Jump to content

Build Theme!
  •  
  • Infected?

big grin WE'RE SURE THAT YOU'LL LOVE US!

We invite you to ask questions, share experiences, and learn. It's 100% free. Did we mention that it's free. It is. It's free. Join 91601 other members! Anybody can ask, anybody can answer. Consistently helpful members with best answers are invited to staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Vista Computer; Browser gets hijacked [Closed]


  • This topic is locked This topic is locked
3 replies to this topic

#1 accinab

accinab

    New Member

  • New Member
  • Pip
  • 1 posts

Posted 06 August 2014 - 08:22 AM

Hi, I'm trying to help my sister cleanup a persistant browser hijack (searchassist) from her computer.

 

I ran OTL, Hijacthis and DDS; appreciate any help you can give.

 

(Note: The message about how to post said I should zip the second part of the DDS scan and attach it; I'm not sure how to do this, but have saved a copy of that part of the scan and can add it later if you require it.)

 

OTL:

 

OTL logfile created on: 8/6/2014 7:24:51 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Annie\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.44 Gb Total Physical Memory | 0.75 Gb Available Physical Memory | 51.98% Memory free
3.12 Gb Paging File | 2.32 Gb Available in Paging File | 74.31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.46 Gb Total Space | 42.90 Gb Free Space | 57.62% Space Free | Partition Type: NTFS
 
Computer Name: ANNIE-PC | User Name: Annie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Annie\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG2014\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
PRC - c:\Program Files\AVG\AVG2014\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2014\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2014\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2014\avgemcx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2014\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2014\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files\AVG\AVG2014\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (nvUpdatusService) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (Avgdiskx) -- C:\Windows\System32\drivers\avgdiskx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgldx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgtdix) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avglogx) -- C:\Windows\System32\drivers\avglogx.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSHX) -- C:\Windows\System32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSDriver) -- C:\Windows\System32\drivers\avgidsdriverx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgmfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\Windows\System32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSShim) -- C:\Windows\System32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o.)
DRV - (SWDUMon) -- C:\Windows\System32\drivers\SWDUMon.sys ()
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (bcm4sbxp) -- C:\Windows\System32\drivers\bcm4sbxp.sys (Broadcom Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\..\SearchScopes,DefaultScope = {BA1BE292-1D15-488B-934D-008742212380}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{BA1BE292-1D15-488B-934D-008742212380}: "URL" = http://www.SearchAss...m=1980&c=d&s=sp
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?r...opt=0&ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\..\SearchScopes,DefaultScope = {BA1BE292-1D15-488B-934D-008742212380}
IE - HKCU\..\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" = http://search.condui...rchTerms}&SSPV=
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{ac47396a-0d65-4584-a14b-b3be5b87172a}: "URL" = http://www.searchalg...Terms}&cid=4301
IE - HKCU\..\SearchScopes\{BA1BE292-1D15-488B-934D-008742212380}: "URL" = http://www.SearchAss...m=1980&c=d&s=sp
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Search  "
FF - prefs.js..browser.search.defaultenginename: "Search  "
FF - prefs.js..browser.search.defaultthis.engineName: "Web Search"
FF - prefs.js..browser.search.defaulturl: "http://www.searchass...=1980&c=d&s=sp"
FF - prefs.js..browser.search.order.1: "Search  "
FF - prefs.js..browser.search.selectedEngine: "Search  "
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:31.0
FF - prefs.js..keyword.URL: "http://www.searchass.../search?p=s&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 31.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/07/22 12:07:07 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 31.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/07/22 12:07:07 | 000,000,000 | ---D | M]
 
