# HJT host file redirect warning



## nettyiam (Jan 27, 2004)

Dell Dimension E510 Internet Explorer8 WinXP Yahoo browser

_I know there are posts on this problem but the one posted by the old coot states that the response if for his computer only._ Really would appreciate an answer whether I can use the help on his page or if you will help me also.
As always, many thanks to all you mods...Netty

My computer is doing some strange things (slow loading, pages jumping, OE not letting me write email unless I close the main page) so I ran the HJT (attached) . Before it actually did the report, I got the HJT host file redirect warning at the top in red. 
Did little on line checking & found I should check my HJT on host file it came up with this:

# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost
.......................................................................................................................
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:26:15 PM, on 1/2/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {000F1EA4-5E08-4564-A29B-29076F63A37A} (SOE Web Installer) - http://launch.soe.com/plugin/web/SOEWebInstaller.cab
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} (Bitdefender QuickScan Control) - http://quickscan.bitdefender.com/qsax/qsax.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1272917492281
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
O16 - DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} (P3DActiveX Control) - http://panda-plugin.disney.go.com/plugin/win32/p3dactivex.cab
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: BitDefender Update Server v2 (Update Server) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe
O23 - Service: BitDefender Desktop Update Service (UPDATESRV) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe

--
End of file - 4517 bytes


----------



## Cookiegal (Aug 27, 2003)

That's an old version of HijackThis. Please uninstall it and get the latest version, as follows:

Please go * here* to download *HijackThis*.

Click on the button that says *Download Now EXE Version* and save the *HijackThis.exe* file to your desktop.
Double-click the * HijackThis.exe* file on your desktop to launch the program. If you get a security warning asking if you want to run this software because the publisher couldn't be verified click on Run to allow it.
Click on the *Scan* button. The scan will not take long and when it's finished the resulting log will open automatically in Notepad.
Click on the *Save log* button and save the log file to your desktop. Copy and paste the contents of the log in your post.
*Please do not fix anything with HijackThis unless you are instructed to do so. Most of what appears in the log will be harmless and/or necessary.*

Please download DDS by sUBs to your desktop from the following location:

http://download.bleepingcomputer.com/sUBs/dds.scr

Double-click the *dds.scr* file to run the program.

It will automatically run in silent mode and then you will see the following note:

*"Two logs shall be created n your Desktop".*

The logs will be named *dds.txt* and *attach.txt*.

Wait until the logs appear and then copy and paste their contents in your post.


----------



## nettyiam (Jan 27, 2004)

Thank you for your prompt reply, I hope this is correct.

Logfile of *Trend Micro HijackThis v2.0.4*
Scan saved at 6:59:50 PM, on 1/3/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Betty\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {000F1EA4-5E08-4564-A29B-29076F63A37A} (SOE Web Installer) - http://launch.soe.com/plugin/web/SOEWebInstaller.cab
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} (Bitdefender QuickScan Control) - http://quickscan.bitdefender.com/qsax/qsax.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1272917492281
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
O16 - DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} (P3DActiveX Control) - http://panda-plugin.disney.go.com/plugin/win32/p3dactivex.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: BitDefender Update Server v2 (Update Server) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe
O23 - Service: BitDefender Desktop Update Service (UPDATESRV) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe

--
End of file - 4582 bytes
...............................................................
*DDS (Ver_2012-11-20.01)* - NTFS_x86 
Internet Explorer: 8.0.6001.18702
Run by Betty at 19:04:51 on 2013-01-03
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.2791 [GMT -6:00]
.
AV: Bitdefender Antivirus *Enabled/Updated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: Bitdefender Firewall *Enabled* 
.
============== Running Processes ================
.
C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Betty\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Betty\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Betty\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://my.yahoo.com/
uInternet Connection Wizard,ShellNext = hxxp://www.dell.com/
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [BDAgent] "c:\program files\bitdefender\bitdefender 2012\bdagent.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
DPF: {000F1EA4-5E08-4564-A29B-29076F63A37A} - hxxp://launch.soe.com/plugin/web/SOEWebInstaller.cab
DPF: {15B782AF-55D8-11D1-B477-006097098764} - hxxp://download.macromedia.com/pub/shockwave/cabs/authorware/awswaxf.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1272917492281
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} - hxxp://panda-plugin.disney.go.com/plugin/win32/p3dactivex.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{54E9D73F-CE01-45E4-8FD1-2E7C146127F6} : DHCPNameServer = 209.18.47.61 209.18.47.62
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\betty\application data\mozilla\firefox\profiles\0xgy5skh.default\
FF - prefs.js: browser.startup.homepage - hxxp://myyahoo.com/
FF - component: c:\program files\bitdefender\bitdefender 2011\bdaphffext\components\bdaphff3.6.dll
FF - component: c:\program files\bitdefender\bitdefender 2011\bdaphffext\components\bdaphff3.dll
FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\windows\downloaded program files\npsoe.dll
.
============= SERVICES / DRIVERS ===============
.
R0 avc3;avc3;c:\windows\system32\drivers\avc3.sys [2012-3-20 622616]
R1 BDVEDISK;BDVEDISK;c:\windows\system32\drivers\bdvedisk.sys [2010-1-19 85128]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2011-8-11 116608]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 UPDATESRV;BitDefender Desktop Update Service;c:\program files\bitdefender\bitdefender 2012\updatesrv.exe [2012-3-13 55032]
R3 avchv;avchv Function Driver;c:\windows\system32\drivers\avchv.sys [2011-11-25 242504]
R3 avckf;avckf;c:\windows\system32\drivers\avckf.sys [2012-2-17 481464]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf.sys [2011-11-14 116248]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 bdsandbox;bdsandbox;c:\windows\system32\drivers\bdsandbox.sys [2011-11-17 63056]
S3 Update Server;BitDefender Update Server v2;c:\program files\common files\bitdefender\bitdefender arrakis server\bin\arrakis3.exe [2011-10-14 307544]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2013-01-01 18:15:25	1409	----a-w-	c:\windows\QTFont.for
2013-01-01 01:59:04	--------	d-----w-	c:\program files\Conduit
2013-01-01 01:59:02	--------	d-----w-	c:\documents and settings\betty\local settings\application data\Conduit
2012-12-28 18:54:25	63833	----a-w-	c:\documents and settings\all users\application data\1356720840.bdinstall.bin
2012-12-22 15:25:51	102000	----a-w-	c:\documents and settings\all users\application data\1356189869.bdinstall.bin
.
==================== Find3M ====================
.
2012-12-16 12:23:59	290560	----a-w-	c:\windows\system32\atmfd.dll
2012-12-14 22:49:28	21104	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-12-12 23:28:33	622616	----a-w-	c:\windows\system32\drivers\avc3.sys
2012-12-12 23:27:49	481464	----a-w-	c:\windows\system32\drivers\avckf.sys
2012-12-12 23:27:36	242504	----a-w-	c:\windows\system32\drivers\avchv.sys
2012-12-12 01:08:14	73656	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-12 01:08:14	697272	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-11-13 01:25:12	1866368	----a-w-	c:\windows\system32\win32k.sys
2012-11-02 02:02:42	375296	----a-w-	c:\windows\system32\dpnet.dll
2010-03-30 00:40:20	100256	----a-w-	c:\program files\common files\LinkInstaller.exe
2004-09-10 18:40:38	75264	----a-w-	c:\program files\DECCHECK.exe
.
============= FINISH: 19:05:31.03 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 4/16/2010 9:51:54 AM
System Uptime: 1/3/2013 4:31:11 PM (3 hours ago)
.
Motherboard: Dell Inc. | | 0HJ054
Processor: Intel(R) Pentium(R) D CPU 3.20GHz | Microprocessor | 3192/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 227 GiB total, 194.966 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP791: 10/6/2012 8:49:31 AM - System Checkpoint
RP792: 10/7/2012 11:22:57 AM - System Checkpoint
RP793: 10/12/2012 8:22:31 AM - System Checkpoint
RP794: 10/13/2012 9:04:39 AM - System Checkpoint
RP795: 10/14/2012 9:25:18 AM - System Checkpoint
RP796: 10/16/2012 4:53:07 PM - System Checkpoint
RP797: 10/16/2012 5:12:12 PM - Software Distribution Service 3.0
RP798: 10/17/2012 5:12:45 PM - System Checkpoint
RP799: 10/18/2012 7:39:08 PM - System Checkpoint
RP800: 10/20/2012 2:27:24 PM - System Checkpoint
RP801: 10/21/2012 9:38:15 AM - Software Distribution Service 3.0
RP802: 10/22/2012 4:50:36 PM - System Checkpoint
RP803: 10/24/2012 7:13:00 PM - System Checkpoint
RP804: 10/26/2012 10:01:23 AM - System Checkpoint
RP805: 10/27/2012 11:01:36 AM - System Checkpoint
RP806: 10/28/2012 3:04:47 PM - System Checkpoint
RP807: 10/30/2012 5:31:28 PM - System Checkpoint
RP808: 10/31/2012 5:37:29 PM - System Checkpoint
RP809: 11/2/2012 9:18:15 AM - System Checkpoint
RP810: 11/3/2012 1:42:58 PM - System Checkpoint
RP811: 11/4/2012 1:04:09 PM - System Checkpoint
RP812: 11/6/2012 5:05:10 PM - System Checkpoint
RP813: 11/9/2012 8:55:29 AM - System Checkpoint
RP814: 11/9/2012 5:39:45 PM - Installed Pirate101
RP815: 11/11/2012 8:51:52 AM - System Checkpoint
RP816: 11/14/2012 4:47:52 AM - Software Distribution Service 3.0
RP817: 11/15/2012 4:48:09 PM - System Checkpoint
RP818: 11/16/2012 5:20:46 PM - System Checkpoint
RP819: 11/17/2012 5:30:35 PM - System Checkpoint
RP820: 11/18/2012 8:56:24 AM - Software Distribution Service 3.0
RP821: 11/20/2012 5:02:37 PM - System Checkpoint
RP822: 11/21/2012 6:45:22 PM - System Checkpoint
RP823: 11/23/2012 1:14:06 PM - System Checkpoint
RP824: 11/24/2012 3:49:42 PM - System Checkpoint
RP825: 11/27/2012 4:58:46 PM - System Checkpoint
RP826: 11/29/2012 4:54:36 PM - System Checkpoint
RP827: 12/1/2012 12:53:29 PM - System Checkpoint
RP828: 12/2/2012 4:03:09 PM - System Checkpoint
RP829: 12/3/2012 4:49:16 PM - System Checkpoint
RP830: 12/4/2012 5:25:45 PM - System Checkpoint
RP831: 12/5/2012 7:16:05 PM - System Checkpoint
RP832: 12/7/2012 2:34:57 PM - System Checkpoint
RP833: 12/8/2012 4:47:48 PM - System Checkpoint
RP834: 12/10/2012 4:48:16 PM - System Checkpoint
RP835: 12/12/2012 5:08:47 PM - System Checkpoint
RP836: 12/13/2012 8:30:37 PM - Software Distribution Service 3.0
RP837: 12/14/2012 9:50:07 PM - System Checkpoint
RP838: 12/16/2012 8:15:44 AM - System Checkpoint
RP839: 12/17/2012 8:29:58 AM - System Checkpoint
RP840: 12/18/2012 5:50:57 PM - System Checkpoint
RP841: 12/19/2012 6:04:39 PM - System Checkpoint
RP842: 12/21/2012 7:40:10 AM - System Checkpoint
RP843: 12/21/2012 8:14:28 PM - Software Distribution Service 3.0
RP844: 12/22/2012 9:07:05 AM - Software Distribution Service 3.0
RP845: 12/23/2012 11:10:48 AM - System Checkpoint
RP846: 12/24/2012 11:49:06 AM - System Checkpoint
RP847: 12/25/2012 12:32:51 PM - System Checkpoint
RP848: 12/27/2012 9:54:26 AM - System Checkpoint
RP849: 12/28/2012 3:21:36 PM - System Checkpoint
RP850: 12/30/2012 12:30:11 PM - System Checkpoint
RP851: 1/1/2013 12:30:23 PM - System Checkpoint
RP852: 1/2/2013 1:31:41 PM - System Checkpoint
RP853: 1/3/2013 4:47:15 PM - System Checkpoint
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.4)
Adobe Shockwave Player 11.5
Amazon MP3 Downloader 1.0.17
ATI Control Panel
ATI Display Driver
Belarc Advisor 8.2
Bitdefender Internet Security 2012
Conexant D850 PCI V.92 Modem
Dell CinePlayer
Dell Driver Reset Tool
Digital Line Detect
ESPNMotion
Free File Opener v2011.7.0.1
GemMaster Mystic
Google Chrome
GoToAssist 8.0.0.514
High Definition Audio Driver Package - KB835221
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format 11 SDK (KB973442)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP PrecisionScan LTX
HP Product Detection
HP Scan-to-Web Wizard
Intel(R) PRO Network Connections Drivers
Intel(R) PROSet for Wired Connections
Java 2 Runtime Environment, SE v1.4.2_03
Java Auto Updater
Java(TM) 6 Update 31
Malwarebytes Anti-Malware version 1.70.0.1100
Microsoft .NET Framework 1.0 Hotfix (KB2572066)
Microsoft .NET Framework 1.0 Hotfix (KB2604042)
Microsoft .NET Framework 1.0 Hotfix (KB2656378)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.0 Security Update (KB2698035)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Picture It! Express 2000
Microsoft User-Mode Driver Framework Feature Pack 1.9
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Windows XP Video Decoder Checkup Utility
Microsoft WinUsb 1.0
Microsoft Word 2000
Microsoft Works 2000
Microsoft Works 2000 Setup Launcher
Modem Helper
Mozilla Firefox 5.0 (x86 en-US)
MSN
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB973685)
MSXML 6 Service Pack 2 (KB973686)
Nero OEM
Netwaiting
OpenOffice.org 3.1
Otto
Photo Story 3 for Windows
Pirate101
QualXServ Service Agreement
QuickTime
Road Runner PhotoShow 5
ROBLOX Player for Betty
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Sonic Encoders
SUPERAntiSpyware
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Internet Explorer 8 (KB980302)
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB980182)
Update Rollup 2 for Windows XP Media Center Edition 2005
VLC media player 1.1.0-rc
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows Media Player 11
Windows PowerShell(TM) 1.0
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB2619340
Windows XP Media Center Edition 2005 KB2628259
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
Wizard101
Word in Works Suite add-in
Zune
Zune Language Pack (DE)
Zune Language Pack (ES)
Zune Language Pack (FR)
Zune Language Pack (IT)
.
==== Event Viewer Messages From Past Week ========
.
1/3/2013 6:44:34 PM, error: DCOM [10000] - Unable to start a DCOM Server: {F3A614DC-ABE0-11D2-A441-00C04F795683}. The error: "%2" Happened while starting this command: C:\Program Files\Messenger\msmsgs.exe -Embedding
.
==== End Of File ===========================


----------



## Cookiegal (Aug 27, 2003)

Please download GMER from: http://gmer.net/index.php

Click on the "Download EXE" button and save the randomly named .exe file to your desktop.

*Note: You must uninstall any CD Emulation programs that you have before running GMER as they can cause conflicts and give false results.*

Double click the GMER .exe file on your desktop to run the tool and it will automatically do a quick scan.

If the tool warns of rootkit activity and asks if you want to run a full scan, click on No and make sure the following are *unchecked *on the right-hand side:

IAT/EAT
Any drive letter other than the primary system drive (which is generally C).

Click the *Scan *button and when the scan is finished, click *Save* and save the log in Notepad with the name ark.txt to your desktop.

*Note: It's important that all other windows be closed and that you don't touch the mouse or do anything with the computer during the scan as it may cause it to freeze. You should disable your screen saver as if it comes on it may cause the program to freeze.*

Open the ark.txt file and copy and paste the contents of the log here please.


----------



## nettyiam (Jan 27, 2004)

Hi Cookie,
Having some problems..
I didnt know what CD emulation programs were but checked TSG..only one I know of that they mention is Nero which I uninstalled.
Went to download GMER but get *warning *GMER has found system modification caused by ROOTKIT activity but when I try to tick ok or close the window, it wont go any further.
Also forgot to mention in last post that when I ran HJT, I got a popup that says:

_For some reason your system denied write access to the Hosts file. If 
any hijacked domains are in this file, HJT may NOT be able to fix this.

If that happens, you need to edit the file yourself. To do this, click
Start, Run and type:

notepad C:\Windows\System32\drivers\etc\hosts

and press Enter. Find the line(s) HijackThis reports and delete them.
Save the file as hosts (with quotes), and reboot.

For Vista: simpy, exit HJT, right click on the HJT icon,
choose Run as administrator .
_
Ironically, I get this same warning on my laptop but that can be addressed after we get this fixed.


----------



## Cookiegal (Aug 27, 2003)

OK then let's try this:

Please go  here and download the *TDSSKiller.exe* to your desktop.

Double-click to TDSSKiller.exe on your desktop to run it.
Click on *Start Scan*
As we don't want to fix anything yet, if any malicious objects are detected, *do NOT select Cure* but select *Skip* instead.
It will produce a log once it finishes in the root drive which should look like this example:

C:\TDSSKiller.<version_date_time>log.txt

Please copy and paste the contents of that log in your next reply.


----------



## nettyiam (Jan 27, 2004)

After I did the scan. Shows Threats detected; select action for found objects:

Copy all to quarantine or *+ *Restore default actions
*Locked file*
Service: sptd
Suspicious object, medium risk

window with Skip, copy to quarantee, delete 
I clicked Skip, continue & there is a log that shows everything as ok except the last with warning: skipped by user. I tried to copy this log, but cant.


----------



## nettyiam (Jan 27, 2004)

hope this made sense


----------



## Cookiegal (Aug 27, 2003)

Please visit *Combofix Guide & Instructions * for instructions for installing the Recovery Console and downloading and running ComboFix.

The only thing different from the instructions there is that when downloading and saving the ComboFix.exe I would like you to rename it to puppy.exe please.

Post the log from ComboFix when you've accomplished that.

Important notes regarding ComboFix:

ComboFix may reset a number of Internet Explorer's settings, including making it the default browser. This can easily be changed once we're finished.

ComboFix also prevents autorun of ALL CDs, floppies and USB devices (don't worry, the keyboard and mouse will still function) to assist with malware removal & increase security. If this is an issue or makes it difficult for you, please let me know. This can be undone manually when we're finished. Read  *HERE * for an article written by dvk01 on why we disable autoruns.


----------



## nettyiam (Jan 27, 2004)

Forgive me, but when I went to the guide & instruction page, I clicked the download and it downloaded a_ 7zip file installq installation utility_ & I dont know what to do. I also went to bleepingcomputer sight & downloaded the Combofix.exe & renamed puppy.exe.
I did not run either because I wanted to check with you..sorry but I am very cautious.


----------



## Cookiegal (Aug 27, 2003)

That is not the legitimate 7-zip but it's a rogue installer (malware) that you already had on your machine.

