Software Assist "SynTPDeinstKey" = Synaptics Pointing Device Driver "TeamViewer 7" = TeamViewer 7 "Tweaks File Extractor" = File Extractor "ViewpointMediaPlayer" = Viewpoint Media Player "Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "WinLiveSuite_Wave3" = Windows Live Essentials "winusb0100" = Microsoft WinUsb 1.0 "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionUninstall] "Google Chrome" = Google Chrome ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 3/3/2012 12:25:57 PM | Computer Name = PC279151865318 | Source = RstIdle | ID = 0 Description = Error - 3/3/2012 12:30:38 PM | Computer Name = PC279151865318 | Source = RstMgr | ID = 0 Description = Error - 3/3/2012 12:30:38 PM | Computer Name = PC279151865318 | Source = RstIdle | ID = 0 Description = Error - 5/19/2012 1:00:02 AM | Computer Name = PC279151865318 | Source = crypt32 | ID = 131083 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. Error - 5/19/2012 1:00:02 AM | Computer Name = PC279151865318 | Source = crypt32 | ID = 131083 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. Error - 5/19/2012 1:00:35 AM | Computer Name = PC279151865318 | Source = crypt32 | ID = 131075 Description = Failed auto update retrieval of third-party root list cab from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: This operation returned because the timeout period expired. Error - 5/30/2012 6:05:56 PM | Computer Name = PC279151865318 | Source = Application Error | ID = 1000 Description = Faulting application iexplore.exe, version 7.0.6000.17109, faulting module icomment.dll, version 2.0.2.0, fault address 0x0004ccf2. Error - 7/14/2012 1:12:44 AM | Computer Name = PC279151865318 | Source = Application Error | ID = 1000 Description = Faulting application msimn.exe, version 6.0.2900.5512, faulting module msoe.dll, version 6.0.2900.5931, fault address 0x0001c235. Error - 8/16/2012 8:12:44 PM | Computer Name = PC279151865318 | Source = Application Error | ID = 1000 Description = Faulting application journal.exe, version 2.0.0.0, faulting module msvbvm60.dll, version 6.0.98.2, fault address 0x000b4374. Error - 8/18/2012 8:57:34 PM | Computer Name = PC279151865318 | Source = Application Error | ID = 1000 Description = Faulting application pdanetpc.exe, version 0.0.0.0, faulting module pdanetpc.exe, version 0.0.0.0, fault address 0x00025f58. [ OSession Events ] Error - 9/23/2009 6:41:51 PM | Computer Name = PC279151865318 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 640 seconds with 120 seconds of active time. This session ended with a crash. Error - 6/9/2010 12:15:31 AM | Computer Name = PC279151865318 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6524.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 118 seconds with 60 seconds of active time. This session ended with a crash. [ System Events ] Error - 8/23/2012 10:18:45 PM | Computer Name = PC279151865318 | Source = DCOM | ID = 10010 Description = The server {4EB61BAC-A3B6-4760-9581-655041EF4D69} did not register with DCOM within the required timeout. Error - 8/23/2012 10:18:51 PM | Computer Name = PC279151865318 | Source = DCOM | ID = 10005 Description = DCOM got error "%1053" attempting to start the service hpqwmiex with arguments "" in order to run the server: {F5539356-2F02-40D4-999E-FA61F45FE12E} Error - 8/23/2012 10:18:51 PM | Computer Name = PC279151865318 | Source = Service Control Manager | ID = 7009 Description = Timeout (30000 milliseconds) waiting for the hpqwmiex service to connect. Error - 8/23/2012 10:18:51 PM | Computer Name = PC279151865318 | Source = Service Control Manager | ID = 7000 Description = The hpqwmiex service failed to start due to the following error: %%1053 Error - 8/24/2012 5:58:56 AM | Computer Name = PC279151865318 | Source = ACPI | ID = 262187 Description = The system sleep operation failed Error - 8/24/2012 6:00:10 AM | Computer Name = PC279151865318 | Source = DCOM | ID = 10010 Description = The server {4EB61BAC-A3B6-4760-9581-655041EF4D69} did not register with DCOM within the required timeout. Error - 8/24/2012 11:32:59 PM | Computer Name = PC279151865318 | Source = DCOM | ID = 10010 Description = The server {4EB61BAC-A3B6-4760-9581-655041EF4D69} did not register with DCOM within the required timeout. Error - 8/25/2012 12:34:25 AM | Computer Name = PC279151865318 | Source = sr | ID = 1 Description = The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume. Error - 8/25/2012 12:35:32 AM | Computer Name = PC279151865318 | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: AliIde IntelIde ViaIde Error - 8/25/2012 10:52:30 PM | Computer Name = PC279151865318 | Source = DCOM | ID = 10010 Description = The server {4EB61BAC-A3B6-4760-9581-655041EF4D69} did not register with DCOM within the required timeout. < End of report > (I connect to the internet by tethering my mini through my phone. If my slow connection speed is a problem I can redo these logs using wifi tomorrow) I am including the OTL log in the next post as you suggested.
