TechSpot

W32/blasterworm help

By Pastel34
Dec 30, 2010
  1. Basic information

    Laptop running Windows Vista...
    Use firefox a lot.
    Google chrome was just installed by a family member.
    Rarely install any software myself.
    used only for internet surfing.

    Suddenly firefox shut down and Windows spyware protection popped up and started scanning everything. and firefox did not open. giving me a message;"firefox.exe is infected by w32/blasterworm"

    Internet Explorer works but it opens a bit slow. Want to remove this if possible... please help... laptop is fairly new... it would be a shame to throw it out...

    Thank you in advance for all your help.

    PS. I am not a super tech person so I would need specific step by step guide to fixing the issue if there is a solution... thanks again
     
  2. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.
    Complete as much as you can.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  3. Pastel34

    Pastel34 TS Rookie Topic Starter Posts: 19

    unable to open files

    Hi Broni,
    thank you for the quick reply...

    I am unable to open McAfee Security center .. Spyware protection wont let me download any of the 2 free antivirus you suggested. used IE for this...
     
  4. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    If you have McAfee, you don't need another antivirus program.
     
  5. Pastel34

    Pastel34 TS Rookie Topic Starter Posts: 19

    Can't run McAfee

    Thanks Broni,

    Ok but I am unable to run McAfee normally ... i get a message that it has been infected by the worm. that is why I tried downloading something different using IE but again got a message that IEuser is infected. Should I run in Safe Mode? Your instructions don't mention Safe Mode so I didn't try
     
  6. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Leave McAfee alone for now.
    Continue with all steps you can perform.
    If some tool doesn't work in normal mode, try Safe Mode.
     
  7. Pastel34

    Pastel34 TS Rookie Topic Starter Posts: 19

    MBAM log

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 5426

    Windows 6.0.6001 Service Pack 1 (Safe Mode)
    Internet Explorer 7.0.6001.18000

    12/31/2010 1:36:25 AM
    mbam-log-2010-12-31 (01-36-25).txt

    Scan type: Quick scan
    Objects scanned: 131980
    Time elapsed: 1 minute(s), 47 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 1
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 1

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Spyware Protection (Rogue.SecurityCentral) -> Value: Spyware Protection -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\Users\viviana martinez\AppData\Roaming\defender.exe (Rogue.SecurityCentral) -> Quarantined and deleted successfully.
     
  8. Pastel34

    Pastel34 TS Rookie Topic Starter Posts: 19

    GMER log

    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit quick scan 2010-12-31 01:45:56
    Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST916031 rev.0003
    Running: 3tvfd2bq.exe; Driver: C:\Users\VIVIAN~1\AppData\Local\Temp\uxldypod.sys


    ---- System - GMER 1.0.15 ----

    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0x8BEB779E]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0x8BEB7738]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0x8BEB774C]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x8BEB77DC]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0x8BEB781F]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0x8BEB7710]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0x8BEB7724]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0x8BEB77B2]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0x8BEB7847]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0x8BEB7833]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0x8BEB778A]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0x8BEB7776]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0x8BEB780B]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x8BEB77F2]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0x8BEB77C8]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateUserProcess [0x8BEB7762]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    AttachedDevice \Driver\tdx \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
    AttachedDevice \Driver\tdx \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
    AttachedDevice \Driver\tdx \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
    AttachedDevice \Driver\tdx \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

    ---- EOF - GMER 1.0.15 ----
     
  9. Pastel34

    Pastel34 TS Rookie Topic Starter Posts: 19

    DDS.txt

    DDS (Ver_10-12-12.02) - NTFSx86
    Run by Viviana Martinez at 1:49:00.99 on Fri 12/31/2010
    Internet Explorer: 7.0.6001.18000
    Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.2010.1061 [GMT -8:00]

    AV: McAfee VirusScan *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
    AV: AntiVir Desktop *Enabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: AntiVir Desktop *Enabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
    SP: McAfee VirusScan *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
    FW: McAfee VirusScan *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\Dell\DellDock\DockLogin.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\WLTRYSVC.EXE
    C:\Windows\system32\WLANExt.exe
    C:\Windows\System32\bcmwltry.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Windows\system32\atashost.exe
    C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\Program Files\McAfee\MSK\MskSrver.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\taskeng.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\Dell\DellDock\DellDock.exe
    C:\Program Files\DellTPad\Apoint.exe
    C:\Program Files\IDT\WDM\sttray.exe
    C:\Windows\System32\igfxtray.exe
    C:\Program Files\DellTPad\ApMsgFwd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\System32\WLTRAY.EXE
    C:\Program Files\DellTPad\Apntex.exe
    C:\Program Files\DellTPad\HidFind.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    C:\Program Files\Roxio\Roxio Burn\RoxioBurnLauncher.exe
    C:\Windows\PixArt\PAP7501\GUCI_AVS.exe
    C:\Windows\PixArt\PAP7501\PACTray.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\Program Files\Common Files\mcafee\mna\mcnasvc.exe
    C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Users\Viviana Martinez\Downloads\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1142338
    uURLSearchHooks: Softonic English Toolbar: {930f1200-f5f1-4870-bac6-e233ec8e7023} - c:\program files\softonic_english\tbSoft.dll
    mURLSearchHooks: Softonic English Toolbar: {930f1200-f5f1-4870-bac6-e233ec8e7023} - c:\program files\softonic_english\tbSoft.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office14\GROOVEEX.DLL
    BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Softonic English Toolbar: {930f1200-f5f1-4870-bac6-e233ec8e7023} - c:\program files\softonic_english\tbSoft.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
    TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
    TB: Softonic English Toolbar: {930f1200-f5f1-4870-bac6-e233ec8e7023} - c:\program files\softonic_english\tbSoft.dll
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun: [Apoint] c:\program files\delltpad\Apoint.exe
    mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
    mRun: [QuickSet] c:\program files\dell\quickset\QuickSet.exe
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Dell DataSafe Online] "c:\program files\dell datasafe online\DataSafeOnline.exe" /m
    mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
    mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
    mRun: [Desktop Disc Tool] "c:\program files\roxio\roxio burn\RoxioBurnLauncher.exe"
    mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
    mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
    mRun: [GUCI_AVS] c:\windows\pixart\pap7501\GUCI_AVS.exe
    mRun: [PACTray] c:\windows\pixart\pap7501\PACTray.exe
    mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
    mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
    mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\users\viviana martinez\desktop\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
    StartupFolder: c:\users\vivian~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\delldo~1.lnk - c:\program files\dell\delldock\DellDock.exe
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
    IE: E&xportar a Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
    DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
    DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
    Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
    Notify: igfxcui - igfxdev.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office14\GROOVEEX.DLL

    ================= FIREFOX ===================

    FF - ProfilePath - c:\users\vivian~1\appdata\roaming\mozilla\firefox\profiles\zw7nj99i.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1142338&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.startup.homepage - google.com
    FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1142338&q=
    FF - component: c:\users\viviana martinez\appdata\roaming\mozilla\firefox\profiles\zw7nj99i.default\extensions\{930f1200-f5f1-4870-bac6-e233ec8e7023}\components\FFExternalAlert.dll
    FF - component: c:\users\viviana martinez\appdata\roaming\mozilla\firefox\profiles\zw7nj99i.default\extensions\{930f1200-f5f1-4870-bac6-e233ec8e7023}\components\RadioWMPCore.dll
    FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL
    FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL
    FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
    FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
    FF - plugin: c:\program files\veetle\player\npvlc.dll
    FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Softonic English Toolbar: {930f1200-f5f1-4870-bac6-e233ec8e7023} - %profile%\extensions\{930f1200-f5f1-4870-bac6-e233ec8e7023}
    FF - Ext: Diccionario español Mexico: es-MX@dictionaries.addons.mozilla.org - %profile%\extensions\es-MX@dictionaries.addons.mozilla.org

