Jump to content

Infected with exploit.pdf-js.gen (v), MBAM not detecting


Daria

Recommended Posts

Hello,

I am infected with exploit.pdf-js.gen (opens a PDF randomly with a big block of text) and AdAware picked it up in a scan. I quarantined and deleted the file but it appears to be back.

I ran Malwarebytes in both normal and safe modes. I have the most updated version (1.50) but it doesn't seem to pick it up.

I've disabled System Restore and deleted any files I've downloaded in the last two days.

Please find attached my hijackthis log. Please help!

Thanks!

hijackthis.log

Link to post
Share on other sites

Hi Kahdah,

Thanks for the welcome.

Yes, AdAware found that lib.pdf was infected on the first day (two days ago) so I manually deleted the file. The next day, lib.pdf was gone but all.pdf came back. I manually deleted that from the Appdata\Local\Temp file as well.

Link to post
Share on other sites

Ok please do the following:

=====================

  • Download OTL to your desktop.
  • Double click on OTL to run it.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

====================

Download This file. Note its name and save it to your root folder, such as C:\.

  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "Yes" to begin the scan.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.

Link to post
Share on other sites

Hi Kahdah,

Here's the OTL.txt report:

OTL logfile created on: 12/14/2010 10:04:12 PM - Run 1

OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Daria\Desktop

An unknown product (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 31.00% Memory free

4.00 Gb Paging File | 2.00 Gb Available in Paging File | 61.00% Paging File free

Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 223.92 Gb Total Space | 149.63 Gb Free Space | 66.82% Space Free | Partition Type: NTFS

Computer Name: DARIA-GRAPE | User Name: Daria | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Daria\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)

PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)

PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG10\avgnsx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG10\avgemcx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG10\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

PRC - C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)

PRC - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)

PRC - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.)

PRC - C:\Program Files\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)

PRC - C:\Program Files\Hotspot Shield\bin\openvpntray.exe ()

PRC - C:\Program Files\Hotspot Shield\bin\openvpnas.exe ()

PRC - C:\Program Files\Hotspot Shield\bin\hsswd.exe ()

PRC - C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe (COMODO)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Windows\RTKAUDIOSERVICE.EXE (Realtek Semiconductor)

PRC - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)

PRC - C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation)

PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)

PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)

========== Modules (SafeList) ==========

MOD - C:\Users\Daria\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\Windows\System32\guard32.dll (COMODO)

MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)

MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)

MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)

MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)

MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)

MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)

MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)

MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)

MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)

SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)

SRV - (avgwd) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

SRV - (cmdAgent) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)

SRV - (HssSrv) -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.)

SRV - (HssTrayService) -- C:\Program Files\Hotspot Shield\bin\HssTrayService.exe ()

SRV - (HotspotShieldService) -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe ()

SRV - (HssWd) -- C:\Program Files\Hotspot Shield\bin\hsswd.exe ()

SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)

SRV - (aspnet_state) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe (Microsoft Corporation)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (NetTcpPortSharing) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation)

SRV - (NetTcpActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation)

SRV - (NetPipeActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation)

SRV - (NetMsmqActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation)

SRV - (Samsung UPD Service) -- C:\Windows\System32\SUPDSvc.exe (Samsung Electronics CO., LTD.)

SRV - (CLPSLS) -- C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe (COMODO)

SRV - (RtkAudioService) -- C:\Windows\RTKAUDIOSERVICE.EXE (Realtek Semiconductor)

SRV - (VAIO Event Service) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)

SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)

SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)

SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)

SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)

SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)

SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)

SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)

SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)

SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)

SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)

SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)

SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)

SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)

SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)

SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)

SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)

SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)

SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)

SRV - (AxInstSV) ActiveX Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)

SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)

SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)

SRV - (Roxio Upnp Server 10) -- C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe (Sonic Solutions)

SRV - (Roxio UPnP Renderer 10) -- C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe (Sonic Solutions)

========== Driver Services (SafeList) ==========

DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)

DRV - (Avgtdix) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)

DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys ()

DRV - (inspect) -- C:\Windows\System32\drivers\inspect.sys (COMODO)

DRV - (cmdHlp) -- C:\Windows\System32\drivers\cmdhlp.sys (COMODO)

DRV - (cmdGuard) -- C:\Windows\System32\drivers\cmdGuard.sys (COMODO)

DRV - (HssDrv) -- C:\Windows\System32\drivers\hssdrv.sys (AnchorFree Inc.)

