Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91984 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Trojan:Java/Bytverify [Solved]


  • This topic is locked This topic is locked
39 replies to this topic

#1 blondygirl

blondygirl

    Authentic Member

  • Authentic Member
  • PipPip
  • 49 posts

Posted 08 February 2014 - 07:54 PM

Hello! Turned on the computer this morning only to have Windows Defender tell me that I have a Trojan. Trojan:Java/Bytverify. The past while when I've had the computer on at times it really whirrs loud and for long periods of time even when I am not doing anything on it the computer is just on. Makes me wonder what's lurking in there? :ph34r:

 

This forum helped me many years ago and I am very thankful you are still here :clap:

 

Thanking you in advance!!

 

Here is my HiJack log

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:42:12 PM, on 2/8/2014
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Blondy Girl\My Documents\Downloads\Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PRISMSVR.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Documents and Settings\Blondy Girl\My Documents\Downloads\Java\bin\jqs.exe
C:\Documents and Settings\Blondy Girl\My Documents\Downloads\Defender\MSASCui.exe
C:\Documents and Settings\Blondy Girl\My Documents\Downloads\Maleware\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Documents and Settings\Blondy Girl\Local Settings\Application Data\Akamai\netsession_win.exe
C:\Documents and Settings\Blondy Girl\Local Settings\Application Data\Akamai\netsession_win.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PRISMSVC.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\Dell Wireless\PRISMCFG.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Documents and Settings\Blondy Girl\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ca.yahoo.com/?fr=fp-tyc8
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ca.yahoo.com/?fr=fp-tyc8
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ca.yahoo.com/?fr=fp-tyc8
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
R3 - URLSearchHook: YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Documents and Settings\Blondy Girl\My Documents\Downloads\Java\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Documents and Settings\Blondy Girl\My Documents\Downloads\Java\bin\jp2ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [YMailAdvisor] "C:\Program Files\Yahoo!\Common\YMailAdvisor.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKLM\..\Run: [MFARestart] "C:\Documents and Settings\All Users\Application Data\MFAData\pack\avgrunasx.exe" /usereg
O4 - HKLM\..\Run: [Windows Defender] "C:\Documents and Settings\Blondy Girl\My Documents\Downloads\Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Documents and Settings\Blondy Girl\Local Settings\Application Data\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [ROC_ROC_JAN2013_AV] C:\Documents and Settings\Blondy Girl\Application Data\AVG January 2013 Campaign\ROC_JAN2013_AV.exe /PROMPT --mid 45cba9f2758528c57d280b497e2a7640-d6755bacdbc6d46eb849dfd8d1df9887cd6a0116
O4 - Global Startup: Wireless USB 2.0 WLAN Card Utility.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1268536452890
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1347918779578
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O18 - Protocol: intu-qt2009 - {03947252-2355-4E9B-B446-8CCC75C43370} - C:\Program Files\QuickTax 2009\ic2009pp.dll (file missing)
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Documents and Settings\Blondy Girl\My Documents\Downloads\Java\bin\jqs.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Documents and Settings\Blondy Girl\My Documents\Downloads\Maleware\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Documents and Settings\Blondy Girl\My Documents\Downloads\Maleware\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: PRISMSVC - Conexant Systems, Inc. - C:\WINDOWS\system32\PRISMSVC.EXE
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 9062 bytes
 


    Advertisements

Register to Remove


#2 Jo*

Jo*

    SuperMember

  • Malware Team
  • 1,197 posts

Posted 09 February 2014 - 02:50 PM

:welcome:

Hello blondygirl,

my name is Jo and I will help you with your computer problems.



Please follow these guidelines:
  • Logs can take a while to research, so please be patient.
  • Read and follow the instructions in the sequence they are posted.
  • print or copy & save instructions.
  • back up all your private data / important files on another (external) drive before using our tools.
  • Do not install / uninstall any applications, unless otherwise instructed.
  • Use only that tools you have been instructed to use.
  • Copy and Paste the log files inside your post, unless otherwise instructed.
  • Ask for clarification, if you have any questions.
  • Stay with this topic til you get the all clean post.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

***


Trojan:Java/Bytverify.

Please give us the filename and filepath.


1. Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

***


2. Download OTL to your desktop.
  • Double click on the icon to run it.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
    Note: These logs can be located in the OTL folder on your C:\ drive if they fail to open automatically.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

Graduate of the WTT Classroom
Cheers,
Jo

#3 blondygirl

blondygirl

    Authentic Member

  • Authentic Member
  • PipPip
  • 49 posts

Posted 09 February 2014 - 04:24 PM

Hello Jo and thankyou for offering to help me!! :adios: :notworthy:
 


Please give us the filename and filepath.

 

 

Window Defender report says

Resources:
file:
C:\Documents and Settings\Blondy Girl\Application Data\AVG\Rescue\PC Tuneup 2011\101221183343421.rsc->101221183343421-001070.file->Is.class

containerfile:
C:\Documents and Settings\Blondy Girl\Application Data\AVG\Rescue\PC Tuneup 2011\101221183343421.rsc