    ============= SERVICES / DRIVERS ===============

    R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-12-3 214664]
    R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_f6ef8056\AEstSrv.exe [2009-12-3 81920]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-12-31 135336]
    R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-12-31 267944]
    R2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2010-7-13 20376]
    R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-12-31 61960]
    R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2009-6-9 155648]
    R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\McProxy.exe [2009-12-3 359952]
    R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-12-3 144704]
    R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-12-3 606736]
    R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-12-3 79816]
    R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-12-3 35272]
    R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-12-3 40552]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-12-26 136176]
    S3 GUCI_AVS;USB2.0 VGA Video Device;c:\windows\system32\drivers\GUCI_AVS.sys [2010-2-24 595712]
    S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-12-3 34248]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-1-21 30963576]
    S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

    =============== Created Last 30 ================

    2010-12-31 09:30:20 -------- d-----w- c:\users\vivian~1\appdata\roaming\Malwarebytes
    2010-12-31 09:29:53 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-12-31 09:29:53 -------- d-----w- c:\progra~2\Malwarebytes
    2010-12-31 09:29:50 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-12-31 08:19:09 -------- d-----w- c:\users\vivian~1\appdata\roaming\Avira
    2010-12-31 08:18:14 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2010-12-31 08:18:13 -------- d-----w- c:\program files\Avira
    2010-12-31 08:18:13 -------- d-----w- c:\progra~2\Avira
    2010-12-26 18:35:57 -------- d-----w- c:\program files\Veetle
    2010-12-17 06:29:28 -------- d-----w- c:\users\vivian~1\appdata\local\Google
    2010-12-02 03:35:18 4280320 ----a-w- c:\windows\system32\GPhotos.scr

    ==================== Find3M ====================


    ============= FINISH: 1:49:48.02 ===============
     
  10. Pastel34

    Pastel34 TS Rookie Topic Starter Posts: 19

    Attach.txt

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-12-12.02)

    Microsoft® Windows Vista™ Home Basic
    Boot Device: \Device\HarddiskVolume3
    Install Date: 12/2/2009 9:13:07 PM
    System Uptime: 12/31/2010 1:39:05 AM (0 hours ago)

    Motherboard: Dell Inc. | | 0K138P
    Processor: Pentium(R) Dual-Core CPU T4300 @ 2.10GHz | Microprocessor | 2100/200mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 134 GiB total, 94.632 GiB free.
    D: is FIXED (NTFS) - 15 GiB total, 9.521 GiB free.
    E: is CDROM ()

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================


    ==== Installed Programs ======================

    Acrobat.com
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9
    Avira AntiVir Personal - Free Antivirus
    Cisco EAP-FAST Module
    Cisco LEAP Module
    Cisco PEAP Module
    Compatibility Pack for the 2007 Office system
    Dell DataSafe Online
    Dell Dock
    Dell Edoc Viewer
    Dell Getting Started Guide
    Dell Support Center (Support Software)
    Dell Touchpad
    Dell Wireless WLAN Card Utility
    General Module
    Google Chrome
    Google Update Helper
    GoToAssist 8.0.0.514
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Intel(R) TV Wizard
    Java(TM) 6 Update 16
    Junk Mail filter update
    LoJack Factory Installer
    Malwarebytes' Anti-Malware
    McAfee SecurityCenter
    Microsoft .NET Framework 3.5 SP1
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Default Manager
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Groove MUI (English) 2010
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Sync Framework Runtime Native v1.0 (x86)
    Microsoft Sync Framework Services Native v1.0 (x86)
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Works
    Mozilla Firefox (3.6.13)
    MSVCRT
    PAP7501
    Picasa 3
    PowerDVD DX
    QuickSet
    Real Alternative 2.0.2
    Roxio Burn
    Roxio Update Manager
    Security Update for CAPICOM (KB931906)
    Softonic_English Toolbar
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Veetle TV 0.9.18
    VLC media player 1.0.5
    WebEx Support Manager for Internet Explorer
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Mail
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Toolbar
    Windows Live Upload Tool
    Windows Live Writer
    WinRAR archiver

    ==== End Of File ===========================
     
  11. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    You're running two AV programs, McAfee and Avira.
    One of them has to go.
    If McAfee, use this tool to uninstall it: http://www.softpedia.com/get/Tweak/Uninstallers/McAfee-Consumer-Product-Removal-Tool.shtml

    =======================================================================

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    Enter N to exit.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.

    =====================================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.pif
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  12. Pastel34

    Pastel34 TS Rookie Topic Starter Posts: 19

    Reports

    Thank you Broni. So far all the instructions have been very esary to follow... here are the last report requested.

    MBR Check

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows Vista Home Basic Edition
    Windows Information: Service Pack 1 (build 6001), 32-bit
    Base Board Manufacturer: Dell Inc.
    BIOS Manufacturer: Dell Inc.
    System Manufacturer: Dell Inc.
    System Product Name: Inspiron 1440
    Logical Drives Mask: 0x0000001c