Are you able to run ComboFix and post the log?


----------



## nettyiam (Jan 27, 2004)

ComboFix 13-01-05.01 - Betty 01/05/2013 23:31:00.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.2811 [GMT -6:00]
Running from: c:\documents and settings\Betty\Desktop\Puppy.exe
AV: Bitdefender Antivirus *Disabled/Updated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: Bitdefender Firewall *Disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\1335377058.bdinstall.bin
c:\documents and settings\All Users\Application Data\1356189869.bdinstall.bin
c:\documents and settings\All Users\Application Data\1356720840.bdinstall.bin
c:\documents and settings\Betty\GoToAssistDownloadHelper.exe
c:\documents and settings\Betty\Recent\Free Jigsaw Puzzles - Jigsaw Puzzle Games at TheJigsawPuzzles.com - Play Free Online Jigsaw Puzzles.url
c:\program files\MyScrapNook_12EI
c:\program files\MyScrapNook_12EI\Installr\5.bin\12EIPlug.dll
c:\program files\MyScrapNook_12EI\Installr\5.bin\12EZSETP.dll
c:\program files\MyScrapNook_12EI\Installr\5.bin\NP12EISb.dll
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\_000007_.tmp.dll
c:\windows\system32\_000008_.tmp.dll
c:\windows\system32\hpsj32.1
c:\windows\system32\service
c:\windows\system32\service\04052010_TIS17_SfFniAU.log
c:\windows\system32\service\09082010_TIS17_SfFniAU.log
c:\windows\system32\service\10082010_TIS17_SfFniAU.log
c:\windows\system32\service\11012011_TIS17_SfFniAU.log
c:\windows\system32\service\12122010_TIS17_SfFniAU.log
c:\windows\system32\service\19042010_TIS17_SfFniAU.log
c:\windows\system32\service\20112010_TIS17_SfFniAU.log
c:\windows\system32\service\24112010_TIS17_SfFniAU.log
c:\windows\system32\service\27072010_TIS17_SfFniAU.log
c:\windows\system32\service\28062010_TIS17_SfFniAU.log
c:\windows\system32\SET190.tmp
c:\windows\system32\SET196.tmp
c:\windows\system32\SET3BC.tmp
c:\windows\system32\SET3BD.tmp
c:\windows\system32\SET3BE.tmp
c:\windows\system32\SET3C2.tmp
c:\windows\system32\SET3C3.tmp
c:\windows\system32\SET3C4.tmp
c:\windows\system32\SET3C8.tmp
c:\windows\system32\SET3CA.tmp
c:\windows\system32\SET406.tmp
c:\windows\system32\SET408.tmp
c:\windows\system32\SET40C.tmp
c:\windows\system32\SET40D.tmp
c:\windows\system32\SET40E.tmp
c:\windows\system32\SET412.tmp
c:\windows\system32\SET413.tmp
c:\windows\system32\SET414.tmp
c:\windows\system32\SET4AE.tmp
c:\windows\system32\SET4AF.tmp
c:\windows\system32\SET4EA.tmp
c:\windows\system32\SET4EB.tmp
c:\windows\system32\SET4EC.tmp
c:\windows\system32\SET4F0.tmp
c:\windows\system32\SET4F1.tmp
c:\windows\system32\SET4F2.tmp
c:\windows\system32\SET4F6.tmp
c:\windows\system32\SET4F8.tmp
c:\windows\system32\SET534.tmp
c:\windows\system32\SET536.tmp
c:\windows\system32\SET53A.tmp
c:\windows\system32\SET53B.tmp
c:\windows\system32\SET53C.tmp
c:\windows\system32\SET540.tmp
c:\windows\system32\SET541.tmp
c:\windows\system32\SET542.tmp
c:\windows\system32\SET57.tmp
c:\windows\system32\SET5A.tmp
c:\windows\system32\SET5D.tmp
c:\windows\system32\SET60.tmp
c:\windows\system32\SET60A.tmp
c:\windows\system32\SET60D.tmp
c:\windows\system32\SET618.tmp
c:\windows\system32\SETA86.tmp
c:\windows\system32\SETA8C.tmp
c:\windows\system32\SETA95.tmp
c:\windows\system32\SETA98.tmp
c:\windows\system32\SETA9B.tmp
c:\windows\system32\SETA9F.tmp
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-12-06 to 2013-01-06 )))))))))))))))))))))))))))))))
.
.
2013-01-05 00:26 . 2013-01-05 00:26	--------	d-----w-	C:\TDSSKiller_Quarantine
2013-01-01 01:59 . 2013-01-01 01:59	--------	d-----w-	c:\program files\Conduit
2013-01-01 01:59 . 2013-01-01 02:20	--------	d-----w-	c:\documents and settings\Betty\Local Settings\Application Data\Conduit
2012-12-28 18:50 . 2012-12-28 18:50	--------	d-sh--w-	c:\documents and settings\LocalService\PrivacIE
2012-12-28 18:50 . 2012-12-28 18:50	--------	d-sh--w-	c:\documents and settings\LocalService\IECompatCache
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-16 12:23 . 2005-08-16 09:18	290560	----a-w-	c:\windows\system32\atmfd.dll
2012-12-14 22:49 . 2012-03-17 05:57	21104	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-12-12 23:28 . 2012-03-21 01:22	622616	----a-w-	c:\windows\system32\drivers\avc3.sys
2012-12-12 23:27 . 2012-02-17 21:45	481464	----a-w-	c:\windows\system32\drivers\avckf.sys
2012-12-12 23:27 . 2011-11-25 19:59	242504	----a-w-	c:\windows\system32\drivers\avchv.sys
2012-12-12 01:08 . 2012-04-07 16:08	697272	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-12-12 01:08 . 2011-05-18 17:40	73656	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-13 01:25 . 2005-08-16 09:18	1866368	----a-w-	c:\windows\system32\win32k.sys
2012-11-02 02:02 . 2005-08-16 09:18	375296	----a-w-	c:\windows\system32\dpnet.dll
2010-03-30 00:40 . 2010-03-30 00:40	100256	----a-w-	c:\program files\Common Files\LinkInstaller.exe
2004-09-10 18:40 . 2004-09-10 18:40	75264	----a-w-	c:\program files\DECCHECK.exe
2011-06-26 22:53 . 2011-04-22 00:38	142296	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"BDAgent"="c:\program files\Bitdefender\Bitdefender 2012\bdagent.exe" [2012-12-12 1199344]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
backup=c:\windows\pss\Microsoft Works Calendar Reminders.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Betty^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
path=c:\documents and settings\Betty\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.1.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51	919008	----a-w-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2005-08-06 02:05	344064	----a-w-	c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
2005-10-05 08:12	94208	----a-w-	c:\program files\Dell\Media Experience\DMXLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2012-09-18 23:36	116648	----atw-	c:\documents and settings\Betty\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Update 4300C]
2002-02-07 20:33	32768	----a-w-	c:\sj657\hpupdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-04-28 19:08	77824	----a-w-	c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Road Runner PhotoShow Media Manager]
2008-05-09 22:20	361976	----a-w-	c:\progra~1\ROADRU~1\PHOTOS~1\data\Xtras\mssysmgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2006-02-10 16:17	282624	----a-w-	c:\windows\stsystra.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 20:02	254696	----a-w-	c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2012-09-29 19:32	4780928	----a-w-	c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
2010-01-07 19:38	158448	-c--a-w-	c:\program files\Zune\ZuneLauncher.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\KingsIsle Entertainment\\Wizard101\\Wizard101.exe"=
.
R0 avc3;avc3;c:\windows\system32\drivers\avc3.sys [3/20/2012 7:22 PM 622616]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [11/11/2011 4:13 PM 691696]
R1 BDVEDISK;BDVEDISK;c:\windows\system32\drivers\bdvedisk.sys [1/19/2010 6:32 PM 85128]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 10:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 3:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [8/11/2011 5:38 PM 116608]
R2 UPDATESRV;BitDefender Desktop Update Service;c:\program files\Bitdefender\Bitdefender 2012\updatesrv.exe [3/13/2012 5:24 PM 55032]
R3 avchv;avchv Function Driver;c:\windows\system32\drivers\avchv.sys [11/25/2011 1:59 PM 242504]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf.sys [11/14/2011 7:16 PM 116248]
S3 avckf;avckf;c:\windows\system32\drivers\avckf.sys [2/17/2012 3:45 PM 481464]
S3 bdsandbox;bdsandbox;c:\windows\system32\drivers\bdsandbox.sys [11/17/2011 4:38 PM 63056]
S3 Update Server;BitDefender Update Server v2;c:\program files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe [10/14/2011 10:57 PM 307544]
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 01:08]
.
2012-07-20 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\system32\cleanmgr.exe [2005-08-16 00:12]
.
2013-01-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4207097214-2822948736-4082840186-1005Core.job
- c:\documents and settings\Betty\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-09-18 23:36]
.
2013-01-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4207097214-2822948736-4082840186-1005UA.job
- c:\documents and settings\Betty\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-09-18 23:36]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.yahoo.com/
uInternet Connection Wizard,ShellNext = hxxp://www.dell.com/
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\documents and settings\Betty\Application Data\Mozilla\Firefox\Profiles\0xgy5skh.default\
FF - prefs.js: browser.startup.homepage - hxxp://myyahoo.com/
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-MSMSGS - c:\program files\Messenger\msmsgs.exe
MSConfigStartUp-NeroFilterCheck - c:\windows\system32\NeroCheck.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-01-05 23:40
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ... 
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4207097214-2822948736-4082840186-1005\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{730130BE-4FF2-442B-86A6-B7B11C315B3C}*tings]
"AppName"="Roblox.exe"
"Policy"=dword:00000003
"AppPath"="c:\\Documents and Settings\\Betty\\Local Settings\\Application Data\\RobloxVersions\\version-221a4807685c44e7\\"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2013-01-05 23:43:00
ComboFix-quarantined-files.txt 2013-01-06 05:42
.
Pre-Run: 209,198,915,584 bytes free
Post-Run: 209,216,471,040 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 69074BBBB65F6001EA3B02F799033A70


----------



## Cookiegal (Aug 27, 2003)

Please download *OTL* to your Desktop. 

Double-click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. 
Under Custom Scans/Fixes type in *Netsvcs*
Click the Run Scan button. Do not change any other settings unless otherwise instructed. The scan won't take long. 
When the scan completes, it will open two Notepad windows called *OTL.Txt* and *Extras.Txt*. These are saved in the same location as OTL. 
Please copy and paste the contents of both of these files here in your next reply.


----------



## nettyiam (Jan 27, 2004)

*OTL logfile *created on: 1/6/2013 1:30:43 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Betty\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.50 Gb Total Physical Memory | 3.06 Gb Available Physical Memory | 87.41% Memory free
4.84 Gb Paging File | 4.32 Gb Available in Paging File | 89.40% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 227.41 Gb Total Space | 194.88 Gb Free Space | 85.70% Space Free | Partition Type: NTFS

Computer Name: BETTYDESKTOP | User Name: Betty | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/06 13:24:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Betty\Desktop\OTL.exe
PRC - [2012/12/12 17:27:45 | 001,199,344 | ---- | M] (Bitdefender) -- C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe
PRC - [2012/12/12 17:27:38 | 001,554,176 | ---- | M] (Bitdefender) -- C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe
PRC - [2012/09/29 13:32:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2012/08/23 16:05:09 | 000,055,032 | ---- | M] (Bitdefender) -- C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe
PRC - [2010/01/07 13:38:10 | 000,058,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ZuneBusEnum.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (No Company Name) ==========

MOD - [2012/12/12 17:28:30 | 000,272,344 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\avc3al.dll
MOD - [2012/12/12 17:27:36 | 000,092,600 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\bdmetrics.dll
MOD - [2012/03/27 23:07:06 | 000,004,608 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\UI\imsecurityal.ui
MOD - [2012/03/27 23:07:04 | 000,003,072 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\UI\accessl.ui
MOD - [2012/03/22 11:30:52 | 002,063,872 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\as2core\ashttpf.mdl
MOD - [2012/03/22 11:30:52 | 001,917,952 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\as2core\ashttpph.mdl
MOD - [2012/03/22 11:30:52 | 001,867,776 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\as2core\asimf.mdl
MOD - [2012/03/22 11:30:52 | 000,956,928 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\as2core\ashttprbl.mdl
MOD - [2012/03/22 11:30:52 | 000,634,880 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\as2core\ashttpbr.mdl
MOD - [2012/03/22 11:30:52 | 000,513,536 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\as2core\ashttpdsp.mdl
MOD - [2012/03/22 11:30:52 | 000,446,464 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\as2core\asimdsp.mdl
MOD - [2012/03/22 11:30:52 | 000,391,168 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\as2core\asimbr.mdl
MOD - [2012/01/23 19:27:20 | 000,035,208 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\procinfo.dll
MOD - [2012/01/23 19:15:40 | 000,059,392 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\bdmltusrsrv.dll
MOD - [2012/01/23 19:14:56 | 000,110,880 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\connector.dll
MOD - [2012/01/23 19:14:00 | 000,061,440 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\excludemgr.dll
MOD - [2012/01/23 19:13:40 | 000,154,152 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\framework.dll
MOD - [2012/01/06 15:27:34 | 000,035,720 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\strdecoder.dll
MOD - [2012/01/06 15:27:28 | 000,202,032 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\txmlutil.dll
MOD - [2011/11/14 19:17:08 | 000,132,176 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\bdfwcore.dll
MOD - [2011/11/03 09:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2011/10/27 14:07:06 | 000,362,736 | ---- | M] () -- \\?\C:\Program Files\Common Files\Bitdefender\Bitdefender Threat Scanner\trufos.dll
MOD - [2011/02/04 17:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2008/04/13 18:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 18:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll

========== Services (SafeList) ==========

SRV - [2012/12/12 17:27:38 | 001,554,176 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe -- (VSSERV)
SRV - [2012/12/11 19:08:14 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/29 13:32:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2012/08/23 16:05:09 | 000,055,032 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe -- (UPDATESRV)
SRV - [2011/10/14 22:57:36 | 000,307,544 | ---- | M] (BitDefender) [On_Demand | Stopped] -- C:\Program Files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe -- (Update Server)
SRV - [2010/06/03 20:16:50 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2010/01/07 13:38:18 | 000,447,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2010/01/07 13:38:10 | 000,058,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ZuneBusEnum.exe -- (ZuneBusEnum)
SRV - [2010/01/07 13:38:08 | 005,950,704 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Betty\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (bvrp_pci)
DRV - [2012/12/12 17:28:33 | 000,622,616 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avc3.sys -- (avc3)
DRV - [2012/12/12 17:27:49 | 000,481,464 | ---- | M] (BitDefender) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avckf.sys -- (avckf)
DRV - [2012/12/12 17:27:36 | 000,242,504 | ---- | M] (BitDefender) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avchv.sys -- (avchv)
DRV - [2012/08/23 16:05:20 | 000,132,600 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys -- (bdselfpr)
DRV - [2012/08/23 16:05:08 | 000,116,248 | ---- | M] (BitDefender LLC) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf.sys -- (Bdfndisf)
DRV - [2011/11/17 16:38:34 | 000,063,056 | ---- | M] (BitDefender SRL) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bdsandbox.sys -- (bdsandbox)
DRV - [2011/11/14 19:16:28 | 000,130,640 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdftdif.sys -- (bdftdif)
DRV - [2011/11/11 16:13:54 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2011/10/27 14:07:06 | 000,340,624 | ---- | M] (BitDefender S.R.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\trufos.sys -- (trufos)
DRV - [2011/08/16 13:59:34 | 000,360,976 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\bdfsfltr.sys -- (bdfsfltr)
DRV - [2011/08/09 16:33:58 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\BANTExt.sys -- (BANTExt)
DRV - [2011/07/22 10:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 15:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/01/19 18:32:40 | 000,085,128 | ---- | M] (BitDefender) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\bdvedisk.sys -- (BDVEDISK)
DRV - [2009/03/18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2008/07/01 14:13:26 | 000,985,472 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2008/07/01 14:13:26 | 000,731,264 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2008/07/01 14:13:24 | 000,267,520 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2006/11/02 06:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2006/02/10 10:19:12 | 001,107,224 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/08/03 20:10:18 | 001,273,344 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/
IE - HKCU\..\SearchScopes,DefaultScope = {72699759-CC18-408A-B150-52DBF7E19F58}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{72699759-CC18-408A-B150-52DBF7E19F58}: "URL" = http://www.google.com/search?q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3239904
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://myyahoo.com/"
FF - prefs.js..extensions.enabledAddons: [email protected]:1.0
FF - prefs.js..extensions.enabledAddons: [email protected]:6.0
FF - prefs.js..extensions.enabledItems: [email protected]:2.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Documents and Settings\Betty\Local Settings\Application Data\RobloxVersions\version-cbdc8c4c0dd24338\\NPRobloxProxy.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Betty\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Betty\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Documents and Settings\Betty\My Documents\My Music\npAmazonMP3DownloaderPlugin101752.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\Bitdefender\Bitdefender 2012\bdtbext\ [2012/04/25 12:06:59 | 000,000,000 | ---D | M]

[2011/04/19 12:32:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Betty\Application Data\Mozilla\Extensions
[2011/04/21 13:13:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Betty\Application Data\Mozilla\Firefox\Profiles\0xgy5skh.default\extensions
[2011/04/19 12:37:19 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Betty\Application Data\Mozilla\Firefox\Profiles\0xgy5skh.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/09/14 08:03:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/09/14 08:03:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/06/26 16:53:36 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

========== Chrome ==========

CHR - homepage: 
CHR - default_search_provider: Yahoo! (Enabled)
CHR - default_search_provider: search_url = http://search.yahoo.com/search?ei={inputEncoding}&fr=crmas&p={searchTerms}
CHR - default_search_provider: suggest_url = http://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms},
CHR - homepage: 
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Betty\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Betty\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.97\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Betty\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Betty\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Betty\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Expression of light = C:\Documents and Settings\Betty\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hoeaebjkjpnhfdemoidmfdicalnfaebl\1_0\