[2013/03/30 10:28:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Annie\AppData\Roaming\Mozilla\Extensions
[2014/08/05 19:58:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Annie\AppData\Roaming\Mozilla\Firefox\Profiles\soiskhuh.default\extensions
[2014/08/05 19:52:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Annie\AppData\Roaming\Mozilla\Firefox\Profiles\soiskhuh.default\extensions\staged
[2014/08/05 18:56:41 | 000,967,685 | ---- | M] () (No name found) -- C:\Users\Annie\AppData\Roaming\Mozilla\Firefox\Profiles\soiskhuh.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014/08/05 19:52:58 | 000,002,233 | ---- | M] () -- C:\Users\Annie\AppData\Roaming\Mozilla\Firefox\Profiles\soiskhuh.default\searchplugins\search-.xml
[2014/07/29 17:20:56 | 000,000,696 | ---- | M] () -- C:\Users\Annie\AppData\Roaming\Mozilla\Firefox\Profiles\soiskhuh.default\searchplugins\SearchAlgo.xml
[2014/07/22 12:07:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/07/22 12:07:36 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - homepage: http:\/\/www.searchassist.net\/?p=h&m=1980&c=d&s=sp
CHR - plugin: SearchAssist (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Error reading preferences file
CHR - Extension: Docs = C:\Users\Annie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: Google Drive = C:\Users\Annie\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: YouTube = C:\Users\Annie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Annie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: HP Smart Print = C:\Users\Annie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmpaiomihcebnclahoknbodeiaiohcdi\2.6.0.242_0\
CHR - Extension: Gmail = C:\Users\Annie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2006/09/18 15:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Free Games) - {0D5F364D-D6A9-43C1-BF0C-99B378972C5B} - C:\Program Files\Free Games\ScriptHost.dll (BestOffers)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\Smart Print\SmartPrintSetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\Smart Print\SmartPrintSetup.exe (Hewlett-Packard)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.59.184.13 64.59.190.242
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{62536756-C555-409A-A9FD-596FEB8851FB}: DhcpNameServer = 64.59.184.13 64.59.190.242
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img32.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img32.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
 
    CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/08/06 07:14:12 | 000,000,000 | ---D | C] -- C:\ZTools
[2014/08/06 07:13:06 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Annie\Desktop\OTL.exe
[2014/08/05 20:49:09 | 000,000,000 | ---D | C] -- C:\Users\Annie\AppData\Roaming\AVG2014
[2014/08/05 20:47:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2014/08/05 20:45:17 | 000,000,000 | -H-D | C] -- C:\$AVG
[2014/08/05 20:45:17 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2014
[2014/08/05 20:14:43 | 000,000,000 | ---D | C] -- C:\Users\Annie\AppData\Local\Avg2014
[2014/08/05 19:56:06 | 000,000,000 | ---D | C] -- C:\Users\Annie\AppData\Local\SweepTools
[2014/08/05 19:55:59 | 000,000,000 | ---D | C] -- C:\Program Files\SweepTools PC Cleaner
[2014/08/05 19:52:55 | 000,000,000 | ---D | C] -- C:\Users\Annie\Documents\Add-in Express
[2014/08/05 19:35:04 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Annie\Desktop\HijackThis.exe
[2014/08/02 16:23:24 | 000,000,000 | ---D | C] -- C:\Users\Annie\AppData\Local\AVG
[2014/08/02 16:23:23 | 000,000,000 | ---D | C] -- C:\Users\Annie\AppData\Roaming\AVG
[2014/08/02 16:17:35 | 000,000,000 | -HSD | C] -- C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
[2014/08/02 16:17:32 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG
[2014/07/29 17:20:51 | 000,000,000 | ---D | C] -- C:\Users\Annie\AppData\Local\speedtest199
[2014/07/29 17:20:44 | 000,000,000 | ---D | C] -- C:\Program Files\Free Games
[2014/07/29 17:20:36 | 000,000,000 | ---D | C] -- C:\Users\Annie\AppData\Local\freegames197
[2014/07/29 17:19:53 | 000,000,000 | ---D | C] -- C:\Users\Annie\AppData\Roaming\Performersoft
[2014/07/29 17:19:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Performer
[2014/07/29 17:19:41 | 000,000,000 | ---D | C] -- C:\Program Files\PC Performer
[2014/07/29 10:57:55 | 000,000,000 | ---D | C] -- C:\Users\Annie\AppData\Local\globalUpdate
[2014/07/29 10:57:55 | 000,000,000 | ---D | C] -- C:\Program Files\globalUpdate
[2014/07/22 12:07:03 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2014/07/09 07:29:44 | 002,051,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2014/07/09 07:29:38 | 000,506,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qedit.dll
[2014/07/09 07:29:20 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2014/07/09 07:29:19 | 001,810,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2014/07/09 07:29:19 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2014/07/09 07:29:19 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2014/07/09 07:29:14 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2014/07/09 07:29:14 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2014/07/09 07:29:14 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2014/07/09 07:29:14 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2014/07/09 07:29:13 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2014/07/09 07:29:12 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2014/07/09 07:29:11 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2014/07/09 07:29:10 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
 