    Kernel Drivers (total 135):
    0x81A0B000 \SystemRoot\system32\ntkrnlpa.exe
    0x81DC4000 \SystemRoot\system32\hal.dll
    0x80404000 \SystemRoot\system32\kdcom.dll
    0x8040C000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
    0x8046C000 \SystemRoot\system32\PSHED.dll
    0x8047D000 \SystemRoot\system32\BOOTVID.dll
    0x80485000 \SystemRoot\system32\CLFS.SYS
    0x804C6000 \SystemRoot\system32\CI.dll
    0x80607000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x80683000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x80690000 \SystemRoot\system32\drivers\acpi.sys
    0x806D6000 \SystemRoot\system32\drivers\WMILIB.SYS
    0x806DF000 \SystemRoot\system32\drivers\msisadrv.sys
    0x806E7000 \SystemRoot\system32\drivers\pci.sys
    0x8070E000 \SystemRoot\System32\drivers\partmgr.sys
    0x8071D000 \SystemRoot\system32\DRIVERS\compbatt.sys
    0x80720000 \SystemRoot\system32\DRIVERS\BATTC.SYS
    0x8072A000 \SystemRoot\system32\drivers\volmgr.sys
    0x80739000 \SystemRoot\System32\drivers\volmgrx.sys
    0x80783000 \SystemRoot\System32\drivers\mountmgr.sys
    0x8720A000 \SystemRoot\system32\drivers\iastor.sys
    0x872E5000 \SystemRoot\system32\drivers\fltmgr.sys
    0x87317000 \SystemRoot\system32\drivers\fileinfo.sys
    0x87327000 \SystemRoot\System32\Drivers\PxHelp20.sys
    0x87331000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x8740A000 \SystemRoot\system32\drivers\ndis.sys
    0x87515000 \SystemRoot\system32\drivers\msrpc.sys
    0x87540000 \SystemRoot\system32\drivers\NETIO.SYS
    0x87607000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x87716000 \SystemRoot\system32\drivers\volsnap.sys
    0x8774F000 \SystemRoot\System32\Drivers\spldr.sys
    0x87757000 \SystemRoot\System32\Drivers\mup.sys
    0x87766000 \SystemRoot\System32\drivers\ecache.sys
    0x8778D000 \SystemRoot\system32\drivers\disk.sys
    0x8779E000 \SystemRoot\system32\drivers\CLASSPNP.SYS
    0x877BF000 \SystemRoot\system32\drivers\crcdisk.sys
    0x8ACDE000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x8ACE9000 \SystemRoot\system32\DRIVERS\tunmp.sys
    0x8B405000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
    0x8BD04000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x8BDA3000 \SystemRoot\System32\drivers\watchdog.sys
    0x8BDB0000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0x8BDBB000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x8ACF2000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x8AD01000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x8AE0D000 \SystemRoot\system32\DRIVERS\bcmwl6.sys
    0x8AF55000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
    0x8AF82000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0x8AF95000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
    0x8AFC8000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x8AFD3000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x8AFDE000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x8AFF6000 \SystemRoot\system32\DRIVERS\CmBatt.sys
    0x8AE00000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
    0x8AD13000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0x8AD22000 \SystemRoot\system32\DRIVERS\msiscsi.sys
    0x8AD50000 \SystemRoot\system32\DRIVERS\storport.sys
    0x8AD91000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x8AD9C000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x8ADB3000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x8ADBE000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x8ADE1000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x877D5000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x877E9000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x8ADF0000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x8AE09000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x8757A000 \SystemRoot\system32\DRIVERS\ks.sys
    0x875A4000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x875AE000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x875BB000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x873A2000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x80793000 \SystemRoot\system32\DRIVERS\stwrt.sys
    0x873B3000 \SystemRoot\system32\DRIVERS\portcls.sys
    0x805A6000 \SystemRoot\system32\DRIVERS\drmk.sys
    0x875F0000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0x8BDF9000 \SystemRoot\System32\Drivers\Null.SYS
    0x87600000 \SystemRoot\System32\Drivers\Beep.SYS
    0x875F9000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0x873E0000 \SystemRoot\System32\drivers\vga.sys
    0x805CB000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x87400000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x873EC000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x873F4000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x805EC000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x87200000 \SystemRoot\System32\DRIVERS\rasacd.sys
    0x8B000000 \SystemRoot\System32\drivers\tcpip.sys
    0x8B0E7000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x8B102000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x8B118000 \SystemRoot\system32\DRIVERS\smb.sys
    0x8B12C000 \SystemRoot\system32\drivers\afd.sys
    0x8B174000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x8B1A6000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x8B1BC000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x8B1CA000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x8B1DD000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
    0x8C008000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x8C044000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x8C04E000 \SystemRoot\System32\Drivers\dfsc.sys
    0x8C065000 \SystemRoot\system32\DRIVERS\avipbb.sys
    0x8C08B000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0x8C0A2000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x8C0A4000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0x8C0AD000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0x8C0BD000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0x8C0C5000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x8C0D2000 \SystemRoot\System32\Drivers\dump_iaStor.sys
    0x92430000 \SystemRoot\System32\win32k.sys
    0x8C1AD000 \SystemRoot\System32\drivers\Dxapi.sys
    0x8C1B7000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x92650000 \SystemRoot\System32\TSDDD.dll
    0x92670000 \SystemRoot\System32\cdd.dll
    0x8C1C6000 \SystemRoot\system32\drivers\luafv.sys
    0x8C1E1000 \SystemRoot\system32\DRIVERS\avgntflt.sys
    0x8AC00000 \SystemRoot\system32\drivers\spsys.sys
    0x8B1E3000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x8ACAF000 \SystemRoot\system32\DRIVERS\nwifi.sys
    0x8C1F6000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0x81003000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0x81016000 \SystemRoot\system32\drivers\HTTP.sys
    0x81081000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0x8109E000 \SystemRoot\system32\DRIVERS\bowser.sys
    0x810B7000 \SystemRoot\System32\drivers\mpsdrv.sys
    0x810CC000 \SystemRoot\system32\drivers\mrxdav.sys
    0x810EC000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0x8110B000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0x81144000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0x8115C000 \SystemRoot\System32\DRIVERS\srv2.sys
    0x81183000 \SystemRoot\System32\DRIVERS\srv.sys
    0xA6606000 \SystemRoot\system32\drivers\peauth.sys
    0xA66E4000 \SystemRoot\System32\Drivers\fastfat.SYS
    0xA670C000 \SystemRoot\System32\Drivers\secdrv.SYS
    0xA6716000 \SystemRoot\System32\drivers\tcpipreg.sys
    0xA6722000 \SystemRoot\system32\drivers\BCM42RLY.sys
    0xA672A000 \SystemRoot\system32\DRIVERS\cdfs.sys
    0x77D70000 \Windows\System32\ntdll.dll

    Processes (total 71):
    0 System Idle Process
    4 System
    424 C:\Windows\System32\smss.exe
    556 csrss.exe
    600 C:\Windows\System32\wininit.exe
    608 csrss.exe
    644 C:\Windows\System32\services.exe
    660 C:\Windows\System32\lsass.exe
    672 C:\Windows\System32\lsm.exe
    772 C:\Windows\System32\winlogon.exe
    856 C:\Windows\System32\svchost.exe
    936 C:\Windows\System32\svchost.exe
    1080 C:\Windows\System32\svchost.exe
    1108 C:\Windows\System32\svchost.exe
    1152 C:\Windows\System32\svchost.exe
    1188 C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\stacsv.exe
    1256 C:\Windows\System32\audiodg.exe
    1300 C:\Windows\System32\SLsvc.exe
    1320 C:\Windows\System32\svchost.exe
    1416 C:\Program Files\Dell\DellDock\DockLogin.exe
    1464 C:\Windows\System32\svchost.exe
    1616 C:\Windows\System32\WLTRYSVC.EXE
    1628 C:\Windows\System32\BCMWLTRY.EXE
    1652 C:\Windows\System32\wlanext.exe
    1776 C:\Windows\System32\spoolsv.exe
    1808 C:\Program Files\Avira\AntiVir Desktop\sched.exe
    1820 C:\Windows\System32\svchost.exe
    2024 C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\AEstSrv.exe
    308 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    348 C:\Windows\System32\atashost.exe
    416 C:\Windows\System32\svchost.exe
    1460 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    1564 C:\Windows\System32\svchost.exe
    2076 C:\Windows\System32\svchost.exe
    2116 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    2136 C:\Windows\System32\SearchIndexer.exe
    2480 C:\Windows\System32\taskeng.exe
    3540 C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    3992 C:\Windows\System32\dwm.exe
    4052 C:\Windows\System32\taskeng.exe
    476 C:\Windows\explorer.exe
    640 C:\Program Files\Dell\DellDock\DellDock.exe
    2404 C:\Program Files\DellTPad\Apoint.exe
    2216 C:\Program Files\IDT\WDM\sttray.exe
    1368 C:\Windows\System32\igfxtray.exe
    1968 C:\Windows\System32\hkcmd.exe
    2780 C:\Windows\System32\igfxpers.exe
    2088 C:\Windows\System32\WLTRAY.EXE
    888 C:\Program Files\Dell\QuickSet\quickset.exe
    2272 C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
    2244 C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    2812 C:\Program Files\Roxio\Roxio Burn\RoxioBurnLauncher.exe
    2400 C:\Program Files\Dell Support Center\bin\sprtcmd.exe
    2768 C:\Windows\PixArt\PAP7501\GUCI_AVS.exe
    1844 C:\Windows\PixArt\PAP7501\PACTray.exe
    2824 C:\Windows\System32\igfxsrvc.exe
    1208 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    2880 C:\Program Files\Windows Sidebar\sidebar.exe
    2840 C:\Program Files\Windows Media Player\wmpnscfg.exe
    2976 C:\Program Files\Windows Media Player\wmpnetwk.exe
    3332 C:\Program Files\DellTPad\ApMsgFwd.exe
    3632 WmiPrvSE.exe
    4088 C:\Program Files\DellTPad\hidfind.exe
    2844 C:\Program Files\DellTPad\ApntEx.exe
    3740 C:\Windows\System32\wuauclt.exe
    1044 C:\Program Files\Mozilla Firefox\firefox.exe
    2300 C:\Program Files\Mozilla Firefox\plugin-container.exe
    2956 C:\Windows\explorer.exe
    2932 dllhost.exe
    1724 dllhost.exe
    3088 C:\Users\Viviana Martinez\Downloads\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`ac000000 (NTFS)
    \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`02800000 (NTFS)