DRV - (AVGIDSEH) -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys (AVG Technologies CZ, s.r.o. )

DRV - (Avgmfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (Avgldx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (Avgrkx86) -- C:\Windows\system32\DRIVERS\avgrkx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (AVGIDSDriver) -- C:\Windows\System32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )

DRV - (AVGIDSFilter) -- C:\Windows\System32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )

DRV - (AVGIDSShim) -- C:\Windows\System32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )

DRV - (taphss) -- C:\Windows\System32\drivers\taphss.sys (AnchorFree Inc)

DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)

DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)

DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)

DRV - (SFEP) -- C:\Windows\System32\drivers\SFEP.sys (Sony Corporation)

DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)

DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)

DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)

DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)

DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)

DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)

DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)

DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)

DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)

DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)

DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)

DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)

DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)

DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)

DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)

DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)

DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)

DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)

DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)

DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)

DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)

DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)

DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)

DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)

DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)

DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)

DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)

DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)

DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)

DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)

DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)

DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)

DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)

DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)

DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)

DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)

DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)

DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)

DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)

DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)

DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)

DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)

DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)

DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation)

DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)

DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)

DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)

DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)

DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)

DRV - (1394ohci) -- C:\Windows\System32\drivers\1394ohci.sys (Microsoft Corporation)

DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)

DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)

DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)

DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)

DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)

DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)

DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)

DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)

DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)

DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)

DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)

DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)

DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)

DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)

DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)

DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)

DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)

DRV - (SrvHsfV92) -- C:\Windows\System32\drivers\VSTDPV3.SYS (Conexant Systems, Inc.)

DRV - (SrvHsfWinac) -- C:\Windows\System32\drivers\VSTCNXT3.SYS (Conexant Systems, Inc.)

DRV - (SrvHsfHDA) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.)

DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys (Marvell)

DRV - (netw5v32) Intel® -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation)

DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)

DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)

DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)

DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)

DRV - (DgiVecp) -- C:\Windows\System32\drivers\DGIVECP.SYS (Samsung Electronics Co., Ltd.)

DRV - (SSPORT) -- C:\Windows\System32\drivers\SSPORT.SYS (Samsung Electronics)

DRV - (ti21sony) -- C:\Windows\System32\drivers\ti21sony.sys (Texas Instruments)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?lang=en-ca&OCID=iehp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C2 7E 14 0E A8 74 CB 01 [binary data]

IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.hotmail.com"

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..extensions.enabledItems: en-CA@dictionaries.addons.mozilla.org:1.1.6

FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1167

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.52

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.13

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2010/11/25 09:43:09 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/09 22:18:30 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/09 22:18:30 | 000,000,000 | ---D | M]

[2010/10/06 21:51:49 | 000,000,000 | ---D | M] -- C:\Users\Daria\AppData\Roaming\mozilla\Extensions

[2010/10/06 21:51:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daria\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}

[2010/03/12 23:17:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daria\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2010/03/14 11:52:08 | 000,000,000 | ---D | M] -- C:\Users\Daria\AppData\Roaming\mozilla\Extensions\celtx@celtx.com

[2010/12/14 21:52:40 | 000,000,000 | ---D | M] -- C:\Users\Daria\AppData\Roaming\mozilla\Firefox\Profiles\xtp13i5r.default\extensions

[2010/12/13 10:12:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daria\AppData\Roaming\mozilla\Firefox\Profiles\xtp13i5r.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}