  7. I ran the logs and have posted in the other forum...again thank you for all your help. Having this service is amazing
  8. I have gotten infected by start.funmoods.com on my google chrome search engine. I originally posted in another forum here is the link to that original post: http://forums.pcpitstop.com/index.php?/topic/199704-i-know-im-infected-but-none-of-my-security-programs-find-it/ I posted my malware log and was directed to get the DDS log, come to this forum and post here. DDS Log: . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.5.1 Run by Suzi at 17:29:04 on 2012-08-25 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.489 [GMT -5:00] . AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7} . ============== Running Processes =============== . C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\spoolsv.exe c:\program files\idt\wdm\STacSV.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe C:\Program Files\Google\Update\GoogleUpdate.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\IDT\WDM\sttray.exe C:\WINDOWS\system32\AESTFltr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\HP\HPBTWD.exe C:\Program Files\Everything\Everything.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\PdaNet for Android\PdaNetPC.exe C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\WINDOWS\System32\vssvc.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\wscntfy.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.yahoo.com/?ilc=17 BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0559.0\msneshellx.dll BHO: WeCareReminder Class: {d824f0de-3d60-4f57-9eb1-66033ecd8abb} - c:\documents and settings\all users\application data\wecarereminder\IEHelperv2.5.0.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0559.0\msneshellx.dll TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized uRun: [Google Update] "c:\documents and settings\suzi\local settings\application data\google\update\GoogleUpdate.exe" /c mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe mRun: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [HP Mobile Broadband] c:\swsetup\hpqwwan\HPMobileBroadband.exe /TrayMode mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min mRun: [HP BTW Detect Program] c:\program files\hp\HPBTWD.exe mRun: [Everything] "c:\program files\everything\Everything.exe" -startup mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" StartupFolder: c:\docume~1\suzi\startm~1\programs\startup\pdanet~1.lnk - c:\program files\pdanet for android\PdaNetPC.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {53F6FCCD-9E22-4d71-86EA-6E43136192AB} IE: {925DAB62-F9AC-4221-806A-057BFB1014AA} IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL Trusted Zone: facebook.com\www Trusted Zone: yahoo.com\login DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} - hxxp://utilities.pcpitstop.com/Exterminate2/pcpitstopAntiVirus.dll TCP: DhcpNameServer = 8.8.8.8 TCP: Interfaces\{62745325-20C1-4F0C-A6BD-2AC3CD7BA611} : DhcpNameServer = 8.8.8.8 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: igfxcui - igfxdev.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\suzi\application data\mozilla\firefox\profiles\03u3rlxy.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/ FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=685749&p= FF - prefs.js: network.proxy.type - 0 FF - plugin: c:\documents and settings\suzi\local settings\application data\google\update\1.3.21.115\npGoogleUpdate3.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_271.dll FF - plugin: c:\windows\system32\npdeployJava1.dll FF - plugin: c:\windows\system32\npptools.dll . ---- FIREFOX POLICIES ---- FF - user.js: extensions.funmoods.hmpg - true FF - user.js: extensions.funmoods.