Security Check results

Results of screen317's Security Check version 0.99.79  
 Windows XP Service Pack 3 x86   
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
 AVG 2011     
`````````Anti-malware/Other Utilities Check:`````````
 Windows Defender    
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java 7 Update 51  
 Adobe Flash Player     12.0.0.44  
 Adobe Reader XI  
 Mozilla Firefox (27.0)
````````Process Check: objlist.exe by Laurent````````  
 Windows Defender MSMpEng.exe
 Windows Defender MSASCui.exe
 AVG avgwdsvc.exe
 AVG avgtray.exe
 AVG avgrsx.exe
 AVG avgnsx.exe
 AVG avgemc.exe
 Blondy Girl My Documents Downloads Maleware\Malwarebytes' Anti-Malware\mbamscheduler.exe
 Blondy Girl My Documents Downloads Defender\MsMpEng.exe
 Blondy Girl My Documents Downloads Defender\MSASCui.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 10%
````````````````````End of Log``````````````````````
 

 

OTL.Txt

 

OTL logfile created on: 2/9/2014 3:10:15 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Blondy Girl\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.99 Gb Total Physical Memory | 2.46 Gb Available Physical Memory | 82.42% Memory free
4.83 Gb Paging File | 4.34 Gb Available in Paging File | 89.74% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 146.03 Gb Total Space | 82.87 Gb Free Space | 56.75% Space Free | Partition Type: NTFS
 
Computer Name: BLONDYGIRL | User Name: Blondy Girl | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Documents and Settings\Blondy Girl\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Documents and Settings\Blondy Girl\My Documents\Downloads\Java\bin\jqs.exe (Oracle Corporation)
PRC - C:\Documents and Settings\Blondy Girl\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
PRC - C:\Documents and Settings\Blondy Girl\My Documents\Downloads\Maleware\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe ()
PRC - C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\Blondy Girl\My Documents\Downloads\Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\Blondy Girl\My Documents\Downloads\Defender\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Dell Wireless\PRISMCFG.exe (Dell Inc.)
PRC - C:\WINDOWS\system32\PRISMSVC.exe (Conexant Systems, Inc.)
PRC - C:\WINDOWS\system32\PRISMSVR.exe (Conexant Systems, Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe ()
MOD - C:\WINDOWS\system32\spool\prtprocs\w32x86\DLBTPP5C.DLL ()
 
 
========== Services (SafeList) ==========
 
SRV - (getPlusHelper) -- C:\Program Files\NOS\bin\getPlus_Helper.dll File not found
SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
SRV - (JavaQuickStarterService) -- C:\Documents and Settings\Blondy Girl\My Documents\Downloads\Java\bin\jqs.exe (Oracle Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Akamai) -- c:\program files\common files\akamai/netsession_win_8fa3539.dll ()
SRV - (MBAMService) -- C:\Documents and Settings\Blondy Girl\My Documents\Downloads\Maleware\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Documents and Settings\Blondy Girl\My Documents\Downloads\Maleware\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (WinDefend) -- C:\Documents and Settings\Blondy Girl\My Documents\Downloads\Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (PRISMSVC) -- C:\WINDOWS\system32\PRISMSVC.exe (Conexant Systems, Inc.)
SRV - (dlbt_device) -- C:\WINDOWS\system32\dlbtcoms.exe (Dell)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (WDICA) --  File not found
DRV - (UIUSys) -- system32\drivers\UIUSys.sys File not found
DRV - (PxHelp20) -- System32\Drivers\PxHelp20.sys File not found
DRV - (PDRFRAME) --  File not found
DRV - (PDRELI) --  File not found
DRV - (PDFRAME) --  File not found
DRV - (PDCOMP) --  File not found
DRV - (PCIDump) --  File not found
DRV - (lbrtfdc) --  File not found
DRV - (i2omgmt) --  File not found
DRV - (Changer) --  File not found
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (ggsemc) -- C:\WINDOWS\system32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV - (ggflt) -- C:\WINDOWS\system32\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSDriver) -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\WINDOWS\system32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSEH) -- C:\WINDOWS\system32\drivers\AVGIDSEH.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSFilter) -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgfwfd) -- C:\WINDOWS\system32\drivers\avgfwdx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgfwdx) -- C:\WINDOWS\system32\drivers\avgfwdx.sys (AVG Technologies CZ, s.r.o.)
DRV - (NwlnkIpx) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys (Microsoft Corporation)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (NwlnkNb) -- C:\WINDOWS\system32\drivers\nwlnknb.sys (Microsoft Corporation)
DRV - (NwlnkSpx) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys (Microsoft Corporation)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.SYS (Conexant Systems, Inc.)
DRV - (HSFHWICH) -- C:\WINDOWS\system32\drivers\HSFHWICH.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (senfilt) -- C:\WINDOWS\system32\drivers\senfilt.sys (Creative Technology Ltd.)
DRV - (OMCI) -- C:\WINDOWS\system32\drivers\omci.sys (Dell Computer Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ca.yahoo.com/?fr=fp-tyc8
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ca.yahoo.com/?fr=fp-tyc8
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ca.yahoo.com/?fr=fp-tyc8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {DECA3892-BA8F-44b8-A993-A466AD694AE4}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7ADRA_en
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://ca.search.yah...p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....-8&fr=ytff-&p="
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.2.20100119091315
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
FF - prefs.js..keyword.URL: "http://search.yahoo....-8&fr=ytff-&p="
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Documents and Settings\Blondy Girl\My Documents\Downloads\Java\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Documents and Settings\Blondy Girl\My Documents\Downloads\Java\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2013/04/09 08:39:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2014/02/04 19:33:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/02/04 19:33:05 | 000,000,000 | ---D | M]
 
[2010/07/12 08:55:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Blondy Girl\Application Data\Mozilla\Extensions
[2010/07/12 08:55:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Blondy Girl\Application Data\Mozilla\Extensions\uploadr@flickr.com
[2010/03/14 10:45:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Blondy Girl\Application Data\Mozilla\Firefox\Profiles\f8012d6r.default\extensions
[2010/03/14 10:45:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Blondy Girl\Application Data\Mozilla\Firefox\Profiles\f8012d6r.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}(2)
[2010/03/14 10:45:28 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Blondy Girl\Application Data\Mozilla\Firefox\Profiles\f8012d6r.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}(2)
[2010/03/14 10:45:28 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Blondy Girl\Application Data\Mozilla\Firefox\Profiles\f8012d6r.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(2)
[2010/03/14 10:44:53 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Blondy Girl\Application Data\Mozilla\Firefox\Profiles\f8012d6r.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}(2)
[2014/01/17 07:05:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Blondy Girl\Application Data\Mozilla\Firefox\Profiles\zcsd5uvq.default\extensions
[2013/08/21 05:59:46 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Blondy Girl\Application Data\Mozilla\Firefox\Profiles\zcsd5uvq.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2013/11/26 06:26:39 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Blondy Girl\Application Data\Mozilla\Firefox\Profiles\zcsd5uvq.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2014/01/16 22:10:37 | 000,940,775 | ---- | M] () (No name found) -- C:\Documents and Settings\Blondy Girl\Application Data\Mozilla\Firefox\Profiles\zcsd5uvq.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014/01/17 07:05:16 | 000,287,587 | ---- | M] () (No name found) -- C:\Documents and Settings\Blondy Girl\Application Data\Mozilla\Firefox\Profiles\zcsd5uvq.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2014/02/04 19:33:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/02/04 19:33:20 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/02/04 19:33:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
[2014/02/04 19:33:03 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
 