O1 HOSTS File: ([2013/01/05 23:40:35 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [BDAgent] C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe (Bitdefender)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {000F1EA4-5E08-4564-A29B-29076F63A37A} http://launch.soe.com/plugin/web/SOEWebInstaller.cab (SOE Web Installer)
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} http://download.macromedia.com/pub/shockwave/cabs/authorware/awswaxf.cab (Macromedia Authorware Web Player Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cab (Bitdefender QuickScan Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1272917492281 (MUWebControl Class)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} http://panda-plugin.disney.go.com/plugin/win32/p3dactivex.cab (P3DActiveX Control)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.4.2/jinstall-1_4_2_03-windows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{54E9D73F-CE01-45E4-8FD1-2E7C146127F6}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 03:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2013/01/06 13:24:29 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Betty\Desktop\OTL.exe
[2013/01/06 00:02:18 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/01/05 23:28:48 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013/01/05 23:27:27 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013/01/05 23:27:27 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013/01/05 23:27:27 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013/01/05 23:27:27 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013/01/05 23:24:50 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/01/05 23:24:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013/01/05 20:19:26 | 005,019,547 | R--- | C] (Swearware) -- C:\Documents and Settings\Betty\Desktop\Puppy.exe
[2013/01/04 18:26:58 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2013/01/04 18:04:32 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Betty\Desktop\tdsskiller.exe
[2013/01/04 17:27:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Betty\Desktop\TSG
[2013/01/02 12:48:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Betty\My Documents\Warranties
[2013/01/02 12:43:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Betty\My Documents\Computers
[2012/12/31 19:59:04 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2012/12/31 19:59:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Betty\Local Settings\Application Data\Conduit
[2012/12/28 12:52:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2012/12/28 12:52:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2012/12/22 11:46:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Amazon
[2012/12/22 09:24:44 | 000,157,320 | ---- | C] (BitDefender LLC) -- C:\WINDOWS\System32\drivers\gzflt.sys.old
[2012/12/08 15:15:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Betty\Desktop\About Blank
[2012/12/07 15:07:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Betty\Desktop\dl 2
[2004/09/10 12:40:38 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Program Files\DECCHECK.exe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/01/06 13:24:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Betty\Desktop\OTL.exe
[2013/01/06 13:08:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/01/06 12:46:01 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4207097214-2822948736-4082840186-1005UA.job
[2013/01/06 12:23:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/01/06 12:23:00 | 3756,150,784 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/05 23:40:35 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/01/05 23:28:54 | 000,000,325 | RHS- | M] () -- C:\boot.ini
[2013/01/05 21:11:39 | 000,000,209 | ---- | M] () -- C:\Boot.bak
[2013/01/05 20:28:16 | 005,019,547 | R--- | M] (Swearware) -- C:\Documents and Settings\Betty\Desktop\Puppy.exe
[2013/01/05 19:58:11 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\Betty\Desktop\My Yahoo!.url
[2013/01/05 17:46:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4207097214-2822948736-4082840186-1005Core.job
[2013/01/05 17:28:40 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/01/04 21:05:29 | 001,061,063 | ---- | M] () -- C:\Documents and Settings\Betty\Desktop\ComboFix A guide and tutorial on using ComboFix.mht
[2013/01/04 18:04:33 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Betty\Desktop\tdsskiller.exe
[2013/01/01 21:35:22 | 000,000,117 | ---- | M] () -- C:\Documents and Settings\Betty\Desktop\Free Jigsaw Puzzles - Jigsaw Puzzle Games at TheJigsawPuzzles.com - Play Free Online Jigsaw Puzzles.url
[2012/12/31 19:59:09 | 000,000,009 | ---- | M] () -- C:\END
[2012/12/26 19:11:04 | 000,000,049 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/12/23 16:50:05 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Betty\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk
[2012/12/22 11:46:20 | 000,001,758 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Amazon Cloud Player.lnk
[2012/12/22 09:09:33 | 000,181,832 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/12/16 06:23:59 | 000,290,560 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\dllcache\atmfd.dll
[2012/12/16 06:23:59 | 000,290,560 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\atmfd.dll
[2012/12/14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/12/13 20:34:07 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/12/13 20:30:05 | 000,000,325 | ---- | M] () -- C:\WINDOWS\System32\checkdnsid.xml
[2012/12/13 13:49:42 | 000,002,284 | ---- | M] () -- C:\Documents and Settings\Betty\Desktop\Google Chrome.lnk
[2012/12/13 13:49:42 | 000,002,262 | ---- | M] () -- C:\Documents and Settings\Betty\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/12/12 17:28:33 | 000,622,616 | ---- | M] (BitDefender) -- C:\WINDOWS\System32\drivers\avc3.sys
[2012/12/12 17:27:49 | 000,481,464 | ---- | M] (BitDefender) -- C:\WINDOWS\System32\drivers\avckf.sys
[2012/12/12 17:27:36 | 000,242,504 | ---- | M] (BitDefender) -- C:\WINDOWS\System32\drivers\avchv.sys
[2012/12/11 19:08:14 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/12/11 19:08:14 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/12/08 12:27:11 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/01/05 23:28:54 | 000,000,209 | ---- | C] () -- C:\Boot.bak
[2013/01/05 23:28:51 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2013/01/05 23:27:27 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/01/05 23:27:27 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/01/05 23:27:27 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/01/05 23:27:27 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/01/05 23:27:27 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013/01/04 21:05:27 | 001,061,063 | ---- | C] () -- C:\Documents and Settings\Betty\Desktop\ComboFix A guide and tutorial on using ComboFix.mht
[2012/12/31 19:59:05 | 000,000,009 | ---- | C] () -- C:\END
[2012/12/23 16:50:05 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Betty\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk
[2012/12/22 11:46:20 | 000,001,758 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Amazon Cloud Player.lnk
[2012/11/09 20:52:24 | 000,000,190 | ---- | C] () -- C:\Documents and Settings\Betty\Local Settings\Application Data\rbxcsettings.rbx
[2012/10/12 18:58:18 | 000,000,272 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2012/02/15 09:38:22 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/30 16:09:23 | 001,120,635 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-4207097214-2822948736-4082840186-1005-0.dat
[2012/01/30 16:09:23 | 000,166,282 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/01/30 15:22:26 | 000,000,590 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
[2011/09/15 18:11:16 | 000,000,004 | ---- | C] () -- C:\WINDOWS\System32\aspdict-en.dat
[2011/09/15 18:11:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pcwords2.dat
[2011/09/15 18:11:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pcwords.dat
[2011/09/15 18:11:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_webproxy.dat
[2011/09/15 18:11:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_video.dat
[2011/09/15 18:11:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_tabloids.dat
[2011/09/15 18:11:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_socialnetworks.dat
[2011/09/15 18:11:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_searchengines.dat
[2011/09/15 18:11:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_regionaltlds.dat
[2011/09/15 18:11:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_pornography.dat
[2011/09/15 18:11:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_onlineshop.dat
[2011/09/15 18:11:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_onlinepay.dat
[2011/09/15 18:11:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_onlinedating.dat
[2011/09/15 18:11:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_news.dat
[2011/09/15 18:11:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_im.dat
[2011/09/15 18:11:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_illegal.dat
[2011/09/15 18:11:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_hate.dat
[2011/09/15 18:11:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_games.dat
[2011/09/15 18:11:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_gambling.dat
[2011/09/15 18:11:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_drugs.dat
[2011/09/15 17:25:46 | 000,171,854 | ---- | C] () -- C:\Documents and Settings\Betty\Local Settings\Application Data\census.cache
[2011/09/15 17:25:45 | 000,170,141 | ---- | C] () -- C:\Documents and Settings\Betty\Local Settings\Application Data\ars.cache
[2011/09/15 16:49:14 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Betty\Local Settings\Application Data\housecall.guid.cache
[2011/04/19 12:31:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/03/05 12:12:27 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2011/02/19 23:20:57 | 000,000,385 | ---- | C] () -- C:\Documents and Settings\Betty\Application Datauser_gensett.xml
[2011/02/01 14:21:26 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\search_result.xml
[2011/01/31 08:16:28 | 000,000,376 | ---- | C] () -- C:\Documents and Settings\Betty\Application Dataprivacy.xml
[2011/01/29 09:09:05 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\asdict.dat
[2010/04/19 18:15:57 | 000,009,728 | ---- | C] () -- C:\Documents and Settings\Betty\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/19 14:17:47 | 000,007,168 | ---- | C] () -- C:\Documents and Settings\Betty\WINWORD.box
[2010/04/16 08:52:07 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Betty\Local Settings\Application Data\fusioncache.dat
[2010/03/29 18:40:20 | 000,100,256 | ---- | C] () -- C:\Program Files\Common Files\LinkInstaller.exe

========== ZeroAccess Check ==========

[2005/08/16 03:39:16 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 18:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 06:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 18:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Betty\Desktop\Show Desktop.scf:SummaryInformation
@Alternate Data Stream - 10 bytes -> C:\WINDOWS\System32\LegitCheckControl.DLL:BDU

< End of report >

*...............................................................................................................................................................*
*OTL Extras logfile *created on: 1/6/2013 1:30:43 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Betty\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.50 Gb Total Physical Memory | 3.06 Gb Available Physical Memory | 87.41% Memory free
4.84 Gb Paging File | 4.32 Gb Available in Paging File | 89.40% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 227.41 Gb Total Space | 194.88 Gb Free Space | 85.70% Space Free | Partition Type: NTFS

Computer Name: BETTYDESKTOP | User Name: Betty | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\KingsIsle Entertainment\Wizard101\Wizard101.exe" = C:\Program Files\KingsIsle Entertainment\Wizard101\Wizard101.exe:*:Enabledlay Wizard101 -- ()

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00170409-78E1-11D2-B60F-006097C998E7}" = Microsoft Word 2000
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}" = Zune Language Pack (FR)
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0DB93918-2A77-11D3-805A-00C04FA329AA}" = Word in Works Suite add-in
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2AB9289D-6432-4CC0-8869-A195C3F0CFCC}" = Bitdefender Internet Security 2012
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{370BCBBA-67D7-4535-ADCD-58CD1C8DEC99}" = Zune Language Pack (DE)
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Netwaiting
"{40EC6323-497B-44DA-8A88-74578622D9B3}" = Zune Language Pack (IT)
"{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}" = Dell CinePlayer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}" = Photo Story 3 for Windows
"{56364334-9530-11D2-BFFC-00C04FA329AA}" = Microsoft Works 2000
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{662140BE-138C-4DC1-B4CD-B62C6C855A25}" = Pirate101
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}" = Intel(R) PROSet for Wired Connections
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{888FFC82-688D-46AB-A776-B417885432B6}" = Zune
"{903679E8-44C8-4C07-9600-05C92654FC50}" = QualXServ Service Agreement
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A586D09E-1D2C-11D3-9A6B-00105A98B681}" = Microsoft Picture It! Express 2000
"{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}" = Wizard101
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{EE4ACABF-531E-419A-9225-B8E0FA4955AF}" = Zune Language Pack (ES)
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.17
"ATI Display Driver" = ATI Display Driver
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"Belarc Advisor" = Belarc Advisor 8.2
"Bitdefender" = Bitdefender Internet Security 2012
"CNXT_MODEM_PCI_HSF" = Conexant D850 PCI V.92 Modem
"DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility
"EmeraldQFE2" = Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
"ESPNMotion" = ESPNMotion
"Free File Opener_is1" = Free File Opener v2011.7.0.1
"GoToAssist" = GoToAssist 8.0.0.514
"HP PrecisionScan LTX" = HP PrecisionScan LTX
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 5.0 (x86 en-US)" = Mozilla Firefox 5.0 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"PROSet" = Intel(R) PRO Network Connections Drivers
"QuickTime" = QuickTime
"Road Runner PhotoShow 5" = Road Runner PhotoShow 5
"Scan-To-Web" = HP Scan-to-Web Wizard
"VLC media player" = VLC media player 1.1.0-rc
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"winusb0100" = Microsoft WinUsb 1.0
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Works2kSetup" = Microsoft Works 2000 Setup Launcher
"Wudf01009" = Microsoft User-Mode Driver Framework Feature Pack 1.9
"Zune" = Zune

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{373B1718-8CC5-4567-8EE2-9033AD08A680}" = ROBLOX Player for Betty
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 10/1/2011 5:00:51 PM | Computer Name = BETTYDESKTOP | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/2/2011 10:28:38 AM | Computer Name = BETTYDESKTOP | Source = JavaQuickStarterService | ID = 1
Description =

Error - 10/2/2011 12:44:43 PM | Computer Name = BETTYDESKTOP | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/2/2011 12:44:49 PM | Computer Name = BETTYDESKTOP | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

Error - 10/2/2011 12:45:26 PM | Computer Name = BETTYDESKTOP | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/2/2011 12:45:33 PM | Computer Name = BETTYDESKTOP | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

Error - 10/3/2011 11:12:17 AM | Computer Name = BETTYDESKTOP | Source = JavaQuickStarterService | ID = 1
Description =

Error - 10/3/2011 1:35:47 PM | Computer Name = BETTYDESKTOP | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/3/2011 1:36:55 PM | Computer Name = BETTYDESKTOP | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/3/2011 1:37:05 PM | Computer Name = BETTYDESKTOP | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 11/23/2012 2:29:11 PM | Computer Name = BETTYDESKTOP | Source = BROWSER | ID = 8032
Description = The browser service has failed to retrieve the backup list too many
times on transport \Device\NetBT_Tcpip_{54E9D73F-CE01-45E4-8FD1-2E7C146127F6}. The
backup browser is stopping.

Error - 12/16/2012 1:35:01 PM | Computer Name = BETTYDESKTOP | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {F3A614DC-ABE0-11D2-A441-00C04F795683}.
The
error: "%2" Happened while starting this command: C:\Program Files\Messenger\msmsgs.exe
-Embedding

Error - 1/3/2013 8:44:34 PM | Computer Name = BETTYDESKTOP | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {F3A614DC-ABE0-11D2-A441-00C04F795683}.
The
error: "%2" Happened while starting this command: C:\Program Files\Messenger\msmsgs.exe
-Embedding

< End of report >


----------



## Cookiegal (Aug 27, 2003)

Please run OTL again. Under the *Custom Scans/Fixes* box at the bottom paste in the following:


```
:OTL
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3239904
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.4.2/jin...ndows-i586.cab (Java Plug-in 1.4.2_03)
[2012/12/31 19:59:04 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2012/12/31 19:59:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Betty\Local Settings\Application Data\Conduit
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
```

Then click the *Run Fix* button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.


----------



## nettyiam (Jan 27, 2004)

*OTL logfile created on: 1/6/2013 7:28:36 PM - Run 2*
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Betty\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.50 Gb Total Physical Memory | 2.97 Gb Available Physical Memory | 85.03% Memory free
4.84 Gb Paging File | 4.47 Gb Available in Paging File | 92.40% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 227.41 Gb Total Space | 195.03 Gb Free Space | 85.76% Space Free | Partition Type: NTFS

Computer Name: BETTYDESKTOP | User Name: Betty | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/06 13:24:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Betty\Desktop\OTL.exe
PRC - [2012/12/12 17:27:45 | 001,199,344 | ---- | M] (Bitdefender) -- C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe
PRC - [2012/12/12 17:27:38 | 001,554,176 | ---- | M] (Bitdefender) -- C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe
PRC - [2012/09/29 13:32:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2012/08/23 16:05:09 | 000,055,032 | ---- | M] (Bitdefender) -- C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe
PRC - [2010/01/07 13:38:10 | 000,058,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ZuneBusEnum.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (No Company Name) ==========

MOD - [2012/12/12 17:28:30 | 000,272,344 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\avc3al.dll
MOD - [2012/12/12 17:27:36 | 000,092,600 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\bdmetrics.dll
MOD - [2012/03/27 23:07:06 | 000,004,608 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\UI\imsecurityal.ui
MOD - [2012/03/27 23:07:04 | 000,003,072 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\UI\accessl.ui
MOD - [2012/01/23 19:27:20 | 000,035,208 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\procinfo.dll
MOD - [2012/01/23 19:15:40 | 000,059,392 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\bdmltusrsrv.dll
MOD - [2012/01/23 19:14:56 | 000,110,880 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\connector.dll
MOD - [2012/01/23 19:14:00 | 000,061,440 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\excludemgr.dll
MOD - [2012/01/23 19:13:40 | 000,154,152 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\framework.dll
MOD - [2012/01/06 15:27:34 | 000,035,720 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\strdecoder.dll
MOD - [2012/01/06 15:27:28 | 000,202,032 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\txmlutil.dll
MOD - [2011/11/14 19:17:08 | 000,132,176 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\bdfwcore.dll
MOD - [2011/11/03 09:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2011/10/27 14:07:06 | 000,362,736 | ---- | M] () -- \\?\C:\Program Files\Common Files\Bitdefender\Bitdefender Threat Scanner\trufos.dll
MOD - [2011/02/04 17:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2008/04/13 18:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 18:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll

========== Services (SafeList) ==========

SRV - [2012/12/12 17:27:38 | 001,554,176 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe -- (VSSERV)
SRV - [2012/12/11 19:08:14 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/29 13:32:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2012/08/23 16:05:09 | 000,055,032 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe -- (UPDATESRV)
SRV - [2011/10/14 22:57:36 | 000,307,544 | ---- | M] (BitDefender) [On_Demand | Stopped] -- C:\Program Files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe -- (Update Server)
SRV - [2010/06/03 20:16:50 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2010/01/07 13:38:18 | 000,447,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2010/01/07 13:38:10 | 000,058,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ZuneBusEnum.exe -- (ZuneBusEnum)
SRV - [2010/01/07 13:38:08 | 005,950,704 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Betty\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (bvrp_pci)
DRV - [2012/12/12 17:28:33 | 000,622,616 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avc3.sys -- (avc3)
DRV - [2012/12/12 17:27:49 | 000,481,464 | ---- | M] (BitDefender) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avckf.sys -- (avckf)
DRV - [2012/12/12 17:27:36 | 000,242,504 | ---- | M] (BitDefender) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avchv.sys -- (avchv)
DRV - [2012/08/23 16:05:20 | 000,132,600 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys -- (bdselfpr)
DRV - [2012/08/23 16:05:08 | 000,116,248 | ---- | M] (BitDefender LLC) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf.sys -- (Bdfndisf)
DRV - [2011/11/17 16:38:34 | 000,063,056 | ---- | M] (BitDefender SRL) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bdsandbox.sys -- (bdsandbox)
DRV - [2011/11/14 19:16:28 | 000,130,640 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdftdif.sys -- (bdftdif)
DRV - [2011/11/11 16:13:54 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2011/10/27 14:07:06 | 000,340,624 | ---- | M] (BitDefender S.R.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\trufos.sys -- (trufos)
DRV - [2011/08/16 13:59:34 | 000,360,976 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\bdfsfltr.sys -- (bdfsfltr)
DRV - [2011/08/09 16:33:58 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\BANTExt.sys -- (BANTExt)
DRV - [2011/07/22 10:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 15:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/01/19 18:32:40 | 000,085,128 | ---- | M] (BitDefender) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\bdvedisk.sys -- (BDVEDISK)
DRV - [2009/03/18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2008/07/01 14:13:26 | 000,985,472 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2008/07/01 14:13:26 | 000,731,264 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2008/07/01 14:13:24 | 000,267,520 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2006/11/02 06:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2006/02/10 10:19:12 | 001,107,224 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/08/03 20:10:18 | 001,273,344 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/
IE - HKCU\..\SearchScopes,DefaultScope = {72699759-CC18-408A-B150-52DBF7E19F58}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{72699759-CC18-408A-B150-52DBF7E19F58}: "URL" = http://www.google.com/search?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://myyahoo.com/"
FF - prefs.js..extensions.enabledAddons: [email protected]:1.0
FF - prefs.js..extensions.enabledAddons: [email protected]:6.0
FF - prefs.js..extensions.enabledItems: [email protected]:2.0
FF - prefs.js..extensions.enabledItems: [email protected]sun.com:1.0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Documents and Settings\Betty\Local Settings\Application Data\RobloxVersions\version-cbdc8c4c0dd24338\\NPRobloxProxy.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Betty\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Betty\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Documents and Settings\Betty\My Documents\My Music\npAmazonMP3DownloaderPlugin101752.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\Bitdefender\Bitdefender 2012\bdtbext\ [2012/04/25 12:06:59 | 000,000,000 | ---D | M]