[2010/12/12 18:34:02 | 000,000,000 | ---D | M] -- C:\Users\Daria\AppData\Roaming\mozilla\Firefox\Profiles\xtp13i5r.default\extensions\anttoolbar@ant.com

[2010/09/07 20:25:55 | 000,000,000 | ---D | M] -- C:\Users\Daria\AppData\Roaming\mozilla\Firefox\Profiles\xtp13i5r.default\extensions\en-CA@dictionaries.addons.mozilla.org

[2010/10/24 12:41:20 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2010/12/09 22:18:30 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2010/06/06 15:40:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2010/08/23 22:45:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

[2010/10/24 12:41:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

[2010/12/09 22:18:26 | 000,025,048 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll

[2010/12/09 22:18:26 | 000,140,248 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll

[2007/06/21 17:38:52 | 000,030,280 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\cgpcfg.dll

[2007/06/21 17:38:54 | 000,079,432 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\CgpCore.dll

[2007/06/21 17:38:56 | 000,071,240 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\confmgr.dll

[2007/06/21 17:38:58 | 000,140,872 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\ctxmui.dll

[2007/06/21 17:39:14 | 000,038,472 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\icafile.dll

[2007/06/21 17:39:16 | 000,046,664 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\icalogon.dll

[2007/06/21 17:39:18 | 000,034,376 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\logging.dll

[2007/04/10 17:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll

[2010/09/15 03:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

[2010/09/14 19:25:20 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

[2007/06/21 17:39:34 | 000,325,200 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npicaN.dll

[2010/12/09 22:18:29 | 000,066,520 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll

[2006/10/26 19:12:16 | 000,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL

[2010/11/06 11:37:34 | 000,103,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll

[2010/12/09 18:11:50 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll

[2010/12/09 18:11:51 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll

[2010/12/09 18:11:51 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll

[2010/12/09 18:11:51 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll

[2010/12/09 18:11:51 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll

[2010/12/09 18:11:51 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll

[2010/12/09 18:11:51 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll

[2007/06/21 17:39:58 | 000,685,640 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\sslsdk_b.dll

[2007/06/21 17:40:02 | 000,030,280 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\TcpPServ.dll

[2010/01/15 19:55:13 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml

[2010/01/15 19:55:13 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml

[2010/01/15 19:55:13 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml

[2010/01/15 19:55:13 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml

[2010/01/15 19:55:13 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml

[2010/01/15 19:55:13 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml

[2010/01/15 19:55:13 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml

[2010/01/15 19:55:13 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2009/06/10 16:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)

O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)

O4 - HKLM..\Run: [igfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)

O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)

O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)

O4 - HKCU..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)

O4 - HKCU..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_22)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)

O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (livessp) - C:\Windows\System32\livessp.dll (Microsoft Corp.)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()

O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)

O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/12/14 22:01:48 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Daria\Desktop\OTL.exe

[2010/12/14 10:17:15 | 000,000,000 | ---D | C] -- C:\Users\Daria\Desktop\Soap Opera Dash

[2010/12/13 11:54:11 | 000,000,000 | ---D | C] -- C:\Users\Daria\AppData\Local\Adobe

[2010/12/13 11:05:40 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Daria\Desktop\HijackThis.exe

[2010/12/13 11:04:15 | 000,000,000 | ---D | C] -- C:\Qoobox

[2010/12/13 11:03:32 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW

[2010/12/13 10:30:41 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2010/12/13 10:30:37 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2010/12/13 10:12:33 | 000,000,000 | ---D | C] -- C:\Users\Daria\AppData\Roaming\QuickScan

[2010/12/13 10:05:53 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Users\Daria\Desktop\ATF-Cleaner.exe

[2010/12/13 00:28:32 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner

[2010/12/11 09:25:02 | 000,000,000 | -H-D | C] -- C:\ProgramData\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}