O1 HOSTS File: ([2006/02/28 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll (Yahoo! Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Documents and Settings\Blondy Girl\My Documents\Downloads\Java\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Documents and Settings\Blondy Girl\My Documents\Downloads\Java\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe" File not found
O4 - HKLM..\Run: [MFARestart] "C:\Documents and Settings\All Users\Application Data\MFAData\pack\avgrunasx.exe" /usereg File not found
O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [Windows Defender] C:\Documents and Settings\Blondy Girl\My Documents\Downloads\Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [YMailAdvisor] C:\Program Files\Yahoo!\Common\YMailAdvisor.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Documents and Settings\Blondy Girl\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [ROC_ROC_JAN2013_AV] C:\Documents and Settings\Blondy Girl\Application Data\AVG January 2013 Campaign\ROC_JAN2013_AV.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless USB 2.0 WLAN Card Utility.lnk = C:\Program Files\Dell Wireless\PRISMCFG.exe (Dell Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell....iler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.micr...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1268536452890 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1347918779578 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.51.2)
O16 - DPF: {CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.51.2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.153.176.1 75.153.176.9
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0FAA375B-6105-45E1-A6CA-8E796C8BE572}: DhcpNameServer = 75.153.176.1 75.153.176.9
O18 - Protocol\Handler\intu-qt2009 {03947252-2355-4e9b-B446-8CCC75C43370} - C:\Program Files\QuickTax 2009\ic2009pp.dll File not found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\PRISMAPI.DLL: DllName - (PRISMAPI.DLL) - C:\WINDOWS\System32\PRISMAPI.dll (Conexant Systems, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Blondy Girl\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Blondy Girl\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Documents and Settings\Blondy Girl\My Documents\Downloads\Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/03/13 06:17:12 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/02/09 15:04:20 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Blondy Girl\Desktop\OTL.exe
[2014/02/08 18:41:14 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Blondy Girl\Desktop\HiJackThis.exe
[2014/02/06 23:46:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2014/02/06 23:46:28 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2014/02/06 23:46:28 | 000,145,408 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2014/02/06 23:46:16 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2014/02/06 23:46:16 | 000,174,504 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2014/02/06 23:46:16 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2014/02/06 23:46:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Java
[2014/02/04 19:33:01 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[16 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[10 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/02/09 15:04:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Blondy Girl\Desktop\OTL.exe
[2014/02/09 15:04:02 | 000,987,425 | ---- | M] () -- C:\Documents and Settings\Blondy Girl\Desktop\SecurityCheck.exe
[2014/02/09 14:39:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/02/09 13:18:34 | 000,212,992 | ---- | M] () -- C:\Documents and Settings\Blondy Girl\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/02/09 10:37:23 | 152,976,795 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2014/02/09 10:33:33 | 000,000,402 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2014/02/09 10:30:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/02/08 18:41:14 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Blondy Girl\Desktop\HiJackThis.exe
[2014/02/08 18:33:23 | 000,284,424 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2014/02/08 14:13:17 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Blondy Girl\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003.lnk
[2014/02/06 23:46:00 | 000,094,632 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2014/02/06 23:45:58 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2014/02/06 23:45:58 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2014/02/06 23:45:58 | 000,174,504 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2014/02/06 23:45:58 | 000,145,408 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2014/02/05 17:52:57 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/02/04 22:39:40 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2014/02/04 22:39:39 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2014/02/03 20:49:31 | 000,001,073 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Save.ca Print-At-Home.lnk
[16 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[10 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/02/09 15:04:02 | 000,987,425 | ---- | C] () -- C:\Documents and Settings\Blondy Girl\Desktop\SecurityCheck.exe
[2014/02/03 20:49:31 | 000,001,079 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Save.ca Print-At-Home.lnk
[2014/02/03 20:49:31 | 000,001,073 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Save.ca Print-At-Home.lnk
[2012/12/14 18:22:58 | 000,000,272 | ---- | C] () -- C:\Documents and Settings\Blondy Girl\Application Data\.backup.dm
[2012/02/15 19:12:29 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2010/03/14 18:46:38 | 000,212,992 | ---- | C] () -- C:\Documents and Settings\Blondy Girl\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2010/03/13 10:31:19 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 17:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 05:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 17:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2013/01/22 17:35:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG January 2013 Campaign
[2010/10/22 09:17:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/10/22 09:12:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2012/12/09 23:47:56 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2012/12/10 00:07:11 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonEPP
[2012/12/15 01:55:05 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV
[2012/12/10 00:07:11 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEPPEX2
[2012/12/10 00:03:36 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJFAX
[2012/12/09 23:52:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJWSpt
[2012/12/14 18:24:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ClubSanDisk
[2010/10/22 09:17:03 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/05/06 17:28:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/03/21 16:20:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2010/03/13 16:07:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Prism
[2011/10/22 00:38:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2011/01/28 23:53:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/04/19 15:09:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/12/21 18:57:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Blondy Girl\Application Data\AVG
[2013/01/22 17:35:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Blondy Girl\Application Data\AVG January 2013 Campaign
[2010/10/22 09:18:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Blondy Girl\Application Data\AVG10
[2013/08/21 17:33:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Blondy Girl\Application Data\ca.save.print-at-home-signed
[2010/03/14 12:49:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Blondy Girl\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/05/31 18:13:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Blondy Girl\Application Data\ElevatedDiagnostics
[2010/07/12 08:55:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Blondy Girl\Application Data\Flickr
[2010/03/13 19:09:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Blondy Girl\Application Data\InterVideo
[2013/07/24 19:06:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Blondy Girl\Application Data\mediamove for Lexar Media
[2012/07/14 00:11:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Blondy Girl\Application Data\Oracle
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4

< End of report >
 

 



#4 blondygirl

blondygirl

    Authentic Member

  • Authentic Member
  • PipPip
  • 49 posts

Posted 09 February 2014 - 04:25 PM

Extras.Txt

 

OTL Extras logfile created on: 2/9/2014 3:10:15 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Blondy Girl\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.99 Gb Total Physical Memory | 2.46 Gb Available Physical Memory | 82.42% Memory free
