Jump to content

Infected with unknown malware


Recommended Posts

Sorry to repost, but I can't figure out how to delete earlier post and I didn't follow board instructions. (Gotta read to the bottom of rules Sorry). I had replied to my own thread. but anyway here it is. I am having issues with my wifes computer. The dvd-rom drive is no longer working or the wireless card, due to missing driver and registry item. When I attempt to update the drivers is says that they already are. I ran malwarebytes and had no threats, but superantispyware found 443 threats. the requested files are attached. Thanks so much and sorry for being a noob with the earlier post. Neither one of the malware finders are active, I haven't purcahsed pro yet, that is why I still have two.

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_33

Run by Megan at 11:03:34 on 2012-08-10

Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.3032.1179 [GMT -4:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

FW: PC Tools Firewall Plus *Enabled* {175D0B73-9F8F-2CA9-8BF1-62277A276DC9}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

c:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Dell\DellDock\DockLogin.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\Dwm.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\DellTPad\Apoint.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe

C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\Program Files\Dell Support Center\bin\sprtcmd.exe

C:\Program Files\IDT\WDM\sttray.exe

C:\Program Files\VMware\VMware Player\hqtray.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\OpenOffice.org 3\program\soffice.exe

C:\Program Files\OpenOffice.org 3\program\soffice.bin

C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe

C:\Program Files\Microsoft\BingBar\SeaPort.EXE

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k hpdevmgmt

C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe

C:\Windows\system32\vmnat.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\RUNDLL32.EXE

C:\Program Files\VMware\VMware Player\vmware-authd.exe

C:\Windows\system32\vmnetdhcp.exe

C:\Program Files\Dell DataSafe Local Backup\TOASTER.EXE

C:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe

C:\Program Files\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Program Files\DellTPad\Apntex.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Dell Support Center\bin\sprtsvc.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe

C:\Program Files\PC Tools Firewall Plus\FWService.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Dell\DellDock\DellDock.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uInternet Settings,ProxyOverride = *.local

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

EB: ClickPotato: {575f9ac0-2a26-4335-acbf-1852a9334d94} - c:\program files\clickpotato\bin\1.0.547.0\ClickPotato.dll

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe

uRun: [MobileDocuments] c:\program files\common files\apple\internet services\ubd.exe

mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

mRun: [Apoint] c:\program files\delltpad\Apoint.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [QuickSet] c:\program files\dell\quickset\QuickSet.exe

mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe

mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume

mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"

mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter

mRun: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe

mRun: [VMware hqtray] "c:\program files\vmware\vmware player\hqtray.exe"

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [00PCTFW] "c:\program files\pc tools firewall plus\FirewallGUI.exe" -s

mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent

StartupFolder: c:\users\megan\appdata\roaming\micros~1\windows\startm~1\programs\startup\delldo~1.lnk - c:\program files\dell\delldock\DellDock.exe

StartupFolder: c:\users\megan\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

LSP: c:\program files\vmware\vmware player\vsocklib.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab

TCP: DhcpNameServer = 75.75.75.75 75.75.76.76

TCP: Interfaces\{A804CD3D-8CB0-49AA-8E1E-97FD8AF24400} : DhcpNameServer = 75.75.75.75 75.75.76.76

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll

Notify: igfxcui - igfxdev.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\megan\appdata\roaming\mozilla\firefox\profiles\580g3drt.default\

FF - prefs.js: browser.startup.homepage - hxxp://mail.live.com/default.aspx?wa=wsignin1.0

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\java\jre6\bin\npdeployJava1.dll

FF - plugin: c:\program files\java\jre6\bin\npjpi160_33.dll

FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npclntax_ClickPotatoSA.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\users\megan\appdata\roaming\mozilla\firefox\profiles\580g3drt.default\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll

FF - plugin: c:\users\megan\appdata\roaming\mozilla\firefox\profiles\580g3drt.default\extensions\2020player@2020technologies.com\plugins\NP2020Player.dll

FF - plugin: c:\windows\system32\npdeployJava1.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Garmin Communicator: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E} - %profile%\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}

FF - Ext: 20-20 3D Viewer: 2020Player@2020Technologies.com - %profile%\extensions\2020Player@2020Technologies.com

.

============= SERVICES / DRIVERS ===============

.

R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 171064]

R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2012-8-9 251560]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]

R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]

R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_f6ef8056\AEstSrv.exe [2009-9-25 81920]

R2 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\SeaPort.EXE [2011-10-13 249648]

R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-12-18 155648]

R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]

R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [2012-8-9 160576]

R2 PCToolsFirewallPlus;PC Tools Firewall Plus;c:\program files\pc tools firewall plus\FWService.exe [2012-8-9 286000]

R2 SftService;SoftThinks Agent Service;c:\program files\dell datasafe local backup\SftService.exe [2009-9-25 1692480]

R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [2010-11-11 70768]

R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\common files\vmware\usb\vmware-usbarbitrator.exe [2010-11-11 539248]

R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32coinst,serviceStartProc --> RUNDLL32.EXE ykx32coinst,serviceStartProc [?]

R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [2012-8-9 89472]

R3 pctNdisMP;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [2012-8-9 57536]

R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [2012-8-9 125248]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-4-4 63928]

S2 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-10-21 196176]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 74112]

S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-3-26 214952]

S3 pctNdis;PC Tools Firewall Intermediate Filter Service;c:\windows\system32\drivers\pctNdis.sys [2012-8-9 57536]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2012-08-10 14:23:02 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{f454519c-a873-45ef-8656-299fb7e91c56}\offreg.dll

2012-08-10 14:10:03 6891424 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{f454519c-a873-45ef-8656-299fb7e91c56}\mpengine.dll

2012-08-09 18:42:01 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-08-09 14:56:21 -------- d-----w- c:\users\megan\appdata\roaming\PCToolsFirewallPlus

2012-08-09 14:49:10 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys

2012-08-09 14:49:10 160576 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys

2012-08-09 14:49:03 251560 ----a-w- c:\windows\system32\drivers\pctgntdi.sys

2012-08-09 14:49:03 105280 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys

2012-08-09 14:48:20 89472 ----a-w- c:\windows\system32\drivers\pctNdis-PacketFilter.sys

2012-08-09 14:48:20 57536 ----a-w- c:\windows\system32\drivers\pctNdis.sys

2012-08-09 14:48:20 32808 ----a-w- c:\windows\system32\drivers\pctNdis-DNS.sys

2012-08-09 14:48:20 -------- d-----w- c:\program files\common files\PC Tools

2012-08-09 14:48:15 125248 ----a-w- c:\windows\system32\drivers\pctplfw.sys

2012-08-09 14:47:51 -------- d-----w- c:\program files\PC Tools Firewall Plus

2012-08-09 00:00:28 476976 ----a-w- c:\windows\system32\npdeployJava1.dll

2012-08-08 23:54:31 -------- d-----w- c:\program files\iPod

2012-08-08 23:54:28 -------- d-----w- c:\program files\iTunes

2012-08-08 23:29:11 6891424 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll

2012-08-08 23:21:18 -------- d-----w- c:\users\megan\appdata\local\Google

2012-08-08 23:21:14 -------- d-----w- c:\users\megan\appdata\roaming\SUPERAntiSpyware.com

2012-08-08 23:21:04 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2012-08-08 23:21:04 -------- d-----w- c:\program files\SUPERAntiSpyware

2012-07-16 07:05:28 2047488 ----a-w- c:\windows\system32\win32k.sys

2012-07-16 01:56:00 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2012-07-16 01:56:00 204288 ----a-w- c:\windows\system32\ncrypt.dll

2012-07-16 01:55:59 278528 ----a-w- c:\windows\system32\schannel.dll

2012-07-16 01:55:53 708608 ----a-w- c:\program files\common files\system\ado\msado15.dll

2012-07-16 01:55:46 1401856 ----a-w- c:\windows\system32\msxml6.dll

2012-07-16 01:55:46 1248768 ----a-w- c:\windows\system32\msxml3.dll

.

==================== Find3M ====================

.

2012-08-09 00:00:06 472880 ----a-w- c:\windows\system32\deployJava1.dll

2012-07-03 17:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll

2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll

2012-06-02 19:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-02 19:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe

2012-05-15 22:04:50 834048 ----a-w- c:\windows\system32\wininet.dll

.

============= FINISH: 11:04:30.25 ===============

Attach.txt

DDS.txt

Link to post
Share on other sites

  • Replies 57
  • Created
  • Last Reply

Top Posters In This Topic

Welcome gdsimms to Malwarebytes. I am TheDark Knight and will be assisting you. Please ask questions if anything is unclear. :)

Please open MBAM, click Quick Scan and post the contents of the log in your reply.