[2010/12/11 09:23:50 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2010/12/09 18:11:12 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime

[2010/11/29 17:38:30 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\Windows\System32\QuickTimeVR.qtx

[2010/11/29 17:38:30 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\Windows\System32\QuickTime.qts

[2010/11/25 12:43:38 | 000,000,000 | ---D | C] -- C:\Users\Daria\AppData\Local\SKIDROW

[2010/11/17 20:47:30 | 000,000,000 | --SD | C] -- C:\Users\Daria\Documents\My Data Sources

[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

[1 C:\Users\Daria\Documents\*.tmp files -> C:\Users\Daria\Documents\*.tmp -> ]

[1 C:\Users\Daria\Desktop\*.tmp files -> C:\Users\Daria\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/12/14 22:02:18 | 000,296,448 | ---- | M] () -- C:\Users\Daria\Desktop\50jjusc7.exe

[2010/12/14 22:01:51 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Daria\Desktop\OTL.exe

[2010/12/14 21:56:20 | 101,826,508 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm

[2010/12/14 21:52:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010/12/14 09:16:56 | 000,013,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2010/12/14 09:16:56 | 000,013,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2010/12/14 09:08:45 | 1603,084,288 | -HS- | M] () -- C:\hiberfil.sys

[2010/12/14 00:15:46 | 000,007,609 | ---- | M] () -- C:\Users\Daria\AppData\Local\resmon.resmoncfg

[2010/12/13 22:48:11 | 000,000,315 | ---- | M] () -- C:\Users\Daria\Desktop\CHUCK.HTML

[2010/12/13 18:09:14 | 000,031,835 | ---- | M] () -- C:\Users\Daria\Desktop\gmer.zip

[2010/12/13 13:47:05 | 000,624,128 | ---- | M] () -- C:\Users\Daria\Desktop\dds.scr

[2010/12/13 11:05:43 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Daria\Desktop\HijackThis.exe

[2010/12/13 11:00:47 | 003,989,152 | R--- | M] () -- C:\Users\Daria\Desktop\ComboFix.exe

[2010/12/13 10:30:41 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/12/13 10:05:55 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Users\Daria\Desktop\ATF-Cleaner.exe

[2010/12/13 00:28:34 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2010/12/11 09:24:57 | 000,001,124 | ---- | M] () -- C:\Users\Daria\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk

[2010/12/11 09:24:57 | 000,001,100 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk

[2010/12/09 22:17:06 | 000,673,308 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2010/12/09 22:17:06 | 000,129,166 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2010/12/03 04:05:34 | 000,064,288 | ---- | M] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys

[2010/12/03 04:05:33 | 000,015,880 | ---- | M] () -- C:\Windows\System32\lsdelete.exe

[2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2010/11/29 17:38:30 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\Windows\System32\QuickTimeVR.qtx

[2010/11/29 17:38:30 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\Windows\System32\QuickTime.qts

[2010/11/25 09:43:37 | 000,000,923 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk

[2010/11/19 21:08:49 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk

[2010/11/14 22:41:07 | 000,007,387 | -HS- | M] () -- C:\Users\Daria\Desktop\Folder.jpg

[2010/11/14 22:41:07 | 000,007,387 | -HS- | M] () -- C:\Users\Daria\Desktop\AlbumArt_{CA948D95-AE39-4FE0-BBE4-B3E9F0D8ECE7}_Large.jpg

[2010/11/14 22:41:07 | 000,001,939 | -HS- | M] () -- C:\Users\Daria\Desktop\AlbumArtSmall.jpg

[2010/11/14 22:41:07 | 000,001,939 | -HS- | M] () -- C:\Users\Daria\Desktop\AlbumArt_{CA948D95-AE39-4FE0-BBE4-B3E9F0D8ECE7}_Small.jpg

[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

[1 C:\Users\Daria\Documents\*.tmp files -> C:\Users\Daria\Documents\*.tmp -> ]