4.83 Gb Paging File | 4.34 Gb Available in Paging File | 89.74% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 146.03 Gb Total Space | 82.87 Gb Free Space | 56.75% Space Free | Partition Type: NTFS
 
Computer Name: BLONDYGIRL | User Name: Blondy Girl | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
"C:\Documents and Settings\Blondy Girl\Local Settings\Application Data\Akamai\netsession_win.exe" = C:\Documents and Settings\Blondy Girl\Local Settings\Application Data\Akamai\netsession_win.exe:*:Disabled:netsession_win -- (Akamai Technologies, Inc.)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\WINDOWS\system32\rundll32.exe" = C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App -- (Microsoft Corporation)
"C:\Program Files\Sony Mobile\Update Service\Update Service.exe" = C:\Program Files\Sony Mobile\Update Service\Update Service.exe:*:Enabled:Update Service -- ()
"C:\Program Files\AVG\AVG10\avgdiagex.exe" = C:\Program Files\AVG\AVG10\avgdiagex.exe:*:Enabled:AVG Diagnostics 2011 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgnsx.exe" = C:\Program Files\AVG\AVG10\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgemcx.exe" = C:\Program Files\AVG\AVG10\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0A5B39D2-7ED6-4779-BCC9-37F381139DB3}" = Adobe AIR
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX360_series" = Canon MX360 series MP Drivers
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217051FF}" = Java 7 Update 51
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{353636BF-DA93-49A6-BA74-46CD7202EA33}" = AVG 2011
"{390FF986-468D-4CA9-8830-2C4B313F447F}" = ATI Parental Control
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
"{56504C77-8B9F-4EB2-B33B-C5B9F50B5D64}" = AVG 2011
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3BC5D37-30F9-4CF7-BD5C-0DFF063E4B6D}" = USB 2.0 Wireless LAN Card Utility
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.06)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
"{D5F881C2-B134-474E-AA60-B25DD218AE0D}" = Crash Analysis Tool
"{D61CA2D1-9309-3E8F-5774-F4B3D79FA567}" = Save.ca Print-At-Home
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Akamai" = Akamai NetSession Interface Service
"All ATI Software" = ATI - Software Uninstall Utility
"AVG" = AVG 2011
"ca.save.print-at-home-signed" = Save.ca Print-At-Home
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1" = Conexant D110 MDC V.92 Modem
"Coupon Printer for Windows5.0.0.4" = Coupon Printer for Windows
"Dell Photo AIO Printer 922" = Dell Photo AIO Printer 922
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"InstallShield_{390FF986-468D-4CA9-8830-2C4B313F447F}" = ATI Parental Control
"InstallShield_{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 27.0 (x86 en-US)" = Mozilla Firefox 27.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 4.1" = Canon MP Navigator EX 4.1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Speed Dial Utility" = Canon Speed Dial Utility
"Update Service" = Sony Mobile Update Service
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Mail Advisor" = Yahoo! Mail Advisor
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"bd4d3a0508d364f5" = Dell Driver Download Manager
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 9/1/2013 12:39:42 PM | Computer Name = BLONDYGIRL | Source = Application Hang | ID = 1002
Description = Hanging application mbam.exe, version 1.75.0.1, hang module hungapp,
 version 0.0.0.0, hang address 0x00000000.
 
Error - 9/11/2013 1:00:38 AM | Computer Name = BLONDYGIRL | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80240016, P2 begininstall, P3 install, P4
 1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL,
 P10 NIL.
 
Error - 9/13/2013 8:44:13 AM | Computer Name = BLONDYGIRL | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
 with error: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file.  
 
Error - 9/13/2013 8:44:13 AM | Computer Name = BLONDYGIRL | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
 with error: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file.  
 
Error - 10/9/2013 1:00:43 AM | Computer Name = BLONDYGIRL | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80240016, P2 begininstall, P3 install, P4
 1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL,
 P10 NIL.
 
Error - 10/10/2013 2:07:12 AM | Computer Name = BLONDYGIRL | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
 from: <http://www.download....uthrootseq.txt>
 with error: This operation returned because the timeout period expired.  
 
Error - 11/10/2013 6:28:25 PM | Computer Name = BLONDYGIRL | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 25.0.0.5046, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error - 11/10/2013 6:28:31 PM | Computer Name = BLONDYGIRL | Source = Application Hang | ID = 1001
Description = Fault bucket -370863273.
 
Error - 12/11/2013 2:37:53 AM | Computer Name = BLONDYGIRL | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
 from: <http://www.download....uthrootseq.txt>
 with error: This operation returned because the timeout period expired.  
 
Error - 1/11/2014 2:07:42 AM | Computer Name = BLONDYGIRL | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 1.1.1593.0,
 P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL, P10 NIL.
 
[ System Events ]
Error - 2/4/2014 8:45:18 PM | Computer Name = BLONDYGIRL | Source = Dhcp | ID = 1002
Description = The IP address lease 205.206.232.240 for the Network Card with network
 address 00110973F019 has been  denied by the DHCP server 192.168.1.254 (The DHCP
Server sent a DHCPNACK message).
 
Error - 2/6/2014 10:01:48 AM | Computer Name = BLONDYGIRL | Source = Dhcp | ID = 1002
Description = The IP address lease 205.206.239.100 for the Network Card with network
 address 00110973F019 has been  denied by the DHCP server 192.168.1.254 (The DHCP
Server sent a DHCPNACK message).
 
Error - 2/6/2014 10:24:00 AM | Computer Name = BLONDYGIRL | Source = Dhcp | ID = 1002
Description = The IP address lease 205.206.239.100 for the Network Card with network
 address 00110973F019 has been  denied by the DHCP server 192.168.1.254 (The DHCP
Server sent a DHCPNACK message).
 
Error - 2/6/2014 8:48:16 PM | Computer Name = BLONDYGIRL | Source = Dhcp | ID = 1002
Description = The IP address lease 205.206.239.100 for the Network Card with network
 address 00110973F019 has been  denied by the DHCP server 192.168.1.254 (The DHCP
Server sent a DHCPNACK message).
 
Error - 2/7/2014 1:16:48 AM | Computer Name = BLONDYGIRL | Source = Print | ID = 6161
Description = The document Coupon Print 000018066397-051621281 owned by Blondy Girl
 failed to print on printer Canon MX360 series Printer. Data type: NT EMF 1.008.
 Size of the spool file in bytes: 9148788. Number of bytes printed: 980120. Total
 number of pages in the document: 12. Number of pages printed: 0. Client machine:
 \\BLONDYGIRL. Win32 error code returned by the print processor: 0 (0x0).
 
Error - 2/7/2014 9:58:49 AM | Computer Name = BLONDYGIRL | Source = Dhcp | ID = 1002
Description = The IP address lease 206.75.129.18 for the Network Card with network
 address 00110973F019 has been  denied by the DHCP server 192.168.1.254 (The DHCP
Server sent a DHCPNACK message).
 
Error - 2/8/2014 1:41:52 AM | Computer Name = BLONDYGIRL | Source = Dhcp | ID = 1002
Description = The IP address lease 206.75.129.18 for the Network Card with network
 address 00110973F019 has been  denied by the DHCP server 192.168.1.254 (The DHCP
Server sent a DHCPNACK message).
 
Error - 2/8/2014 2:21:36 PM | Computer Name = BLONDYGIRL | Source = Dhcp | ID = 1002
Description = The IP address lease 75.158.54.218 for the Network Card with network
 address 00110973F019 has been  denied by the DHCP server 192.168.1.254 (The DHCP
Server sent a DHCPNACK message).
 
Error - 2/8/2014 3:58:58 PM | Computer Name = BLONDYGIRL | Source = Dhcp | ID = 1002
Description = The IP address lease 75.158.55.197 for the Network Card with network
 address 00110973F019 has been  denied by the DHCP server 192.168.1.254 (The DHCP
Server sent a DHCPNACK message).
 
Error - 2/9/2014 1:30:13 PM | Computer Name = BLONDYGIRL | Source = Dhcp | ID = 1002
Description = The IP address lease 205.206.233.63 for the Network Card with network
 address 00110973F019 has been  denied by the DHCP server 192.168.1.254 (The DHCP
Server sent a DHCPNACK message).
 
 
< End of report >
 

 

Thank you so much Jo!



#5 Jo*

Jo*

    SuperMember

  • Malware Team
  • 1,197 posts

Posted 09 February 2014 - 04:43 PM

Hello blondygirl,

Please go to one of the below sites to scan the following file(s):
Virus Total (Recommended)
jotti.org
VirScan
click on Browse, and upload the following file(s) for analysis:

C:\Documents and Settings\Blondy Girl\Application Data\AVG\Rescue\PC Tuneup 2011\101221183343421.rsc

Then click Submit. Allow the file to be scanned, and then please copy and paste the results link (for Virus Total) here for me to see.
If it says already scanned -- click "reanalyze now"