========== Files - Modified Within 30 Days ==========
 
[2014/08/06 07:27:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/08/06 07:17:08 | 000,625,664 | ---- | M] () -- C:\Users\Annie\Desktop\dds.scr
[2014/08/06 07:13:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Annie\Desktop\OTL.exe
[2014/08/06 07:10:23 | 000,001,771 | ---- | M] () -- C:\Users\Annie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 2540 series.lnk
[2014/08/06 07:10:07 | 000,003,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/08/06 07:10:06 | 000,003,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/08/06 07:09:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/08/06 07:09:22 | 1539,874,816 | -HS- | M] () -- C:\hiberfil.sys
[2014/08/05 19:58:24 | 000,000,258 | RHS- | M] () -- C:\Users\Annie\ntuser.pol
[2014/08/05 19:35:10 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Annie\Desktop\HijackThis.exe
[2014/07/29 17:21:02 | 000,001,166 | ---- | M] () -- C:\Users\Annie\Desktop\Free Games.lnk
[2014/07/10 13:17:17 | 000,280,720 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2014/07/09 14:26:19 | 000,000,920 | ---- | M] () -- C:\Users\Annie\AppData\Roaming\wklnhst.dat
[2014/07/09 00:28:46 | 000,699,056 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2014/07/09 00:28:46 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
 
========== Files Created - No Company Name ==========
 
[2014/08/06 07:17:03 | 000,625,664 | ---- | C] () -- C:\Users\Annie\Desktop\dds.scr
[2014/08/05 19:52:50 | 000,000,258 | RHS- | C] () -- C:\Users\Annie\ntuser.pol
[2014/07/29 17:21:02 | 000,001,166 | ---- | C] () -- C:\Users\Annie\Desktop\Free Games.lnk
[2014/06/02 12:03:01 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2013/12/02 09:53:21 | 000,013,464 | ---- | C] () -- C:\Windows\System32\drivers\SWDUMon.sys
[2013/05/24 17:30:01 | 000,000,680 | ---- | C] () -- C:\Users\Annie\AppData\Local\d3d9caps.dat
[2013/03/29 12:06:10 | 000,000,920 | ---- | C] () -- C:\Users\Annie\AppData\Roaming\wklnhst.dat
 