[2011/04/19 12:32:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Betty\Application Data\Mozilla\Extensions
[2011/04/21 13:13:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Betty\Application Data\Mozilla\Firefox\Profiles\0xgy5skh.default\extensions
[2011/04/19 12:37:19 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Betty\Application Data\Mozilla\Firefox\Profiles\0xgy5skh.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/09/14 08:03:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/09/14 08:03:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/06/26 16:53:36 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

========== Chrome ==========

CHR - homepage: 
CHR - default_search_provider: Yahoo! (Enabled)
CHR - default_search_provider: search_url = http://search.yahoo.com/search?ei={inputEncoding}&fr=crmas&p={searchTerms}
CHR - default_search_provider: suggest_url = http://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms},
CHR - homepage: 
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Betty\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Betty\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.97\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Betty\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Betty\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Betty\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Expression of light = C:\Documents and Settings\Betty\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hoeaebjkjpnhfdemoidmfdicalnfaebl\1_0\

O1 HOSTS File: ([2013/01/05 23:40:35 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [BDAgent] C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe (Bitdefender)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {000F1EA4-5E08-4564-A29B-29076F63A37A} http://launch.soe.com/plugin/web/SOEWebInstaller.cab (SOE Web Installer)
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} http://download.macromedia.com/pub/shockwave/cabs/authorware/awswaxf.cab (Macromedia Authorware Web Player Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cab (Bitdefender QuickScan Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1272917492281 (MUWebControl Class)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} http://panda-plugin.disney.go.com/plugin/win32/p3dactivex.cab (P3DActiveX Control)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{54E9D73F-CE01-45E4-8FD1-2E7C146127F6}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Betty\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Betty\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 03:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/06 19:23:33 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/01/06 13:24:29 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Betty\Desktop\OTL.exe
[2013/01/06 00:02:18 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/01/05 23:28:48 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013/01/05 23:27:27 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013/01/05 23:27:27 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013/01/05 23:27:27 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013/01/05 23:27:27 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013/01/05 23:24:50 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/01/05 23:24:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013/01/05 20:19:26 | 005,019,547 | R--- | C] (Swearware) -- C:\Documents and Settings\Betty\Desktop\Puppy.exe
[2013/01/04 18:26:58 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2013/01/04 18:04:32 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Betty\Desktop\tdsskiller.exe
[2013/01/04 17:27:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Betty\Desktop\TSG
[2013/01/02 12:48:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Betty\My Documents\Warranties
[2013/01/02 12:43:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Betty\My Documents\Computers
[2012/12/28 12:52:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2012/12/28 12:52:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2012/12/22 11:46:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Amazon
[2012/12/22 09:24:44 | 000,157,320 | ---- | C] (BitDefender LLC) -- C:\WINDOWS\System32\drivers\gzflt.sys.old
[2012/12/08 15:15:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Betty\Desktop\About Blank
[2004/09/10 12:40:38 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Program Files\DECCHECK.exe

========== Files - Modified Within 30 Days ==========

[2013/01/06 19:27:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/01/06 19:27:00 | 3756,150,784 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/06 19:08:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/01/06 18:46:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4207097214-2822948736-4082840186-1005UA.job
[2013/01/06 17:46:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4207097214-2822948736-4082840186-1005Core.job
[2013/01/06 15:34:24 | 000,002,518 | ---- | M] () -- C:\Documents and Settings\Betty\My Documents\B_D phone support.eml
[2013/01/06 15:33:07 | 000,006,189 | ---- | M] () -- C:\Documents and Settings\Betty\My Documents\BitDefender Forum password.eml
[2013/01/06 15:32:53 | 000,017,929 | ---- | M] () -- C:\Documents and Settings\Betty\My Documents\Receipt for your PayPal payment to elangr.eml
[2013/01/06 13:24:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Betty\Desktop\OTL.exe
[2013/01/05 23:40:35 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/01/05 23:28:54 | 000,000,325 | RHS- | M] () -- C:\boot.ini
[2013/01/05 21:11:39 | 000,000,209 | ---- | M] () -- C:\Boot.bak
[2013/01/05 20:28:16 | 005,019,547 | R--- | M] (Swearware) -- C:\Documents and Settings\Betty\Desktop\Puppy.exe
[2013/01/05 19:58:11 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\Betty\Desktop\My Yahoo!.url
[2013/01/05 17:28:40 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/01/04 21:05:29 | 001,061,063 | ---- | M] () -- C:\Documents and Settings\Betty\Desktop\ComboFix A guide and tutorial on using ComboFix.mht
[2013/01/04 18:04:33 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Betty\Desktop\tdsskiller.exe
[2013/01/01 21:35:22 | 000,000,117 | ---- | M] () -- C:\Documents and Settings\Betty\Desktop\Free Jigsaw Puzzles - Jigsaw Puzzle Games at TheJigsawPuzzles.com - Play Free Online Jigsaw Puzzles.url
[2012/12/31 19:59:09 | 000,000,009 | ---- | M] () -- C:\END
[2012/12/26 19:11:04 | 000,000,049 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/12/23 16:50:05 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Betty\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk
[2012/12/22 11:46:20 | 000,001,758 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Amazon Cloud Player.lnk
[2012/12/22 09:09:33 | 000,181,832 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/12/14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/12/13 20:34:07 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/12/13 20:30:05 | 000,000,325 | ---- | M] () -- C:\WINDOWS\System32\checkdnsid.xml
[2012/12/13 13:49:42 | 000,002,284 | ---- | M] () -- C:\Documents and Settings\Betty\Desktop\Google Chrome.lnk
[2012/12/13 13:49:42 | 000,002,262 | ---- | M] () -- C:\Documents and Settings\Betty\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/12/12 17:28:33 | 000,622,616 | ---- | M] (BitDefender) -- C:\WINDOWS\System32\drivers\avc3.sys
[2012/12/12 17:27:49 | 000,481,464 | ---- | M] (BitDefender) -- C:\WINDOWS\System32\drivers\avckf.sys
[2012/12/12 17:27:36 | 000,242,504 | ---- | M] (BitDefender) -- C:\WINDOWS\System32\drivers\avchv.sys
[2012/12/08 12:27:11 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

========== Files Created - No Company Name ==========

[2013/01/06 15:34:24 | 000,002,518 | ---- | C] () -- C:\Documents and Settings\Betty\My Documents\B_D phone support.eml
[2013/01/06 15:33:07 | 000,006,189 | ---- | C] () -- C:\Documents and Settings\Betty\My Documents\BitDefender Forum password.eml
[2013/01/06 15:32:53 | 000,017,929 | ---- | C] () -- C:\Documents and Settings\Betty\My Documents\Receipt for your PayPal payment to elangr.eml
[2013/01/05 23:28:54 | 000,000,209 | ---- | C] () -- C:\Boot.bak
[2013/01/05 23:28:51 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2013/01/05 23:27:27 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/01/05 23:27:27 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/01/05 23:27:27 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/01/05 23:27:27 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/01/05 23:27:27 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013/01/04 21:05:27 | 001,061,063 | ---- | C] () -- C:\Documents and Settings\Betty\Desktop\ComboFix A guide and tutorial on using ComboFix.mht
[2012/12/31 19:59:05 | 000,000,009 | ---- | C] () -- C:\END
[2012/12/23 16:50:05 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Betty\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk
[2012/12/22 11:46:20 | 000,001,758 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Amazon Cloud Player.lnk
[2012/11/09 20:52:24 | 000,000,190 | ---- | C] () -- C:\Documents and Settings\Betty\Local Settings\Application Data\rbxcsettings.rbx
[2012/10/12 18:58:18 | 000,000,272 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2012/02/15 09:38:22 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/30 16:09:23 | 001,120,635 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-4207097214-2822948736-4082840186-1005-0.dat
[2012/01/30 16:09:23 | 000,166,282 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/01/30 15:22:26 | 000,000,590 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
[2011/09/15 18:11:16 | 000,000,004 | ---- | C] () -- C:\WINDOWS\System32\aspdict-en.dat
[2011/09/15 18:11:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pcwords2.dat
[2011/09/15 18:11:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pcwords.dat
[2011/09/15 18:11:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_webproxy.dat
[2011/09/15 18:11:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_video.dat
[2011/09/15 18:11:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_tabloids.dat
[2011/09/15 18:11:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_socialnetworks.dat
[2011/09/15 18:11:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_searchengines.dat
[2011/09/15 18:11:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_regionaltlds.dat
[2011/09/15 18:11:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_pornography.dat
[2011/09/15 18:11:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_onlineshop.dat
[2011/09/15 18:11:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_onlinepay.dat
[2011/09/15 18:11:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_onlinedating.dat
[2011/09/15 18:11:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_news.dat
[2011/09/15 18:11:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_im.dat
[2011/09/15 18:11:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_illegal.dat
[2011/09/15 18:11:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_hate.dat
[2011/09/15 18:11:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_games.dat
[2011/09/15 18:11:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_gambling.dat
[2011/09/15 18:11:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_drugs.dat
[2011/09/15 17:25:46 | 000,171,854 | ---- | C] () -- C:\Documents and Settings\Betty\Local Settings\Application Data\census.cache
[2011/09/15 17:25:45 | 000,170,141 | ---- | C] () -- C:\Documents and Settings\Betty\Local Settings\Application Data\ars.cache
[2011/09/15 16:49:14 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Betty\Local Settings\Application Data\housecall.guid.cache
[2011/04/19 12:31:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/03/05 12:12:27 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2011/02/19 23:20:57 | 000,000,385 | ---- | C] () -- C:\Documents and Settings\Betty\Application Datauser_gensett.xml
[2011/02/01 14:21:26 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\search_result.xml
[2011/01/31 08:16:28 | 000,000,376 | ---- | C] () -- C:\Documents and Settings\Betty\Application Dataprivacy.xml
[2011/01/29 09:09:05 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\asdict.dat
[2010/04/19 18:15:57 | 000,009,728 | ---- | C] () -- C:\Documents and Settings\Betty\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/19 14:17:47 | 000,007,168 | ---- | C] () -- C:\Documents and Settings\Betty\WINWORD.box
[2010/04/16 08:52:07 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Betty\Local Settings\Application Data\fusioncache.dat
[2010/03/29 18:40:20 | 000,100,256 | ---- | C] () -- C:\Program Files\Common Files\LinkInstaller.exe

========== ZeroAccess Check ==========

[2005/08/16 03:39:16 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 18:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 06:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 18:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2011/09/14 08:02:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\bdch
[2012/04/25 12:07:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BDLogging
[2012/04/25 12:07:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bitdefender
[2010/06/03 20:17:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2011/09/15 15:54:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ClubSanDisk
[2005/08/16 19:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream
[2012/04/15 16:30:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2011/07/25 11:07:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS
[2010/04/28 13:24:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OLYMPUS
[2012/02/29 10:45:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Road Runner
[2010/04/21 09:44:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Simple Star
[2010/04/21 09:46:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Simple Star Shared
[2012/05/26 20:04:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betty\Application Data\.minecraft
[2012/04/25 12:07:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betty\Application Data\Bitdefender
[2011/04/12 15:49:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betty\Application Data\ElevatedDiagnostics
[2010/10/02 18:45:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betty\Application Data\FOG Downloader
[2012/05/21 10:51:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betty\Application Data\JGoodies
[2012/08/27 18:58:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betty\Application Data\OpenOffice.org
[2012/03/15 17:50:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betty\Application Data\QuickScan
[2012/03/12 17:07:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betty\Application Data\Road Runner
[2010/04/21 09:59:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betty\Application Data\Simple Star
[2011/09/14 14:04:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betty\Application Data\Sony Online Entertainment
[2011/03/14 15:29:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betty\Application Data\Uniblue

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Betty\Desktop\Show Desktop.scf:SummaryInformation
@Alternate Data Stream - 10 bytes -> C:\WINDOWS\System32\LegitCheckControl.DLL:BDU

< End of report >


----------



## Cookiegal (Aug 27, 2003)

Please run the following on-line scanner. Note that you must use Internet Explorer to perform the scan.

Note: If you're running a 64-bit system you have to choose the 32-bit option in IE. To do that, go to the Start Menu and right-click the Internet Explorer (32-bit) icon and then select 'Run as administrator' from the right-click menu.

http://www.eset.com/online-scanner

Accept the Terms of Use and then press the Start button

Allow the ActiveX control to be installed.

Put a check by Remove found threats and then run the scan.

When the scan is finished, you will see the results in a window.

A log.txt file is created here: C:\Program Files\ESET\ESET Online Scanner\log.txt.

Open the log file with Notepad and copy and paste the contents here please.


----------



## nettyiam (Jan 27, 2004)

[email protected] as CAB hook log:
OnlineScanner.ocx - registred OK
# version=8
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6844
# api_version=3.0.2
# EOSSerial=303e9612d7700c4b89162ffcd5a0859c
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-01-08 12:01:01
# local_time=2013-01-07 06:01:01 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=2055 16777213 100 98 0 115737559 0 0
# scanned=96912
# found=0
# cleaned=0
# scan_time=3284


----------



## nettyiam (Jan 27, 2004)

Reminder: My OS is WINXP
I disabled my BitDefender for 30 min but the scan took longer..will this affect eset scan?


----------



## Cookiegal (Aug 27, 2003)

Why the reminder about your OS being XP? 

BitDefender shouldn't have caused any problems unless you got some security alerts during the scan.

Please try to run GMER again and post the log.


----------



## nettyiam (Jan 27, 2004)

There was something in your previous post that was different from the page..ignore that..sorry for the confusion.

Had to run this twice as it stopped for some reason I dont know why. Appreciate all you help to figure out what is wrong.
*ESET*[email protected] as CAB hook log:
OnlineScanner.ocx - registred OK
# version=8
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6844
# api_version=3.0.2
# EOSSerial=303e9612d7700c4b89162ffcd5a0859c
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-01-08 12:01:01
# local_time=2013-01-07 06:01:01 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=2055 16777213 100 98 0 115737559 0 0
# scanned=96912
# found=0
# cleaned=0
# scan_time=3284
[email protected] as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6844
# api_version=3.0.2
# EOSSerial=303e9612d7700c4b89162ffcd5a0859c
# end=stopped
# remove_checked=false
# archives_checked=false
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-01-08 11:16:27
# local_time=2013-01-08 05:16:27 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=2055 16777213 100 98 0 115821285 0 0
# scanned=65159
# found=0
# cleaned=0
# scan_time=1862
[email protected] as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6844
# api_version=3.0.2
# EOSSerial=303e9612d7700c4b89162ffcd5a0859c
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-01-09 12:18:18
# local_time=2013-01-08 06:18:18 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=2055 16777213 100 98 0 115824996 0 0
# scanned=97137
# found=0
# cleaned=0
# scan_time=3269


----------



## nettyiam (Jan 27, 2004)

oops sorry ran wrong program..brb


----------



## nettyiam (Jan 27, 2004)

File is too large, trying to send it as attachment


----------



## Cookiegal (Aug 27, 2003)

That log looks good.

How are things with the system now?


----------



## nettyiam (Jan 27, 2004)

My desktop seems to be running good. Loads pages faster & not getting different sites when surfing. Thanks 

Since I get the same warning on my laptop (Vista) when attempting to run HJT, should I stay on this post or start another? 
Do I use the same programs I downloaded for my XP.


----------



## Cookiegal (Aug 27, 2003)

Here are some final instructions for you.

As with any infection, I recommend that you change all passwords for logging into to sites that you use on your computer as a precaution.

*Follow these steps to uninstall Combofix and all of its files and components.*

 Click *START* then *RUN*
 Now type *ComboFix /uninstall* in the runbox and click *OK*. Note the *space* between the *X* and the */uninstall*, it needs to be there (the screenshot is just for illustration purposes but the actual command uses the entire word "uninstall" and not just the "u" as shown in the picture).










Please open OTS again and click on the button that says "CleanUp" at the top. This will remove some of the tools we've used and will also uninstall the OTS program.

Now you should turn system restore off to flush out all previous system restore points, then turn it back on and create a new restore point:

To turn off system restore, on the Desktop, right click on *My Computer* and click on *Properties.*
Click the *System Restore* tab.
Check *Turn off System Restore.*
Click Apply and then click OK.

Restart your computer, turn System Restore back on and create a restore point.

To create a new restore point, click on *Start*  *All Programs*  *Accessories*  *System Tools* and then select *System Restore*.

In the System Restore wizard, select *Create a restore point* and click the Next button.

Type a name for your new restore point then click on Create.


----------



## Cookiegal (Aug 27, 2003)

The hosts message with HijackThis does not indicate infection. Are you experiencing any symptoms on your Vista machine that lead you to believe that it may be infected?


----------



## nettyiam (Jan 27, 2004)

Before I do the removal of combofix & other things you recommended, thought I would check with you. 
I think I am not fixed on my desktop, now when I click Internet Explorer it is using About Blank. I had just run SuperSpyware and it had 72 items found but it either removed or quarantined them. 
I had the _aboutblank _problem before & had TSG help me. When I ran the HJT to post for you, I got that same warning as before but there was 023NT in red at the top. When I ran it the second time, the warning window did not come up?
Also was unable to download the two MS updates that have NT fixes..if you want I will try to find out what the K# is.

My laptop is quite slow, I have been running Malwarebytes on it for over 2 hrs. Going to uninstall some programs (games) that I had on for my grandchildren.

Also, if I do not get back to right away, I work full time (10hr days) and dont always have the time. I realize you are certainly busy also & patient & am grateful you have taken on my problem...thank you


----------



## nettyiam (Jan 27, 2004)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:39:08 PM, on 1/12/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Trend Micro\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {000F1EA4-5E08-4564-A29B-29076F63A37A} (SOE Web Installer) - http://launch.soe.com/plugin/web/SOEWebInstaller.cab
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} (Bitdefender QuickScan Control) - http://quickscan.bitdefender.com/qsax/qsax.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1272917492281
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} (P3DActiveX Control) - http://panda-plugin.disney.go.com/plugin/win32/p3dactivex.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: BitDefender Update Server v2 (Update Server) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe
O23 - Service: BitDefender Desktop Update Service (UPDATESRV) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe

--
End of file - 4980 bytes


----------



## Cookiegal (Aug 27, 2003)

Please download *OTL* to your Desktop. 