Then, please follow these instructions to run ComboFix.exe. Please visit this webpage for download links and instructions for running this tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix (CF).

Please go here to see a list of programs that need to be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall.**

**Note 2: If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.**

Please include the C:\ComboFix.txt in your next reply for further review.

In your reply I would please like to see the results from MBAM and ComboFix.txt, along with how your computer is running. ;)

Link to post
Share on other sites

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Database version: v2012.08.09.07

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 7.0.6002.18005

Megan :: MEGAN-PC [administrator]

8/10/2012 8:43:07 PM

mbam-log-2012-08-10 (20-43-07).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 194910

Time elapsed: 8 minute(s), 5 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

it has been running for 45 min. Should it take that long? Also there was a popup about 25 minutes in that said some freeware is working improperly. It looked kinda like one of the windows things that pop up to send an error report to microsoft, but def not the same. It was a small screen trying to look legit.

Link to post
Share on other sites

Hello gdsimms. :)

If ComboFix still hasn't finished running then please restart your computer into Normal Mode.

Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com).

  • There are 3 different versions. If one of them won't run then download and try to run the other one.
  • Vista and Win7 users need to right click and choose Run as Admin.
  • You only need to get one of them to run, not all of them.

rkill.exe

rkill.com

rkill.scr

It is possible that the infection you are trying to remove will not allow you to download files on the infected computer. If this is the case, then you will need to download the files requested on another computer and then transfer them to the Desktop of the infected computer. You can transfer the files via a CD/DVD, external drive, or USB flash drive.

Before proceeding any further the processes that belong to Windows Recovery need to be terminated so that it does not interfere with the cleaning procedure.

Double-click on the RKill.exe icon in order to automatically attempt to stop any processes associated with Windows Recovery and other Rogue programs.

===

Please do not reboot your computer.

Then, please download OTL.exe by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe.
  • In the "Custom Scans/Fixes" window (under the light green bar) paste the following in bold:
    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
  • Click Run Scan and let the program run uninterrupted.
  • When the scan completes, it will open two Notepad windows. OTL.txt and Extras.txt. These are saved in the same location as OTL. Post both logs in this thread.
  • You may need to use two posts to get it all.

Link to post
Share on other sites

OTL logfile created on: 8/12/2012 6:10:51 PM - Run 1

OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Megan\Desktop

Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6002.18005)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.96 Gb Total Physical Memory | 1.62 Gb Available Physical Memory | 54.86% Memory free

6.14 Gb Paging File | 4.63 Gb Available in Paging File | 75.43% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 218.20 Gb Total Space | 151.32 Gb Free Space | 69.35% Space Free | Partition Type: NTFS

Drive E: | 14.65 Gb Total Space | 8.47 Gb Free Space | 57.85% Space Free | Partition Type: NTFS

Computer Name: MEGAN-PC | User Name: Megan | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/12 18:09:12 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Megan\Desktop\OTL.exe

PRC - [2012/07/09 19:38:53 | 004,777,856 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

PRC - [2012/04/04 01:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe

PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe

PRC - [2012/02/23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\ubd.exe

PRC - [2011/10/13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE

PRC - [2011/09/06 13:29:20 | 004,259,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files\Dell DataSafe Local Backup\Toaster.exe

PRC - [2011/08/18 11:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files\Dell DataSafe Local Backup\Components\scheduler\STService.exe

PRC - [2011/08/18 11:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files\Dell DataSafe Local Backup\SftService.exe

PRC - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe

PRC - [2011/08/01 13:56:48 | 000,460,096 | ---- | M] (SoftThinks - Dell) -- C:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe

PRC - [2011/04/07 14:23:34 | 002,672,600 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe

PRC - [2011/01/24 13:23:14 | 000,286,000 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Firewall Plus\FWService.exe

PRC - [2011/01/17 19:37:40 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe

PRC - [2011/01/17 19:37:40 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin

PRC - [2010/11/11 14:31:54 | 000,334,448 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnetdhcp.exe

PRC - [2010/11/11 14:31:50 | 000,404,080 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnat.exe

PRC - [2010/11/11 14:31:36 | 000,064,112 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Player\hqtray.exe

PRC - [2010/11/11 14:30:44 | 000,113,264 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Player\vmware-authd.exe

PRC - [2010/11/11 13:31:44 | 000,539,248 | ---- | M] (VMware, Inc.) -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe

PRC - [2009/06/30 12:22:54 | 001,316,192 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DellDock.exe

PRC - [2009/06/03 15:46:38 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe

PRC - [2009/06/03 15:46:38 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe

PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2009/03/31 11:00:24 | 000,483,428 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe

PRC - [2009/03/31 11:00:18 | 000,254,042 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\stacsv.exe

PRC - [2009/03/31 11:00:04 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\AEstSrv.exe

PRC - [2009/03/31 10:18:54 | 000,049,250 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe

PRC - [2009/03/31 10:18:34 | 000,217,088 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe

PRC - [2009/03/31 10:18:32 | 000,054,568 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe

PRC - [2009/03/31 10:18:32 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe

PRC - [2009/03/26 19:26:06 | 001,735,760 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe

PRC - [2009/02/04 22:26:38 | 000,128,232 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

PRC - [2008/12/18 15:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe

PRC - [2008/06/15 07:12:20 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe

PRC - [2008/06/15 07:12:18 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

========== Modules (No Company Name) ==========

MOD - [2012/08/12 18:08:28 | 000,065,024 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll

MOD - [2012/08/12 18:08:28 | 000,052,736 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll

MOD - [2012/08/08 19:21:41 | 000,117,760 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

MOD - [2012/08/08 19:21:41 | 000,052,224 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll

MOD - [2012/06/29 03:35:41 | 015,880,192 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MenuSkinning\50862fc1a67e34ac68575172177d0c79\MenuSkinning.ni.dll

MOD - [2012/06/29 03:35:24 | 000,284,160 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\VistaBridgeLibrary\38d1ea0ba0f4f46cfbe15471d3a7cab6\VistaBridgeLibrary.ni.dll

MOD - [2012/06/29 03:35:22 | 002,571,776 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\DellDock\5f1a3141373055633a512adbdc1de974\DellDock.ni.exe

MOD - [2012/06/29 03:35:21 | 000,286,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MyDock.Util\cff67179abb35875a9f45c13118dd635\MyDock.Util.ni.dll

MOD - [2012/06/29 03:30:26 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll

MOD - [2012/06/29 03:30:17 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll

MOD - [2012/06/29 03:30:00 | 014,329,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\b6a04062fd52958bac67eece8d351b3d\PresentationFramework.ni.dll

MOD - [2012/06/29 03:29:12 | 012,219,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7dc177e80b3ad832be3922367a6517d3\PresentationCore.ni.dll

MOD - [2012/05/14 03:34:50 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f3d4d5fe5ab848fbfcf91a49960dc8ae\System.Management.ni.dll

MOD - [2012/05/14 03:34:25 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll

MOD - [2012/05/14 03:34:20 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\1b337cf9a031145849bc48c11b2cfe58\Accessibility.ni.dll

MOD - [2012/05/14 03:30:53 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll

MOD - [2012/05/14 03:30:05 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\0f2b877ed16daa577f95be735a63d19c\System.Core.ni.dll

MOD - [2012/05/14 03:30:00 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c8c3ab08933fef9fb6657da871395c46\PresentationFramework.Aero.ni.dll

MOD - [2012/05/14 03:29:28 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\54426ee1881b42af5b090e223f43823c\WindowsBase.ni.dll

MOD - [2012/05/14 03:29:21 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll

MOD - [2012/05/14 03:29:08 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll

MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2011/08/18 11:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files\Dell DataSafe Local Backup\Components\scheduler\STService.exe

MOD - [2011/01/26 14:21:32 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll

MOD - [2010/11/11 14:31:14 | 000,068,720 | ---- | M] () -- C:\Program Files\VMware\VMware Player\zlib1.dll

MOD - [2010/11/11 14:31:00 | 000,970,352 | ---- | M] () -- C:\Program Files\VMware\VMware Player\libxml2.dll

========== Win32 Services (SafeList) ==========

SRV - [2012/04/04 01:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2012/03/26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)

SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)

SRV - [2011/10/21 16:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)

SRV - [2011/10/13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)

SRV - [2011/08/18 11:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files\Dell DataSafe Local Backup\SftService.exe -- (SftService)

SRV - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)

SRV - [2011/01/24 13:23:14 | 000,286,000 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools Firewall Plus\FWService.exe -- (PCToolsFirewallPlus)

SRV - [2010/11/11 14:31:54 | 000,334,448 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\System32\vmnetdhcp.exe -- (VMnetDHCP)

SRV - [2010/11/11 14:31:50 | 000,404,080 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\System32\vmnat.exe -- (VMware NAT Service)