[1 C:\Users\Daria\Desktop\*.tmp files -> C:\Users\Daria\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/12/14 22:02:17 | 000,296,448 | ---- | C] () -- C:\Users\Daria\Desktop\50jjusc7.exe

[2010/12/13 18:09:14 | 000,031,835 | ---- | C] () -- C:\Users\Daria\Desktop\gmer.zip

[2010/12/13 13:47:57 | 000,296,448 | ---- | C] () -- C:\Users\Daria\Desktop\gmer.exe

[2010/12/13 13:47:04 | 000,624,128 | ---- | C] () -- C:\Users\Daria\Desktop\dds.scr

[2010/12/13 11:00:46 | 003,989,152 | R--- | C] () -- C:\Users\Daria\Desktop\ComboFix.exe

[2010/12/13 10:30:41 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/12/13 00:28:34 | 000,000,969 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2010/12/11 09:24:57 | 000,001,124 | ---- | C] () -- C:\Users\Daria\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk

[2010/12/11 09:24:57 | 000,001,100 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk

[2010/12/03 19:01:04 | 000,000,315 | ---- | C] () -- C:\Users\Daria\Desktop\CHUCK.HTML

[2010/11/19 21:08:49 | 000,001,984 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk

[2010/11/14 22:41:07 | 000,007,387 | -HS- | C] () -- C:\Users\Daria\Desktop\Folder.jpg

[2010/11/14 22:41:07 | 000,007,387 | -HS- | C] () -- C:\Users\Daria\Desktop\AlbumArt_{CA948D95-AE39-4FE0-BBE4-B3E9F0D8ECE7}_Large.jpg

[2010/11/14 22:41:07 | 000,001,939 | -HS- | C] () -- C:\Users\Daria\Desktop\AlbumArtSmall.jpg

[2010/11/14 22:41:07 | 000,001,939 | -HS- | C] () -- C:\Users\Daria\Desktop\AlbumArt_{CA948D95-AE39-4FE0-BBE4-B3E9F0D8ECE7}_Small.jpg

[2010/10/24 12:49:17 | 000,007,609 | ---- | C] () -- C:\Users\Daria\AppData\Local\resmon.resmoncfg

[2010/06/07 16:41:30 | 000,003,584 | ---- | C] () -- C:\Users\Daria\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/05/24 11:42:35 | 000,000,093 | ---- | C] () -- C:\Users\Daria\AppData\Local\fusioncache.dat

[2010/05/20 17:28:56 | 000,004,096 | -H-- | C] () -- C:\Users\Daria\AppData\Local\keyfile3.drm

[2010/04/06 19:33:50 | 000,282,624 | ---- | C] () -- C:\Windows\System32\DscPnt.dll

[2010/04/06 19:33:50 | 000,026,624 | ---- | C] () -- C:\Windows\System32\spd__l.dll

[2010/03/26 17:55:55 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll

[2010/03/21 16:28:46 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll

[2010/03/13 15:57:25 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll

[2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll

[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll

========== LOP Check ==========

[2010/05/23 13:44:49 | 000,000,000 | ---D | M] -- C:\Users\Daria\AppData\Roaming\Audacity

[2010/10/17 16:50:20 | 000,000,000 | ---D | M] -- C:\Users\Daria\AppData\Roaming\AVG10

[2010/03/31 18:38:02 | 000,000,000 | ---D | M] -- C:\Users\Daria\AppData\Roaming\Big Fish Games

[2010/09/14 19:26:50 | 000,000,000 | ---D | M] -- C:\Users\Daria\AppData\Roaming\Foxit Software

[2010/06/20 15:06:00 | 000,000,000 | ---D | M] -- C:\Users\Daria\AppData\Roaming\Fugazo

[2010/07/29 17:21:57 | 000,000,000 | ---D | M] -- C:\Users\Daria\AppData\Roaming\Gamers Digital

[2010/05/14 17:01:56 | 000,000,000 | ---D | M] -- C:\Users\Daria\AppData\Roaming\GamesCafe