Double-click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. 
Under Custom Scans/Fixes type in *Netsvcs*
Click the Run Scan button. Do not change any other settings unless otherwise instructed. The scan won't take long. 
When the scan completes, it will open two Notepad windows called *OTL.Txt* and *Extras.Txt*. These are saved in the same location as OTL. 
Please copy and paste the contents of both of these files here in your next reply.


----------



## nettyiam (Jan 27, 2004)

Had OTL.exe on my desktop from previously but deleted it and downloaded it again. Ran it four times but it does not give Extras.Txt

Here is the OTL.Txt log

OTL logfile created on: *1/13/2013* 6:07:02 PM - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Betty\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.50 Gb Total Physical Memory | 2.96 Gb Available Physical Memory | 84.68% Memory free
4.84 Gb Paging File | 4.28 Gb Available in Paging File | 88.46% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 227.41 Gb Total Space | 194.18 Gb Free Space | 85.39% Space Free | Partition Type: NTFS

Computer Name: BETTYDESKTOP | User Name: Betty | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/13 18:05:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Betty\Desktop\OTL.exe
PRC - [2012/12/12 17:27:45 | 001,199,344 | ---- | M] (Bitdefender) -- C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe
PRC - [2012/12/12 17:27:38 | 001,554,176 | ---- | M] (Bitdefender) -- C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe
PRC - [2012/09/29 13:32:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2012/08/23 16:05:09 | 000,055,032 | ---- | M] (Bitdefender) -- C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe
PRC - [2010/01/07 13:38:10 | 000,058,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ZuneBusEnum.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (No Company Name) ==========

MOD - [2012/12/12 17:28:30 | 000,272,344 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\avc3al.dll
MOD - [2012/12/12 17:27:36 | 000,092,600 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\bdmetrics.dll
MOD - [2012/03/27 23:07:06 | 000,004,608 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\UI\imsecurityal.ui
MOD - [2012/03/27 23:07:04 | 000,003,072 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\UI\accessl.ui
MOD - [2012/03/22 11:30:52 | 002,063,872 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\as2core\ashttpf.mdl
MOD - [2012/03/22 11:30:52 | 001,917,952 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\as2core\ashttpph.mdl
MOD - [2012/03/22 11:30:52 | 001,867,776 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\as2core\asimf.mdl
MOD - [2012/03/22 11:30:52 | 000,956,928 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\as2core\ashttprbl.mdl
MOD - [2012/03/22 11:30:52 | 000,634,880 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\as2core\ashttpbr.mdl
MOD - [2012/03/22 11:30:52 | 000,513,536 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\as2core\ashttpdsp.mdl
MOD - [2012/03/22 11:30:52 | 000,446,464 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\as2core\asimdsp.mdl
MOD - [2012/03/22 11:30:52 | 000,391,168 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\as2core\asimbr.mdl
MOD - [2012/01/23 19:27:20 | 000,035,208 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\procinfo.dll
MOD - [2012/01/23 19:15:40 | 000,059,392 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\bdmltusrsrv.dll
MOD - [2012/01/23 19:14:56 | 000,110,880 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\connector.dll
MOD - [2012/01/23 19:14:00 | 000,061,440 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\excludemgr.dll
MOD - [2012/01/23 19:13:40 | 000,154,152 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\framework.dll
MOD - [2012/01/06 15:27:34 | 000,035,720 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\strdecoder.dll
MOD - [2012/01/06 15:27:28 | 000,202,032 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\txmlutil.dll
MOD - [2011/11/14 19:17:08 | 000,132,176 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\bdfwcore.dll
MOD - [2011/11/03 09:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2011/10/27 14:07:06 | 000,362,736 | ---- | M] () -- \\?\C:\Program Files\Common Files\Bitdefender\Bitdefender Threat Scanner\trufos.dll
MOD - [2011/02/04 17:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2008/05/09 16:20:05 | 000,181,240 | ---- | M] () -- C:\Program Files\Common Files\Simple Star Shared\PhotoShowShellExt.dll
MOD - [2008/04/13 18:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 18:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll

========== Services (SafeList) ==========

SRV - [2013/01/09 17:08:28 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/12 17:27:38 | 001,554,176 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe -- (VSSERV)
SRV - [2012/09/29 13:32:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2012/08/23 16:05:09 | 000,055,032 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe -- (UPDATESRV)
SRV - [2011/10/14 22:57:36 | 000,307,544 | ---- | M] (BitDefender) [On_Demand | Stopped] -- C:\Program Files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe -- (Update Server)
SRV - [2010/06/03 20:16:50 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2010/01/07 13:38:18 | 000,447,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2010/01/07 13:38:10 | 000,058,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ZuneBusEnum.exe -- (ZuneBusEnum)
SRV - [2010/01/07 13:38:08 | 005,950,704 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Betty\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (bvrp_pci)
DRV - [2012/12/12 17:28:33 | 000,622,616 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avc3.sys -- (avc3)
DRV - [2012/12/12 17:27:49 | 000,481,464 | ---- | M] (BitDefender) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avckf.sys -- (avckf)
DRV - [2012/12/12 17:27:36 | 000,242,504 | ---- | M] (BitDefender) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avchv.sys -- (avchv)
DRV - [2012/08/23 16:05:20 | 000,132,600 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys -- (bdselfpr)
DRV - [2012/08/23 16:05:08 | 000,116,248 | ---- | M] (BitDefender LLC) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf.sys -- (Bdfndisf)
DRV - [2011/11/17 16:38:34 | 000,063,056 | ---- | M] (BitDefender SRL) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bdsandbox.sys -- (bdsandbox)
DRV - [2011/11/14 19:16:28 | 000,130,640 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdftdif.sys -- (bdftdif)
DRV - [2011/11/11 16:13:54 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2011/10/27 14:07:06 | 000,340,624 | ---- | M] (BitDefender S.R.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\trufos.sys -- (trufos)
DRV - [2011/08/16 13:59:34 | 000,360,976 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\bdfsfltr.sys -- (bdfsfltr)
DRV - [2011/08/09 16:33:58 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\BANTExt.sys -- (BANTExt)
DRV - [2011/07/22 10:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 15:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/01/19 18:32:40 | 000,085,128 | ---- | M] (BitDefender) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\bdvedisk.sys -- (BDVEDISK)
DRV - [2009/03/18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2008/07/01 14:13:26 | 000,985,472 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2008/07/01 14:13:26 | 000,731,264 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2008/07/01 14:13:24 | 000,267,520 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2006/11/02 06:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2006/02/10 10:19:12 | 001,107,224 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/08/03 20:10:18 | 001,273,344 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\SearchScopes,DefaultScope = {72699759-CC18-408A-B150-52DBF7E19F58}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{72699759-CC18-408A-B150-52DBF7E19F58}: "URL" = http://www.google.com/search?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://myyahoo.com/"
FF - prefs.js..extensions.enabledAddons: [email protected]:1.0
FF - prefs.js..extensions.enabledAddons: [email protected]:6.0
FF - prefs.js..extensions.enabledItems: [email protected]:2.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Betty\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Betty\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Documents and Settings\Betty\My Documents\My Music\npAmazonMP3DownloaderPlugin101752.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\Bitdefender\Bitdefender 2012\bdtbext\ [2012/04/25 12:06:59 | 000,000,000 | ---D | M]

[2011/04/19 12:32:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Betty\Application Data\Mozilla\Extensions
[2011/04/21 13:13:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Betty\Application Data\Mozilla\Firefox\Profiles\0xgy5skh.default\extensions
[2011/04/19 12:37:19 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Betty\Application Data\Mozilla\Firefox\Profiles\0xgy5skh.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/09/14 08:03:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/09/14 08:03:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/06/26 16:53:36 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

========== Chrome ==========

CHR - homepage: 
CHR - default_search_provider: Yahoo! (Enabled)
CHR - default_search_provider: search_url = http://search.yahoo.com/search?ei={inputEncoding}&fr=crmas&p={searchTerms}
CHR - default_search_provider: suggest_url = http://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms},
CHR - homepage: 
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Betty\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Betty\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.97\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Betty\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Betty\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Betty\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Jurawa Design Wolf 1280x800 = C:\Documents and Settings\Betty\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ggmdcbjhjccinfjcalchgkhimfkgpmem\1_0\

O1 HOSTS File: ([2013/01/05 23:40:35 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [BDAgent] C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe (Bitdefender)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {000F1EA4-5E08-4564-A29B-29076F63A37A} http://launch.soe.com/plugin/web/SOEWebInstaller.cab (SOE Web Installer)
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} http://download.macromedia.com/pub/shockwave/cabs/authorware/awswaxf.cab (Macromedia Authorware Web Player Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cab (Bitdefender QuickScan Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1272917492281 (MUWebControl Class)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (GMNRev Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} http://panda-plugin.disney.go.com/plugin/win32/p3dactivex.cab (P3DActiveX Control)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{54E9D73F-CE01-45E4-8FD1-2E7C146127F6}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 03:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2013/01/13 18:05:29 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Betty\Desktop\OTL.exe
[2013/01/12 23:08:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Betty\Desktop\Upload to FB
[2013/01/11 07:53:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Betty\Local Settings\Application Data\PCHealth
[2013/01/07 17:01:07 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013/01/06 19:23:33 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/01/06 00:02:18 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/01/05 23:28:48 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013/01/05 23:27:27 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013/01/05 23:27:27 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013/01/05 23:27:27 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013/01/05 23:27:27 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013/01/05 23:24:50 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/01/05 23:24:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013/01/04 18:26:58 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2013/01/04 17:27:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Betty\Desktop\TSG
[2013/01/02 12:48:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Betty\My Documents\Warranties
[2013/01/02 12:43:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Betty\My Documents\Computers
[2012/12/28 12:52:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2012/12/28 12:52:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2012/12/22 11:46:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Amazon
[2012/12/22 09:24:44 | 000,157,320 | ---- | C] (BitDefender LLC) -- C:\WINDOWS\System32\drivers\gzflt.sys.old
[2004/09/10 12:40:38 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Program Files\DECCHECK.exe

========== Files - Modified Within 30 Days ==========

[2013/01/13 18:08:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/01/13 18:05:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Betty\Desktop\OTL.exe
[2013/01/13 17:46:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4207097214-2822948736-4082840186-1005UA.job
[2013/01/13 17:46:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4207097214-2822948736-4082840186-1005Core.job
[2013/01/13 14:12:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/01/13 14:12:31 | 3756,150,784 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/12 15:12:44 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/01/12 14:36:22 | 000,380,677 | ---- | M] () -- C:\Documents and Settings\Betty\Desktop\Belarc Advisor Computer Profile.mht
[2013/01/11 08:20:38 | 000,000,325 | RHS- | M] () -- C:\boot.ini
[2013/01/10 16:53:24 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/01/09 19:44:17 | 000,000,713 | ---- | M] () -- C:\Documents and Settings\Betty\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to HijackThis.lnk
[2013/01/09 17:08:27 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/01/09 17:08:27 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/01/06 15:34:24 | 000,002,518 | ---- | M] () -- C:\Documents and Settings\Betty\My Documents\B_D phone support.eml
[2013/01/06 15:33:07 | 000,006,189 | ---- | M] () -- C:\Documents and Settings\Betty\My Documents\BitDefender Forum password.eml
[2013/01/06 15:32:53 | 000,017,929 | ---- | M] () -- C:\Documents and Settings\Betty\My Documents\Receipt for your PayPal payment to elangr.eml
[2013/01/05 23:40:35 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/01/05 21:11:39 | 000,000,209 | ---- | M] () -- C:\Boot.bak
[2013/01/05 19:58:11 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\Betty\Desktop\My Yahoo!.url
[2013/01/01 21:35:22 | 000,000,117 | ---- | M] () -- C:\Documents and Settings\Betty\Desktop\Free Jigsaw Puzzles - Jigsaw Puzzle Games at TheJigsawPuzzles.com - Play Free Online Jigsaw Puzzles.url
[2012/12/31 19:59:09 | 000,000,009 | ---- | M] () -- C:\END
[2012/12/26 19:11:04 | 000,000,049 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/12/23 16:50:05 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Betty\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk
[2012/12/22 11:46:20 | 000,001,758 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Amazon Cloud Player.lnk
[2012/12/22 09:09:33 | 000,181,832 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/12/16 06:23:59 | 000,290,560 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\dllcache\atmfd.dll
[2012/12/16 06:23:59 | 000,290,560 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\atmfd.dll

========== Files Created - No Company Name ==========

[2013/01/12 14:36:21 | 000,380,677 | ---- | C] () -- C:\Documents and Settings\Betty\Desktop\Belarc Advisor Computer Profile.mht
[2013/01/09 19:44:17 | 000,000,713 | ---- | C] () -- C:\Documents and Settings\Betty\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to HijackThis.lnk
[2013/01/06 15:34:24 | 000,002,518 | ---- | C] () -- C:\Documents and Settings\Betty\My Documents\B_D phone support.eml
[2013/01/06 15:33:07 | 000,006,189 | ---- | C] () -- C:\Documents and Settings\Betty\My Documents\BitDefender Forum password.eml
[2013/01/06 15:32:53 | 000,017,929 | ---- | C] () -- C:\Documents and Settings\Betty\My Documents\Receipt for your PayPal payment to elangr.eml
[2013/01/05 23:28:54 | 000,000,209 | ---- | C] () -- C:\Boot.bak
[2013/01/05 23:28:51 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2013/01/05 23:27:27 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/01/05 23:27:27 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/01/05 23:27:27 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/01/05 23:27:27 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/01/05 23:27:27 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/12/31 19:59:05 | 000,000,009 | ---- | C] () -- C:\END
[2012/12/23 16:50:05 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Betty\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk
[2012/12/22 11:46:20 | 000,001,758 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Amazon Cloud Player.lnk
[2012/11/09 20:52:24 | 000,000,190 | ---- | C] () -- C:\Documents and Settings\Betty\Local Settings\Application Data\rbxcsettings.rbx
[2012/10/12 18:58:18 | 000,000,272 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2012/02/15 09:38:22 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/30 16:09:23 | 001,120,635 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-4207097214-2822948736-4082840186-1005-0.dat
[2012/01/30 16:09:23 | 000,166,282 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/01/30 15:22:26 | 000,000,590 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
[2011/09/15 18:11:16 | 000,000,004 | ---- | C] () -- C:\WINDOWS\System32\aspdict-en.dat
[2011/09/15 18:11:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pcwords2.dat
[2011/09/15 18:11:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pcwords.dat
[2011/09/15 18:11:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_webproxy.dat
[2011/09/15 18:11:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_video.dat
[2011/09/15 18:11:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_tabloids.dat
[2011/09/15 18:11:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_socialnetworks.dat
[2011/09/15 18:11:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_searchengines.dat
[2011/09/15 18:11:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_regionaltlds.dat
[2011/09/15 18:11:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_pornography.dat
[2011/09/15 18:11:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_onlineshop.dat
[2011/09/15 18:11:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_onlinepay.dat
[2011/09/15 18:11:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_onlinedating.dat
[2011/09/15 18:11:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_news.dat
[2011/09/15 18:11:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_im.dat
[2011/09/15 18:11:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_illegal.dat
[2011/09/15 18:11:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_hate.dat
[2011/09/15 18:11:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_games.dat
[2011/09/15 18:11:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_gambling.dat
[2011/09/15 18:11:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_drugs.dat
[2011/09/15 17:25:46 | 000,171,854 | ---- | C] () -- C:\Documents and Settings\Betty\Local Settings\Application Data\census.cache
[2011/09/15 17:25:45 | 000,170,141 | ---- | C] () -- C:\Documents and Settings\Betty\Local Settings\Application Data\ars.cache
[2011/09/15 16:49:14 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Betty\Local Settings\Application Data\housecall.guid.cache
[2011/04/19 12:31:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/03/05 12:12:27 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2011/02/19 23:20:57 | 000,000,385 | ---- | C] () -- C:\Documents and Settings\Betty\Application Datauser_gensett.xml
[2011/02/01 14:21:26 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\search_result.xml
[2011/01/31 08:16:28 | 000,000,376 | ---- | C] () -- C:\Documents and Settings\Betty\Application Dataprivacy.xml
[2011/01/29 09:09:05 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\asdict.dat
[2010/04/19 18:15:57 | 000,009,728 | ---- | C] () -- C:\Documents and Settings\Betty\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/19 14:17:47 | 000,007,168 | ---- | C] () -- C:\Documents and Settings\Betty\WINWORD.box
[2010/04/16 08:52:07 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Betty\Local Settings\Application Data\fusioncache.dat
[2010/03/29 18:40:20 | 000,100,256 | ---- | C] () -- C:\Program Files\Common Files\LinkInstaller.exe

========== ZeroAccess Check ==========

[2005/08/16 03:39:16 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 18:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 06:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 18:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Betty\Desktop\Show Desktop.scf:SummaryInformation
@Alternate Data Stream - 10 bytes -> C:\WINDOWS\System32\LegitCheckControl.DLL:BDU

< End of report >


----------



## Cookiegal (Aug 27, 2003)

The about:blank issue is not malware related. All you need to do is reset your start page to whatever you want in Internet Explorer. About:blank is the default setting when nothing else is set.

I don't see anything malicious but wanted to ask about this folder. Is it something you created?

C:\END

Your *Java* is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of *Java* components and upgrade the application.

*Upgrading Java*:


Download the latest version of *Java Runtime Environment (JRE) 6 Update 38*.
Accept the License Agreement and then select the option to download the *Windows x86 Offline* version 
Save the executable file to your desktop.
Close any programs you may have running - especially your web browser.
Go to *Start* > *Control Panel*, double-click on *Add/Remove *programs and remove all older versions of Java.
Check any item with * Java Runtime Environment, JRE, J2SE or Java(TM)* in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java version.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on the download and follow the prompts to install the newest version.

This is an older version of Java that you need to uninstall from your computer:

Java 2 Runtime Environment, SE v1.4.2_03


----------



## nettyiam (Jan 27, 2004)

Thanks on about:blank.

I did not make C:\END folder. Dont know why it was created as that was Christmas Eve & dont recall anyone using the computer. It was created: Monday, December 31, 2012, 7:59:05 PM CST; 9 bytes (9 bytes); 4.00 KB (4,096 bytes)

Before doing the Java..I would like your advice about Java because I received this article from retired relative who worked in Int Sec for US Gov. US: 
_Department of Homeland Security Calls On Computer Users To Disable Java _ (I disabled Java)
http://www.cbsnews.com/8301-205_162-57563619/u.s-tells-computer-users-to-disable-java-software/

Still not running as well as I hoped, having annoying problem with Outlook Express but not sure this is for this forum.
Should I go ahead with the instructions in Post 26, or wait a few days and remove all the items you had me download?


----------



## Cookiegal (Aug 27, 2003)

You can hold off on 26 for now.

Yes, Java has a problem right now and it's best to disable it, as you have. But it's also best to have the latest version installed so I would still update it but make sure it remains disabled afterwards (in case the update changes that).

Please open that C:\END folder and let me know the names of any files it contains.