    PhysicalDrive0 Model Number: ST9160314AS, Rev: 0003DEM1

    Size Device Name MBR Status
    --------------------------------------------
    149 GB \\.\PhysicalDrive0 Dell Inspiron MBR code detected
    SHA1: AE3E0A945D44C8EA304A19A8F50F69065C34344B


    Done!
     
  13. Pastel34

    Pastel34 TS Rookie Topic Starter Posts: 19

    Combo Fix

    ComboFix 10-12-30.03 - Viviana Martinez 12/31/2010 10:23:25.1.2 - x86
    Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.2010.1262 [GMT -8:00]
    Running from: c:\users\Viviana Martinez\Downloads\ComboFix.exe
    AV: AntiVir Desktop *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
    SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\users\Viviana Martinez\AppData\Roaming\Install.dat
    c:\users\Viviana Martinez\AppData\Roaming\Microsoft\Windows\Start Menu\Spyware Protection.lnk

    .
    ((((((((((((((((((((((((( Files Created from 2010-11-28 to 2010-12-31 )))))))))))))))))))))))))))))))
    .

    2010-12-31 18:27 . 2010-12-31 18:28 -------- d-----w- c:\users\Viviana Martinez\AppData\Local\temp
    2010-12-31 18:27 . 2010-12-31 18:27 -------- d-----w- c:\users\Default\AppData\Local\temp
    2010-12-31 09:30 . 2010-12-31 09:30 -------- d-----w- c:\users\Viviana Martinez\AppData\Roaming\Malwarebytes
    2010-12-31 09:29 . 2010-12-31 09:29 -------- d-----w- c:\programdata\Malwarebytes
    2010-12-31 09:29 . 2010-12-21 02:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-12-31 09:29 . 2010-12-21 02:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-12-31 08:19 . 2010-12-31 08:19 -------- d-----w- c:\users\Viviana Martinez\AppData\Roaming\Avira
    2010-12-31 08:18 . 2010-12-13 16:40 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2010-12-31 08:18 . 2010-12-13 16:40 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2010-12-31 08:18 . 2010-12-31 08:18 -------- d-----w- c:\programdata\Avira
    2010-12-31 08:18 . 2010-12-31 08:18 -------- d-----w- c:\program files\Avira
    2010-12-26 18:35 . 2010-12-26 18:36 -------- d-----w- c:\program files\Veetle
    2010-12-17 06:29 . 2010-12-26 18:40 -------- d-----w- c:\users\Viviana Martinez\AppData\Local\Google
    2010-12-17 06:29 . 2010-12-26 18:40 -------- d-----w- c:\program files\Google
    2010-12-02 03:35 . 2010-12-02 03:35 4280320 ----a-w- c:\windows\system32\GPhotos.scr

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{930f1200-f5f1-4870-bac6-e233ec8e7023}"= "c:\program files\Softonic_English\tbSoft.dll" [2009-11-10 2331672]

    [HKEY_CLASSES_ROOT\clsid\{930f1200-f5f1-4870-bac6-e233ec8e7023}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{930f1200-f5f1-4870-bac6-e233ec8e7023}]
    2009-11-10 02:38 2331672 ----a-w- c:\program files\Softonic_English\tbSoft.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{930f1200-f5f1-4870-bac6-e233ec8e7023}"= "c:\program files\Softonic_English\tbSoft.dll" [2009-11-10 2331672]

    [HKEY_CLASSES_ROOT\clsid\{930f1200-f5f1-4870-bac6-e233ec8e7023}]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{930F1200-F5F1-4870-BAC6-E233EC8E7023}"= "c:\program files\Softonic_English\tbSoft.dll" [2009-11-10 2331672]

    [HKEY_CLASSES_ROOT\clsid\{930f1200-f5f1-4870-bac6-e233ec8e7023}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-04-06 217088]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-04-06 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-04-06 173592]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2009-04-06 150552]
    "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-12-21 3810304]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
    "Dell DataSafe Online"="c:\program files\Dell DataSafe Online\DataSafeOnline.exe" [2009-09-11 1779952]
    "PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-05 128232]
    "Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
    "Desktop Disc Tool"="c:\program files\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-06-19 494064]
    "dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-06-03 206064]
    "GUCI_AVS"="c:\windows\PixArt\PAP7501\GUCI_AVS.exe" [2007-12-10 323584]
    "PACTray"="c:\windows\PixArt\PAP7501\PACTray.exe" [2009-07-11 319488]
    "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-01-22 91520]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768]
    "Malwarebytes' Anti-Malware (reboot)"="c:\users\Viviana Martinez\Desktop\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-21 963976]

    c:\users\Viviana Martinez\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]

    c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
    2009-12-03 11:37 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"

    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-26 136176]
    R3 GUCI_AVS;USB2.0 VGA Video Device;c:\windows\system32\DRIVERS\GUCI_AVS.sys [2009-07-16 595712]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-01-22 30963576]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
    S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe [2009-04-06 81920]
    S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-12-13 135336]
    S2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2009-03-06 20376]
    S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]


    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
    .
    Contents of the 'Scheduled Tasks' folder

    2010-12-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-12-26 18:35]

    2010-12-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-12-26 18:35]

    2010-12-31 c:\windows\Tasks\User_Feed_Synchronization-{80A78AAF-89B3-4284-B367-6829B753F54E}.job
    - c:\windows\system32\msfeedssync.exe [2008-01-21 02:34]

    2010-12-31 c:\windows\Tasks\User_Feed_Synchronization-{9959B8C1-8201-4E3B-8227-6BC8E2DC4BAB}.job
    - c:\windows\system32\msfeedssync.exe [2008-01-21 02:34]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1142338
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
    IE: E&xportar a Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    FF - ProfilePath - c:\users\Viviana Martinez\AppData\Roaming\Mozilla\Firefox\Profiles\zw7nj99i.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1142338&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.startup.homepage - google.com
    FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1142338&q=
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Softonic English Toolbar: {930f1200-f5f1-4870-bac6-e233ec8e7023} - %profile%\extensions\{930f1200-f5f1-4870-bac6-e233ec8e7023}
    FF - Ext: Diccionario español Mexico: es-MX@dictionaries.addons.mozilla.org - %profile%\extensions\es-MX@dictionaries.addons.mozilla.org
    .
    - - - - ORPHANS REMOVED - - - -