Please post the results in your next reply.
 

***



Please download Malwarebytes Anti-Rootkit and save it to your desktop.
  • Be sure to print out and follow the instructions provided on that same page.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.
  • Scan your system for malware
With some infections, you may see two messages boxes.
  • 'Could not load protection driver'. Click 'OK'.
  • 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.
  • If malware is found - do not press the Clean up button, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.

***


Please download AdwCleaner by Xplode and save to your Desktop.
Double-click AdwCleaner.exe
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
    The actual line should say "Pending. Please uncheck elements you do not want to remove" => scan is complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it.
    If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

Graduate of the WTT Classroom
Cheers,
Jo

#6 blondygirl

blondygirl

    Authentic Member

  • Authentic Member
  • PipPip
  • 49 posts

Posted 09 February 2014 - 04:59 PM

Hi Jo!

 

I get this message from VirusTotal

 

File too large

The submitted file exceeds the 64MB size limit.

 

The other links you gave me have a max of 25 and 20MB

 

:wacko:



#7 Jo*

Jo*

    SuperMember

  • Malware Team
  • 1,197 posts

Posted 09 February 2014 - 05:07 PM

Hi,

...AVG\Rescue\PC Tuneup 2011\101221183343421.rsc appears to be a backup file from your AVG Antivirus - PC Tuneup.

Skip this and go on with MalwareBytes and AdwCleaner.
Graduate of the WTT Classroom
Cheers,
Jo

#8 blondygirl

blondygirl

    Authentic Member

  • Authentic Member
  • PipPip
  • 49 posts

Posted 09 February 2014 - 09:06 PM

Hi Jo

The MalwareBytes came back clean.

You are right the AdwCleaner text makes no sense to me but I do have the Yahoo Toolbar :D

Here is the text from the AdwCleaner

# AdwCleaner v3.018 - Report created 09/02/2014 at 19:13:37
# Updated 28/01/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Blondy Girl - BLONDYGIRL
# Running from : C:\Documents and Settings\Blondy Girl\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Found : C:\Documents and Settings\Blondy Girl\Application Data\Mozilla\Firefox\Profiles\zcsd5uvq.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
Folder Found C:\Documents and Settings\Blondy Girl\Local Settings\Application Data\visi_coupon

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\Software\AVG Secure Search
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v27.0 (en-US)

[ File : C:\Documents and Settings\Blondy Girl\Application Data\Mozilla\Firefox\Profiles\f8012d6r.default\prefs.js ]


[ File : C:\Documents and Settings\Blondy Girl\Application Data\Mozilla\Firefox\Profiles\zcsd5uvq.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [2820 octets] - [09/02/2014 16:52:48]
AdwCleaner[R1].txt - [2740 octets] - [09/02/2014 19:13:37]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [2800 octets] ##########

 

 

 

 

Just want to tell you that my fan is still whirring really high like it is going full blast and the CPU is often very high. This happenes when the computer is on but I am not using it. And sometimes the page freezes or goes white. I've noticed a script running message the last while too

 

Thank you very much for your time I appreciate it a lot  :thumbup:

 

blondy



#9 Jo*

Jo*

    SuperMember

  • Malware Team
  • 1,197 posts

Posted 10 February 2014 - 02:04 AM

Hello blondygirl,

Double click on AdwCleaner.exe to run the tool again.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • When the scan has finished, the actual line should say "Pending. Please uncheck elements you do not want to remove". Look through the scan results and uncheck any entries that you do not wish to remove.
  • This time, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

***


Please download Junkware Removal Tool from HERE and save it to your desktop.
Shutdown your antivirus to avoid any potential conflicts.
Double click JRT.exe to run the tool.
  • JRT will begin to backup your registry and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, the log JRT.txt is saved on your desktop and will automatically open.
Enable your antivirus!
Post the contents of JRT.txt into your next reply.



***

Run OTL again.
  • Double click on the OTL icon to run it.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • don't check the boxes beside LOP Check and Purity Check this time.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open a notepad window OTL.Txt.
  • Please copy (Edit->Select All, Edit->Copy) the content of the file and post it with your next reply.

***

How the computer is running now?



***


Graduate of the WTT Classroom
Cheers,
Jo

#10 blondygirl

blondygirl

    Authentic Member

  • Authentic Member
  • PipPip
  • 49 posts

Posted 10 February 2014 - 11:40 PM

Hello Jo !! :adios:

I did as you asked....really I had no idea what to remove what not to remove with the AdwCleaner so I kept my Yahoo Toolbar...everything else I got rid of :blush:

 

After using the JRT my Yahoo toolbar did disappear....I've had it for years and don't believe it's causing too much problem so I'd like to put it back on again but will wait until we are done with everything.

 

When opening my Yahoo mail account I got the Warning Unresponsive Script message again and as I write this lots of whirring and the CPU is kinda high

 

Many thanks for your patience and help :clap:

 

blondy

 

Ok here are the reports........

AdwCleaner report

# AdwCleaner v3.018 - Report created 10/02/2014 at 21:34:27
# Updated 28/01/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Blondy Girl - BLONDYGIRL
# Running from : C:\Documents and Settings\Blondy Girl\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\Blondy Girl\Local Settings\Application Data\visi_coupon
Folder Deleted : C:\Documents and Settings\Blondy Girl\Application Data\Mozilla\Firefox\Profiles\zcsd5uvq.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
[x] Not Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\Software\AVG Secure Search

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v27.0 (en-US)

[ File : C:\Documents and Settings\Blondy Girl\Application Data\Mozilla\Firefox\Profiles\f8012d6r.default\prefs.js ]


[ File : C:\Documents and Settings\Blondy Girl\Application Data\Mozilla\Firefox\Profiles\zcsd5uvq.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [2820 octets] - [09/02/2014 16:52:48]
AdwCleaner[R1].txt - [2880 octets] - [09/02/2014 19:13:37]
AdwCleaner[R2].txt - [2940 octets] - [10/02/2014 21:16:05]
AdwCleaner[S0].txt - [2905 octets] - [10/02/2014 21:34:27]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2965 octets] ##########


JRT Report


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.1 (02.04.2014:1)
OS: Microsoft Windows XP x86
Ran by Blondy Girl on Mon 02/10/2014 at 21:59:10.40
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin.1
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Program Files\coupons"





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 02/10/2014 at 22:04:14.76
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

OTL text

 

OTL logfile created on: 2/10/2014 10:10:59 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Blondy Girl\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.99 Gb Total Physical Memory | 2.49 Gb Available Physical Memory | 83.34% Memory free
4.83 Gb Paging File | 4.35 Gb Available in Paging File | 90.11% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 146.03 Gb Total Space | 82.93 Gb Free Space | 56.79% Space Free | Partition Type: NTFS
 
Computer Name: BLONDYGIRL | User Name: Blondy Girl | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Documents and Settings\Blondy Girl\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Documents and Settings\Blondy Girl\My Documents\Downloads\Java\bin\jqs.exe (Oracle Corporation)
PRC - C:\Documents and Settings\Blondy Girl\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
PRC - C:\Documents and Settings\Blondy Girl\My Documents\Downloads\Maleware\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe ()
PRC - C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\Blondy Girl\My Documents\Downloads\Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\Blondy Girl\My Documents\Downloads\Defender\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Dell Wireless\PRISMCFG.exe (Dell Inc.)
PRC - C:\WINDOWS\system32\PRISMSVC.exe (Conexant Systems, Inc.)
PRC - C:\WINDOWS\system32\PRISMSVR.exe (Conexant Systems, Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe ()
MOD - C:\WINDOWS\system32\spool\prtprocs\w32x86\DLBTPP5C.DLL ()
 
 
========== Services (SafeList) ==========
 
SRV - (getPlusHelper) -- C:\Program Files\NOS\bin\getPlus_Helper.dll File not found
SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