SRV - [2010/11/11 14:30:44 | 000,113,264 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService)

SRV - [2010/11/11 13:31:44 | 000,539,248 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)

SRV - [2010/08/19 14:57:14 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files\VMware\VMware Player\vmware-ufad.exe -- (ufad-ws60)

SRV - [2009/09/25 15:17:20 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)

SRV - [2009/06/03 15:46:38 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter)

SRV - [2009/03/31 11:00:18 | 000,254,042 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\stacsv.exe -- (STacSV)

SRV - [2009/03/31 11:00:04 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\AEstSrv.exe -- (AESTFilters)

SRV - [2008/12/18 15:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)

SRV - [2008/06/15 07:12:20 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)

SRV - [2008/01/20 22:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Megan\AppData\Local\Temp\catchme.sys -- (catchme)

DRV - File not found [Kernel | On_Demand | Unknown] -- -- (.cdrom)

DRV - [2012/03/20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)

DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)

DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)

DRV - [2011/03/02 12:40:54 | 000,160,576 | ---- | M] (PC Tools) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PCTAppEvent.sys -- (PCTAppEvent)

DRV - [2011/01/17 09:10:26 | 000,251,560 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\Windows\System32\drivers\pctgntdi.sys -- (pctgntdi)

DRV - [2011/01/17 08:11:12 | 000,125,248 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pctplfw.sys -- (pctplfw)

DRV - [2011/01/12 10:36:22 | 000,089,472 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pctNdis-PacketFilter.sys -- (PCTFW-PacketFilter)

DRV - [2010/11/11 14:32:10 | 000,070,768 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmci.sys -- (vmci)

DRV - [2010/11/11 14:32:08 | 000,854,128 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmx86.sys -- (vmx86)

DRV - [2010/11/11 14:30:34 | 000,024,688 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VMkbd.sys -- (vmkbd)

DRV - [2010/11/11 14:29:26 | 000,026,352 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetuserif.sys -- (VMnetuserif)

DRV - [2010/11/11 13:31:28 | 000,032,368 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hcmon.sys -- (hcmon)

DRV - [2010/11/11 11:04:52 | 000,036,400 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetbridge.sys -- (VMnetBridge)

DRV - [2010/11/11 11:04:52 | 000,016,560 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vmnetadapter.sys -- (VMnetAdapter)

DRV - [2010/08/19 14:56:38 | 000,022,448 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files\VMware\VMware Player\vstor2-ws60.sys -- (vstor2-ws60)

DRV - [2010/07/08 08:49:10 | 000,057,536 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pctNdis.sys -- (pctNdisMP)

DRV - [2010/07/08 08:49:10 | 000,057,536 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pctNdis.sys -- (pctNdis)

DRV - [2009/03/31 11:00:26 | 000,398,336 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)

DRV - [2009/03/31 10:18:30 | 000,192,048 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)

DRV - [2009/02/22 08:56:52 | 000,921,600 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)

DRV - [2008/01/20 22:32:51 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)

DRV - [2006/11/02 03:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {083F93FF-AC42-45B0-ADF3-5820F0A8CA84}

IE - HKLM\..\SearchScopes\{083F93FF-AC42-45B0-ADF3-5820F0A8CA84}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&Form=DLCDF7&pc=MDDC&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\..\SearchScopes,DefaultScope = {083F93FF-AC42-45B0-ADF3-5820F0A8CA84}

IE - HKCU\..\SearchScopes\{083F93FF-AC42-45B0-ADF3-5820F0A8CA84}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&Form=DLCDF7&pc=MDDC&src={referrer:source?}

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://mail.live.com/default.aspx?wa=wsignin1.0"

FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:3.0.1.0

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - prefs.js..extensions.enabledItems: 2020Player@2020Technologies.com:4.5.2.0

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}:6.0.33

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ClickPotato@ClickPotato.tv: C:\Program Files\ClickPotato\bin\1.0.547.0\firefox\firefoxtoolbar\extensions

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/08/08 19:47:30 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/08/09 10:40:39 | 000,000,000 | ---D | M]

[2009/10/24 09:39:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Megan\AppData\Roaming\Mozilla\Extensions

[2012/08/11 07:53:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Megan\AppData\Roaming\Mozilla\Firefox\Profiles\580g3drt.default\extensions

[2012/08/09 11:01:32 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\Megan\AppData\Roaming\Mozilla\Firefox\Profiles\580g3drt.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}

[2012/08/09 11:01:29 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Megan\AppData\Roaming\Mozilla\Firefox\Profiles\580g3drt.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2011/02/13 10:32:31 | 000,000,000 | ---D | M] (20-20 3D Viewer) -- C:\Users\Megan\AppData\Roaming\Mozilla\Firefox\Profiles\580g3drt.default\extensions\2020Player@2020Technologies.com

[2012/08/08 20:00:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2011/01/26 14:19:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

[2011/02/02 18:42:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

[2012/08/08 20:00:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}

Hosts file not found

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.

O4 - HKLM..\Run: [00PCTFW] C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe (PC Tools)

O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)

O4 - HKLM..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)

O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)

O4 - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)

O4 - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)

O4 - HKLM..\Run: [VMware hqtray] C:\Program Files\VMware\VMware Player\hqtray.exe (VMware, Inc.)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKCU..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)

O4 - HKCU..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)

O4 - Startup: C:\Users\Megan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

O4 - Startup: C:\Users\Megan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\VMware\VMware Player\vsocklib.dll (VMware, Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\VMware\VMware Player\vsocklib.dll (VMware, Inc.)

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)

O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A804CD3D-8CB0-49AA-8E1E-97FD8AF24400}: DhcpNameServer = 75.75.75.75 75.75.76.76

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)

O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)

O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img19.jpg

O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img19.jpg

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

O32 - Unable to open key or key not present!

O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2004/04/30 18:01:00 | 000,000,053 | -HS- | M] () - E:\AUTORUN.INF -- [ NTFS ]

O33 - MountPoints2\{8f9a21b2-a774-11df-a09d-00256460f346}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL http://www.garmin.com/agent

O33 - MountPoints2\{bb8793c3-1fb6-11e0-b68b-00256460f346}\Shell\Auto\command - "" = D:\run.exe

O33 - MountPoints2\{bb8793c3-1fb6-11e0-b68b-00256460f346}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL D:\run.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: FastUserSwitchingCompatibility - File not found

NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)

NetSvcs: Nla - File not found

NetSvcs: Ntmssvc - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: SRService - File not found

NetSvcs: WmdmPmSp - File not found

NetSvcs: LogonHours - File not found

NetSvcs: PCAudit - File not found

NetSvcs: helpsvc - File not found

NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

Drivers32: VIDC.VMnc - C:\Windows\System32\vmnc.dll (VMware, Inc.)

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/08/12 18:09:11 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Megan\Desktop\OTL.exe

[2012/08/11 08:01:20 | 000,000,000 | --SD | C] -- C:\ComboFix

[2012/08/10 20:54:54 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2012/08/10 20:54:54 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2012/08/10 20:54:54 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2012/08/10 20:54:44 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012/08/10 20:54:14 | 000,000,000 | ---D | C] -- C:\Windows\erdnt

[2012/08/10 20:43:47 | 004,728,003 | R--- | C] (Swearware) -- C:\Users\Megan\Desktop\ComboFix.exe

[2012/08/09 14:42:01 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl

[2012/08/09 10:56:21 | 000,000,000 | ---D | C] -- C:\Users\Megan\AppData\Roaming\PCToolsFirewallPlus

[2012/08/09 10:49:10 | 000,218,592 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys

[2012/08/09 10:49:10 | 000,160,576 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys

[2012/08/09 10:49:03 | 000,251,560 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys

[2012/08/09 10:49:03 | 000,105,280 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys

[2012/08/09 10:48:26 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP

[2012/08/09 10:48:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Firewall Plus

[2012/08/09 10:48:20 | 000,089,472 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctNdis-PacketFilter.sys

[2012/08/09 10:48:20 | 000,057,536 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctNdis.sys

[2012/08/09 10:48:20 | 000,032,808 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctNdis-DNS.sys

[2012/08/09 10:48:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools

[2012/08/09 10:48:15 | 000,125,248 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplfw.sys

[2012/08/09 10:47:51 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Firewall Plus

[2012/08/09 10:40:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe

[2012/08/09 10:39:40 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2012/08/08 20:00:28 | 000,476,976 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\npdeployJava1.dll

[2012/08/08 20:00:27 | 000,157,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe

[2012/08/08 20:00:27 | 000,149,296 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe

[2012/08/08 20:00:27 | 000,149,296 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe

[2012/08/08 19:55:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

[2012/08/08 19:54:31 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2012/08/08 19:54:28 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2012/08/08 19:47:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime

[2012/08/08 19:46:56 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime

[2012/08/08 19:21:18 | 000,000,000 | ---D | C] -- C:\Users\Megan\AppData\Local\Google

[2012/08/08 19:21:14 | 000,000,000 | ---D | C] -- C:\Users\Megan\AppData\Roaming\SUPERAntiSpyware.com

[2012/08/08 19:21:13 | 000,000,000 | ---D | C] -- C:\Program Files\Google

[2012/08/08 19:21:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware

[2012/08/08 19:21:04 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com

[2012/08/08 19:21:04 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware

[2012/07/16 03:05:28 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

[2012/07/15 21:56:00 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll

========== Files - Modified Within 30 Days ==========

[2012/08/12 18:22:17 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{325325A1-D02F-418E-B8C8-FDAAC23B86F9}.job

[2012/08/12 18:09:12 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Megan\Desktop\OTL.exe

[2012/08/12 18:07:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/08/11 08:18:54 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012/08/11 08:18:53 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012/08/11 08:18:24 | 3177,574,400 | -HS- | M] () -- C:\hiberfil.sys

[2012/08/10 21:50:29 | 000,255,248 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2012/08/10 20:44:40 | 004,728,003 | R--- | M] (Swearware) -- C:\Users\Megan\Desktop\ComboFix.exe

[2012/08/09 14:42:01 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl

[2012/08/09 11:06:56 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/08/09 10:40:39 | 000,001,894 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk

[2012/08/08 20:21:09 | 000,609,536 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012/08/08 20:21:09 | 000,106,630 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012/08/08 20:00:08 | 000,157,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe

[2012/08/08 20:00:07 | 000,149,296 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe

[2012/08/08 20:00:07 | 000,149,296 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe

[2012/08/08 20:00:06 | 000,476,976 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\npdeployJava1.dll

[2012/08/08 20:00:06 | 000,472,880 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll

[2012/08/08 19:57:17 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk

[2012/08/08 19:57:17 | 000,001,854 | ---- | M] () -- C:\Users\Megan\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk

[2012/08/08 19:55:37 | 000,001,666 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

[2012/08/08 19:47:23 | 000,001,728 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk

[2012/08/08 19:44:33 | 000,001,245 | ---- | M] () -- C:\Windows\System32\mapisvc.inf

[2012/08/08 19:21:12 | 000,001,802 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk

[2012/07/25 15:28:21 | 000,024,186 | ---- | M] () -- C:\Users\Megan\Documents\Megan E1 EDIT.odt

[2012/07/25 11:10:33 | 000,018,662 | ---- | M] () -- C:\Users\Megan\Documents\cover letter for Shepherd.odt

[2012/07/25 10:35:50 | 000,013,351 | ---- | M] () -- C:\Users\Megan\Documents\list of pro references.odt

========== Files Created - No Company Name ==========

[2012/08/11 06:56:17 | 3177,574,400 | -HS- | C] () -- C:\hiberfil.sys

[2012/08/10 20:54:54 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2012/08/10 20:54:54 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2012/08/10 20:54:54 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2012/08/10 20:54:54 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2012/08/10 20:54:54 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2012/08/09 10:40:39 | 000,001,894 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk

[2012/08/09 10:40:39 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk

[2012/08/08 19:55:37 | 000,001,666 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk

[2012/08/08 19:47:23 | 000,001,728 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk

[2012/08/08 19:21:12 | 000,001,802 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk

[2012/07/25 15:28:20 | 000,024,186 | ---- | C] () -- C:\Users\Megan\Documents\Megan E1 EDIT.odt

[2012/07/25 11:10:32 | 000,018,662 | ---- | C] () -- C:\Users\Megan\Documents\cover letter for Shepherd.odt

[2012/07/25 10:35:48 | 000,013,351 | ---- | C] () -- C:\Users\Megan\Documents\list of pro references.odt

[2011/02/02 18:46:42 | 000,141,051 | ---- | C] () -- C:\Windows\hpoins14.dat

[2011/02/02 18:46:42 | 000,002,000 | ---- | C] () -- C:\Windows\hpomdl14.dat

[2011/02/02 18:10:38 | 000,140,388 | ---- | C] () -- C:\Windows\hpoins14.dat.temp

[2011/02/02 18:10:37 | 000,002,000 | ---- | C] () -- C:\Windows\hpomdl14.dat.temp

[2010/08/07 03:18:20 | 000,006,080 | ---- | C] () -- C:\Users\Megan\AppData\Local\d3d9caps.dat

[2010/04/25 15:49:45 | 000,003,584 | ---- | C] () -- C:\Users\Megan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/11/21 12:25:41 | 000,039,066 | ---- | C] () -- C:\Users\Megan\ceu registration form.pdf

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >

[2011/01/25 18:49:18 | 000,001,024 | ---- | M] () -- C:\.rnd

[2006/09/18 17:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat

[2009/04/11 02:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr

[2006/09/18 17:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys

[2009/09/25 17:51:11 | 000,003,390 | RH-- | M] () -- C:\dell.sdr

[2012/08/11 08:18:24 | 3177,574,400 | -HS- | M] () -- C:\hiberfil.sys

[2012/08/11 08:18:23 | 3493,470,208 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\*. /mp /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-07-16 07:06:24

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========

[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type

[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type

[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type

[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type

[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type

[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type

[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type

[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type

[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type

[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type

[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type

[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type

[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type

[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type

[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type

[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type

[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type

[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type

[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type

[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\History] -> Error: Cannot create file handle -> Unknown point type

[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type

[C:\Windows\System32\config\systemprofile\AppData\Local\History] -> Error: Cannot create file handle -> Unknown point type

[C:\Windows\System32\config\systemprofile\AppData\Local\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type

[C:\Windows\System32\config\systemprofile\Application Data] -> Error: Cannot create file handle -> Unknown point type

[C:\Windows\System32\config\systemprofile\Cookies] -> Error: Cannot create file handle -> Unknown point type

[C:\Windows\System32\config\systemprofile\Local Settings] -> Error: Cannot create file handle -> Unknown point type

========== Alternate Data Streams ==========

@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:C31F31E6

@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:C31F31E6

< End of report >

Link to post
Share on other sites

OTL Extras logfile created on: 8/12/2012 6:10:51 PM - Run 1

OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Megan\Desktop

Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6002.18005)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.96 Gb Total Physical Memory | 1.62 Gb Available Physical Memory | 54.86% Memory free

6.14 Gb Paging File | 4.63 Gb Available in Paging File | 75.43% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 218.20 Gb Total Space | 151.32 Gb Free Space | 69.35% Space Free | Partition Type: NTFS

Drive E: | 14.65 Gb Total Space | 8.47 Gb Free Space | 57.85% Space Free | Partition Type: NTFS

Computer Name: MEGAN-PC | User Name: Megan | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1003291594-4088088398-3865025919-1000]

"EnableNotifications" = 0

"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{384F6DA4-C7B8-4434-A9AA-3FCE5EE2B16D}" = rport=445 | protocol=6 | dir=out | app=system |

"{3990E2C5-353F-4BB7-9335-D2D1FC268F04}" = rport=139 | protocol=6 | dir=out | app=system |

"{59A35DB8-5581-463A-89A6-D1C21D893356}" = lport=137 | protocol=17 | dir=in | app=system |

"{6AC8D052-5672-4063-B69B-3495D0A60B05}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{756EB78F-51D3-4667-B240-D143F3B40AF0}" = lport=139 | protocol=6 | dir=in | app=system |

"{8DB9BF1D-7643-4559-9913-B61B2959C530}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{8DEE3A14-8B94-4DC0-92B0-040825F787FE}" = lport=445 | protocol=6 | dir=in | app=system |

"{CBDDA7CC-BD62-454D-BD97-80E780D93C6B}" = lport=2869 | protocol=6 | dir=in | app=system |

"{D54A72F6-42D3-4267-85C0-F4DA0151D12C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{D7BB37C1-6FBB-4481-B2FA-66CEF4802B24}" = lport=138 | protocol=17 | dir=in | app=system |

"{E5699D6E-A049-4A03-88DE-D6BCA1F525AC}" = rport=138 | protocol=17 | dir=out | app=system |

"{FA543C97-EDE1-420C-A8A2-71D4FAAFA439}" = rport=137 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{17C61C0C-D19C-4917-B5B2-F9B0D713BA8D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{1C34311F-8E66-4A7F-8B76-779985808207}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |

"{1D160ABF-B320-484F-8249-FBC955D54552}" = protocol=6 | dir=in | app=c:\program files\vmware\vmware player\vmware-authd.exe |

"{1E32E4D8-318D-4ACF-9F11-305278B5932C}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |

"{33DB7E8D-30F8-46B0-A99B-F10FFA87FB58}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{4146B448-8D60-43E4-8C17-0B69854BFDEA}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{4C23C871-B239-4A16-AEBE-954D611605BB}" = protocol=17 | dir=in | app=c:\program files\vmware\vmware player\vmware-authd.exe |

"{4D92ACD4-7572-4AA8-AA02-97A0F7BF7B1B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{5E9C6FF3-66CE-4C0F-8C18-9F11D233BB96}" = protocol=6 | dir=in | app=c:\program files\vmware\vmware player\vmware-authd.exe |

"{5EF30F57-BC97-4829-9594-3261386FC5B5}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{7351411C-E08A-454D-A2FE-43437FEC1A31}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe |

"{7FF6FAF9-EB20-4F0E-A81A-07142D66D4AF}" = dir=in | app=c:\program files\itunes\itunes.exe |

"{9B14AEF7-E3CE-44FB-9C99-FC4E1D5E64E3}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{B8D0C396-AD8F-4B86-A077-61C9020545D7}" = protocol=17 | dir=in | app=c:\program files\vmware\vmware player\vmware-authd.exe |

"{C644200F-1B7A-499B-8792-A3C1326481F5}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |

"{CA98A044-9AEF-446F-8CE8-46054B7B1183}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{CCC44718-94C1-488B-AEB3-2AB786F7B9D7}" = protocol=6 | dir=in | app=c:\program files\vmware\vmware player\vmware-authd.exe |

"{D5EA8580-7EA8-4CA1-B0AC-5EB990191E3D}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe |

"{D90C7BD8-3A16-473E-A4F8-31BA7477C646}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{DAC4A184-21F7-490E-B436-359636CD080E}" = protocol=17 | dir=in | app=c:\program files\vmware\vmware player\vmware-authd.exe |

"{EDC8C290-4197-489F-8977-524DBB2D9FDF}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{FCC82816-304A-467C-9BA2-F87224F40159}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call

"{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable

"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data

"{095B1DCF-5E8B-47EC-9B18-481918A731DB}" = Microsoft Default Manager

"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE

"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger

"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime

"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup

"{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client

"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp

"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support

"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch

"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy

"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{22466889-7642-488d-AA0E-F619704CF7AB}" = DeviceDiscovery

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java 6 Update 33

"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg

"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan

"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager

"{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3

"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update

"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport

"{612F4E20-3661-4D44-AD79-823F1B613FB3}" = HP Update

"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail

"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3

"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX

"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer

"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes

"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder

"{710BF966-43C8-4216-A8EC-BC4E169FF7C1}" = MobileMe Control Panel

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour

"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide

"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01

"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01

"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)

"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support

"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard

"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager

"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad

"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A53A11EA-0095-493F-86FA-A15E8A86A405}" = VMware Player

"{A6B90148-02C5-4fd3-8D7A-EF2386835CB9}" = F4100_Help

"{A6C265BE-E2C1-483e-843D-6B4C1E912AE0}" = F4100

"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software

"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder

"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)

"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9

"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant

"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan

"{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar

"{B4509BCE-7BAD-4a8c-B1AE-4D0CE7467C42}" = F4100_doccd

"{B4F35A00-24FD-4fb3-BF5E-413D5423434D}" = DJ_AIO_Software_min

"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy

"{B935C985-A17F-484B-8470-09E4FC27DC26}" = Dell-eBay

"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter

"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)

"{C4972073-2BFE-475D-8441-564EA97DA161}" = QuickSet

"{CA50045C-5119-48e7-9BA7-6B317379857A}" = DJ_AIO_Software

"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component

"{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials

"{DA7DF8E2-4B8F-4286-97FE-DE3FFFE9B728}" = iCloud

"{E00B477F-8558-45DA-B25A-69935FB89A94}" = Dell Dock

"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm

"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)

"{E548726E-F4E8-459f-BAB8-45551BC071E9}" = DJ_AIO_ProductContext

"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox

"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer

"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform

"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE

"{F73A5B18-EB75-4B2C-B32D-9457576E2417}" = Windows Live Photo Gallery

"{FA4C2D53-205F-4245-9717-F3761154824D}" = Safari

"{FA8A44D7-3E8A-4034-9C4F-088FA6B72BC4}" = HP Deskjet All-In-One Software 9.0

"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status

"{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.10

"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com

"GoToAssist" = GoToAssist 8.0.0.514

"HP Imaging Device Functions" = HP Imaging Device Functions 9.0

"HP Photosmart Essential" = HP Photosmart Essential 2.01

"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0

"HPExtendedCapabilities" = HP Customer Participation Program 9.0

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft Security Client" = Microsoft Security Essentials

"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)

"PC Tools Firewall Plus" = PC Tools Firewall Plus 7.0

"VMware_Player" = VMware Player

"WinLiveSuite_Wave3" = Windows Live Essentials

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 7/2/2012 10:41:09 AM | Computer Name = Megan-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 7706

Error - 7/7/2012 9:18:17 AM | Computer Name = Megan-PC | Source = Application Hang | ID = 1002

Description = The program firefox.exe version 1.9.2.3855 stopped interacting with

Windows and was closed. To see if more information about the problem is available,

check the problem history in the Problem Reports and Solutions control panel. Process

ID: 1ddc Start Time: 01cd5c42dafa5c10 Termination Time: 15

Error - 7/7/2012 9:18:37 AM | Computer Name = Megan-PC | Source = Windows Search Service | ID = 3013

Description =

Error - 7/7/2012 9:18:37 AM | Computer Name = Megan-PC | Source = Windows Search Service | ID = 3013

Description =

Error - 7/16/2012 3:24:26 AM | Computer Name = Megan-PC | Source = WinMgmt | ID = 10

Description =

Error - 7/18/2012 7:40:57 PM | Computer Name = Megan-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

Error - 7/18/2012 7:40:57 PM | Computer Name = Megan-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 1045

Error - 7/18/2012 7:40:57 PM | Computer Name = Megan-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 1045

Error - 7/18/2012 7:40:58 PM | Computer Name = Megan-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

Error - 7/18/2012 7:40:58 PM | Computer Name = Megan-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 2340

[ Dell Events ]

Error - 4/23/2011 9:07:54 PM | Computer Name = Megan-PC | Source = DataSafe | ID = 17

Description = The process was interrupted before completion.

Error - 4/23/2011 9:12:29 PM | Computer Name = Megan-PC | Source = DataSafe | ID = 17

Description = The process was interrupted before completion.

Error - 4/23/2011 9:12:29 PM | Computer Name = Megan-PC | Source = DataSafe | ID = 17

Description = The process was interrupted before completion.

Error - 5/1/2011 9:00:26 AM | Computer Name = Megan-PC | Source = DataSafe | ID = 17

Description = The process was interrupted before completion.

Error - 5/1/2011 9:00:26 AM | Computer Name = Megan-PC | Source = DataSafe | ID = 17

Description = The process was interrupted before completion.

Error - 5/10/2011 9:35:17 PM | Computer Name = Megan-PC | Source = DataSafe | ID = 17

Description = The process was interrupted before completion.

Error - 5/10/2011 9:35:17 PM | Computer Name = Megan-PC | Source = DataSafe | ID = 17

Description = The process was interrupted before completion.

Error - 5/22/2011 9:02:12 AM | Computer Name = Megan-PC | Source = DataSafe | ID = 17

Description = The process was interrupted before completion.

Error - 5/22/2011 9:02:12 AM | Computer Name = Megan-PC | Source = DataSafe | ID = 17

Description = The process was interrupted before completion.

Error - 5/29/2011 10:16:54 AM | Computer Name = Megan-PC | Source = DataSafe | ID = 17

Description = The process was interrupted before completion.

[ System Events ]

Error - 8/10/2012 10:49:05 PM | Computer Name = Megan-PC | Source = Service Control Manager | ID = 7001

Description =

Error - 8/10/2012 10:49:05 PM | Computer Name = Megan-PC | Source = Service Control Manager | ID = 7001

Description =

Error - 8/11/2012 6:57:53 AM | Computer Name = Megan-PC | Source = Service Control Manager | ID = 7000

Description =

Error - 8/11/2012 6:57:53 AM | Computer Name = Megan-PC | Source = Service Control Manager | ID = 7000

Description =

Error - 8/11/2012 8:02:39 AM | Computer Name = Megan-PC | Source = Service Control Manager | ID = 7030

Description =

Error - 8/11/2012 8:20:10 AM | Computer Name = Megan-PC | Source = Service Control Manager | ID = 7000

Description =

Error - 8/11/2012 8:20:10 AM | Computer Name = Megan-PC | Source = Service Control Manager | ID = 7000

Description =

Error - 8/11/2012 1:06:53 PM | Computer Name = Megan-PC | Source = Microsoft Antimalware | ID = 2001

Description = %%860 has encountered an error trying to update signatures. New Signature

Version: Previous Signature Version: 1.131.1793.0 Update Source: %%859 Update Stage:

%%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:

NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error

code: 0x8024402c Error description: An unexpected problem occurred while checking

for updates. For information on installing or troubleshooting updates, see Help

and Support.