    HKLM-Run-SysTrayApp - %ProgramFiles%\IDT\WDM\sttray.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-12-31 10:27
    Windows 6.0.6001 Service Pack 1 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2010-12-31 10:29:11
    ComboFix-quarantined-files.txt 2010-12-31 18:29

    Pre-Run: 101,792,428,032 bytes free
    Post-Run: 101,734,682,624 bytes free

    - - End Of File - - 84B56DF6964F0DB0CDCCAD5D5CB3929B
     
  14. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Looks good :)

    How is computer doing?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  15. Pastel34

    Pastel34 TS Rookie Topic Starter Posts: 19

    OTL.txt

    OTL logfile created on: 12/31/2010 1:14:28 PM - Run 1
    OTL by OldTimer - Version 3.2.18.2 Folder = C:\Users\Viviana Martinez\Desktop
    Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.6001.18000)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 57.00% Memory free
    4.00 Gb Paging File | 3.00 Gb Available in Paging File | 76.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 134.36 Gb Total Space | 95.60 Gb Free Space | 71.15% Space Free | Partition Type: NTFS
    Drive D: | 14.65 Gb Total Space | 9.52 Gb Free Space | 65.00% Space Free | Partition Type: NTFS

    Computer Name: VIVIAN | User Name: Viviana Martinez | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2010/12/31 13:07:02 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Viviana Martinez\Desktop\OTL.exe
    PRC - [2010/12/13 08:40:07 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
    PRC - [2010/12/13 08:39:54 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    PRC - [2010/12/13 08:39:54 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    PRC - [2010/01/14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    PRC - [2009/09/21 13:11:34 | 001,316,192 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DellDock.exe
    PRC - [2009/09/11 10:07:00 | 001,779,952 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
    PRC - [2009/07/10 17:17:00 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\PAP7501\PACTray.exe
    PRC - [2009/06/18 19:46:24 | 000,494,064 | ---- | M] () -- C:\Program Files\Roxio\Roxio Burn\RoxioBurnLauncher.exe
    PRC - [2009/06/09 08:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
    PRC - [2009/06/03 12:46:38 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
    PRC - [2009/06/03 12:46:38 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    PRC - [2009/04/11 11:16:16 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2009/04/06 10:18:50 | 000,049,250 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
    PRC - [2009/04/06 10:18:36 | 000,217,088 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
    PRC - [2009/04/06 10:18:36 | 000,054,568 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
    PRC - [2009/04/06 10:18:36 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
    PRC - [2009/04/06 10:02:58 | 000,254,042 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\stacsv.exe
    PRC - [2009/04/06 10:02:30 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\AEstSrv.exe
    PRC - [2009/03/06 11:59:12 | 000,020,376 | ---- | M] (WebEx Communications, Inc.) -- C:\Windows\System32\atashost.exe
    PRC - [2009/02/04 19:26:38 | 000,128,232 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    PRC - [2009/01/14 15:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    PRC - [2007/12/10 15:55:26 | 000,323,584 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\PAP7501\GUCI_AVS.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/12/31 13:07:02 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Viviana Martinez\Desktop\OTL.exe
    MOD - [2009/12/03 04:57:29 | 000,615,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\fastprox.dll
    MOD - [2009/04/11 11:19:18 | 000,430,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
    MOD - [2009/04/11 11:18:40 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mssprxy.dll
    MOD - [2009/04/11 11:03:44 | 001,748,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\GdiPlus.dll
    MOD - [2008/01/20 18:34:47 | 000,188,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wbemdisp.dll
    MOD - [2008/01/20 18:34:26 | 000,242,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rsaenh.dll
    MOD - [2008/01/20 18:33:52 | 000,376,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sxs.dll
    MOD - [2008/01/20 18:33:26 | 000,357,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbemcomn.dll
    MOD - [2008/01/20 18:33:24 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wmiutils.dll
    MOD - [2008/01/20 18:33:24 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wbemsvc.dll
    MOD - [2008/01/20 18:33:24 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wbemprox.dll
    MOD - [2008/01/20 18:33:14 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2010/12/13 08:40:07 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
    SRV - [2010/12/13 08:39:54 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
    SRV - [2010/01/21 16:51:12 | 030,963,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
    SRV - [2009/12/03 03:37:46 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
    SRV - [2009/06/09 08:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
    SRV - [2009/06/03 12:46:38 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
    SRV - [2009/04/06 10:02:58 | 000,254,042 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\stacsv.exe -- (STacSV)
    SRV - [2009/04/06 10:02:30 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\AEstSrv.exe -- (AESTFilters)
    SRV - [2009/03/06 11:59:12 | 000,020,376 | ---- | M] (WebEx Communications, Inc.) [Auto | Running] -- C:\Windows\System32\atashost.exe -- (atashost)
    SRV - [2009/01/14 15:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
    SRV - [2008/01/20 18:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\VIVIAN~1\AppData\Local\Temp\catchme.sys -- (catchme)
    DRV - [2010/12/13 08:40:21 | 000,135,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
    DRV - [2010/12/13 08:40:21 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
    DRV - [2010/06/17 14:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
    DRV - [2009/07/15 18:12:54 | 000,595,712 | ---- | M] (PixArt Imaging Incorporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\GUCI_AVS.sys -- (GUCI_AVS)
    DRV - [2009/07/03 02:21:36 | 000,168,448 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
    DRV - [2009/05/03 19:32:16 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
    DRV - [2009/04/11 11:02:29 | 000,073,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
    DRV - [2009/04/06 11:22:08 | 004,569,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
    DRV - [2009/04/06 10:47:24 | 000,329,752 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastor.sys -- (iaStor)
    DRV - [2009/04/06 10:25:24 | 000,062,976 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTSTOR.sys -- (RTSTOR)
    DRV - [2009/04/06 10:18:34 | 000,192,048 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
    DRV - [2009/04/06 10:03:16 | 000,398,336 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
    DRV - [2008/12/21 10:32:18 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
    DRV - [2008/12/16 09:22:02 | 001,331,192 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
    DRV - [2008/01/20 18:32:53 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
    DRV - [2008/01/20 18:32:53 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
    DRV - [2008/01/20 18:32:52 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
    DRV - [2008/01/20 18:32:52 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
    DRV - [2008/01/20 18:32:52 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
    DRV - [2008/01/20 18:32:52 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
    DRV - [2008/01/20 18:32:51 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
    DRV - [2008/01/20 18:32:51 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
    DRV - [2008/01/20 18:32:51 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
    DRV - [2008/01/20 18:32:50 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
    DRV - [2008/01/20 18:32:50 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
    DRV - [2008/01/20 18:32:50 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
    DRV - [2008/01/20 18:32:49 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
    DRV - [2008/01/20 18:32:49 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
    DRV - [2008/01/20 18:32:49 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
    DRV - [2008/01/20 18:32:49 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
    DRV - [2008/01/20 18:32:49 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
    DRV - [2008/01/20 18:32:48 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
    DRV - [2008/01/20 18:32:48 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
    DRV - [2008/01/20 18:32:47 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
    DRV - [2008/01/20 18:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
    DRV - [2008/01/20 18:32:46 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
    DRV - [2008/01/20 18:32:45 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
    DRV - [2008/01/20 18:32:21 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
    DRV - [2008/01/20 18:32:21 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
    DRV - [2008/01/20 18:32:21 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
    DRV - [2006/11/02 01:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
    DRV - [2006/11/02 01:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
    DRV - [2006/11/02 01:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
    DRV - [2006/11/02 01:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
    DRV - [2006/11/02 01:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
    DRV - [2006/11/02 01:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
    DRV - [2006/11/02 01:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
    DRV - [2006/11/02 01:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
    DRV - [2006/11/02 01:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
    DRV - [2006/11/02 01:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
    DRV - [2006/11/02 01:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
    DRV - [2006/11/02 00:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
    DRV - [2006/11/02 00:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
    DRV - [2006/11/02 00:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
    DRV - [2006/11/02 00:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
    DRV - [2006/11/02 00:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
    DRV - [2006/11/02 00:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
    DRV - [2006/11/01 23:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
    DRV - [2006/11/01 23:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\..\URLSearchHook: {930f1200-f5f1-4870-bac6-e233ec8e7023} - C:\Program Files\Softonic_English\tbSoft.dll (Conduit Ltd.)