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1QzutDtDtByCtAyB0B0DtAzyyEtByD0FtD0FtN0D0Tzu0CtBtAtBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=463652123 FF - user.js: extensions.funmoods.dfltSrch - false FF - user.js: extensions.funmoods.srchPrvdr - Search FF - user.js: extensions.funmoods.dnsErr - true FF - user.js: extensions.funmoods_i.newTab - true FF - user.js: extensions.funmoods.newTabUrl - hxxp://start.funmoods.com/?f=2&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1QzutDtDtByCtAyB0B0DtAzyyEtByD0FtD0FtN0D0Tzu0CtBtAtBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=463652123 FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://start.funmoods.com/?f=3&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1QzutDtDtByCtAyB0B0DtAzyyEtByD0FtD0FtN0D0Tzu0CtBtAtBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=463652123&q= FF - user.js: extensions.funmoods.id - 002637BD39425F0F FF - user.js: extensions.funmoods.instlDay - 15571 FF - user.js: extensions.funmoods.vrsn - 1.5.23.22 FF - user.js: extensions.funmoods.vrsni - 1.5.23.22 FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2218:54:16 FF - user.js: extensions.funmoods.prtnrId - funmoods FF - user.js: extensions.funmoods.prdct - funmoods FF - user.js: extensions.funmoods.aflt - axl FF - user.js: extensions.funmoods_i.smplGrp - none FF - user.js: extensions.funmoods.tlbrId - base FF - user.js: extensions.funmoods.instlRef - axl FF - user.js: extensions.funmoods.dfltLng - FF - user.js: extensions.funmoods.excTlbr - false FF - user.js: extensions.funmoods.autoRvrt - false FF - user.js: extensions.funmoods.envrmnt - production FF - user.js: extensions.funmoods.isdcmntcmplt - true FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0 . ============= SERVICES / DRIVERS =============== . R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-1-26 36000] R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2012-1-26 86224] R2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2012-1-26 110032] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-1-26 83392] R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2009-5-7 113664] R3 pneteth;PdaNet Broadband;c:\windows\system32\drivers\pneteth.sys [2012-2-26 13440] R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2012-2-26 121192] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-7-21 116648] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-29 250056] S3 cpuz128;cpuz128; [x] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-7-21 116648] S3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys --> c:\windows\system32\drivers\l1c51x86.sys [?] S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [2008-9-23 20480] S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [2009-7-26 174336] S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\rts5121.sys --> c:\windows\system32\drivers\RTS5121.sys [?] S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\drivers\rts516xir.sys --> c:\windows\system32\drivers\Rts516xIR.sys [?] S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-15 14336] S4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\pcpitstop\PCPitstopScheduleService.exe [2012-8-24 77312] . =============== Created Last 30 ================ . 2012-08-24 13:41:03 -------- d-----w- c:\documents and settings\all users\application data\PCPitstop 2012-08-24 13:39:46 -------- d-----w- c:\program files\PCPitstop 2012-08-23 12:01:27 -------- d-----w- c:\documents and settings\suzi\local settings\application data\Paint.NET 2012-08-23 11:59:59 -------- d-----w- c:\documents and settings\suzi\local settings\application data\FreeEditorEditTemp 2012-08-23 11:50:15 175616 ----a-w- c:\windows\system32\unrar.dll 2012-08-23 11:50:08 -------- d-----w- c:\program files\K-Lite Codec Pack 2012-08-23 11:49:42 -------- d-----w- c:\program files\Free Editor 2012-08-23 11:22:07 -------- d-----w- c:\documents and settings\suzi\local settings\application data\Software Assist 2012-08-23 11:22:02 -------- d-----w- c:\program files\Software Assist 2012-08-20 01:07:53 -------- d-----w- c:\documents and settings\all users\application data\YTD Video Downloader 2012-08-20 01:07:41 -------- d-----w- c:\program files\GreenTree Applications 2012-08-20 00:15:18 -------- d-----w- c:\program files\VideoLAN 2012-08-19 23:59:08 33958 ----a-w- c:\documents and settings\all users\application data\uninstaller.exe 2012-08-19 23:59:04 -------- d-----w- c:\documents and settings\all users\application data\WeCareReminder 2012-08-19 23:55:33 -------- d-----w- c:\documents and settings\all users\application data\Tarma Installer 2012-08-19 14:52:24 -------- d-----w- c:\program files\Tweaks 2012-08-17 00:32:22 -------- d-----w- c:\documents and settings\all users\application data\firebird 2012-08-17 00:30:37 -------- d-----w- c:\documents and settings\suzi\application data\Chrysanth 2012-08-17 00:30:19 -------- d-----w- c:\program files\Chrysanth 2012-08-17 00:08:52 249856 ------w- c:\windows\Setup1.exe 2012-08-17 00:08:51 73216 ----a-w- c:\windows\ST6UNST.EXE 2012-08-16 23:52:29 -------- d-----w- C:\myDiary 2012-08-07 18:49:20 4608000 ----a-w- c:\documents and settings\all users\application data\ReadOnlyInstaller.msi 2012-08-07 14:25:17 -------- d-----w- c:\documents and settings\suzi\local settings\application data\Sun 2012-08-02 04:14:06 -------- d-----w- c:\documents and settings\suzi\local settings\application data\Google 2012-08-02 04:12:31 -------- d-----w- c:\documents and settings\suzi\local settings\application data\Deployment 2012-08-01 13:36:41 -------- d-----w- c:\program files\Oracle . ==================== Find3M ==================== . 2012-08-25 04:22:33 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-08-25 04:22:32 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-07-06 13:58:51 78336 ----a-w- c:\windows\system32\browser.dll 2012-07-06 03:07:08 143872 ----a-w- c:\windows\system32\javacpl.cpl 2012-07-06 03:06:30 772544 ----a-w- c:\windows\system32\npdeployJava1.dll 2012-07-04 14:05:18 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-07-03 18:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-07-03 13:40:15 1866112 ----a-w- c:\windows\system32\win32k.sys 2012-07-02 17:49:33 916992 ----a-w- c:\windows\system32\wininet.dll 2012-07-02 17:49:32 43520 ------w- c:\windows\system32\licmgr10.dll 2012-07-02 17:49:32 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-07-02 12:05:43 385024 ------w- c:\windows\system32\html.iec 2012-06-08 14:26:20 8462848 ----a-w- c:\windows\system32\SETB9.tmp 2012-06-07 01:59:42 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX 2012-06-05 15:50:25 1372672 ----a-w- c:\windows\system32\msxml6.dll 2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\SET7D.tmp 2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll 2012-06-04 22:35:26 222448 ----a-w- c:\windows\system32\muweb.dll 2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\SETB1.tmp 2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll 2012-06-02 20:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui 2012-06-02 20:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl 2012-06-02 20:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui 2012-06-02 20:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui 2012-06-02 20:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui 2012-06-02 20:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll 2012-06-02 20:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui 2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll . ============= FINISH: 17:29:35.26 =============== Here is the Attach Log: . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows XP Home Edition Boot Device: \Device\HarddiskVolume1 Install Date: 6/18/2009 3:34:14 AM System Uptime: 8/25/2012 5:09:21 PM (0 hours ago) . Motherboard: Hewlett-Packard | | 308F Processor: Intel® Atom CPU N270 @ 1.60GHz | CPU 1 | 1596/133mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 149 GiB total, 130.954 GiB free. D: is Removable . ==== Disabled Device Manager Items ============= . Class GUID: Description: Ethernet Controller Device ID: PCI\VEN_1969&DEV_1062&SUBSYS_308F103C&REV_C0\4&23C6FC68&0&00E1 Manufacturer: Name: Ethernet Controller PNP Device ID: PCI\VEN_1969&DEV_1062&SUBSYS_308F103C&REV_C0\4&23C6FC68&0&00E1 Service: . Class GUID: Description: Samsung Android ACM Device ID: USB\VID_04E8&PID_681C&MI_00\M820C1278B0B_00 Manufacturer: Name: Samsung Android ACM PNP Device ID: USB\VID_04E8&PID_681C&MI_00\M820C1278B0B_00 Service: . ==== System Restore Points =================== . RP13: 5/25/2012 6:33:40 AM - Software Distribution Service 3.0 RP14: 5/27/2012 10:17:55 AM - Software Distribution Service 3.0 RP15: 5/27/2012 11:43:21 AM - Software Distribution Service 3.0 RP16: 5/30/2012 5:27:38 PM - System Checkpoint RP17: 6/15/2012 5:59:07 PM - Software Distribution Service 3.0 RP18: 6/15/2012 6:20:55 PM - Software Distribution Service 3.0 RP19: 6/26/2012 9:17:00 AM - Installed %1 %2. RP20: 6/26/2012 9:27:48 AM - Installed %1 %2. RP21: 6/26/2012 9:30:25 AM - Installed