Error - 8/12/2012 6:27:09 PM | Computer Name = Megan-PC | Source = Microsoft Antimalware | ID = 2001

Description = %%860 has encountered an error trying to update signatures. New Signature

Version: Previous Signature Version: 1.131.1793.0 Update Source: %%859 Update Stage:

%%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:

NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error

code: 0x8024402c Error description: An unexpected problem occurred while checking

for updates. For information on installing or troubleshooting updates, see Help

and Support.

Error - 8/12/2012 6:37:55 PM | Computer Name = Megan-PC | Source = Microsoft Antimalware | ID = 2001

Description = %%860 has encountered an error trying to update signatures. New Signature

Version: Previous Signature Version: 1.131.1793.0 Update Source: %%859 Update Stage:

%%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:

NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error

code: 0x8024402c Error description: An unexpected problem occurred while checking

for updates. For information on installing or troubleshooting updates, see Help

and Support.

< End of report >

Link to post
Share on other sites

OTL logfile created on: 8/12/2012 7:51:20 PM - Run 2

OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Megan\Desktop

Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6002.18005)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.96 Gb Total Physical Memory | 1.61 Gb Available Physical Memory | 54.40% Memory free

6.14 Gb Paging File | 4.60 Gb Available in Paging File | 74.94% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 218.20 Gb Total Space | 150.88 Gb Free Space | 69.15% Space Free | Partition Type: NTFS

Drive E: | 14.65 Gb Total Space | 8.47 Gb Free Space | 57.85% Space Free | Partition Type: NTFS

Computer Name: MEGAN-PC | User Name: Megan | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/12 18:09:12 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Megan\Desktop\OTL.exe

PRC - [2012/07/09 19:38:53 | 004,777,856 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

PRC - [2012/04/04 01:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe

PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe

PRC - [2012/02/23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\ubd.exe

PRC - [2011/10/13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE

PRC - [2011/09/06 13:29:20 | 004,259,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files\Dell DataSafe Local Backup\Toaster.exe

PRC - [2011/08/18 11:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files\Dell DataSafe Local Backup\Components\scheduler\STService.exe

PRC - [2011/08/18 11:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files\Dell DataSafe Local Backup\SftService.exe

PRC - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe

PRC - [2011/08/01 13:56:48 | 000,460,096 | ---- | M] (SoftThinks - Dell) -- C:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe

PRC - [2011/01/17 19:37:40 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe

PRC - [2011/01/17 19:37:40 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin

PRC - [2010/11/11 14:31:54 | 000,334,448 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnetdhcp.exe

PRC - [2010/11/11 14:31:50 | 000,404,080 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnat.exe

PRC - [2010/11/11 14:31:36 | 000,064,112 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Player\hqtray.exe

PRC - [2010/11/11 14:30:44 | 000,113,264 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Player\vmware-authd.exe

PRC - [2010/11/11 13:31:44 | 000,539,248 | ---- | M] (VMware, Inc.) -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe

PRC - [2009/06/30 12:22:54 | 001,316,192 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DellDock.exe

PRC - [2009/06/03 15:46:38 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe

PRC - [2009/06/03 15:46:38 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe

PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2009/03/31 11:00:24 | 000,483,428 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe

PRC - [2009/03/31 11:00:18 | 000,254,042 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\stacsv.exe

PRC - [2009/03/31 11:00:04 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\AEstSrv.exe

PRC - [2009/03/31 10:18:54 | 000,049,250 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe

PRC - [2009/03/31 10:18:34 | 000,217,088 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe

PRC - [2009/03/31 10:18:32 | 000,054,568 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe

PRC - [2009/03/31 10:18:32 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe

PRC - [2009/03/26 19:26:06 | 001,735,760 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe

PRC - [2009/02/04 22:26:38 | 000,128,232 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

PRC - [2008/12/18 15:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe

PRC - [2008/06/15 07:12:20 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe

PRC - [2008/06/15 07:12:18 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

========== Modules (No Company Name) ==========

MOD - [2012/08/12 18:08:28 | 000,065,024 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll

MOD - [2012/08/12 18:08:28 | 000,052,736 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll

MOD - [2012/08/08 19:21:41 | 000,117,760 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

MOD - [2012/08/08 19:21:41 | 000,052,224 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll

MOD - [2012/06/29 03:35:41 | 015,880,192 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MenuSkinning\50862fc1a67e34ac68575172177d0c79\MenuSkinning.ni.dll

MOD - [2012/06/29 03:35:24 | 000,284,160 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\VistaBridgeLibrary\38d1ea0ba0f4f46cfbe15471d3a7cab6\VistaBridgeLibrary.ni.dll

MOD - [2012/06/29 03:35:22 | 002,571,776 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\DellDock\5f1a3141373055633a512adbdc1de974\DellDock.ni.exe

MOD - [2012/06/29 03:35:21 | 000,286,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MyDock.Util\cff67179abb35875a9f45c13118dd635\MyDock.Util.ni.dll

MOD - [2012/06/29 03:30:26 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll

MOD - [2012/06/29 03:30:17 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll

MOD - [2012/06/29 03:30:00 | 014,329,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\b6a04062fd52958bac67eece8d351b3d\PresentationFramework.ni.dll

MOD - [2012/06/29 03:29:12 | 012,219,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7dc177e80b3ad832be3922367a6517d3\PresentationCore.ni.dll

MOD - [2012/05/14 03:34:50 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f3d4d5fe5ab848fbfcf91a49960dc8ae\System.Management.ni.dll

MOD - [2012/05/14 03:34:25 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll

MOD - [2012/05/14 03:34:20 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\1b337cf9a031145849bc48c11b2cfe58\Accessibility.ni.dll

MOD - [2012/05/14 03:30:53 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll

MOD - [2012/05/14 03:30:05 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\0f2b877ed16daa577f95be735a63d19c\System.Core.ni.dll

MOD - [2012/05/14 03:30:00 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c8c3ab08933fef9fb6657da871395c46\PresentationFramework.Aero.ni.dll

MOD - [2012/05/14 03:29:28 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\54426ee1881b42af5b090e223f43823c\WindowsBase.ni.dll

MOD - [2012/05/14 03:29:21 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll

MOD - [2012/05/14 03:29:08 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll

MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2011/08/18 11:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files\Dell DataSafe Local Backup\Components\scheduler\STService.exe

MOD - [2011/01/26 14:21:32 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll

MOD - [2010/11/11 14:31:14 | 000,068,720 | ---- | M] () -- C:\Program Files\VMware\VMware Player\zlib1.dll

MOD - [2010/11/11 14:31:00 | 000,970,352 | ---- | M] () -- C:\Program Files\VMware\VMware Player\libxml2.dll

========== Win32 Services (SafeList) ==========

SRV - [2012/04/04 01:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2012/03/26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)

SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)

SRV - [2011/10/21 16:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)

SRV - [2011/10/13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)

SRV - [2011/08/18 11:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files\Dell DataSafe Local Backup\SftService.exe -- (SftService)

SRV - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)

SRV - [2011/01/24 13:23:14 | 000,286,000 | ---- | M] (PC Tools) [Auto | Stopped] -- C:\Program Files\PC Tools Firewall Plus\FWService.exe -- (PCToolsFirewallPlus)

SRV - [2010/11/11 14:31:54 | 000,334,448 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\System32\vmnetdhcp.exe -- (VMnetDHCP)

SRV - [2010/11/11 14:31:50 | 000,404,080 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\System32\vmnat.exe -- (VMware NAT Service)

SRV - [2010/11/11 14:30:44 | 000,113,264 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService)

SRV - [2010/11/11 13:31:44 | 000,539,248 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)

SRV - [2010/08/19 14:57:14 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files\VMware\VMware Player\vmware-ufad.exe -- (ufad-ws60)

SRV - [2009/09/25 15:17:20 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)

SRV - [2009/06/03 15:46:38 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter)

SRV - [2009/03/31 11:00:18 | 000,254,042 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\stacsv.exe -- (STacSV)

SRV - [2009/03/31 11:00:04 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\AEstSrv.exe -- (AESTFilters)

SRV - [2008/12/18 15:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)

SRV - [2008/06/15 07:12:20 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)

SRV - [2008/01/20 22:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Megan\AppData\Local\Temp\catchme.sys -- (catchme)

DRV - File not found [Kernel | On_Demand | Unknown] -- -- (.cdrom)

DRV - [2012/03/20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)

DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)

DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)