SRV - (JavaQuickStarterService) -- C:\Documents and Settings\Blondy Girl\My Documents\Downloads\Java\bin\jqs.exe (Oracle Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Akamai) -- c:\program files\common files\akamai/netsession_win_8fa3539.dll ()
SRV - (MBAMService) -- C:\Documents and Settings\Blondy Girl\My Documents\Downloads\Maleware\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Documents and Settings\Blondy Girl\My Documents\Downloads\Maleware\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (WinDefend) -- C:\Documents and Settings\Blondy Girl\My Documents\Downloads\Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (PRISMSVC) -- C:\WINDOWS\system32\PRISMSVC.exe (Conexant Systems, Inc.)
SRV - (dlbt_device) -- C:\WINDOWS\system32\dlbtcoms.exe (Dell)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (WDICA) --  File not found
DRV - (UIUSys) -- system32\drivers\UIUSys.sys File not found
DRV - (PxHelp20) -- System32\Drivers\PxHelp20.sys File not found
DRV - (PDRFRAME) --  File not found
DRV - (PDRELI) --  File not found
DRV - (PDFRAME) --  File not found
DRV - (PDCOMP) --  File not found
DRV - (PCIDump) --  File not found
DRV - (lbrtfdc) --  File not found
DRV - (i2omgmt) --  File not found
DRV - (Changer) --  File not found
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (ggsemc) -- C:\WINDOWS\system32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV - (ggflt) -- C:\WINDOWS\system32\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSDriver) -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\WINDOWS\system32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSEH) -- C:\WINDOWS\system32\drivers\AVGIDSEH.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSFilter) -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgfwfd) -- C:\WINDOWS\system32\drivers\avgfwdx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgfwdx) -- C:\WINDOWS\system32\drivers\avgfwdx.sys (AVG Technologies CZ, s.r.o.)
DRV - (NwlnkIpx) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys (Microsoft Corporation)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (NwlnkNb) -- C:\WINDOWS\system32\drivers\nwlnknb.sys (Microsoft Corporation)
DRV - (NwlnkSpx) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys (Microsoft Corporation)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.SYS (Conexant Systems, Inc.)
DRV - (HSFHWICH) -- C:\WINDOWS\system32\drivers\HSFHWICH.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (senfilt) -- C:\WINDOWS\system32\drivers\senfilt.sys (Creative Technology Ltd.)
DRV - (OMCI) -- C:\WINDOWS\system32\drivers\omci.sys (Dell Computer Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ca.yahoo.com/?fr=fp-tyc8
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ca.yahoo.com/?fr=fp-tyc8
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ca.yahoo.com/?fr=fp-tyc8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7ADRA_en
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://ca.search.yah...p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....-8&fr=ytff-&p="
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.2.20100119091315
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
FF - prefs.js..keyword.URL: "http://search.yahoo....-8&fr=ytff-&p="
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Documents and Settings\Blondy Girl\My Documents\Downloads\Java\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Documents and Settings\Blondy Girl\My Documents\Downloads\Java\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2013/04/09 08:39:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2014/02/04 19:33:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/02/04 19:33:05 | 000,000,000 | ---D | M]
 
[2010/07/12 08:55:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Blondy Girl\Application Data\Mozilla\Extensions
[2010/07/12 08:55:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Blondy Girl\Application Data\Mozilla\Extensions\uploadr@flickr.com
[2010/03/14 10:45:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Blondy Girl\Application Data\Mozilla\Firefox\Profiles\f8012d6r.default\extensions
[2010/03/14 10:45:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Blondy Girl\Application Data\Mozilla\Firefox\Profiles\f8012d6r.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}(2)
[2010/03/14 10:45:28 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Blondy Girl\Application Data\Mozilla\Firefox\Profiles\f8012d6r.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}(2)
[2010/03/14 10:45:28 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Blondy Girl\Application Data\Mozilla\Firefox\Profiles\f8012d6r.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(2)
[2010/03/14 10:44:53 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Blondy Girl\Application Data\Mozilla\Firefox\Profiles\f8012d6r.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}(2)
[2014/01/17 07:05:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Blondy Girl\Application Data\Mozilla\Firefox\Profiles\zcsd5uvq.default\extensions
[2013/11/26 06:26:39 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Blondy Girl\Application Data\Mozilla\Firefox\Profiles\zcsd5uvq.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2014/01/16 22:10:37 | 000,940,775 | ---- | M] () (No name found) -- C:\Documents and Settings\Blondy Girl\Application Data\Mozilla\Firefox\Profiles\zcsd5uvq.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014/01/17 07:05:16 | 000,287,587 | ---- | M] () (No name found) -- C:\Documents and Settings\Blondy Girl\Application Data\Mozilla\Firefox\Profiles\zcsd5uvq.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2014/02/04 19:33:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/02/04 19:33:20 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/02/04 19:33:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
[2014/02/04 19:33:03 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
 
O1 HOSTS File: ([2006/02/28 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Documents and Settings\Blondy Girl\My Documents\Downloads\Java\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Documents and Settings\Blondy Girl\My Documents\Downloads\Java\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe" File not found
O4 - HKLM..\Run: [MFARestart] "C:\Documents and Settings\All Users\Application Data\MFAData\pack\avgrunasx.exe" /usereg File not found
O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [Windows Defender] C:\Documents and Settings\Blondy Girl\My Documents\Downloads\Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [YMailAdvisor] C:\Program Files\Yahoo!\Common\YMailAdvisor.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Documents and Settings\Blondy Girl\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [ROC_ROC_JAN2013_AV] C:\Documents and Settings\Blondy Girl\Application Data\AVG January 2013 Campaign\ROC_JAN2013_AV.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless USB 2.0 WLAN Card Utility.lnk = C:\Program Files\Dell Wireless\PRISMCFG.exe (Dell Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell....iler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.micr...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1268536452890 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1347918779578 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.51.2)
O16 - DPF: {CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.51.2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.153.176.1 75.153.176.9
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0FAA375B-6105-45E1-A6CA-8E796C8BE572}: DhcpNameServer = 75.153.176.1 75.153.176.9
O18 - Protocol\Handler\intu-qt2009 {03947252-2355-4e9b-B446-8CCC75C43370} - C:\Program Files\QuickTax 2009\ic2009pp.dll File not found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\PRISMAPI.DLL: DllName - (PRISMAPI.DLL) - C:\WINDOWS\System32\PRISMAPI.dll (Conexant Systems, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Blondy Girl\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Blondy Girl\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Documents and Settings\Blondy Girl\My Documents\Downloads\Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/03/13 06:17:12 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/02/10 21:59:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2014/02/10 21:51:47 | 001,037,530 | ---- | C] (Thisisu) -- C:\Documents and Settings\Blondy Girl\Desktop\JRT.exe
[2014/02/09 16:52:28 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/02/09 16:36:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
[2014/02/09 16:35:59 | 000,107,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2014/02/09 16:11:28 | 000,052,312 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2014/02/09 16:11:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Blondy Girl\Desktop\mbar
[2014/02/09 15:49:11 | 012,589,848 | ---- | C] (Malwarebytes Corp.) -- C:\Documents and Settings\Blondy Girl\Desktop\mbar-1.07.0.1009.exe