========== ZeroAccess Check ==========
 
[2006/11/02 06:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/25 07:26:04 | 011,587,584 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 07:18:35 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 07:18:24 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2014/08/02 16:23:23 | 000,000,000 | ---D | M] -- C:\Users\Annie\AppData\Roaming\AVG
[2014/08/05 20:49:09 | 000,000,000 | ---D | M] -- C:\Users\Annie\AppData\Roaming\AVG2014
[2014/01/17 09:50:05 | 000,000,000 | ---D | M] -- C:\Users\Annie\AppData\Roaming\IObit
[2014/03/13 09:03:08 | 000,000,000 | ---D | M] -- C:\Users\Annie\AppData\Roaming\PacificPoker
[2014/07/29 17:19:53 | 000,000,000 | ---D | M] -- C:\Users\Annie\AppData\Roaming\Performersoft
[2014/03/10 13:07:36 | 000,000,000 | ---D | M] -- C:\Users\Annie\AppData\Roaming\systweak
[2013/04/08 14:30:23 | 000,000,000 | ---D | M] -- C:\Users\Annie\AppData\Roaming\Template
[2013/03/29 11:31:35 | 000,000,000 | ---D | M] -- C:\Users\Annie\AppData\Roaming\TuneUp Software
[2013/04/12 16:15:52 | 000,000,000 | ---D | M] -- C:\Users\Annie\AppData\Roaming\Unity
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %USERPROFILE%\..|smtmp;true;true;true /FP >
 
<     %temp%\smtmp\*.* /s > >
 
< MD5 for: EXPLORER.EXE  >
[2009/04/11 07:18:35 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 07:18:35 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
 
< MD5 for: EXPLORER.EXE.MUI  >
[2006/11/02 06:38:53 | 000,036,864 | ---- | M] (Microsoft Corporation) MD5=192DD053B43250E264383CDC3D564A18 -- C:\Windows\en-US\explorer.exe.mui
[2006/11/02 06:38:53 | 000,036,864 | ---- | M] (Microsoft Corporation) MD5=192DD053B43250E264383CDC3D564A18 -- C:\Windows\winsxs\x86_microsoft-windows-explorer.resources_31bf3856ad364e35_6.0.6000.16386_en-us_03bbc52176b6ba20\explorer.exe.mui
 