DRV - [2011/03/02 12:40:54 | 000,160,576 | ---- | M] (PC Tools) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PCTAppEvent.sys -- (PCTAppEvent)

DRV - [2011/01/17 09:10:26 | 000,251,560 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\Windows\System32\drivers\pctgntdi.sys -- (pctgntdi)

DRV - [2011/01/17 08:11:12 | 000,125,248 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pctplfw.sys -- (pctplfw)

DRV - [2011/01/12 10:36:22 | 000,089,472 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pctNdis-PacketFilter.sys -- (PCTFW-PacketFilter)

DRV - [2010/11/11 14:32:10 | 000,070,768 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmci.sys -- (vmci)

DRV - [2010/11/11 14:32:08 | 000,854,128 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmx86.sys -- (vmx86)

DRV - [2010/11/11 14:30:34 | 000,024,688 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VMkbd.sys -- (vmkbd)

DRV - [2010/11/11 14:29:26 | 000,026,352 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetuserif.sys -- (VMnetuserif)

DRV - [2010/11/11 13:31:28 | 000,032,368 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hcmon.sys -- (hcmon)

DRV - [2010/11/11 11:04:52 | 000,036,400 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetbridge.sys -- (VMnetBridge)

DRV - [2010/11/11 11:04:52 | 000,016,560 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vmnetadapter.sys -- (VMnetAdapter)

DRV - [2010/08/19 14:56:38 | 000,022,448 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files\VMware\VMware Player\vstor2-ws60.sys -- (vstor2-ws60)

DRV - [2010/07/08 08:49:10 | 000,057,536 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pctNdis.sys -- (pctNdisMP)

DRV - [2010/07/08 08:49:10 | 000,057,536 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pctNdis.sys -- (pctNdis)

DRV - [2009/03/31 11:00:26 | 000,398,336 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)

DRV - [2009/03/31 10:18:30 | 000,192,048 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)

DRV - [2009/02/22 08:56:52 | 000,921,600 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)

DRV - [2008/01/20 22:32:51 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)

DRV - [2006/11/02 03:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {083F93FF-AC42-45B0-ADF3-5820F0A8CA84}

IE - HKLM\..\SearchScopes\{083F93FF-AC42-45B0-ADF3-5820F0A8CA84}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&Form=DLCDF7&pc=MDDC&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\..\SearchScopes,DefaultScope = {083F93FF-AC42-45B0-ADF3-5820F0A8CA84}

IE - HKCU\..\SearchScopes\{083F93FF-AC42-45B0-ADF3-5820F0A8CA84}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&Form=DLCDF7&pc=MDDC&src={referrer:source?}

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://mail.live.com/default.aspx?wa=wsignin1.0"

FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:3.0.1.0

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - prefs.js..extensions.enabledItems: 2020Player@2020Technologies.com:4.5.2.0

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}:6.0.33

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ClickPotato@ClickPotato.tv: C:\Program Files\ClickPotato\bin\1.0.547.0\firefox\firefoxtoolbar\extensions

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/08/08 19:47:30 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/08/09 10:40:39 | 000,000,000 | ---D | M]

[2009/10/24 09:39:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Megan\AppData\Roaming\Mozilla\Extensions

[2012/08/11 07:53:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Megan\AppData\Roaming\Mozilla\Firefox\Profiles\580g3drt.default\extensions

[2012/08/09 11:01:32 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\Megan\AppData\Roaming\Mozilla\Firefox\Profiles\580g3drt.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}

[2012/08/09 11:01:29 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Megan\AppData\Roaming\Mozilla\Firefox\Profiles\580g3drt.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2011/02/13 10:32:31 | 000,000,000 | ---D | M] (20-20 3D Viewer) -- C:\Users\Megan\AppData\Roaming\Mozilla\Firefox\Profiles\580g3drt.default\extensions\2020Player@2020Technologies.com

[2012/08/08 20:00:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2011/01/26 14:19:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

[2011/02/02 18:42:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

[2012/08/08 20:00:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}

Hosts file not found

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.

O4 - HKLM..\Run: [00PCTFW] C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe (PC Tools)

O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)

O4 - HKLM..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)

O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)

O4 - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)

O4 - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)

O4 - HKLM..\Run: [VMware hqtray] C:\Program Files\VMware\VMware Player\hqtray.exe (VMware, Inc.)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKCU..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)

O4 - HKCU..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)

O4 - Startup: C:\Users\Megan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

O4 - Startup: C:\Users\Megan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\VMware\VMware Player\vsocklib.dll (VMware, Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\VMware\VMware Player\vsocklib.dll (VMware, Inc.)

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)

O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A804CD3D-8CB0-49AA-8E1E-97FD8AF24400}: DhcpNameServer = 75.75.75.75 75.75.76.76

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)

O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)

O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img19.jpg

O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img19.jpg

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

O32 - Unable to open key or key not present!

O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2004/04/30 18:01:00 | 000,000,053 | -HS- | M] () - E:\AUTORUN.INF -- [ NTFS ]

O33 - MountPoints2\{8f9a21b2-a774-11df-a09d-00256460f346}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL http://www.garmin.com/agent

O33 - MountPoints2\{bb8793c3-1fb6-11e0-b68b-00256460f346}\Shell\Auto\command - "" = D:\run.exe

O33 - MountPoints2\{bb8793c3-1fb6-11e0-b68b-00256460f346}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL D:\run.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: FastUserSwitchingCompatibility - File not found

NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)

NetSvcs: Nla - File not found

NetSvcs: Ntmssvc - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: SRService - File not found

NetSvcs: WmdmPmSp - File not found

NetSvcs: LogonHours - File not found

NetSvcs: PCAudit - File not found

NetSvcs: helpsvc - File not found

NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

Drivers32: VIDC.VMnc - C:\Windows\System32\vmnc.dll (VMware, Inc.)

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/08/12 19:48:13 | 001,051,552 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Megan\Desktop\rkill.com

[2012/08/12 18:09:11 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Megan\Desktop\OTL.exe

[2012/08/11 08:01:20 | 000,000,000 | --SD | C] -- C:\ComboFix

[2012/08/10 20:54:54 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2012/08/10 20:54:54 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2012/08/10 20:54:54 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2012/08/10 20:54:44 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012/08/10 20:54:14 | 000,000,000 | ---D | C] -- C:\Windows\erdnt

[2012/08/10 20:43:47 | 004,728,003 | R--- | C] (Swearware) -- C:\Users\Megan\Desktop\ComboFix.exe

[2012/08/09 14:42:01 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl

[2012/08/09 10:56:21 | 000,000,000 | ---D | C] -- C:\Users\Megan\AppData\Roaming\PCToolsFirewallPlus

[2012/08/09 10:49:10 | 000,218,592 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys

[2012/08/09 10:49:10 | 000,160,576 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys

[2012/08/09 10:49:03 | 000,251,560 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys

[2012/08/09 10:49:03 | 000,105,280 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys

[2012/08/09 10:48:26 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP

[2012/08/09 10:48:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Firewall Plus

[2012/08/09 10:48:20 | 000,089,472 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctNdis-PacketFilter.sys

[2012/08/09 10:48:20 | 000,057,536 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctNdis.sys

[2012/08/09 10:48:20 | 000,032,808 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctNdis-DNS.sys

[2012/08/09 10:48:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools

[2012/08/09 10:48:15 | 000,125,248 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplfw.sys

[2012/08/09 10:47:51 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Firewall Plus

[2012/08/09 10:40:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe

[2012/08/09 10:39:40 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2012/08/08 20:00:28 | 000,476,976 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\npdeployJava1.dll

[2012/08/08 20:00:27 | 000,157,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe

[2012/08/08 20:00:27 | 000,149,296 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe

[2012/08/08 20:00:27 | 000,149,296 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe

[2012/08/08 19:55:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

[2012/08/08 19:54:31 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2012/08/08 19:54:28 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2012/08/08 19:47:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime

[2012/08/08 19:46:56 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime

[2012/08/08 19:21:18 | 000,000,000 | ---D | C] -- C:\Users\Megan\AppData\Local\Google

[2012/08/08 19:21:14 | 000,000,000 | ---D | C] -- C:\Users\Megan\AppData\Roaming\SUPERAntiSpyware.com

[2012/08/08 19:21:13 | 000,000,000 | ---D | C] -- C:\Program Files\Google

[2012/08/08 19:21:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware

[2012/08/08 19:21:04 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com

[2012/08/08 19:21:04 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware

[2012/07/16 03:05:28 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

[2012/07/15 21:56:00 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll

========== Files - Modified Within 30 Days ==========

[2012/08/12 19:48:14 | 001,051,552 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Megan\Desktop\rkill.com

[2012/08/12 18:56:24 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{325325A1-D02F-418E-B8C8-FDAAC23B86F9}.job