[2010/03/14 11:52:01 | 000,000,000 | ---D | M] -- C:\Users\Daria\AppData\Roaming\Greyfirst

[2010/05/01 14:29:58 | 000,000,000 | ---D | M] -- C:\Users\Daria\AppData\Roaming\Happyville__

[2010/06/20 18:59:28 | 000,000,000 | ---D | M] -- C:\Users\Daria\AppData\Roaming\Hotdog Hotshot

[2010/08/18 09:43:26 | 000,000,000 | ---D | M] -- C:\Users\Daria\AppData\Roaming\ICAClient

[2010/11/13 23:22:42 | 000,000,000 | ---D | M] -- C:\Users\Daria\AppData\Roaming\PlayFirst

[2010/12/13 10:21:28 | 000,000,000 | ---D | M] -- C:\Users\Daria\AppData\Roaming\QuickScan

[2010/07/25 21:56:25 | 000,000,000 | ---D | M] -- C:\Users\Daria\AppData\Roaming\RenPy

[2010/08/20 22:55:51 | 000,000,000 | ---D | M] -- C:\Users\Daria\AppData\Roaming\Softland

[2010/10/06 21:51:48 | 000,000,000 | ---D | M] -- C:\Users\Daria\AppData\Roaming\Thunderbird

[2010/12/12 20:10:39 | 000,032,576 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Files - Unicode (All) ==========

[2010/06/02 20:40:02 | 000,012,083 | ---- | M] ()(C:\Users\Daria\Documents\?????.docx) -- C:\Users\Daria\Documents\?????.docx

[2010/06/02 20:40:01 | 000,012,083 | ---- | C] ()(C:\Users\Daria\Documents\?????.docx) -- C:\Users\Daria\Documents\?????.docx

========== Alternate Data Streams ==========

@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:04BB186B

@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:D26B6B0A

< End of report >

Link to post
Share on other sites

This is the Extras.txt report:

OTL Extras logfile created on: 12/14/2010 10:04:12 PM - Run 1

OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Daria\Desktop

An unknown product (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 31.00% Memory free

4.00 Gb Paging File | 2.00 Gb Available in Paging File | 61.00% Paging File free

Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 223.92 Gb Total Space | 149.63 Gb Free Space | 66.82% Space Free | Partition Type: NTFS

Computer Name: DARIA-GRAPE | User Name: Daria | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data

"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{15D5C238-4C2E-4AEA-A66D-D6989A4C586B}" = VAIO Launcher

"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.5.7

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java 6 Update 22

"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support

"{377B2121-65F6-4C5F-998F-5284DEF41F3E}" = COMODO livePCsupport

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform

"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Easy Media Creator 10 LJ

"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime

"{5AD96CF5-2627-4F29-9D2D-72FCD85F6355}" = AVG 2011

"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053

"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant

"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack

"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio

"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0015-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_ULTIMATER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_ULTIMATER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_ULTIMATER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007

"{90120000-0044-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_ULTIMATER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs

"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007

"{90120000-00BA-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007

"{90120000-0114-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_ULTIMATER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010

"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010

"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010

"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010

"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010

"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010

"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010

"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010

"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010

"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010

"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010

"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010

"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010

"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010

"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010

"{91120000-002E-0000-0000-0000000FF1CE}" = Microsoft Office Ultimate 2007

"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{A23061AF-5361-433C-B7F0-CE5F79A22C49}" = AVG 2011

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1

"{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9

"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0

"{B2B30EC0-FB6A-43BB-9B38-0C3B32D75B40}_is1" = Sony Download Taxi 1.5.0.0

"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy

"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CC6B1BB4-4E06-4A5B-A166-B371B551324B}" = COMODO Internet Security

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E8843212-F0FC-4C3B-BFF3-D51829CB4F19}" = iTunes