Windows XP KB2492386. RP22: 6/26/2012 10:05:42 AM - Installed Windows Internet Explorer 8. RP23: 6/26/2012 10:06:58 AM - Software Distribution Service 3.0 RP24: 7/13/2012 11:39:05 PM - Software Distribution Service 3.0 RP25: 7/13/2012 11:45:50 PM - Installed Windows Internet Explorer 8. RP26: 7/13/2012 11:46:48 PM - Software Distribution Service 3.0 RP27: 7/14/2012 12:49:27 AM - 07/13/12 RP28: 7/14/2012 1:32:02 AM - Software Distribution Service 3.0 RP29: 7/14/2012 9:19:53 AM - Removed iComment 2.0.2 RP30: 7/14/2012 9:22:04 AM - Software Distribution Service 3.0 RP31: 7/15/2012 10:53:10 AM - System Checkpoint RP32: 7/15/2012 11:19:14 AM - Software Distribution Service 3.0 RP33: 7/15/2012 11:21:38 AM - Software Distribution Service 3.0 RP34: 7/15/2012 11:22:47 AM - Installed Windows XP KB2699988. RP35: 7/15/2012 11:23:17 AM - Software Distribution Service 3.0 RP36: 7/19/2012 3:25:23 PM - System Checkpoint RP37: 7/21/2012 10:41:37 AM - Software Distribution Service 3.0 RP38: 7/28/2012 11:46:52 AM - running very well RP39: 8/1/2012 8:35:56 AM - Installed Java 7 Update 5 RP40: 8/1/2012 8:36:38 AM - Installed JavaFX 2.1.1 RP41: 8/17/2012 6:26:03 AM - Software Distribution Service 3.0 RP42: 8/18/2012 8:14:53 AM - System Checkpoint RP43: 8/19/2012 10:01:28 AM - Removed WinZip 16.5 RP44: 8/20/2012 10:29:52 PM - System Checkpoint RP45: 8/23/2012 6:53:14 AM - IObit Uninstaller restore point RP46: 8/23/2012 6:53:48 AM - Removed Atheros Communications Inc.® AR81Family Gigabit/Fast E RP47: 8/23/2012 6:55:31 AM - IObit Uninstaller restore point RP48: 8/24/2012 7:16:20 AM - System Checkpoint . ==== Installed Programs ====================== . Acrobat.com Adobe AIR Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader 9.2 Adobe Shockwave Player 11.5 ASPCA Reminder by We-Care.com v4.1.18.1 Avira Free Antivirus Broadcom 802.11 Wireless LAN Adapter Compatibility Pack for the 2007 Office system Critical Update for Windows Media Player 11 (KB959772) Default Manager Everything 1.2.1.371 File Extractor Free Editor Google Chrome Google Earth Plug-in Google Update Helper Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Internet Explorer 7 (KB947864) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB2158563) Hotfix for Windows XP (KB2443685) Hotfix for Windows XP (KB2633952) Hotfix for Windows XP (KB949764) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB970653-v3) Hotfix for Windows XP (KB976098-v2) Hotfix for Windows XP (KB979306) Hotfix for Windows XP (KB981793) HP BatteryCheck 2.10 A2 HP Doc Viewer HP Driver Diagnostics HP Help and Support HP Mobile Broadband Setup Utility HP User Guides 0139 HP Wireless Assistant HpSdpAppCoreApp IDT Audio Intel® Graphics Media Accelerator Driver Internet Explorer (Enable DEP) Java Auto Updater Java 6 Update 32 Java 7 Update 5 JavaFX 2.1.1 K-Lite Codec Pack 8.7.0 (Standard) Malwarebytes Anti-Malware version 1.62.0.1300 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2656353) Microsoft .NET Framework 1.1 Security Update (KB2656370) Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Application Error Reporting Microsoft Base Smart Card Cryptographic Service Provider Package Microsoft Choice Guard Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Internationalized Domain Names Mitigation APIs Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 Microsoft Live Search Toolbar Microsoft National Language Support Downlevel APIs Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office Home and Student 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Silverlight Microsoft Software Update for Web Folders (English) 12 Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft WinUsb 1.0 Microsoft Works Mozilla Firefox 10.0.2 (x86 en-US) MSN MSVCRT MSXML 6.0 Parser PC Pitstop Exterminate2 2.0 PdaNet for Android 3.25 Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition Security Update for Microsoft Windows (KB2564958) Security Update for Windows Internet Explorer 7 (KB2183461) Security Update for Windows Internet Explorer 7 (KB2360131) Security Update for Windows Internet Explorer 7 (KB2416400) Security Update for Windows Internet Explorer 7 (KB2544521) Security Update for Windows Internet Explorer 7 (KB2618444) Security Update for Windows Internet Explorer 