< MD5 for: IEXPLORE.EXE  >
[2013/10/13 04:49:16 | 000,757,488 | ---- | M] (Microsoft Corporation) MD5=06085B62BC7E0C8E2605CEA38774D956 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.16520_none_58a898e5ebaaf1b6\iexplore.exe
[2014/06/09 10:40:29 | 000,758,000 | ---- | M] (Microsoft Corporation) MD5=08ED70F000508724BAF881AA07C21BE1 -- C:\Program Files\Internet Explorer\iexplore.exe
[2014/06/09 10:40:29 | 000,758,000 | ---- | M] (Microsoft Corporation) MD5=08ED70F000508724BAF881AA07C21BE1 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.16561_none_587e597febca7ad1\iexplore.exe
[2013/07/31 04:18:24 | 000,757,400 | ---- | M] (Microsoft Corporation) MD5=10C1F2EC48D524AE10229AACD37B172A -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.20617_none_594407a304ba26f0\iexplore.exe
[2014/02/23 00:00:18 | 000,757,488 | ---- | M] (Microsoft Corporation) MD5=10EB5C0E376727E21198B14E2F1637F7 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.16540_none_5892f90debbb2998\iexplore.exe
[2013/07/24 20:48:45 | 000,757,400 | ---- | M] (Microsoft Corporation) MD5=139C8953AC56A9E559C7DEF07BC45ED7 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.20613_none_5940067b04bdc194\iexplore.exe
[2009/04/11 07:18:21 | 000,636,080 | ---- | M] (Microsoft Corporation) MD5=2C5168C856455CC43C4B4E1CC1920001 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6002.18005_none_314d791517204c15\iexplore.exe
[2013/10/13 03:43:05 | 000,757,488 | ---- | M] (Microsoft Corporation) MD5=2D64E29ADB5DEB40446796A9C42417E3 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.20631_none_5928660f04cfc6c8\iexplore.exe
[2013/02/21 22:10:00 | 000,757,376 | ---- | M] (Microsoft Corporation) MD5=32732CEDE2A1106B736EF3D84054EE04 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.16476_none_5878891febce184e\iexplore.exe
[2014/02/23 00:26:53 | 000,757,488 | ---- | M] (Microsoft Corporation) MD5=32FC0953B384A11B4AB422E56E2BDBCD -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.20651_none_5912c63704dffeaa\iexplore.exe
[2013/05/28 21:32:47 | 000,757,400 | ---- | M] (Microsoft Corporation) MD5=33E62E4EFC2ACA8EC63A8926F26D3889 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.20606_none_594dd74504b2f1a8\iexplore.exe
[2013/04/04 16:47:49 | 000,757,360 | ---- | M] (Microsoft Corporation) MD5=3F00BE80B9CEA20B7FE7363D15EDDB94 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.16483_none_586ab855ebd8e83a\iexplore.exe
[2013/02/21 22:10:31 | 000,757,360 | ---- | M] (Microsoft Corporation) MD5=4145E2B5663F6FACC08EFDB17B658BB2 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.20586_none_58f755ff04f3d409\iexplore.exe
[2014/03/07 16:55:11 | 000,757,488 | ---- | M] (Microsoft Corporation) MD5=41F24930153D42287D157B93A859E6F3 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.20656_none_5917c7a904db7d5d\iexplore.exe
[2013/11/14 17:18:24 | 000,757,488 | ---- | M] (Microsoft Corporation) MD5=43E6F2A7FB182F2D7CB0CE5B8F1005CF -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.16526_none_58ae9aa1eba589c0\iexplore.exe
[2013/09/22 04:59:54 | 000,757,400 | ---- | M] (Microsoft Corporation) MD5=45BDA923BE52906D1460BCB13AC2AB7A -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.16514_none_58b769f9eb9f3b21\iexplore.exe
[2014/02/05 03:08:15 | 000,757,488 | ---- | M] (Microsoft Corporation) MD5=48600DAC5AF3A53B6F430528209E4830 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.16533_none_58a0c9d7ebb059ac\iexplore.exe
[2013/07/24 20:42:37 | 000,757,400 | ---- | M] (Microsoft Corporation) MD5=57EC630DBD5F0713E77CB3540AB80A8E -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.16502_none_58c03951eb98ec82\iexplore.exe
[2013/05/16 17:34:33 | 000,757,400 | ---- | M] (Microsoft Corporation) MD5=67EE46FD4D3B56531C5DD1BDC149275A -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.16490_none_585ce78bebe3b826\iexplore.exe
[2014/03/07 18:04:01 | 000,757,488 | ---- | M] (Microsoft Corporation) MD5=7116680C2C62709EE81BDDC69EF26B93 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.16545_none_5897fa7febb6a84b\iexplore.exe
[2014/05/28 10:49:40 | 000,758,000 | ---- | M] (Microsoft Corporation) MD5=7BA5B7DEDE25D44F3E664D5BA067E3CD -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.16555_none_588d2a93ebbec43c\iexplore.exe
[2010/09/09 18:10:35 | 000,634,656 | ---- | M] (Microsoft Corporation) MD5=867D06F3C473F65921F5EDF35866FF14 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22720_none_2fd60860332c475f\iexplore.exe
[2014/05/28 10:50:31 | 000,758,000 | ---- | M] (Microsoft Corporation) MD5=A2FCB57FF0C63599E910996B82488A00 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.20666_none_590cf7bd04e3994e\iexplore.exe
[2013/05/16 16:27:11 | 000,757,400 | ---- | M] (Microsoft Corporation) MD5=A8732CEDB2C0EE7AFC08F867A47BB3EC -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.20600_none_5947d58904b8599e\iexplore.exe
[2013/07/31 04:39:59 | 000,757,400 | ---- | M] (Microsoft Corporation) MD5=AA9CBDCD4675A48755DDA3A73BE3E283 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.16506_none_58c43a79eb9551de\iexplore.exe
[2010/09/09 18:10:36 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=B6D7D54B736056991109F169737592C7 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18498_none_2f08baa51a403b96\iexplore.exe
[2013/04/04 15:55:02 | 000,757,360 | ---- | M] (Microsoft Corporation) MD5=C036AB1ED8BAC04FE4A349BA263077BB -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.20593_none_58e9853504fea3f5\iexplore.exe
[2014/02/05 04:01:30 | 000,757,488 | ---- | M] (Microsoft Corporation) MD5=C24DA744AD59EF3A87380F0A75D2E580 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.20644_none_5920970104d52ebe\iexplore.exe
[2013/03/27 22:38:20 | 000,757,296 | ---- | M] (Microsoft Corporation) MD5=DDE5A0DFAF7C6370FB36402D7A746ED3 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.16470_none_58728763ebd38044\iexplore.exe
[2014/06/09 10:40:32 | 000,758,000 | ---- | M] (Microsoft Corporation) MD5=EB42437D005E26062759E6235CA9AEB4 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.20672_none_58fe26a904ef4fe3\iexplore.exe
[2013/05/28 20:24:32 | 000,757,400 | ---- | M] (Microsoft Corporation) MD5=EE12BA876C4190532A4085994BA9B616 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.16496_none_5862e947ebde5030\iexplore.exe
[2013/09/22 06:14:29 | 000,757,400 | ---- | M] (Microsoft Corporation) MD5=F87E95A127E83277B9AE500D7A18C998 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.20625_none_5937372304c41033\iexplore.exe
[2013/11/14 17:20:23 | 000,757,488 | ---- | M] (Microsoft Corporation) MD5=FA58195587EC371699D9641C3E275856 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.20637_none_592e67cb04ca5ed2\iexplore.exe
 