----------



## nettyiam (Jan 27, 2004)

C:\END folder
Opened it in notepad and says _ConduitOK_

When I go to Java download, it says Java 7..ok to d/l that instead of 6?


----------



## Cookiegal (Aug 27, 2003)

I wouldn't because it's a larger download meant for developers with components that you don't need.

Scroll down the page to the Java SE 6 Update 38 download button.

Please download *SystemLook* from one of the links below and save it to your Desktop.
*Download Mirror #1
Download Mirror #2*
Double-click *SystemLook.exe* to run it.
Copy the content of the following code box into the main text field:

```
:dir /s
C:\END
```

Click the *Look* button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
*Note:* The log can also be found on your Desktop entitled *SystemLook.txt*


----------



## nettyiam (Jan 27, 2004)

SystemLook 30.07.11 by jpshortstuff
Log created at 17:32 on 17/01/2013 by Betty
Administrator - Elevation successful

Invalid Context: dir /s

No Context: C:\END

-= EOF =-


----------



## Cookiegal (Aug 27, 2003)

When you opened the C:\END folder, was it a file it contained that said ConduitOK or another folder?


----------



## nettyiam (Jan 27, 2004)

I shows it is a file. When I clicked on it, window popped up asking what I wanted to open with, I used Notepad and ConduitOK was in it. No folder or files appear.

Note; have tried to uninstall the Jave 2 Runtime Environment, SE v1.4.2_03 but window
pops up :_This action is only valid for products that are currently installed._


----------



## Cookiegal (Aug 27, 2003)

If you right-click the file and select "properties" what type of file does it say it is? Also, is there a version tab?


----------



## nettyiam (Jan 27, 2004)

Right click produced this:

*General tab:*

Type of file: File
Description: END

Location: C:\
Size: 9 bytes
Size on disk: 4.00 KB

Created: Monday, December 31, 2012, 7:59:05 PM
Modified: Today, January 17, 2013 6:29:01 PM 
Accessed: Today, January 17, 2013 9:14:21 PM

*Summary tab* has nothing

No version


----------



## Cookiegal (Aug 27, 2003)

Turns out END is a file and not a folder. Please do the following:

Download *OTS.exe * to your Desktop. 

Close any open browsers.
If your Real protection or Antivirus interferes with OTS, allow it to run.
Double-click on *OTS.exe* to start the program.
At the top put a check mark in the box beside "Scan All Users".
Under the *Additional Scans *section put a check in the box next to Disabled MS Config Items, NetSvcs and EventViewer logs (Last 10 errors)
Now click the *Run Scan *button on the toolbar.
Let it run unhindered until it finishes.
When the scan is complete Notepad will open with the report file loaded in it.
Save that notepad file.
Use the *Reply* button, scroll down to the attachments section and attach the notepad file here.