7 (KB2647516) Security Update for Windows Internet Explorer 7 (KB2675157) Security Update for Windows Internet Explorer 7 (KB2699988) Security Update for Windows Internet Explorer 7 (KB938127-v2) Security Update for Windows Internet Explorer 7 (KB969897) Security Update for Windows Internet Explorer 7 (KB972260) Security Update for Windows Internet Explorer 7 (KB974455) Security Update for Windows Internet Explorer 7 (KB976325) Security Update for Windows Internet Explorer 7 (KB978207) Security Update for Windows Internet Explorer 7 (KB982381) Security Update for Windows Internet Explorer 8 (KB2510531) Security Update for Windows Internet Explorer 8 (KB2544521) Security Update for Windows Internet Explorer 8 (KB2618444) Security Update for Windows Internet Explorer 8 (KB2699988) Security Update for Windows Internet Explorer 8 (KB2722913) Security Update for Windows Internet Explorer 8 (KB982381) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows XP (KB2079403) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2121546) Security Update for Windows XP (KB2160329) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2259922) Security Update for Windows XP (KB2279986) Security Update for Windows XP (KB2286198) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2296199) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB2393802) Security Update for Windows XP (KB2412687) Security Update for Windows XP (KB2419632) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2436673) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB2476490) Security Update for Windows XP (KB2478960) Security Update for Windows XP (KB2478971) Security Update for Windows XP (KB2479943) Security Update for Windows XP (KB2481109) Security Update for Windows XP (KB2483185) Security Update for Windows XP (KB2485663) Security Update for Windows XP (KB2506212) Security Update for Windows XP (KB2507618) Security Update for Windows XP (KB2507938) Security Update for Windows XP (KB2508429) Security Update for Windows XP (KB2509553) Security Update for Windows XP (KB2510581) Security Update for Windows XP (KB2535512) Security Update for Windows XP (KB2536276-v2) Security Update for Windows XP (KB2544893-v2) Security Update for Windows XP (KB2566454) Security Update for Windows XP (KB2570222) Security Update for Windows XP (KB2570947) Security Update for Windows XP (KB2584146) Security Update for Windows XP (KB2585542) Security Update for Windows XP (KB2592799) Security Update for Windows XP (KB2598479) Security Update for Windows XP (KB2603381) Security Update for Windows XP (KB2618451) Security Update for Windows XP (KB2619339) Security Update for Windows XP (KB2620712) Security Update for Windows XP (KB2621440) Security Update for Windows XP (KB2624667) Security Update for Windows XP (KB2631813) Security Update for Windows XP (KB2633171) Security Update for Windows XP (KB2639417) Security Update for Windows XP (KB2641653) Security Update for Windows XP (KB2646524) Security Update for Windows XP (KB2647518) Security Update for Windows XP (KB2653956) Security Update for Windows XP (KB2655992) Security Update for Windows XP (KB2659262) Security Update for Windows XP (KB2660465) Security Update for Windows XP (KB2661637) Security Update for Windows XP (KB2676562) Security Update for Windows XP (KB2685939) Security Update for Windows XP (KB2686509) Security Update for Windows XP (KB2691442) Security Update for Windows XP (KB2695962) Security Update for Windows XP (KB2698365) Security Update for Windows XP (KB2705219) Security Update for Windows XP (KB2707511) Security Update for Windows XP (KB2709162) Security Update for Windows XP (KB2712808) Security Update for Windows XP (KB2718523) Security Update for Windows XP (KB2719985) Security Update for Windows XP (KB2723135) Security Update for Windows XP (KB2731847) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB938464-v2) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371) Security Update for Windows XP (KB961373) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB969898) Security Update for Windows XP (KB969947) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971486) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB971961) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973346) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973525) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977165) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978251) Security Update for Windows XP (KB978262) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979559) Security Update for Windows XP (KB979683) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB980195) Security Update for Windows XP (KB980218) Security Update for Windows XP (KB980232) Security Update for Windows XP (KB980436) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981349) Security Update for Windows XP (KB981852) Security Update for Windows XP (KB981957) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982214) Security Update for Windows XP (KB982665) Security Update for Windows XP (KB982802) Segoe UI Skype™ 3.8 Software Assist Synaptics Pointing Device Driver TeamViewer 7 Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Windows Internet Explorer 7 (KB976749) Update for Windows Internet Explorer 7 (KB980182) Update for Windows Internet Explorer 8 (KB2598845) Update for Windows XP (KB2141007) Update for Windows XP (KB2345886) Update for Windows XP (KB2467659) Update for Windows XP (KB2492386) Update for Windows XP (KB2541763) Update for Windows XP (KB2641690) Update for Windows XP (KB2718704) Update for Windows XP (KB898461) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB955839) Update for Windows XP (KB961503) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971029) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) Viewpoint Media Player WebFldrs XP Windows Backup Utility Windows Genuine Advantage Validation Tool (KB892130) Windows Internet Explorer 7 Windows Internet Explorer 8 Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Messenger Windows Live Sign-in Assistant Windows Live Upload Tool Windows Management Framework Core Windows Media Format 11 runtime Windows Media Player 11 YTD Video Downloader 3.9 . ==== Event Viewer Messages From Past Week ======== . 8/24/2012 11:35:32 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AliIde IntelIde ViaIde 8/24/2012 11:34:25 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume. 8/23/2012 9:18:51 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the hpqwmiex service to connect. 8/23/2012 9:18:51 PM, error: Service Control Manager [7000] - The hpqwmiex service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 8/23/2012 9:18:51 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service hpqwmiex with arguments "" in order to run the server: {F5539356-2F02-40D4-999E-FA61F45FE12E} 8/22/2012 5:35:18 AM, error: ACPI [43] - The system sleep operation failed 8/19/2012 10:01:41 AM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The system cannot find the file specified. . ==== End Of File =========================== I am so lost as to what to do I really appreciate any help. Thank you.
  9. Thank you for responding.. Here is the log from the full scan I just ran: Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Database version: v2012.08.25.01 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Suzi :: PC279151865318 [administrator] 8/25/2012 11:30:31 AM mbam-log-2012-08-25 (11-30-31).txt Scan type: Full scan (C:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 251798 Time elapsed: 1 hour(s), 5 minute(s), 5 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) As soon as I finished the scan I went to google chrome and entered pc pitstop in the search bar and this popped up in my address bar: hxxp://start.funmood...0FtN0D0Tzu0CtBt
  10. I have been infected by a search engine highjacker, start.funmoods.com I have run Avira, Malware bytes and the microsoft online scanner. None have helped. Admittedly I know I downloaded something that it was attached to but Im not sure what. Everytime I search in google chrome it takes over and redirects me. I thought about just uninstalling google chrome, but when I did a search of start.funmoods.com the results said it could have already attached to other things so I am afraid to do anything. I found some removal tools online but since I dont know anything about those sites Im afraid to download anything there either...please help!
×
×
  • Create New...