[2014/02/09 15:04:20 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Blondy Girl\Desktop\OTL.exe
[2014/02/08 18:41:14 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Blondy Girl\Desktop\HiJackThis.exe
[2014/02/06 23:46:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2014/02/06 23:46:28 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2014/02/06 23:46:28 | 000,145,408 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2014/02/06 23:46:16 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2014/02/06 23:46:16 | 000,174,504 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2014/02/06 23:46:16 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2014/02/06 23:46:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Java
[2014/02/04 19:33:01 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[16 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[10 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/02/10 21:51:49 | 001,037,530 | ---- | M] (Thisisu) -- C:\Documents and Settings\Blondy Girl\Desktop\JRT.exe
[2014/02/10 21:40:00 | 000,000,402 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2014/02/10 21:39:16 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/02/10 21:36:37 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/02/10 18:49:46 | 153,096,441 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2014/02/10 18:45:11 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/02/09 16:35:59 | 000,107,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2014/02/09 16:11:28 | 000,052,312 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2014/02/09 15:51:07 | 012,589,848 | ---- | M] (Malwarebytes Corp.) -- C:\Documents and Settings\Blondy Girl\Desktop\mbar-1.07.0.1009.exe
[2014/02/09 15:48:59 | 001,166,132 | ---- | M] () -- C:\Documents and Settings\Blondy Girl\Desktop\AdwCleaner.exe
[2014/02/09 15:04:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Blondy Girl\Desktop\OTL.exe
[2014/02/09 15:04:02 | 000,987,425 | ---- | M] () -- C:\Documents and Settings\Blondy Girl\Desktop\SecurityCheck.exe
[2014/02/09 13:18:34 | 000,212,992 | ---- | M] () -- C:\Documents and Settings\Blondy Girl\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/02/08 18:41:14 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Blondy Girl\Desktop\HiJackThis.exe
[2014/02/08 18:33:23 | 000,284,424 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2014/02/08 14:13:17 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Blondy Girl\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003.lnk
[2014/02/06 23:46:00 | 000,094,632 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2014/02/06 23:45:58 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2014/02/06 23:45:58 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2014/02/06 23:45:58 | 000,174,504 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2014/02/06 23:45:58 | 000,145,408 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2014/02/04 22:39:40 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2014/02/04 22:39:39 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2014/02/03 20:49:31 | 000,001,073 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Save.ca Print-At-Home.lnk
[16 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[10 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/02/09 15:48:52 | 001,166,132 | ---- | C] () -- C:\Documents and Settings\Blondy Girl\Desktop\AdwCleaner.exe
[2014/02/09 15:04:02 | 000,987,425 | ---- | C] () -- C:\Documents and Settings\Blondy Girl\Desktop\SecurityCheck.exe
[2014/02/03 20:49:31 | 000,001,079 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Save.ca Print-At-Home.lnk
[2014/02/03 20:49:31 | 000,001,073 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Save.ca Print-At-Home.lnk
[2012/12/14 18:22:58 | 000,000,272 | ---- | C] () -- C:\Documents and Settings\Blondy Girl\Application Data\.backup.dm
[2012/02/15 19:12:29 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2010/03/14 18:46:38 | 000,212,992 | ---- | C] () -- C:\Documents and Settings\Blondy Girl\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2010/03/13 10:31:19 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 17:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 05:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 17:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4

< End of report >




 


Edited by blondygirl, 10 February 2014 - 11:42 PM.

    Advertisements

Register to Remove


#11 Jo*

Jo*

    SuperMember

  • Malware Team
  • 1,197 posts

Posted 11 February 2014 - 05:24 AM

Hello blondygirl,
 

After using the JRT my Yahoo toolbar did disappear....I've had it for years and don't believe it's causing too much problem so I'd like to put it back on again but will wait until we are done with everything.

You can re-install the toolbar now or later.
 

When opening my Yahoo mail account I got the Warning Unresponsive Script message again and as I write this lots of whirring and the CPU is kinda high

Can you give us more details?
Do you use Firefox to open Yahoo mail account?
Which program shows the warning message (Windows Defender, Firefox or your mail program or what else)?
Can you copy the error message or make screenshot?
 

***



Download ComboFix from the following location:
Link

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

CF_RC_notice.png
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
cfRC_screen_2.png
  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


Enable your antivirus!
Graduate of the WTT Classroom
Cheers,
Jo

#12 blondygirl

blondygirl

    Authentic Member

  • Authentic Member
  • PipPip
  • 49 posts

Posted 12 February 2014 - 12:30 AM

Hi Jo! Again thank you for all the time you are giving to me and my computer!!
 

Can you give us more details?
Do you use Firefox to open Yahoo mail account?
Which program shows the warning message (Windows Defender, Firefox or your mail program or what else)?
Can you copy the error message or make screenshot?

 
I wasn't able to get a screen shot as the CPU was running at 99% and everything had locked up. Yahoo was already open in another tab I had just clicked on that tab to check my email and then the unresponsive warning showed...it has showed on other pages as well...
 
The warning box said something like
 
Warning Unresponsive Script

Script hxxps://s.yimg.com/zz/combo??nq/s/php/mail/js/launch_54_4195.js:2

 
 
Here is my ComboFix text. Many thanks
 
blondy
 
ComboFix 14-02-11.01 - Blondy Girl 02/11/2014  22:45:57.1.2 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.3062.2038 [GMT -7:00]
Running from: c:\documents and settings\Blondy Girl\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Blondy Girl\UserData\3FXJ7XWW
c:\documents and settings\Blondy Girl\UserData\3FXJ7XWW\oWindowsUpdate[1].xml
c:\windows\explorer(2).exe
c:\windows\system32\ctfmon(2).exe
c:\windows\system32\linkinfo(2).dll
c:\windows\system32\SET15D.tmp
c:\windows\system32\SET15E.tmp
c:\windows\system32\SET15F.tmp
c:\windows\system32\SET160.tmp
c:\windows\system32\SET16D.tmp
c:\windows\system32\SET16E.tmp
c:\windows\system32\SET175.tmp
c:\windows\system32\SET179.tmp
c:\windows\system32\SET44.tmp
c:\windows\system32\SET47.tmp
c:\windows\system32\SET4B.tmp
c:\windows\system32\SET4C.tmp
c:\windows\system32\SET53.tmp
c:\windows\system32\SET55.tmp
c:\windows\system32\SET9B.tmp
.
.
(((((((((((((((((((((((((   Files Created from 2014-01-12 to 2014-02-12  )))))))))))))))))))))))))))))))
.
.
2014-02-11 06:01 . 2013-12-04 02:57    7760024    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{900D529F-0B68-4BEA-A26E-ECA6DF4D0DA0}\mpengine.dll
2014-02-11 04:59 . 2014-02-11 04:59    --------    d-----w-    c:\windows\ERUNT
2014-02-09 23:52 . 2014-02-11 04:34    --------    d-----w-    C:\AdwCleaner
2014-02-09 23:36 . 2014-02-10 02:01    --------    d-----w-    c:\documents and settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2014-02-09 23:35 . 2014-02-09 23:35    107224    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-02-09 23:11 . 2014-02-09 23:11    52312    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-02-07 06:46 . 2014-02-07 06:46    --------    d-----w-    c:\program files\Common Files\Java
2014-02-07 06:46 . 2014-02-07 06:45    145408    ----a-w-    c:\windows\system32\javacpl.cpl
2014-02-07 06:46 . 2014-02-07 06:46    94632    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-05 05:39 . 2012-04-02 15:16    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2014-02-05 05:39 . 2011-10-30 01:29    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-18 13:13 . 2011-09-06 16:47    231584    ------w-    c:\windows\system32\MpSigStub.exe
2013-12-04 02:57 . 2011-09-06 16:47    7760024    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2013-11-27 20:21 . 2006-02-28 12:00    40960    ----a-w-    c:\windows\system32\drivers\ndproxy.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn5\yt.dll" [2013-11-19 1567000]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\documents and settings\Blondy Girl\Local Settings\Application Data\Akamai\netsession_win.exe" [2013-06-05 4489472]