----------



## nettyiam (Jan 27, 2004)

```
OTS logfile created on: 1/18/2013 3:30:06 PM - Run 1
OTS by OldTimer - Version 3.1.47.2     Folder = C:\Documents and Settings\Betty\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 87.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 227.41 Gb Total Space | 194.77 Gb Free Space | 85.65% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: BETTYDESKTOP
Current User Name: Betty
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
 
[Processes - Safe List]
ots.exe -> C:\Documents and Settings\Betty\Desktop\OTS.exe -> [2013/01/18 15:26:31 | 000,646,656 | ---- | M] (OldTimer Tools)
bdagent.exe -> C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe -> [2012/12/12 17:27:45 | 001,199,344 | ---- | M] (Bitdefender)
vsserv.exe -> C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe -> [2012/12/12 17:27:38 | 001,554,176 | ---- | M] (Bitdefender)
sascore.exe -> C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -> [2012/09/29 13:32:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com)
updatesrv.exe -> C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe -> [2012/08/23 16:05:09 | 000,055,032 | ---- | M] (Bitdefender)
zunebusenum.exe -> C:\WINDOWS\system32\ZuneBusEnum.exe -> [2010/01/07 13:38:10 | 000,058,592 | ---- | M] (Microsoft Corporation)
explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
 
[Modules - No Company Name]
avc3al.dll -> C:\Program Files\Bitdefender\Bitdefender 2012\avc3al.dll -> [2012/12/12 17:28:30 | 000,272,344 | ---- | M] ()
bdmetrics.dll -> C:\Program Files\Bitdefender\Bitdefender 2012\bdmetrics.dll -> [2012/12/12 17:27:36 | 000,092,600 | ---- | M] ()
imsecurityal.ui -> C:\Program Files\Bitdefender\Bitdefender 2012\UI\imsecurityal.ui -> [2012/03/27 23:07:06 | 000,004,608 | ---- | M] ()
accessl.ui -> C:\Program Files\Bitdefender\Bitdefender 2012\UI\accessl.ui -> [2012/03/27 23:07:04 | 000,003,072 | ---- | M] ()
ashttpf.mdl -> C:\Program Files\Bitdefender\Bitdefender 2012\as2core\ashttpf.mdl -> [2012/03/22 11:30:52 | 002,063,872 | ---- | M] ()
ashttpph.mdl -> C:\Program Files\Bitdefender\Bitdefender 2012\as2core\ashttpph.mdl -> [2012/03/22 11:30:52 | 001,917,952 | ---- | M] ()
asimf.mdl -> C:\Program Files\Bitdefender\Bitdefender 2012\as2core\asimf.mdl -> [2012/03/22 11:30:52 | 001,867,776 | ---- | M] ()
ashttprbl.mdl -> C:\Program Files\Bitdefender\Bitdefender 2012\as2core\ashttprbl.mdl -> [2012/03/22 11:30:52 | 000,956,928 | ---- | M] ()
ashttpbr.mdl -> C:\Program Files\Bitdefender\Bitdefender 2012\as2core\ashttpbr.mdl -> [2012/03/22 11:30:52 | 000,634,880 | ---- | M] ()
ashttpdsp.mdl -> C:\Program Files\Bitdefender\Bitdefender 2012\as2core\ashttpdsp.mdl -> [2012/03/22 11:30:52 | 000,513,536 | ---- | M] ()
asimdsp.mdl -> C:\Program Files\Bitdefender\Bitdefender 2012\as2core\asimdsp.mdl -> [2012/03/22 11:30:52 | 000,446,464 | ---- | M] ()
asimbr.mdl -> C:\Program Files\Bitdefender\Bitdefender 2012\as2core\asimbr.mdl -> [2012/03/22 11:30:52 | 000,391,168 | ---- | M] ()
procinfo.dll -> C:\Program Files\Bitdefender\Bitdefender 2012\procinfo.dll -> [2012/01/23 19:27:20 | 000,035,208 | ---- | M] ()
bdmltusrsrv.dll -> C:\Program Files\Bitdefender\Bitdefender 2012\bdmltusrsrv.dll -> [2012/01/23 19:15:40 | 000,059,392 | ---- | M] ()
connector.dll -> C:\Program Files\Bitdefender\Bitdefender 2012\connector.dll -> [2012/01/23 19:14:56 | 000,110,880 | ---- | M] ()
excludemgr.dll -> C:\Program Files\Bitdefender\Bitdefender 2012\excludemgr.dll -> [2012/01/23 19:14:00 | 000,061,440 | ---- | M] ()
framework.dll -> C:\Program Files\Bitdefender\Bitdefender 2012\framework.dll -> [2012/01/23 19:13:40 | 000,154,152 | ---- | M] ()
strdecoder.dll -> C:\Program Files\Bitdefender\Bitdefender 2012\strdecoder.dll -> [2012/01/06 15:27:34 | 000,035,720 | ---- | M] ()
txmlutil.dll -> C:\Program Files\Bitdefender\Bitdefender 2012\txmlutil.dll -> [2012/01/06 15:27:28 | 000,202,032 | ---- | M] ()
bdfwcore.dll -> C:\Program Files\Bitdefender\Bitdefender 2012\bdfwcore.dll -> [2011/11/14 19:17:08 | 000,132,176 | ---- | M] ()
quartz.dll -> C:\WINDOWS\system32\quartz.dll -> [2011/11/03 09:28:36 | 001,292,288 | ---- | M] ()
trufos.dll -> \\?\C:\Program Files\Common Files\Bitdefender\Bitdefender Threat Scanner\trufos.dll -> [2011/10/27 14:07:06 | 000,362,736 | ---- | M] ()
sbe.dll -> C:\WINDOWS\system32\sbe.dll -> [2011/02/04 17:48:30 | 000,291,840 | ---- | M] ()
msdmo.dll -> C:\WINDOWS\system32\msdmo.dll -> [2008/04/13 18:11:59 | 000,014,336 | ---- | M] ()
devenum.dll -> C:\WINDOWS\system32\devenum.dll -> [2008/04/13 18:11:51 | 000,059,904 | ---- | M] ()
 
[Win32 Services - Safe List]
(AdobeFlashPlayerUpdateSvc) Adobe Flash Player Update Service [On_Demand | Stopped] -> C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -> [2013/01/09 17:08:28 | 000,251,400 | ---- | M] (Adobe Systems Incorporated)
(VSSERV) BitDefender Virus Shield [Auto | Running] -> C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe -> [2012/12/12 17:27:38 | 001,554,176 | ---- | M] (Bitdefender)
(!SASCORE) SAS Core Service [Auto | Running] -> C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -> [2012/09/29 13:32:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com)
(UPDATESRV) BitDefender Desktop Update Service [Auto | Running] -> C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe -> [2012/08/23 16:05:09 | 000,055,032 | ---- | M] (Bitdefender)
(Update Server) BitDefender Update Server v2 [On_Demand | Stopped] -> C:\Program Files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe -> [2011/10/14 22:57:36 | 000,307,544 | ---- | M] (BitDefender)
(GoToAssist) GoToAssist [On_Demand | Stopped] -> C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -> [2010/06/03 20:16:50 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.)
(ZuneWlanCfgSvc) Zune Wireless Configuration Service [On_Demand | Stopped] -> C:\WINDOWS\system32\ZuneWlanCfgSvc.exe -> [2010/01/07 13:38:18 | 000,447,216 | ---- | M] (Microsoft Corporation)
(ZuneBusEnum) Zune Bus Enumerator [Auto | Running] -> C:\WINDOWS\system32\ZuneBusEnum.exe -> [2010/01/07 13:38:10 | 000,058,592 | ---- | M] (Microsoft Corporation)
(ZuneNetworkSvc) Zune Network Sharing Service [On_Demand | Stopped] -> c:\Program Files\Zune\ZuneNss.exe -> [2010/01/07 13:38:08 | 005,950,704 | ---- | M] (Microsoft Corporation)
 
[Driver Services - Safe List]
(avc3) avc3 [File_System | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\avc3.sys -> [2012/12/12 17:28:33 | 000,622,616 | ---- | M] (BitDefender)
(avckf) avckf [File_System | On_Demand | Running] -> C:\WINDOWS\system32\drivers\avckf.sys -> [2012/12/12 17:27:49 | 000,481,464 | ---- | M] (BitDefender)
(avchv) avchv Function Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\avchv.sys -> [2012/12/12 17:27:36 | 000,242,504 | ---- | M] (BitDefender)
(bdselfpr) bdselfpr [Kernel | System | Running] -> C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys -> [2012/08/23 16:05:20 | 000,132,600 | ---- | M] (BitDefender LLC)
(Bdfndisf) BitDefender Firewall NDIS Filter Service [Kernel | On_Demand | Running] -> C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf.sys -> [2012/08/23 16:05:08 | 000,116,248 | ---- | M] (BitDefender LLC)
(bdsandbox) bdsandbox [File_System | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\bdsandbox.sys -> [2011/11/17 16:38:34 | 000,063,056 | ---- | M] (BitDefender SRL)
(bdftdif) bdftdif [Kernel | System | Running] -> C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdftdif.sys -> [2011/11/14 19:16:28 | 000,130,640 | ---- | M] (BitDefender LLC)
(sptd) sptd [Kernel | Boot | Running] -> C:\WINDOWS\System32\Drivers\sptd.sys -> [2011/11/11 16:13:54 | 000,691,696 | ---- | M] ()
(trufos) trufos [File_System | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\trufos.sys -> [2011/10/27 14:07:06 | 000,340,624 | ---- | M] (BitDefender S.R.L.)
(bdfsfltr) bdfsfltr [File_System | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\bdfsfltr.sys -> [2011/08/16 13:59:34 | 000,360,976 | ---- | M] (BitDefender)
(BANTExt) Belarc SMBios Access [Kernel | System | Running] -> C:\WINDOWS\System32\Drivers\BANTExt.sys -> [2011/08/09 16:33:58 | 000,003,840 | ---- | M] ()
(SASDIFSV) SASDIFSV [Kernel | System | Running] -> C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -> [2011/07/22 10:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
(SASKUTIL) SASKUTIL [Kernel | System | Running] -> C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -> [2011/07/12 15:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
(BDVEDISK) BDVEDISK [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\bdvedisk.sys -> [2010/01/19 18:32:40 | 000,085,128 | ---- | M] (BitDefender)
(hamachi) Hamachi Network Interface [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\hamachi.sys -> [2009/03/18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.)
(HSF_DPV) HSF_DPV [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\HSF_DPV.sys -> [2008/07/01 14:13:26 | 000,985,472 | ---- | M] (Conexant Systems, Inc.)
(winachsf) winachsf [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\HSF_CNXT.sys -> [2008/07/01 14:13:26 | 000,731,264 | ---- | M] (Conexant Systems, Inc.)
(HSFHWBS2) HSFHWBS2 [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\HSFHWBS2.sys -> [2008/07/01 14:13:24 | 000,267,520 | ---- | M] (Conexant Systems, Inc.)
(WinUSB) WinUSB [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\winusb.sys -> [2006/11/02 06:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation)
(STHDA) SigmaTel High Definition Audio CODEC [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\sthda.sys -> [2006/02/10 10:19:12 | 001,107,224 | ---- | M] (SigmaTel, Inc.)
(ati2mtag) ati2mtag [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\ati2mtag.sys -> [2005/08/03 20:10:18 | 001,273,344 | ---- | M] (ATI Technologies Inc.)
 
[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> about:blank -> 
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> 
HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> 
HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-4207097214-2822948736-4082840186-1005\] > -> -> 
HKEY_USERS\S-1-5-21-4207097214-2822948736-4082840186-1005\: Main\\"Start Page" -> about:blank -> 
HKEY_USERS\S-1-5-21-4207097214-2822948736-4082840186-1005\: "ProxyEnable" -> 0 -> 
< FireFox Settings [Prefs.js] > -> C:\Documents and Settings\Betty\Application Data\Mozilla\FireFox\Profiles\0xgy5skh.default\prefs.js -> 
browser.startup.homepage -> "http://myyahoo.com/" ->
extensions.enabledItems -> [email protected]:2.0 ->
extensions.enabledItems -> [email protected]:1.0 ->
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions ->  -> 
HKLM\software\mozilla\Thunderbird\Extensions ->  -> 
HKLM\software\mozilla\Thunderbird\Extensions\\[email protected] -> C:\PROGRAM FILES\BITDEFENDER\BITDEFENDER 2012\BDTBEXT\ [C:\PROGRAM FILES\BITDEFENDER\BITDEFENDER 2012\BDTBEXT\] -> [2012/04/25 12:06:59 | 000,000,000 | ---D | M]
< FireFox Extensions [User Folders] > -> 
  -> C:\Documents and Settings\Betty\Application Data\Mozilla\Extensions -> [2011/04/19 12:32:01 | 000,000,000 | ---D | M]
  -> C:\Documents and Settings\Betty\Application Data\Mozilla\Firefox\Profiles\0xgy5skh.default\extensions -> [2011/04/21 13:13:46 | 000,000,000 | ---D | M]
Microsoft .NET Framework Assistant   -> C:\Documents and Settings\Betty\Application Data\Mozilla\Firefox\Profiles\0xgy5skh.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} -> [2011/04/19 12:37:19 | 000,000,000 | ---D | M]
< HOSTS File > ([2013/01/05 23:40:35 | 000,000,027 | ---- | M] - 1 lines) -> C:\WINDOWS\system32\drivers\etc\hosts -> 
Reset Hosts
127.0.0.1       localhost
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"BDAgent" -> C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe ["C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe"] -> [2012/12/12 17:27:45 | 001,199,344 | ---- | M] (Bitdefender)
< Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup -> 
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
< Betty Startup Folder > -> C:\Documents and Settings\Betty\Start Menu\Programs\Startup -> 
< Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup -> 
< Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
< Software Policy Settings [HKEY_USERS\S-1-5-21-4207097214-2822948736-4082840186-1005] > -> HKEY_USERS\S-1-5-21-4207097214-2822948736-4082840186-1005\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"HonorAutoRunSetting" ->  [1] -> File not found
\\"NoCDBurning" ->  [0] -> File not found
\\"NoDriveTypeAutoRun" ->  [323] -> File not found
\\"NoDriveAutoRun" ->  [67108863] -> File not found
\\"NoDrives" ->  [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"InstallVisualStyle" -> C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles [C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles] -> [2004/08/10 02:39:00 | 001,347,728 | ---- | M] (Microsoft)
\\"InstallTheme" -> C:\WINDOWS\Resources\Themes\Royale.Theme [C:\WINDOWS\Resources\Themes\Royale.theme] -> [2004/07/28 01:03:28 | 000,001,293 | ---- | M] ()
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [323] -> File not found
\\"NoDriveAutoRun" ->  [67108863] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [323] -> File not found
\\"NoDriveAutoRun" ->  [67108863] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-4207097214-2822948736-4082840186-1005] > -> HKEY_USERS\S-1-5-21-4207097214-2822948736-4082840186-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-21-4207097214-2822948736-4082840186-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [323] -> File not found
\\"NoDriveAutoRun" ->  [67108863] -> File not found
\\"NoDrives" ->  [0] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-4207097214-2822948736-4082840186-1005] > -> HKEY_USERS\S-1-5-21-4207097214-2822948736-4082840186-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] ->  [Reg Error: Value error.] -> File not found
CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] ->  [Reg Error: Key error.] -> File not found
< Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] ->  [Reg Error: Value error.] -> File not found
CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] ->  [Reg Error: Key error.] -> File not found
< Internet Explorer Extensions [HKEY_USERS\S-1-5-21-4207097214-2822948736-4082840186-1005\] > -> HKEY_USERS\S-1-5-21-4207097214-2822948736-4082840186-1005\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] ->  [Reg Error: Value error.] -> File not found
CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] ->  [Reg Error: Key error.] -> File not found
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4 domain(s) found. -> 
clonewarsadventures.com .[*] -> Trusted sites -> 
freerealms.com .[*] -> Trusted sites -> 
soe.com .[*] -> Trusted sites -> 
sony.com .[*] -> Trusted sites -> 
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4 domain(s) found. -> 
clonewarsadventures.com .[*] -> Trusted sites -> 
freerealms.com .[*] -> Trusted sites -> 
soe.com .[*] -> Trusted sites -> 
sony.com .[*] -> Trusted sites -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4 domain(s) found. -> 
clonewarsadventures.com .[*] -> Trusted sites -> 
freerealms.com .[*] -> Trusted sites -> 
soe.com .[*] -> Trusted sites -> 
sony.com .[*] -> Trusted sites -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4 domain(s) found. -> 
clonewarsadventures.com .[*] -> Trusted sites -> 
freerealms.com .[*] -> Trusted sites -> 
soe.com .[*] -> Trusted sites -> 
sony.com .[*] -> Trusted sites -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-4207097214-2822948736-4082840186-1005\] > -> HKEY_USERS\S-1-5-21-4207097214-2822948736-4082840186-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-21-4207097214-2822948736-4082840186-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 
ttlc_intuit.com [https] -> Trusted sites -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-4207097214-2822948736-4082840186-1005\] > -> HKEY_USERS\S-1-5-21-4207097214-2822948736-4082840186-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-21-4207097214-2822948736-4082840186-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{000F1EA4-5E08-4564-A29B-29076F63A37A} [HKLM] -> http://launch.soe.com/plugin/web/SOEWebInstaller.cab [SOE Web Installer] -> 
{15B782AF-55D8-11D1-B477-006097098764} [HKLM] -> http://download.macromedia.com/pub/shockwave/cabs/authorware/awswaxf.cab [Macromedia Authorware Web Player Control] -> 
{166B1BCA-3F9C-11CF-8075-444553540000} [HKLM] -> http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab [Shockwave ActiveX Control] -> 
{17492023-C23A-453E-A040-C7C580BBF700} [HKLM] -> http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab [Windows Genuine Advantage Validation Tool] -> 
{4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} [HKLM] -> http://quickscan.bitdefender.com/qsax/qsax.cab [Bitdefender QuickScan Control] -> 
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [HKLM] -> http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1272917492281 [MUWebControl Class] -> 
{73ECB3AA-4717-450C-A2AB-D00DAD9EE203} [HKLM] -> http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab [GMNRev Class] -> 
{7530BFB8-7293-4D34-9923-61A11451AFC5} [HKLM] -> http://download.eset.com/special/eos/OnlineScanner.cab [OnlineScanner Control] -> 
{924B4927-D3BA-41EA-9F7E-8A89194AB3AC} [HKLM] -> http://panda-plugin.disney.go.com/plugin/win32/p3dactivex.cab [P3DActiveX Control] -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> 
DhcpNameServer -> 209.18.47.61 209.18.47.62 -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{54E9D73F-CE01-45E4-8FD1-2E7C146127F6}\\DhcpNameServer -> 209.18.47.61 209.18.47.62   (Intel(R) PRO/100 VE Network Connection) -> 
IE Styles -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Styles
"MaxScriptStatements" -> Reg Error: Invalid data type.
"Use My Stylesheet" -> Reg Error: Invalid data type.
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
Explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> 
C:\WINDOWS\system32\userinit.exe -> C:\WINDOWS\system32\userinit.exe -> [2008/04/13 18:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> 
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" [HKLM] -> C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [] -> [2011/07/18 18:02:18 | 000,113,024 | ---- | M] (SuperAdBlocker.com)
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> 
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> 
"C:\Program Files\KingsIsle Entertainment\Wizard101\Wizard101.exe" -> C:\Program Files\KingsIsle Entertainment\Wizard101\Wizard101.exe [C:\Program Files\KingsIsle Entertainment\Wizard101\Wizard101.exe:*:Enabled:Play Wizard101] -> [2011/09/06 12:04:30 | 000,136,288 | ---- | M] ()
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 -> 
"DisplayName" -> CD-ROM Driver -> 
"ImagePath" ->  [system32\DRIVERS\cdrom.sys] -> File not found
< Drives with AutoRun files > ->  -> 
C:\AUTOEXEC.BAT [] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2005/08/16 03:43:04 | 000,000,000 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 
comfile [open] -> "%1" %* -> 
exefile [open] -> "%1" %* -> 
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 
.com [@ = ComFile] -> "%1" %* -> 
.exe [@ = exefile] -> "%1" %* -> 
 
[Registry - Additional Scans - Safe List]
< Disabled MSConfig Folder Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\ -> 
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk -> C:\Program Files\Digital Line Detect\DLG.exe -> [2006/11/03 17:02:14 | 000,050,688 | ---- | M] (Avanquest Software )
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office\OSA9.EXE -> [1999/09/04 16:23:00 | 000,065,588 | ---- | M] (Microsoft Corporation)
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk -> C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe -> [1999/09/04 16:23:00 | 000,053,317 | ---- | M] (Microsoft® Corporation)
C:^Documents and Settings^Betty^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe -> [2009/04/16 13:14:14 | 000,384,000 | ---- | M] ()
< Disabled MSConfig Registry Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ -> 
Adobe ARM hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe -> [2012/12/03 01:35:28 | 000,946,352 | ---- | M] (Adobe Systems Incorporated)
ATIPTA hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe -> [2005/08/05 20:05:00 | 000,344,064 | ---- | M] (ATI Technologies, Inc.)
DMXLauncher hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Dell\Media Experience\DMXLauncher.exe -> [2005/10/05 02:12:00 | 000,094,208 | ---- | M] ()
Google Update hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Documents and Settings\Betty\Local Settings\Application Data\Google\Update\GoogleUpdate.exe -> [2012/09/18 17:36:29 | 000,116,648 | ---- | M] (Google Inc.)
HP Update 4300C hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\sj657\hpupdate.exe -> [2002/02/07 14:33:58 | 000,032,768 | ---- | M] (Hewlett-Packard)
QuickTime Task hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\QuickTime\qttask.exe -> [2010/04/28 13:08:26 | 000,077,824 | ---- | M] (Apple Computer, Inc.)
Road Runner PhotoShow Media Manager hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Road Runner\PhotoShow 5\data\Xtras\mssysmgr.exe -> [2008/05/09 16:20:07 | 000,361,976 | ---- | M] (Roxio)
SigmatelSysTrayApp hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\WINDOWS\stsystra.exe -> [2006/02/10 10:17:04 | 000,282,624 | ---- | M] (SigmaTel, Inc.)
SunJavaUpdateSched hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->  -> File not found
SUPERAntiSpyware hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE -> [2012/09/29 13:32:07 | 004,780,928 | ---- | M] (SUPERAntiSpyware.com)
Zune Launcher hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> c:\Program Files\Zune\ZuneLauncher.exe -> [2010/01/07 13:38:08 | 000,158,448 | ---- | M] (Microsoft Corporation)
< Disabled MSConfig State [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state -> 
"bootini" -> 2 -> 
"services" -> 0 -> 
"startup" -> 2 -> 
"system.ini" -> 0 -> 
"win.ini" -> 0 -> 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost > -> ->
*netsvcs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs ->
6to4 ->  -> File not found
Ias ->  -> File not found
Iprip ->  -> File not found
Irmon ->  -> File not found
NWCWorkstation ->  -> File not found
Nwsapagent ->  -> File not found
WmdmPmSp ->  -> File not found
*MultiFile Done* -> -> 
< EventViewer Logs - Last 10 Errors > -> Event Information -> Description
Application [ Error ] 9/21/2011 8:48:01 AM Computer Name = BETTYDESKTOP | Source = JavaQuickStarterService | ID = 1 -> Description = 
Application [ Error ] 9/21/2011 3:33:13 PM Computer Name = BETTYDESKTOP | Source = Application Hang | ID = 1002 -> Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Application [ Error ] 9/21/2011 3:33:18 PM Computer Name = BETTYDESKTOP | Source = Application Hang | ID = 1001 -> Description = Fault bucket 1180947459.
Application [ Error ] 9/22/2011 9:04:24 AM Computer Name = BETTYDESKTOP | Source = JavaQuickStarterService | ID = 1 -> Description = 
Application [ Error ] 9/22/2011 8:42:01 PM Computer Name = BETTYDESKTOP | Source = Application Hang | ID = 1002 -> Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Application [ Error ] 9/22/2011 8:43:19 PM Computer Name = BETTYDESKTOP | Source = JavaQuickStarterService | ID = 1 -> Description = 
Application [ Error ] 9/23/2011 1:17:33 PM Computer Name = BETTYDESKTOP | Source = JavaQuickStarterService | ID = 1 -> Description = 
Application [ Error ] 9/23/2011 6:18:12 PM Computer Name = BETTYDESKTOP | Source = JavaQuickStarterService | ID = 1 -> Description = 
Application [ Error ] 9/23/2011 9:34:26 PM Computer Name = BETTYDESKTOP | Source = Application Hang | ID = 1002 -> Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Application [ Error ] 9/24/2011 10:17:00 AM Computer Name = BETTYDESKTOP | Source = JavaQuickStarterService | ID = 1 -> Description = 
System [ Error ] 12/16/2012 1:35:01 PM Computer Name = BETTYDESKTOP | Source = DCOM | ID = 10000 -> Description = Unable to start a DCOM Server: {F3A614DC-ABE0-11D2-A441-00C04F795683}.  The error:  "%2"  Happened while starting this command:  C:\Program Files\Messenger\msmsgs.exe -Embedding
System [ Error ] 1/3/2013 8:44:34 PM Computer Name = BETTYDESKTOP | Source = DCOM | ID = 10000 -> Description = Unable to start a DCOM Server: {F3A614DC-ABE0-11D2-A441-00C04F795683}.  The error:  "%2"  Happened while starting this command:  C:\Program Files\Messenger\msmsgs.exe -Embedding
System [ Error ] 1/8/2013 10:29:36 PM Computer Name = BETTYDESKTOP | Source = atapi | ID = 262153 -> Description = The device, \Device\Ide\IdePort1, did not respond within the timeout period.
System [ Error ] 1/8/2013 10:52:27 PM Computer Name = BETTYDESKTOP | Source = atapi | ID = 262153 -> Description = The device, \Device\Ide\IdePort1, did not respond within the timeout period.
System [ Error ] 1/10/2013 6:51:28 PM Computer Name = BETTYDESKTOP | Source = Windows Update Agent | ID = 20 -> Description = Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2742597).
System [ Error ] 1/10/2013 9:35:54 PM Computer Name = BETTYDESKTOP | Source = Windows Update Agent | ID = 20 -> Description = Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2742597).
System [ Error ] 1/15/2013 6:38:11 PM Computer Name = BETTYDESKTOP | Source = DCOM | ID = 10010 -> Description = The server {7F6316B4-4D69-4765-B0A3-B2598F2FA80A} did not register with DCOM within the required timeout.
System [ Error ] 1/17/2013 8:09:13 PM Computer Name = BETTYDESKTOP | Source = DCOM | ID = 10000 -> Description = Unable to start a DCOM Server: {F3A614DC-ABE0-11D2-A441-00C04F795683}.  The error:  "%2"  Happened while starting this command:  C:\Program Files\Messenger\msmsgs.exe -Embedding
 
[Files/Folders - Created Within 30 Days]
 OTS.exe -> C:\Documents and Settings\Betty\Desktop\OTS.exe -> [2013/01/18 15:26:30 | 000,646,656 | ---- | C] (OldTimer Tools)
 jre-6u38-windows-i586.exe -> C:\Documents and Settings\Betty\Desktop\jre-6u38-windows-i586.exe -> [2013/01/17 17:46:04 | 016,984,056 | ---- | C] (Sun Microsystems, Inc.)
 Upload to FB -> C:\Documents and Settings\Betty\Desktop\Upload to FB -> [2013/01/12 23:08:19 | 000,000,000 | ---D | C]
 PCHealth -> C:\Documents and Settings\Betty\Local Settings\Application Data\PCHealth -> [2013/01/11 07:53:15 | 000,000,000 | ---D | C]
 ESET -> C:\Program Files\ESET -> [2013/01/07 17:01:07 | 000,000,000 | ---D | C]
 _OTL -> C:\_OTL -> [2013/01/06 19:23:33 | 000,000,000 | ---D | C]
 RECYCLER -> C:\RECYCLER -> [2013/01/06 00:02:18 | 000,000,000 | -HSD | C]
 cmdcons -> C:\cmdcons -> [2013/01/05 23:28:48 | 000,000,000 | RHSD | C]
 SWREG.exe -> C:\WINDOWS\SWREG.exe -> [2013/01/05 23:27:27 | 000,518,144 | ---- | C] (SteelWerX)
 SWSC.exe -> C:\WINDOWS\SWSC.exe -> [2013/01/05 23:27:27 | 000,406,528 | ---- | C] (SteelWerX)
 SWXCACLS.exe -> C:\WINDOWS\SWXCACLS.exe -> [2013/01/05 23:27:27 | 000,212,480 | ---- | C] (SteelWerX)
 NIRCMD.exe -> C:\WINDOWS\NIRCMD.exe -> [2013/01/05 23:27:27 | 000,060,416 | ---- | C] (NirSoft)
 Qoobox -> C:\Qoobox -> [2013/01/05 23:24:50 | 000,000,000 | ---D | C]
 erdnt -> C:\WINDOWS\erdnt -> [2013/01/05 23:24:33 | 000,000,000 | ---D | C]
 TDSSKiller_Quarantine -> C:\TDSSKiller_Quarantine -> [2013/01/04 18:26:58 | 000,000,000 | ---D | C]
 TSG -> C:\Documents and Settings\Betty\Desktop\TSG -> [2013/01/04 17:27:48 | 000,000,000 | ---D | C]
 Warranties -> C:\Documents and Settings\Betty\My Documents\Warranties -> [2013/01/02 12:48:04 | 000,000,000 | ---D | C]
 Computers -> C:\Documents and Settings\Betty\My Documents\Computers -> [2013/01/02 12:43:29 | 000,000,000 | ---D | C]
 Macromedia -> C:\Documents and Settings\LocalService\Application Data\Macromedia -> [2012/12/28 12:52:14 | 000,000,000 | ---D | C]
 Adobe -> C:\Documents and Settings\LocalService\Application Data\Adobe -> [2012/12/28 12:52:14 | 000,000,000 | ---D | C]
 Amazon -> C:\Documents and Settings\All Users\Start Menu\Programs\Amazon -> [2012/12/22 11:46:20 | 000,000,000 | ---D | C]
 gzflt.sys.old -> C:\WINDOWS\System32\drivers\gzflt.sys.old -> [2012/12/22 09:24:44 | 000,157,320 | ---- | C] (BitDefender LLC)
 
[Files/Folders - Modified Within 30 Days]
 OTS.exe -> C:\Documents and Settings\Betty\Desktop\OTS.exe -> [2013/01/18 15:26:31 | 000,646,656 | ---- | M] (OldTimer Tools)
 Adobe Flash Player Updater.job -> C:\WINDOWS\tasks\Adobe Flash Player Updater.job -> [2013/01/18 15:08:00 | 000,000,830 | ---- | M] ()
 GoogleUpdateTaskUserS-1-5-21-4207097214-2822948736-4082840186-1005UA.job -> C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4207097214-2822948736-4082840186-1005UA.job -> [2013/01/18 14:46:00 | 000,000,978 | ---- | M] ()
 bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2013/01/18 09:08:00 | 000,002,048 | --S- | M] ()
 hiberfil.sys -> C:\hiberfil.sys -> [2013/01/18 09:07:56 | 3756,150,784 | -HS- | M] ()
 END -> C:\END -> [2013/01/17 21:21:48 | 000,000,009 | ---- | M] ()
 imsins.BAK -> C:\WINDOWS\imsins.BAK -> [2013/01/17 17:49:01 | 000,001,917 | ---- | M] ()
 jre-6u38-windows-i586.exe -> C:\Documents and Settings\Betty\Desktop\jre-6u38-windows-i586.exe -> [2013/01/17 17:46:11 | 016,984,056 | ---- | M] (Sun Microsystems, Inc.)
 GoogleUpdateTaskUserS-1-5-21-4207097214-2822948736-4082840186-1005Core.job -> C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4207097214-2822948736-4082840186-1005Core.job -> [2013/01/17 17:46:00 | 000,000,926 | ---- | M] ()
 boot.ini -> C:\boot.ini -> [2013/01/15 16:37:05 | 000,000,325 | RHS- | M] ()
 Google Chrome.lnk -> C:\Documents and Settings\Betty\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> [2013/01/13 19:49:36 | 000,002,302 | ---- | M] ()
 Google Chrome.lnk -> C:\Documents and Settings\Betty\Desktop\Google Chrome.lnk -> [2013/01/13 19:49:36 | 000,002,284 | ---- | M] ()
 wpa.dbl -> C:\WINDOWS\System32\wpa.dbl -> [2013/01/12 15:12:44 | 000,002,206 | ---- | M] ()
 Belarc Advisor Computer Profile.mht -> C:\Documents and Settings\Betty\Desktop\Belarc Advisor Computer Profile.mht -> [2013/01/12 14:36:22 | 000,380,677 | ---- | M] ()
 Shortcut to HijackThis.lnk -> C:\Documents and Settings\Betty\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to HijackThis.lnk -> [2013/01/09 19:44:17 | 000,000,713 | ---- | M] ()
 FlashPlayerApp.exe -> C:\WINDOWS\System32\FlashPlayerApp.exe -> [2013/01/09 17:08:27 | 000,697,864 | ---- | M] (Adobe Systems Incorporated)
 FlashPlayerCPLApp.cpl -> C:\WINDOWS\System32\FlashPlayerCPLApp.cpl -> [2013/01/09 17:08:27 | 000,074,248 | ---- | M] (Adobe Systems Incorporated)
 B_D phone support.eml -> C:\Documents and Settings\Betty\My Documents\B_D phone support.eml -> [2013/01/06 15:34:24 | 000,002,518 | ---- | M] ()
 BitDefender Forum password.eml -> C:\Documents and Settings\Betty\My Documents\BitDefender Forum password.eml -> [2013/01/06 15:33:07 | 000,006,189 | ---- | M] ()
 Receipt for your PayPal payment to elangr.eml -> C:\Documents and Settings\Betty\My Documents\Receipt for your PayPal payment to elangr.eml -> [2013/01/06 15:32:53 | 000,017,929 | ---- | M] ()
 hosts -> C:\WINDOWS\System32\drivers\etc\hosts -> [2013/01/05 23:40:35 | 000,000,027 | ---- | M] ()
 mshtml.dll -> C:\WINDOWS\System32\dllcache\mshtml.dll -> [2013/01/05 23:34:35 | 006,009,856 | ---- | M] (Microsoft Corporation)
 Boot.bak -> C:\Boot.bak -> [2013/01/05 21:11:39 | 000,000,209 | ---- | M] ()
 My Yahoo!.url -> C:\Documents and Settings\Betty\Desktop\My Yahoo!.url -> [2013/01/05 19:58:11 | 000,000,112 | ---- | M] ()
 Free Jigsaw Puzzles - Jigsaw Puzzle Games at TheJigsawPuzzles.com - Play Free Online Jigsaw Puzzles.url -> C:\Documents and Settings\Betty\Desktop\Free Jigsaw Puzzles - Jigsaw Puzzle Games at TheJigsawPuzzles.com - Play Free Online Jigsaw Puzzles.url -> [2013/01/01 21:35:22 | 000,000,117 | ---- | M] ()
 NeroDigital.ini -> C:\WINDOWS\NeroDigital.ini -> [2012/12/26 19:11:04 | 000,000,049 | ---- | M] ()
 Amazon Cloud Player.lnk -> C:\Documents and Settings\All Users\Desktop\Amazon Cloud Player.lnk -> [2012/12/22 11:46:20 | 000,001,758 | ---- | M] ()
 FNTCACHE.DAT -> C:\WINDOWS\System32\FNTCACHE.DAT -> [2012/12/22 09:09:33 | 000,181,832 | ---- | M] ()
 
[Files - No Company Name]
 Belarc Advisor Computer Profile.mht -> C:\Documents and Settings\Betty\Desktop\Belarc Advisor Computer Profile.mht -> [2013/01/12 14:36:21 | 000,380,677 | ---- | C] ()
 Shortcut to HijackThis.lnk -> C:\Documents and Settings\Betty\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to HijackThis.lnk -> [2013/01/09 19:44:17 | 000,000,713 | ---- | C] ()
 B_D phone support.eml -> C:\Documents and Settings\Betty\My Documents\B_D phone support.eml -> [2013/01/06 15:34:24 | 000,002,518 | ---- | C] ()
 BitDefender Forum password.eml -> C:\Documents and Settings\Betty\My Documents\BitDefender Forum password.eml -> [2013/01/06 15:33:07 | 000,006,189 | ---- | C] ()
 Receipt for your PayPal payment to elangr.eml -> C:\Documents and Settings\Betty\My Documents\Receipt for your PayPal payment to elangr.eml -> [2013/01/06 15:32:53 | 000,017,929 | ---- | C] ()
 Boot.bak -> C:\Boot.bak -> [2013/01/05 23:28:54 | 000,000,209 | ---- | C] ()
 cmldr -> C:\cmldr -> [2013/01/05 23:28:51 | 000,260,272 | RHS- | C] ()
 PEV.exe -> C:\WINDOWS\PEV.exe -> [2013/01/05 23:27:27 | 000,256,000 | ---- | C] ()
 MBR.exe -> C:\WINDOWS\MBR.exe -> [2013/01/05 23:27:27 | 000,208,896 | ---- | C] ()
 sed.exe -> C:\WINDOWS\sed.exe -> [2013/01/05 23:27:27 | 000,098,816 | ---- | C] ()
 grep.exe -> C:\WINDOWS\grep.exe -> [2013/01/05 23:27:27 | 000,080,412 | ---- | C] ()
 zip.exe -> C:\WINDOWS\zip.exe -> [2013/01/05 23:27:27 | 000,068,096 | ---- | C] ()
 END -> C:\END -> [2012/12/31 19:59:05 | 000,000,009 | ---- | C] ()
 Amazon Cloud Player.lnk -> C:\Documents and Settings\All Users\Desktop\Amazon Cloud Player.lnk -> [2012/12/22 11:46:20 | 000,001,758 | ---- | C] ()
 rbxcsettings.rbx -> C:\Documents and Settings\Betty\Local Settings\Application Data\rbxcsettings.rbx -> [2012/11/09 20:52:24 | 000,000,190 | ---- | C] ()
 wininit.ini -> C:\WINDOWS\wininit.ini -> [2012/10/12 18:58:18 | 000,000,272 | ---- | C] ()
 iacenc.dll -> C:\WINDOWS\System32\iacenc.dll -> [2012/02/15 09:38:22 | 000,003,072 | ---- | C] ()
 WPFFontCache_v0400-S-1-5-21-4207097214-2822948736-4082840186-1005-0.dat -> C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-4207097214-2822948736-4082840186-1005-0.dat -> [2012/01/30 16:09:23 | 001,120,635 | ---- | C] ()
 WPFFontCache_v0400-System.dat -> C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat -> [2012/01/30 16:09:23 | 000,166,282 | ---- | C] ()
 Microsoft.SqlServer.Compact.400.32.bc -> C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc -> [2012/01/30 15:22:26 | 000,000,590 | ---- | C] ()
 aspdict-en.dat -> C:\WINDOWS\System32\aspdict-en.dat -> [2011/09/15 18:11:16 | 000,000,004 | ---- | C] ()
 pcwords2.dat -> C:\WINDOWS\System32\pcwords2.dat -> [2011/09/15 18:11:16 | 000,000,000 | ---- | C] ()
 pcwords.dat -> C:\WINDOWS\System32\pcwords.dat -> [2011/09/15 18:11:16 | 000,000,000 | ---- | C] ()
 pc_webproxy.dat -> C:\WINDOWS\System32\pc_webproxy.dat -> [2011/09/15 18:11:16 | 000,000,000 | ---- | C] ()
 pc_video.dat -> C:\WINDOWS\System32\pc_video.dat -> [2011/09/15 18:11:16 | 000,000,000 | ---- | C] ()
 pc_tabloids.dat -> C:\WINDOWS\System32\pc_tabloids.dat -> [2011/09/15 18:11:16 | 000,000,000 | ---- | C] ()
 pc_socialnetworks.dat -> C:\WINDOWS\System32\pc_socialnetworks.dat -> [2011/09/15 18:11:16 | 000,000,000 | ---- | C] ()
 pc_searchengines.dat -> C:\WINDOWS\System32\pc_searchengines.dat -> [2011/09/15 18:11:16 | 000,000,000 | ---- | C] ()
 pc_regionaltlds.dat -> C:\WINDOWS\System32\pc_regionaltlds.dat -> [2011/09/15 18:11:16 | 000,000,000 | ---- | C] ()
 pc_pornography.dat -> C:\WINDOWS\System32\pc_pornography.dat -> [2011/09/15 18:11:16 | 000,000,000 | ---- | C] ()
 pc_onlineshop.dat -> C:\WINDOWS\System32\pc_onlineshop.dat -> [2011/09/15 18:11:16 | 000,000,000 | ---- | C] ()
 pc_onlinepay.dat -> C:\WINDOWS\System32\pc_onlinepay.dat -> [2011/09/15 18:11:16 | 000,000,000 | ---- | C] ()
 pc_onlinedating.dat -> C:\WINDOWS\System32\pc_onlinedating.dat -> [2011/09/15 18:11:16 | 000,000,000 | ---- | C] ()
 pc_news.dat -> C:\WINDOWS\System32\pc_news.dat -> [2011/09/15 18:11:16 | 000,000,000 | ---- | C] ()
 pc_im.dat -> C:\WINDOWS\System32\pc_im.dat -> [2011/09/15 18:11:16 | 000,000,000 | ---- | C] ()
 pc_illegal.dat -> C:\WINDOWS\System32\pc_illegal.dat -> [2011/09/15 18:11:16 | 000,000,000 | ---- | C] ()
 pc_hate.dat -> C:\WINDOWS\System32\pc_hate.dat -> [2011/09/15 18:11:16 | 000,000,000 | ---- | C] ()
 pc_games.dat -> C:\WINDOWS\System32\pc_games.dat -> [2011/09/15 18:11:16 | 000,000,000 | ---- | C] ()
 pc_gambling.dat -> C:\WINDOWS\System32\pc_gambling.dat -> [2011/09/15 18:11:16 | 000,000,000 | ---- | C] ()
 pc_drugs.dat -> C:\WINDOWS\System32\pc_drugs.dat -> [2011/09/15 18:11:16 | 000,000,000 | ---- | C] ()
 census.cache -> C:\Documents and Settings\Betty\Local Settings\Application Data\census.cache -> [2011/09/15 17:25:46 | 000,171,854 | ---- | C] ()
 ars.cache -> C:\Documents and Settings\Betty\Local Settings\Application Data\ars.cache -> [2011/09/15 17:25:45 | 000,170,141 | ---- | C] ()
 housecall.guid.cache -> C:\Documents and Settings\Betty\Local Settings\Application Data\housecall.guid.cache -> [2011/09/15 16:49:14 | 000,000,036 | ---- | C] ()
 nsreg.dat -> C:\WINDOWS\nsreg.dat -> [2011/04/19 12:31:37 | 000,000,000 | ---- | C] ()
 NeroDigital.ini -> C:\WINDOWS\NeroDigital.ini -> [2011/03/05 12:12:27 | 000,000,049 | ---- | C] ()
 search_result.xml -> C:\Documents and Settings\All Users\Application Data\search_result.xml -> [2011/02/01 14:21:26 | 000,000,000 | ---- | C] ()
 asdict.dat -> C:\WINDOWS\System32\asdict.dat -> [2011/01/29 09:09:05 | 000,000,016 | ---- | C] ()
 
[Alternate Data Streams]
@Alternate Data Stream - 10 bytes -> C:\WINDOWS\System32\LegitCheckControl.DLL:BDU
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Betty\Desktop\Show Desktop.scf:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\END:SummaryInformation
< End of report >
```
*Also about:blank is back..now wont stay when I change it back*