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT1142338
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKCU\..\URLSearchHook: {930f1200-f5f1-4870-bac6-e233ec8e7023} - C:\Program Files\Softonic_English\tbSoft.dll (Conduit Ltd.)
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultthis.engineName: "Softonic English Customized Web Search"
    FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1142338&SearchSource=3&q={searchTerms}"
    FF - prefs.js..browser.startup.homepage: "google.com"
    FF - prefs.js..extensions.enabledItems: {930f1200-f5f1-4870-bac6-e233ec8e7023}:2.5.6.0
    FF - prefs.js..extensions.enabledItems: es-MX@dictionaries.addons.mozilla.org:1.1.2
    FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1142338&q="

    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/13 16:25:15 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/13 16:25:15 | 000,000,000 | ---D | M]

    [2010/02/12 16:04:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Viviana Martinez\AppData\Roaming\Mozilla\Extensions
    [2010/12/31 01:31:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Viviana Martinez\AppData\Roaming\Mozilla\Firefox\Profiles\zw7nj99i.default\extensions
    [2010/02/15 17:08:00 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Viviana Martinez\AppData\Roaming\Mozilla\Firefox\Profiles\zw7nj99i.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2010/03/15 16:40:23 | 000,000,000 | ---D | M] (Softonic English Toolbar) -- C:\Users\Viviana Martinez\AppData\Roaming\Mozilla\Firefox\Profiles\zw7nj99i.default\extensions\{930f1200-f5f1-4870-bac6-e233ec8e7023}
    [2010/12/03 10:41:56 | 000,000,000 | ---D | M] (Diccionario español Mexico) -- C:\Users\Viviana Martinez\AppData\Roaming\Mozilla\Firefox\Profiles\zw7nj99i.default\extensions\es-MX@dictionaries.addons.mozilla.org
    [2010/01/20 12:14:44 | 000,000,935 | ---- | M] () -- C:\Users\Viviana Martinez\AppData\Roaming\Mozilla\Firefox\Profiles\zw7nj99i.default\searchplugins\conduit.xml
    [2010/02/12 16:04:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2009/08/03 14:07:42 | 000,373,104 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npOGAPlugin.dll

    O1 HOSTS File: ([2010/12/31 10:27:53 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found.
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
    O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O2 - BHO: (Softonic English Toolbar) - {930f1200-f5f1-4870-bac6-e233ec8e7023} - C:\Program Files\Softonic_English\tbSoft.dll (Conduit Ltd.)
    O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
    O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
    O3 - HKLM\..\Toolbar: (Softonic English Toolbar) - {930f1200-f5f1-4870-bac6-e233ec8e7023} - C:\Program Files\Softonic_English\tbSoft.dll (Conduit Ltd.)
    O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
    O3 - HKCU\..\Toolbar\WebBrowser: (Softonic English Toolbar) - {930F1200-F5F1-4870-BAC6-E233EC8E7023} - C:\Program Files\Softonic_English\tbSoft.dll (Conduit Ltd.)
    O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
    O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
    O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe ()
    O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
    O4 - HKLM..\Run: [Desktop Disc Tool] c:\Program Files\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
    O4 - HKLM..\Run: [GUCI_AVS] C:\Windows\PixArt\PAP7501\GUCI_AVS.exe (PixArt Imaging Incorporation)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Users\Viviana Martinez\Desktop\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [PACTray] C:\Windows\PixArt\PAP7501\PACTray.exe (PixArt Imaging Incorporation)
    O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
    O4 - Startup: C:\Users\Viviana Martinez\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
    O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
    O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab (Office Genuine Advantage Validation Tool)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
    O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
    O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
    O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
    O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 13:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/12/31 13:06:57 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\Viviana Martinez\Desktop\OTL.exe
    [2010/12/31 10:29:15 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2010/12/31 10:29:13 | 000,000,000 | ---D | C] -- C:\Users\Viviana Martinez\AppData\Local\temp
    [2010/12/31 10:21:51 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2010/12/31 10:21:51 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2010/12/31 10:21:51 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2010/12/31 10:21:45 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2010/12/31 10:20:58 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2010/12/31 10:20:40 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
    [2010/12/31 01:30:20 | 000,000,000 | ---D | C] -- C:\Users\Viviana Martinez\AppData\Roaming\Malwarebytes
    [2010/12/31 01:29:53 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
    [2010/12/31 01:29:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2010/12/31 01:29:50 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2010/12/31 01:29:50 | 000,000,000 | ---D | C] -- C:\Users\Viviana Martinez\Desktop\Malwarebytes' Anti-Malware
    [2010/12/31 00:19:09 | 000,000,000 | ---D | C] -- C:\Users\Viviana Martinez\AppData\Roaming\Avira
    [2010/12/31 00:18:14 | 000,135,096 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
    [2010/12/31 00:18:14 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
    [2010/12/31 00:18:14 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
    [2010/12/31 00:18:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
    [2010/12/31 00:18:13 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
    [2010/12/26 10:35:57 | 000,000,000 | ---D | C] -- C:\Program Files\Veetle
    [2010/12/16 22:29:28 | 000,000,000 | ---D | C] -- C:\Users\Viviana Martinez\AppData\Local\Google
    [2010/12/16 22:29:01 | 000,000,000 | ---D | C] -- C:\Program Files\Google

    ========== Files - Modified Within 30 Days ==========

    [2010/12/31 13:15:31 | 000,000,440 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{9959B8C1-8201-4E3B-8227-6BC8E2DC4BAB}.job
    [2010/12/31 13:15:31 | 000,000,440 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{80A78AAF-89B3-4284-B367-6829B753F54E}.job
    [2010/12/31 13:08:49 | 000,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2010/12/31 13:08:49 | 000,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2010/12/31 13:07:02 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Viviana Martinez\Desktop\OTL.exe
    [2010/12/31 13:04:59 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2010/12/31 13:04:21 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2010/12/31 13:04:21 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2010/12/31 13:04:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2010/12/31 13:04:11 | 2105,933,824 | -HS- | M] () -- C:\hiberfil.sys
    [2010/12/31 10:27:53 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2010/12/31 09:49:01 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2010/12/31 01:29:53 | 000,000,754 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/12/31 00:18:21 | 000,001,849 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
    [2010/12/29 20:42:17 | 000,046,080 | ---- | M] () -- C:\Users\Viviana Martinez\Desktop\Resume2010.doc
    [2010/12/26 13:41:36 | 000,116,224 | ---- | M] () -- C:\Users\Viviana Martinez\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/12/26 10:40:11 | 000,001,973 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
    [2010/12/26 10:40:11 | 000,001,957 | ---- | M] () -- C:\Users\Viviana Martinez\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
    [2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2010/12/16 22:29:50 | 000,000,901 | ---- | M] () -- C:\Users\Public\Desktop\Picasa 3.lnk
    [2010/12/13 08:40:21 | 000,135,096 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
    [2010/12/13 08:40:21 | 000,061,960 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys

    ========== Files Created - No Company Name ==========

    [2010/12/31 10:21:51 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
    [2010/12/31 10:21:51 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2010/12/31 10:21:51 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
    [2010/12/31 10:21:51 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2010/12/31 10:21:51 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2010/12/31 01:39:33 | 2105,933,824 | -HS- | C] () -- C:\hiberfil.sys
    [2010/12/31 01:29:53 | 000,000,754 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/12/31 00:18:21 | 000,001,849 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
    [2010/12/29 20:42:16 | 000,046,080 | ---- | C] () -- C:\Users\Viviana Martinez\Desktop\Resume2010.doc
    [2010/12/26 10:40:11 | 000,001,973 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
    [2010/12/26 10:40:11 | 000,001,957 | ---- | C] () -- C:\Users\Viviana Martinez\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2010/12/26 10:36:23 | 000,000,906 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2010/12/26 10:36:22 | 000,000,902 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2010/12/16 22:29:50 | 000,000,901 | ---- | C] () -- C:\Users\Public\Desktop\Picasa 3.lnk
    [2010/07/13 22:21:35 | 008,892,928 | ---- | C] () -- C:\ProgramData\atscie.msi
    [2010/05/03 18:00:39 | 000,006,080 | ---- | C] () -- C:\Users\Viviana Martinez\AppData\Local\d3d9caps.dat
    [2010/04/22 18:22:33 | 000,000,968 | ---- | C] () -- C:\Users\Viviana Martinez\AppData\Roaming\wklnhst.dat
    [2010/03/15 16:14:58 | 000,116,224 | ---- | C] () -- C:\Users\Viviana Martinez\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/02/24 19:06:52 | 000,002,057 | ---- | C] () -- C:\Windows\System32\GUCI_AVS.ini
    [2009/12/03 05:01:19 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
    [2009/12/03 03:32:59 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
    [2009/12/03 03:32:57 | 000,054,784 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
    [2009/12/03 03:18:31 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
    [2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.DLL
    [2006/11/02 02:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
    [2006/11/01 23:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

    ========== LOP Check ==========

    [2010/04/22 18:22:35 | 000,000,000 | ---D | M] -- C:\Users\Viviana Martinez\AppData\Roaming\Template
    [2010/12/31 10:37:39 | 000,032,538 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
    [2010/12/31 13:15:31 | 000,000,440 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{80A78AAF-89B3-4284-B367-6829B753F54E}.job
    [2010/12/31 13:15:31 | 000,000,440 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{9959B8C1-8201-4E3B-8227-6BC8E2DC4BAB}.job

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2006/09/18 13:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
    [2008/01/20 18:34:29 | 000,333,203 | RHS- | M] () -- C:\bootmgr
    [2010/12/31 10:29:12 | 000,010,283 | ---- | M] () -- C:\ComboFix.txt
    [2006/09/18 13:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
    [2009/12/03 05:01:52 | 000,003,742 | RH-- | M] () -- C:\dell.sdr
    [2010/12/31 13:04:11 | 2105,933,824 | -HS- | M] () -- C:\hiberfil.sys
    [2010/12/31 13:04:10 | 2421,825,536 | -HS- | M] () -- C:\pagefile.sys
    [2010/02/24 19:20:11 | 000,921,636 | ---- | M] () -- C:\PAP7501.dat

    < %systemroot%\Fonts\*.com >
    [2006/11/02 04:35:34 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2006/11/02 04:35:34 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2006/11/02 04:35:34 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2006/11/02 04:35:34 | 000,030,808 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2006/09/18 13:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2006/10/26 18:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2009/07/10 10:15:46 | 000,306,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2008/01/20 18:57:01 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2008/01/20 19:31:11 | 015,716,352 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
    [2008/01/20 19:31:01 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
    [2008/01/20 19:31:12 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
    [2006/11/02 02:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
    [2006/11/02 02:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2010/03/15 16:16:06 | 000,000,286 | -HS- | M] () -- C:\Users\Viviana Martinez\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2010/12/31 13:07:02 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Viviana Martinez\Desktop\OTL.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2010/02/12 07:28:19 | 000,000,402 | -HS- | M] () -- C:\Users\Viviana Martinez\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2010/07/13 22:21:36 | 008,892,928 | ---- | M] () -- C:\ProgramData\atscie.msi

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < End of report >
     
  16. Pastel34

    Pastel34 TS Rookie Topic Starter Posts: 19

    Extras.txt

    EXTRAS

    OTL Extras logfile created on: 12/31/2010 1:14:28 PM - Run 1
    OTL by OldTimer - Version 3.2.18.2 Folder = C:\Users\Viviana Martinez\Desktop
    Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.6001.18000)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 57.00% Memory free
    4.00 Gb Paging File | 3.00 Gb Available in Paging File | 76.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 134.36 Gb Total Space | 95.60 Gb Free Space | 71.15% Space Free | Partition Type: NTFS
    Drive D: | 14.65 Gb Total Space | 9.52 Gb Free Space | 65.00% Space Free | Partition Type: NTFS

    Computer Name: VIVIAN | User Name: Viviana Martinez | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{2ED67C8F-E3E0-4A93-8DC7-B0863242C3D3}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
    "{B9075935-201D-4E63-BD32-0A8D9A853C65}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{E8BC73F4-B532-4C77-BBC4-2E070F8ED3A2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{2AE341C4-C2EE-428E-A529-94AC21E301F9}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
    "{30474B26-F0BC-4DBA-889F-BD51B35E93E4}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
    "{365C1982-96D1-4415-95BE-3AD1EA204C71}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
    "{435B947E-2E83-4E1C-A817-6A8335868501}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
    "{7812D674-8B37-4E30-B0B9-A87E005F264D}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
    "{7C588DCA-B562-4431-926B-29F817287CAE}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe |
    "{A53CB01A-F0A9-44BC-83C3-E14298D1F224}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
    "{B1E7157C-8D0B-4EBD-BC50-BAEF55FFD773}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
    "{C8EDDDD1-2AD7-474D-AE30-D7F121441855}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe |
    "{FCC82816-304A-467C-9BA2-F87224F40159}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
    "{04F3038E-4120-44CC-B330-E05F737246A5}" = Roxio Update Manager
    "{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
    "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
    "{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
    "{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer
    "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
    "{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
    "{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
    "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
    "{61BEA823-ECAF-49F1-8378-A59B3B8AD247}" = Microsoft Default Manager
    "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
    "{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
    "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
    "{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
    "{7FCC4EDC-6EE2-4309-ABD7-85F2667A7B90}" = WebEx Support Manager for Internet Explorer
    "{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
    "{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
    "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
    "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
    "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
    "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
    "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
    "{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn
    "{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
    "{AE0259D4-7A01-4E47-BBAF-2604D03DF07C}" = LoJack Factory Installer
    "{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn
    "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
    "{C4972073-2BFE-475D-8441-564EA97DA161}" = QuickSet
    "{C6A0FD8A-F107-44CA-AA1B-49341936F76A}" = PAP7501
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
    "{E00B477F-8558-45DA-B25A-69935FB89A94}" = Dell Dock
    "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
    "{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
    "{F80DDFFD-D030-4CCC-AF03-BD8EEE5E20ED}" = General Module
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
    "Broadcom 802.11 Application" = Dell Wireless WLAN Card Utility
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "Google Chrome" = Google Chrome
    "GoToAssist" = GoToAssist 8.0.0.514
    "InstallShield_{AE0259D4-7A01-4E47-BBAF-2604D03DF07C}" = LoJack Factory Installer
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
    "Office14.PROPLUS" = Microsoft Office Professional Plus 2010
    "Picasa 3" = Picasa 3
    "RealAlt_is1" = Real Alternative 2.0.2
    "Softonic_English Toolbar" = Softonic_English Toolbar
    "TVWiz" = Intel(R) TV Wizard
    "Veetle TV" = Veetle TV 0.9.18
    "VLC media player" = VLC media player 1.0.5
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "WinRAR archiver" = WinRAR archiver