< MD5 for: IEXPLORE.EXE.MUI  >
[2006/11/02 06:38:50 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=3CCDDDBC49DEACA370F39A9F0E146A1B -- C:\Windows\winsxs\x86_microsoft-windows-i..texplorer.resources_31bf3856ad364e35_6.0.6000.16386_en-us_3b55b11a57da5590\iexplore.exe.mui
[2013/03/27 22:38:22 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=4C71CCB3C8817185E67210856778831F -- C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui
[2013/03/27 22:38:22 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=4C71CCB3C8817185E67210856778831F -- C:\Windows\winsxs\x86_microsoft-windows-i..-optional.resources_31bf3856ad364e35_9.1.8112.16421_en-us_52562cc123574ecd\iexplore.exe.mui
 
< MD5 for: SERVICES  >
[2006/09/18 15:41:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\Windows\System32\drivers\etc\services
[2006/09/18 15:41:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6000.16386_none_024e4071fa6fea95\services
 
< MD5 for: SERVICES.CFG  >
[2011/06/06 12:55:30 | 000,584,045 | R--- | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\services.cfg
[2014/05/08 05:21:20 | 000,559,489 | ---- | M] () MD5=E829329E4886E9A3540C62114FC8E145 -- C:\Program Files\Adobe\Reader 10.0\Reader\Services\Services.cfg
 
< MD5 for: SERVICES.EXE  >
[2009/04/11 07:18:51 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\System32\services.exe
[2009/04/11 07:18:51 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
 
< MD5 for: SERVICES.EXE.MUI  >
[2006/11/02 06:38:29 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Windows\System32\en-US\services.exe.mui
[2006/11/02 06:38:29 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.0.6000.16386_en-us_67c6851b290a1ced\services.exe.mui
 
< MD5 for: SERVICES.LNK  >
[2008/01/20 20:56:43 | 000,001,688 | ---- | M] () MD5=D33B2F379CED5E32AF2F9199CE4EE94A -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2008/01/20 20:56:43 | 000,001,688 | ---- | M] () MD5=D33B2F379CED5E32AF2F9199CE4EE94A -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
 
< MD5 for: SERVICES.MOF  >
[2006/09/18 15:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\System32\wbem\services.mof
[2006/09/18 15:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.mof
 
< MD5 for: SERVICES.MSC  >
[2006/11/02 06:39:04 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\en-US\services.msc
[2006/09/18 15:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\services.msc
[2006/11/02 06:39:04 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.0.6000.16386_en-us_a2085506ff73b6e0\services.msc
[2006/09/18 15:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.0.6001.18000_none_cf63e2a445bae4e3\services.msc
 