----------



## Cookiegal (Aug 27, 2003)

Start *OTS*. Copy/Paste the information in the code box below into the pane where it says *"Paste fix here"* and then click the "Run Fix" button.

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the OK button and Notepad will open with a log of actions taken during the fix. Post that information back here please.


```
[Kill All Processes]
[Unregister Dlls]
[Registry - Safe List]
< Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\
YN -> CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> [Reg Error: Key error.]
< Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\
YN -> CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> [Reg Error: Value error.]
YN -> CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> [Reg Error: Key error.]
< Internet Explorer Extensions [HKEY_USERS\S-1-5-21-4207097214-2822948736-4082840186-1005\] > -> HKEY_USERS\S-1-5-21-4207097214-2822948736-4082840186-1005\Software\Microsoft\Internet Explorer\Extensions\
YN -> CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> [Reg Error: Value error.]
YN -> CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> [Reg Error: Key error.]
[Registry - Additional Scans - Safe List]
< Disabled MSConfig Registry Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\
YN -> SunJavaUpdateSched hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
[Files/Folders - Modified Within 30 Days]
NY ->  END -> C:\END
[Empty Temp Folders]
[EmptyFlash]
[EmptyJava]
[Start Explorer]
[Reboot]
```


----------



## nettyiam (Jan 27, 2004)

All Processes Killed
[Registry - Safe List]
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ deleted successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ not found.
Registry value HKEY_USERS\S-1-5-21-4207097214-2822948736-4082840186-1005\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ not found.
Registry value HKEY_USERS\S-1-5-21-4207097214-2822948736-4082840186-1005\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ not found.
[Registry - Additional Scans - Safe List]
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ not found.
File not found.
[Files/Folders - Modified Within 30 Days]
C:\END moved successfully.
[Empty Temp Folders]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Betty
->Temp folder emptied: 150156 bytes
->Temporary Internet Files folder emptied: 20032943 bytes
->Java cache emptied: 17412754 bytes
->FireFox cache emptied: 367580546 bytes
->Google Chrome cache emptied: 452873402 bytes
->Flash cache emptied: 2270 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 56468 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 327706 bytes
->Flash cache emptied: 291 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 82054 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 4754036 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 34318 bytes
RecycleBin emptied: 95923620 bytes

Total Files Cleaned = 915.00 mb

[EMPTYFLASH]

User: Administrator

User: All Users

User: Betty
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService

Total Flash Files Cleaned = 0.00 mb

[EMPTYJAVA]

User: Administrator

User: All Users

User: Betty
->Java cache emptied: 0 bytes

User: Default User

User: LocalService

User: NetworkService

Total Java Files Cleaned = 0.00 mb

< End of fix log >
OTS by OldTimer - Version 3.1.47.2 fix logfile created on 01192013_153105

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Betty\Local Settings\Temp\~DF729C.tmp not found!
File\Folder C:\Documents and Settings\Betty\Local Settings\Temp\~DF72BE.tmp not found!
File\Folder C:\Documents and Settings\Betty\Local Settings\Temp\~DF739F.tmp not found!
File\Folder C:\Documents and Settings\Betty\Local Settings\Temp\~DF73C1.tmp not found!
File\Folder C:\Documents and Settings\Betty\Local Settings\Temp\~DF7424.tmp not found!
File\Folder C:\Documents and Settings\Betty\Local Settings\Temp\~DF744B.tmp not found!
C:\Documents and Settings\Betty\Local Settings\Temporary Internet Files\Content.IE5\OHR957OA\si[1].htm moved successfully.
C:\Documents and Settings\Betty\Local Settings\Temporary Internet Files\Content.IE5\84MM21MM\1083450-hjt-host-file-redirect-warning-3[1].html moved successfully.
C:\Documents and Settings\Betty\Local Settings\Temporary Internet Files\Content.IE5\84MM21MM\1[1].htm moved successfully.
C:\Documents and Settings\Betty\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

Registry entries deleted on Reboot...


----------



## Cookiegal (Aug 27, 2003)

Open HijackThis and click on the *Open Misc Tools section* button. Click on the *Open Uninstall Manager* button. Click the *Save List* button. Save the list then copy and paste it here.


----------



## nettyiam (Jan 27, 2004)

Adobe AIR
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.5)
Adobe Shockwave Player 11.5
Amazon MP3 Downloader 1.0.17
ATI Control Panel
ATI Display Driver
Belarc Advisor 8.2
Bitdefender Internet Security 2012
Bitdefender Internet Security 2012
Conexant D850 PCI V.92 Modem
Dell CinePlayer
Dell Driver Reset Tool
Digital Line Detect
ESET Online Scanner v3
ESPNMotion
Free File Opener v2011.7.0.1
GemMaster Mystic
GoToAssist 8.0.0.514
High Definition Audio Driver Package - KB835221
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format 11 SDK (KB973442)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP PrecisionScan LTX
HP Product Detection
HP Scan-to-Web Wizard
Intel(R) PRO Network Connections Drivers
Intel(R) PROSet for Wired Connections
Malwarebytes Anti-Malware version 1.70.0.1100
Microsoft .NET Framework 1.0 Hotfix (KB2572066)
Microsoft .NET Framework 1.0 Hotfix (KB2604042)
Microsoft .NET Framework 1.0 Hotfix (KB2656378)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.0 Security Update (KB2698035)
Microsoft .NET Framework 1.0 Security Update (KB2742607)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Picture It! Express 2000
Microsoft User-Mode Driver Framework Feature Pack 1.9
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Windows XP Video Decoder Checkup Utility
Microsoft WinUsb 1.0
Microsoft Word 2000
Microsoft Works 2000
Microsoft Works 2000 Setup Launcher
Modem Helper
Mozilla Firefox 5.0 (x86 en-US)
MSN
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB2758694)
MSXML 4.0 SP3 Parser (KB973685)
MSXML 6 Service Pack 2 (KB973686)
Netwaiting
OpenOffice.org 3.1
Otto
Photo Story 3 for Windows
Pirate101
QualXServ Service Agreement
QuickTime
Road Runner PhotoShow 5
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Sonic Encoders
SUPERAntiSpyware
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Internet Explorer 8 (KB980302)
Update for Windows Media Player 10 (KB913800)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB980182)
Update Rollup 2 for Windows XP Media Center Edition 2005
VLC media player 1.1.0-rc
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows Media Player 11
Windows Media Player 11
Windows PowerShell(TM) 1.0
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB2619340
Windows XP Media Center Edition 2005 KB2628259
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
Wizard101
Word in Works Suite add-in
Zune
Zune
Zune Language Pack (DE)
Zune Language Pack (ES)
Zune Language Pack (FR)
Zune Language Pack (IT)


----------



## Cookiegal (Aug 27, 2003)

How are things with the system now?


----------



## nettyiam (Jan 27, 2004)

Thanks Cookie,
Seems to be ok, havent used it much because waiting to find out if it is safe to use.
I have a folder on my desk top with all the downloads (including ComboFix) we used. 
Also ESet is in my control panel. 
About:blank is not coming up anymore and my browser is starting with my homepage 
Waiting on installing Java 6.0
I have my firewall set as high as it goes. Made sure my BitD is on everytime I start up because I notice back in 12/5 that it was off for 5 days. No idea why. So

Also have a question about that OTS scan you had me do.. here are some of the items that I found disturbing as I dont visit any of those sites: pc_illegal.dat -> C:\WINDOWS\System32\pc_illegal.dat -> [2011/09/15 18:11:16 | 000,000,000 | ---- | C] ()
pc_hate.dat -> C:\WINDOWS\System32\pc_hate.dat -> [2011/09/15 18:11:16 | 000,000,000 | ---- | C] ()
pc_games.dat -> C:\WINDOWS\System32\pc_games.dat -> [2011/09/15 18:11:16 | 000,000,000 | ---- | C] ()
pc_gambling.dat -> C:\WINDOWS\System32\pc_gambling.dat -> [2011/09/15 18:11:16 | 000,000,000 | ---- | C] ()
pc_drugs.dat -> C:\WINDOWS\System32\pc_drugs.dat -> [2011/09/15 18:11:16 | 000,000,000 | ---- | C] ()


----------



## nettyiam (Jan 27, 2004)

Here is HJT log, did not get warning but notice about:blank is in there.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at *6:24:37 PM, on 1/20/2013*Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {000F1EA4-5E08-4564-A29B-29076F63A37A} (SOE Web Installer) - http://launch.soe.com/plugin/web/SOEWebInstaller.cab
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} (Bitdefender QuickScan Control) - http://quickscan.bitdefender.com/qsax/qsax.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1272917492281
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} (P3DActiveX Control) - http://panda-plugin.disney.go.com/plugin/win32/p3dactivex.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: BitDefender Update Server v2 (Update Server) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe
O23 - Service: BitDefender Desktop Update Service (UPDATESRV) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe

--
End of file - 4625 bytes


----------



## Cookiegal (Aug 27, 2003)

nettyiam said:


> Thanks Cookie,
> Seems to be ok, havent used it much because waiting to find out if it is safe to use.
> I have a folder on my desk top with all the downloads (including ComboFix) we used.
> Also ESet is in my control panel.
> ...


Those files are related to Bit Defender.

Are there any problems remaining?


----------



## nettyiam (Jan 27, 2004)

I think it is going good have hopefully I will not have to get back to you on my desktop..still have my lap top problem & think I infected it from desktop. 

I really want to thank you for helping clean this off. I have no clue how I picked it up (what ever it is called) but now have my BD set to high. Scan with S

I will go back to your earlier post to attempted ridding the items downloaded, then 
Set a restore pt & change pws. Try to download the 3 missing MS updates & uninstall Mozilla Firefox. 

Anything else?


----------



## Cookiegal (Aug 27, 2003)

OK, let me know if you have any further problems.

If you want help with the laptop, please start a new thread.


----------



## nettyiam (Jan 27, 2004)

Going to wait a bit before tackling the laptop as I dont use everyday.

Thanks so very much my Northern neighbor Visited your city and it is a beautiful place.


----------



## Cookiegal (Aug 27, 2003)

You're welcome.


----------