"{E89956F9-5B89-470E-818D-BD46102D0A01}" = Citrix Presentation Server Client

"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger

"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core

"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support

"{F0E2B312-D7FD-4349-A9B6-E90B36DB1BD0}" = Paint.NET v3.5.5

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)

"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"{FE51662F-D8F6-43B5-99D9-D4894AF00F83}" = Roxio Easy Media Creator Home

"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour

"7-Zip" = 7-Zip 4.65

"Ad-Aware" = Ad-Aware

"Adobe AIR" = Adobe AIR

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.11 (Unicode)

"Audacity_is1" = Audacity 1.2.6

"AVG" = AVG 2011

"CCleaner" = CCleaner

"Celtx (2.7)" = Celtx (2.7)

"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com

"Digital Editions" = Adobe Digital Editions

"Discover-a-Dish" = Discover-a-Dish

Link to post
Share on other sites

Yes that is fine.

* Go here to run an online scannner from ESET.

  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Check next options: Remove found threats and Scan inside archives.
  • Click Scan
  • Wait for the scan to finish
  • Click on the option that says Export to text file.
  • Save it to your desktop and post the contents here in your next reply.
  • Once the log is saved click the option to delete quarantined threats and Uninstall application on close.

Link to post
Share on other sites

Man, that's a long scan but well worth it. I'm surprised how much it picked up compared to my normal antivirus software.

Here are the results:

C:\Program Files\Hotspot Shield\bin\openvpnas.exe a variant of Win32/HotSpotShield application cleaned by deleting (after the next restart) - quarantined

C:\Users\Daria\AppData\Local\Temp\NODAC73.tmp a variant of Win32/HotSpotShield application cleaned by deleting - quarantined

C:\Users\Daria\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\30feb821-1bcc5d04 multiple threats deleted - quarantined

C:\Users\Daria\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\2b8379a9-30c9a213 probably a variant of Win32/Agent.FXHNPDJ trojan deleted - quarantined

C:\Users\Daria\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\556445eb-1216fcd7 probably a variant of Win32/Agent.DYXWUMY trojan deleted - quarantined

C:\Users\Daria\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\5473416c-3656b8b4 multiple threats deleted - quarantined

C:\Users\Daria\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\1eff1eb1-125c72e8 Java/TrojanDownloader.Agent.NBL trojan deleted - quarantined

C:\Users\Daria\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\31bba1f4-5b8bd794 probably a variant of Win32/Agent.DYXWUMY trojan deleted - quarantined

Does that mean I'm in the clear?

Link to post
Share on other sites

Great and you are welcome :)

======Next======

  • Double click on OTL to run it.
  • Click on the Cleanup button at the top.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.
  • This will remove itself and other tools we may have used.

======================Clear out infected System Restore points======================

Then we need to reset your System Restore points.

The link below shows how to do this.

How to Turn On and Turn Off System Restore in Windows XP

http://support.microsoft.com/kb/310405/en-us

If you are using Vista then see this link: http://www.bleepingcomputer.com/tutorials/...143.html#manual

Delete\uninstall anything else that we have used that is leftover.

After that your all set.

===The following are some articles and a Windows Update link that I like to suggest to people to prevent malware and general PC maintenance===

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

Prevention article Some great guidelines to follow to prevent future infections please read the Prevention artice by Miekiemoes.

How did I get infected in the first place? Also this one by Tony Klein.

If your computer is slow Things you can do if your computer is slow.

PC Safety and Security - What Do I Need? Security suggestions and general hints and tips for PC security.

File sharing program dangers Reasons to stay away from File sharing programs for ex: BitTorrent,Limewire,Kazaa,emule,Utorrent etc...

===Free antimalware tools used for on demand scanning and cleaning no real time unless purchased===

Malwarebytes Antimalware

superantispyware

===Free antivirus links===

This is antivirus and antispyware.

Microsoft Security Essentials

This is free antispyware protection and Antivirus protection.

AVG free

This is just antivirus protection.

Antivir

This is antivirus and antispyware protection.

Avast

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.