[2012/08/12 18:09:12 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Megan\Desktop\OTL.exe

[2012/08/12 18:07:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/08/11 08:18:54 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012/08/11 08:18:53 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012/08/11 08:18:24 | 3177,574,400 | -HS- | M] () -- C:\hiberfil.sys

[2012/08/10 21:50:29 | 000,255,248 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2012/08/10 20:44:40 | 004,728,003 | R--- | M] (Swearware) -- C:\Users\Megan\Desktop\ComboFix.exe

[2012/08/09 14:42:01 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl

[2012/08/09 11:06:56 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/08/09 10:40:39 | 000,001,894 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk

[2012/08/08 20:21:09 | 000,609,536 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012/08/08 20:21:09 | 000,106,630 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012/08/08 20:00:08 | 000,157,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe

[2012/08/08 20:00:07 | 000,149,296 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe

[2012/08/08 20:00:07 | 000,149,296 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe

[2012/08/08 20:00:06 | 000,476,976 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\npdeployJava1.dll

[2012/08/08 20:00:06 | 000,472,880 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll

[2012/08/08 19:57:17 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk

[2012/08/08 19:57:17 | 000,001,854 | ---- | M] () -- C:\Users\Megan\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk

[2012/08/08 19:55:37 | 000,001,666 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

[2012/08/08 19:47:23 | 000,001,728 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk

[2012/08/08 19:44:33 | 000,001,245 | ---- | M] () -- C:\Windows\System32\mapisvc.inf

[2012/08/08 19:21:12 | 000,001,802 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk

[2012/07/25 15:28:21 | 000,024,186 | ---- | M] () -- C:\Users\Megan\Documents\Megan E1 EDIT.odt

[2012/07/25 11:10:33 | 000,018,662 | ---- | M] () -- C:\Users\Megan\Documents\cover letter for Shepherd.odt

[2012/07/25 10:35:50 | 000,013,351 | ---- | M] () -- C:\Users\Megan\Documents\list of pro references.odt

========== Files Created - No Company Name ==========

[2012/08/11 06:56:17 | 3177,574,400 | -HS- | C] () -- C:\hiberfil.sys

[2012/08/10 20:54:54 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2012/08/10 20:54:54 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2012/08/10 20:54:54 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2012/08/10 20:54:54 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2012/08/10 20:54:54 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2012/08/09 10:40:39 | 000,001,894 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk

[2012/08/09 10:40:39 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk

[2012/08/08 19:55:37 | 000,001,666 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk

[2012/08/08 19:47:23 | 000,001,728 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk

[2012/08/08 19:21:12 | 000,001,802 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk

[2012/07/25 15:28:20 | 000,024,186 | ---- | C] () -- C:\Users\Megan\Documents\Megan E1 EDIT.odt

[2012/07/25 11:10:32 | 000,018,662 | ---- | C] () -- C:\Users\Megan\Documents\cover letter for Shepherd.odt

[2012/07/25 10:35:48 | 000,013,351 | ---- | C] () -- C:\Users\Megan\Documents\list of pro references.odt

[2011/02/02 18:46:42 | 000,141,051 | ---- | C] () -- C:\Windows\hpoins14.dat

[2011/02/02 18:46:42 | 000,002,000 | ---- | C] () -- C:\Windows\hpomdl14.dat

[2011/02/02 18:10:38 | 000,140,388 | ---- | C] () -- C:\Windows\hpoins14.dat.temp

[2011/02/02 18:10:37 | 000,002,000 | ---- | C] () -- C:\Windows\hpomdl14.dat.temp

[2010/08/07 03:18:20 | 000,006,080 | ---- | C] () -- C:\Users\Megan\AppData\Local\d3d9caps.dat

[2010/04/25 15:49:45 | 000,003,584 | ---- | C] () -- C:\Users\Megan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/11/21 12:25:41 | 000,039,066 | ---- | C] () -- C:\Users\Megan\ceu registration form.pdf

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >

[2011/01/25 18:49:18 | 000,001,024 | ---- | M] () -- C:\.rnd

[2006/09/18 17:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat

[2009/04/11 02:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr

[2006/09/18 17:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys

[2009/09/25 17:51:11 | 000,003,390 | RH-- | M] () -- C:\dell.sdr

[2012/08/11 08:18:24 | 3177,574,400 | -HS- | M] () -- C:\hiberfil.sys

[2012/08/11 08:18:23 | 3493,470,208 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\*. /mp /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-07-16 07:06:24

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========

[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type

[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type

[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type

[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type

[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type

[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type

[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type

[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type

[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type

[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type

[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type

[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type

[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type

[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type

[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type

[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type

[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type

[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type

[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type

[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\History] -> Error: Cannot create file handle -> Unknown point type

[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type

[C:\Windows\System32\config\systemprofile\AppData\Local\History] -> Error: Cannot create file handle -> Unknown point type

[C:\Windows\System32\config\systemprofile\AppData\Local\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type

[C:\Windows\System32\config\systemprofile\Application Data] -> Error: Cannot create file handle -> Unknown point type

[C:\Windows\System32\config\systemprofile\Cookies] -> Error: Cannot create file handle -> Unknown point type

[C:\Windows\System32\config\systemprofile\Local Settings] -> Error: Cannot create file handle -> Unknown point type

========== Alternate Data Streams ==========

@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:C31F31E6

< End of report >

Link to post
Share on other sites

Good morning gdsimms. :)

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    :OTL
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ClickPotato@ClickPotato.tv: C:\Program Files\ClickPotato\bin\1.0.547.0\firefox\firefoxtoolbar\extensions
    :Commands
    [EmptyTemp]
    [EMPTYFLASH]
    [Reboot]
  • Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

==========

Then, please download the latest version of Kaspersky Virus Removal Tool.

  • Close all other applications and double-click and run the installer.
  • When the Kaspersky Virus Removal Tool starts, to the right of Security Level click Recommended, and select Settings.
  • In the window that opens (Autoscan), in the Scope tab place a checkmark to the left of Parse email formats.
  • Click the Additional tab and click to place a checkmark to the left of Deep scan, and click OK.
  • Select all the scanable items except for CD-ROM drives and click the Start scan button.
    6zvqld.gif
  • If malware is detected, place a checkmark in the Apply to all box, and click the Delete button (or Disinfect if the button is active).
  • After the scan finishes, if any threat remains in the Scan window (Red exclamation point), click the Neutralize all button.
  • In the window that opens, place a checkmark in the Apply to all box, and click the Delete button (or Disinfect if the button is active).
  • If advised that a special disinfection procedure is required which demands system reboot: click the Ok button to close the window.
  • In the Scan window click the Reports button and select Save to file.
  • Name the report AVPT.txt, and save it to the Desktop.
  • Close the AVPTool.
  • You will be prompted if you want to uninstall the program; click Yes.
  • You will then be prompted that to complete the uninstallation, the computer must be restarted. Select Yes to restart the system.
  • Copy and paste the first part of the report (Detected) that you saved in your next reply.

==========

In your next reply please post the following:

  • OTL fix log.
  • Report from AVP.

How is your computer currently running?

Link to post
Share on other sites

All processes killed

========== OTL ==========

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!

File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ClickPotato@ClickPotato.tv: C:\Program Files\ClickPotato\bin\1.0.547.0\firefox\firefoxtoolbar\extensions not found.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 41044 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Megan

->Temp folder emptied: 1508789138 bytes

->Temporary Internet Files folder emptied: 55892392 bytes

->Java cache emptied: 2295237 bytes

->FireFox cache emptied: 62449449 bytes

->Flash cache emptied: 131381 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 177204692 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,723.00 mb

[EMPTYFLASH]

User: All Users

User: Default

->Flash cache emptied: 0 bytes

User: Default User

->Flash cache emptied: 0 bytes

User: Megan

->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.57.0 log created on 08132012_072141

Files\Folders moved on Reboot...

C:\Windows\temp\vmware-SYSTEM\vmware-usbarb-SYSTEM-2476.log moved successfully.

PendingFileRenameOperations files...

File C:\Windows\temp\vmware-SYSTEM\vmware-usbarb-SYSTEM-2476.log not found!

Registry entries deleted on Reboot...

Link to post
Share on other sites

AVP is still running. It says it will be doen in about 8 hours. As far as how it is running now, I haven't really used it other than to run these scans and stuff. But it does already seem to be running smoother. I really thank you fro your help. I'll post the report once AVP is done.

Link to post
Share on other sites

Good evening gdsimms. :)

Please delete your current copy of ComboFix. Then, please follow these instructions to run ComboFix.exe. Please visit this webpage for download links and instructions for running this tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix (CF).

Please go here to see a list of programs that need to be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall.**

**Note 2: If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.**

Please include the C:\ComboFix.txt in your next reply for further review. What issues remain on your computer?

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.