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 12/16/2010 4:44:29 PM | Computer Name = Vivian | Source = WinMgmt | ID = 10
    Description =

    Error - 12/16/2010 4:48:23 PM | Computer Name = Vivian | Source = Application Error | ID = 1000
    Description = Faulting application firefox.exe, version 1.9.2.3989, time stamp 0x4cf9293f,
    faulting module icucnv36.dll, version 3.6.0.0, time stamp 0x470eff71, exception
    code 0xc0000005, fault offset 0x000013df, process id 0x109c, application start time
    0x01cb9d6208111816.

    Error - 12/16/2010 8:07:07 PM | Computer Name = Vivian | Source = WinMgmt | ID = 10
    Description =

    Error - 12/17/2010 2:12:01 AM | Computer Name = Vivian | Source = WinMgmt | ID = 10
    Description =

    Error - 12/17/2010 4:04:06 AM | Computer Name = Vivian | Source = WinMgmt | ID = 10
    Description =

    Error - 12/17/2010 12:56:11 PM | Computer Name = Vivian | Source = EventSystem | ID = 4622
    Description =

    Error - 12/18/2010 2:20:57 AM | Computer Name = Vivian | Source = WinMgmt | ID = 10
    Description =

    Error - 12/20/2010 2:07:43 AM | Computer Name = Vivian | Source = EventSystem | ID = 4622
    Description =

    Error - 12/20/2010 3:41:38 PM | Computer Name = Vivian | Source = WinMgmt | ID = 10
    Description =

    Error - 12/21/2010 4:39:06 AM | Computer Name = Vivian | Source = WinMgmt | ID = 10
    Description =

    [ System Events ]
    Error - 8/30/2010 1:43:14 PM | Computer Name = Vivian | Source = bowser | ID = 8003
    Description =

    Error - 8/30/2010 3:09:41 PM | Computer Name = Vivian | Source = EventLog | ID = 6008
    Description = The previous system shutdown at 12:06:59 PM on 8/30/2010 was unexpected.

    Error - 8/30/2010 3:09:44 PM | Computer Name = Vivian | Source = HTTP | ID = 15016
    Description =

    Error - 8/30/2010 5:42:41 PM | Computer Name = Vivian | Source = EventLog | ID = 6008
    Description = The previous system shutdown at 2:41:23 PM on 8/30/2010 was unexpected.

    Error - 8/30/2010 5:42:44 PM | Computer Name = Vivian | Source = HTTP | ID = 15016
    Description =

    Error - 8/30/2010 6:16:59 PM | Computer Name = Vivian | Source = iaStor | ID = 262153
    Description = The device, \Device\Ide\iaStor0, did not respond within the timeout
    period.

    Error - 8/31/2010 5:46:35 AM | Computer Name = Vivian | Source = EventLog | ID = 6008
    Description = The previous system shutdown at 2:42:01 AM on 8/31/2010 was unexpected.

    Error - 8/31/2010 5:46:38 AM | Computer Name = Vivian | Source = HTTP | ID = 15016
    Description =

    Error - 8/31/2010 7:44:28 PM | Computer Name = Vivian | Source = EventLog | ID = 6008
    Description = The previous system shutdown at 4:42:49 PM on 8/31/2010 was unexpected.

    Error - 8/31/2010 7:44:31 PM | Computer Name = Vivian | Source = HTTP | ID = 15016
    Description =


    < End of report >
     
  17. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    =====================================================================

    Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    ======================================================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O2 - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found.
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
      O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Users\Viviana Martinez\Desktop\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
      O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
      O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
      
      
      :Services
      
      :Reg
      
      :Files
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ======================================================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  18. Pastel34

    Pastel34 TS Rookie Topic Starter Posts: 19

    Status...

    So far is doing well.... now I'm about to start on the Java update... see you are in Daly City... Just moved from there after living there for 4 years... just found it interesting..
     
  19. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Ha...where are you located now?
     
  20. Pastel34

    Pastel34 TS Rookie Topic Starter Posts: 19

    ...

    Murrieta, California... always been an San Diegan... just moved a bit more north... 1 1/2 to be more exact...
     
  21. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    I like that area :)
     
  22. Pastel34

    Pastel34 TS Rookie Topic Starter Posts: 19

    Yes it's nice.. Murrieta is more family oriented... small town...


    ok Java Report

    All processes killed
    ========== OTL ==========
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27B4851A-3207-45A2-B947-BE8AFE6163AB}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Malwarebytes' Anti-Malware (reboot) deleted successfully.
    C:\Users\Viviana Martinez\Desktop\Malwarebytes' Anti-Malware\mbam.exe moved successfully.
    Starting removal of ActiveX control {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
    C:\ProgramData\webex\ieatgpc.inf moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: Viviana Martinez
    ->Temp folder emptied: 89020 bytes
    ->Temporary Internet Files folder emptied: 107727 bytes
    ->Java cache emptied: 2027 bytes
    ->FireFox cache emptied: 74661705 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 611 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 71.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default

    User: Default User

    User: Public

    User: Viviana Martinez
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.18.2 log created on 12312010_142310

    Files\Folders moved on Reboot...
    File move failed. C:\Windows\temp\WebEx\Log\1231\atashost.log scheduled to be moved on reboot.

    Registry entries deleted on Reboot...
     
  23. Pastel34

    Pastel34 TS Rookie Topic Starter Posts: 19

    Security Check

    Results of screen317's Security Check version 0.99.7
    Windows Vista Service Pack 1 (UAC is enabled)
    Out of date service pack!!
    Internet Explorer 7 Out of date!
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    Avira AntiVir Personal - Free Antivirus
    WMI entry may not exist for antivirus; attempting automatic update.
    Avira successfully updated!
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    Java(TM) 6 Update 23
    Out of date Java installed!
    Adobe Flash Player 10.1.102.64
    Adobe Reader 9
    Out of date Adobe Reader installed!
    Mozilla Firefox (3.6.13)
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Avira Antivir avgnt.exe
    Avira Antivir avguard.exe
    ``````````End of Log````````````
     
  24. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    We'll have to take care of it, but only after I see Eset log.

    ===================================================================

    Update Adobe Reader

    You can download it from http://www.adobe.com/products/acrobat/readstep2.html
    After installing the latest Adobe Reader, uninstall all previous versions.
    Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

    Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
    It's a much smaller file to download and uses a lot less resources than Adobe Reader.
    Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or other garbage.
    On this page:

    [​IMG]

    make sure, you have both boxes UN-checked AND (important!) click on Decline button
     
  25. Pastel34

    Pastel34 TS Rookie Topic Starter Posts: 19

    Updating adobe reader...

    there was no log created for the online scan.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...