"ROC_ROC_JAN2013_AV"="c:\documents and settings\Blondy Girl\Application Data\AVG January 2013 Campaign\ROC_JAN2013_AV.exe" [2013-01-17 1234000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-08-06 155648]
"YMailAdvisor"="c:\program files\Yahoo!\Common\YMailAdvisor.exe" [2009-05-08 174424]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2012-08-01 2345592]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-07-25 2569616]
"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-09-15 1213848]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-12-21 959904]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Wireless USB 2.0 WLAN Card Utility.lnk - c:\program files\Dell Wireless\PRISMCFG.exe /START [2010-3-13 921704]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PRISMAPI.DLL]
2005-12-23 03:08    450646    ----a-w-    c:\windows\system32\PRISMAPI.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ       autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Documents and Settings\\Blondy Girl\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Sony Mobile\\Update Service\\Update Service.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgemcx.exe"=
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [9/13/2010 3:27 PM 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/7/2010 2:48 AM 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [9/7/2010 2:48 AM 255968]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [9/7/2010 2:49 AM 297168]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [2/28/2006 5:00 AM 14336]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [2/8/2011 4:33 AM 269520]
R2 PRISMSVC;PRISMSVC;c:\windows\system32\PRISMSVC.exe [3/13/2010 4:07 PM 61526]
R2 WinDefend;Windows Defender;c:\documents and settings\Blondy Girl\My Documents\Downloads\Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [8/19/2010 8:42 PM 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [8/19/2010 8:42 PM 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [8/19/2010 8:42 PM 27216]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2/11/2013 9:23 AM 22856]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [1/31/2012 3:02 PM 7391072]
S2 MBAMScheduler;MBAMScheduler;c:\documents and settings\Blondy Girl\My Documents\Downloads\Maleware\Malwarebytes' Anti-Malware\mbamscheduler.exe [2/11/2013 9:26 AM 418376]
S2 MBAMService;MBAMService;c:\documents and settings\Blondy Girl\My Documents\Downloads\Maleware\Malwarebytes' Anti-Malware\mbamservice.exe [2/11/2013 9:23 AM 701512]
S3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [7/12/2010 3:33 AM 30432]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [7/12/2010 3:33 AM 30432]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [12/31/2012 11:10 AM 12400]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper    REG_MULTI_SZ       getPlusHelper
Akamai    REG_MULTI_SZ       Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2014-02-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 05:39]
.
2014-02-12 c:\windows\Tasks\MP Scheduled Scan.job
- c:\documents and settings\Blondy Girl\My Documents\Downloads\Defender\MpCmdRun.exe [2006-11-04 01:20]
.
2013-01-23 c:\windows\Tasks\ROC_REG_JAN_DELETE.job
- c:\documents and settings\All Users\Application Data\AVG January 2013 Campaign\ROC.exe [2013-01-23 21:16]
.
2013-01-23 c:\windows\Tasks\ROC_ROC_JAN2013_AV.job
- c:\documents and settings\Blondy Girl\Application Data\AVG January 2013 Campaign\ROC_JAN2013_AV.exe [2013-01-23 21:16]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ca.yahoo.com/?fr=fp-tyc8
mStart Page = hxxp://ca.yahoo.com/?fr=fp-tyc8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
TCP: DhcpNameServer = 75.153.176.1 75.153.176.9
FF - ProfilePath - c:\documents and settings\Blondy Girl\Application Data\Mozilla\Firefox\Profiles\zcsd5uvq.default\
FF - prefs.js: browser.search.defaulturl - hxxp://ca.search.yahoo.com/search?ei=UTF-8&fr=ytff-tyc-sc&p=
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - hxxp://www.flickr.com/photos/blondygirl/sets/
FF - prefs.js: keyword.URL -
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-Dell Photo AIO Printer 922 - c:\program files\Dell Photo AIO Printer 922\dlbtbmgr.exe
HKLM-Run-MFARestart - c:\documents and settings\All Users\Application Data\MFAData\pack\avgrunasx.exe
AddRemove-Coupon Printer for Windows5.0.0.4 - c:\program files\Coupons\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-02-11 22:51
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_8fa3539.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b6,8c,3c,7b,67,41,9c,47,b6,51,fa,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b6,8c,3c,7b,67,41,9c,47,b6,51,fa,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(748)
c:\windows\system32\PRISMAPI.DLL
.
Completion time: 2014-02-11  22:53:10
ComboFix-quarantined-files.txt  2014-02-12 05:53
.
Pre-Run: 89,004,761,088 bytes free
Post-Run: 89,172,701,184 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 1CEDC1E00CDE7EF37559A18D3A606EBB
8F558EB6672622401DA993E1E865C861

#13 Jo*

Jo*

    SuperMember

  • Malware Team
  • 1,197 posts

Posted 12 February 2014 - 03:08 AM


Hello blondygirl,

try this one:
How to Fix Unresponsive Script Error in Firefox


Do you use Firefox to open Yahoo mail account?


Then try to find out, which processes / files cause the highest CPU load.
How to use the Windows Task Manager

If you click on the Show processes from all users button, Windows Task Manager will be restarted with Administrative privileges that will allow you to see all processes currently started on the computer. An example of what this looks like can be seen in the image below. Notice how there are much more processes now listed.


Run OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL


    :OTL
    
    :Commands
    [purity]
    [emptytemp]
    
    NOTICE: This script was written specifically for this user, for use on that particular machine.
    Running this on another machine may cause damage to your operating system.
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post the [b]Fix OTL log.

Graduate of the WTT Classroom
Cheers,
Jo

#14 blondygirl

blondygirl

    Authentic Member

  • Authentic Member
  • PipPip
  • 49 posts

Posted 13 February 2014 - 12:53 AM

Jo thanks for much for your continued assistance. I'm working a double so will have to put this on hold until tomorrow I'm sorry.

 

I did read about the script....it seems quite detailed but I'll give a shot...i guess so long as I do it point for point as the writer shows it I shouldn't have any trouble :blush: :whistling:

 

I'll let you know how things go tomorrow evening....well I'm in Canada and its Wednesday night...it might be your Friday morning by the time I get this done lol

 

Thank you again I'll try to do this quickly

blondy



#15 blondygirl

blondygirl

    Authentic Member

  • Authentic Member
  • PipPip
  • 49 posts

Posted 13 February 2014 - 11:39 PM

Hello blondygirl,

try this one:
How to Fix Unresponsive Script Error in Firefox

 

Okay I did what it asked up to the profile...the Java is a pain its on my computer but Firefox blocks a few things so it acts like I don't have it I think :wacko:

 

Should I keep the Hardware Acceleration unchecked?

 

 

Do you use Firefox to open Yahoo mail account?

 

Yes

 

 

Then try to find out, which processes / files cause the highest CPU load.

 

System Idle Process is the highest tonight...haven't been on the computer much. But memory whoa! AVG...Firefox they really suck it up!

 

 

Run OTL.exeCopy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

 

Done...here is the log

 

Thank you very much Jo much appreciated!! :adios:

 

All processes killed
========== OTL ==========
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Blondy Girl
->Temp folder emptied: 44220280 bytes
->Temporary Internet Files folder emptied: 2195149 bytes
->Java cache emptied: 1463171 bytes
->FireFox cache emptied: 259094444 bytes
->Flash cache emptied: 67796807 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 57472 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 98438 bytes
 
User: NetworkService
->Temp folder emptied: 4092 bytes
->Temporary Internet Files folder emptied: 67 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 4353712 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 561640 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 362.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 02132014_215036

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_ec.dat not found!
File\Folder C:\WINDOWS\temp\TMP0000000EE14FB134602446E2 not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


 

 


Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users