< MD5 for: WINLOGON.EXE  >
[2009/04/11 07:18:51 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 07:18:51 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
 
< MD5 for: WINLOGON.EXE.MUI  >
[2008/01/20 20:35:28 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=26AC28BF50DC112BAA794A83E08588F0 -- C:\Windows\System32\en-US\winlogon.exe.mui
[2008/01/20 20:35:28 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=26AC28BF50DC112BAA794A83E08588F0 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.0.6001.18000_en-us_caf8918b0416723a\winlogon.exe.mui
[2006/11/02 06:38:26 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=A1D2856F3EC3C86EBBF1442B0245A8B3 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.0.6000.16386_en-us_c8c1cf8f072b6166\winlogon.exe.mui
 
< MD5 for: WINLOGON.MOF  >
[2006/09/18 15:41:56 | 000,002,794 | ---- | M] () MD5=545C578F290B9CDD280966939935B9EA -- C:\Windows\System32\wbem\winlogon.mof
[2006/09/18 15:41:56 | 000,002,794 | ---- | M] () MD5=545C578F290B9CDD280966939935B9EA -- C:\Windows\winsxs\x86_microsoft-windows-winlogon-mof_31bf3856ad364e35_6.0.6000.16386_none_7e0207d478fccc94\winlogon.mof
 
<     %SYSTEMDRIVE%\*.* >
[2009/04/11 07:18:47 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2014/08/06 07:09:22 | 1539,874,816 | -HS- | M] () -- C:\hiberfil.sys
[2014/08/06 07:09:20 | 1855,725,568 | -HS- | M] () -- C:\pagefile.sys
 
<     %systemroot%\Fonts\*.com >
[2006/11/02 06:35:34 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 06:35:34 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 06:35:34 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/04/11 07:19:49 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
 
<     %systemroot%\Fonts\*.dll >
 
<     %systemroot%\Fonts\*.ini >
[2006/09/18 15:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini
 
<     %systemroot%\Fonts\*.ini2 >
 
<     %systemroot%\Fonts\*.exe >
 
<     %systemroot%\system32\spool\prtprocs\w32x86\*.* >
 
<     %systemroot%\REPAIR\*.bak1 >
 
<     %systemroot%\REPAIR\*.ini >
 
<     %systemroot%\system32\*.jpg >
 
<     %systemroot%\*.jpg >
 
<     %systemroot%\*.png >
 
<     %systemroot%\*.scr >
 
<     %systemroot%\*._sy >
 
<     %APPDATA%\Adobe\Update\*.* >
 
<     %ALLUSERSPROFILE%\Favorites\*.* >
 
<     %APPDATA%\Microsoft\*.* >
 
<     %PROGRAMFILES%\*.* >
[2008/01/20 20:57:01 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini
 
<     %APPDATA%\Update\*.* >
 
<     %systemroot%\*. /mp /s >
 
<     dir "%systemdrive%\*" /S /A:L /C >
 Volume in drive C has no label.
 Volume Serial Number is 8CEF-9F2C
 Directory of C:\
11/02/2006  06:59 AM    <JUNCTION>     Documents and Settings [C:\Users]
               0 File(s)              0 bytes
 Directory of C:\ProgramData
11/02/2006  06:59 AM    <JUNCTION>     Application Data [C:\ProgramData]
11/02/2006  06:59 AM    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
11/02/2006  06:59 AM    <JUNCTION>     Documents [C:\Users\Public\Documents]
11/02/2006  06:59 AM    <JUNCTION>     Favorites [C:\Users\Public\Favorites]
11/02/2006  06:59 AM    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
11/02/2006  06:59 AM    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users
11/02/2006  06:59 AM    <SYMLINKD>     All Users [C:\ProgramData]
11/02/2006  06:59 AM    <JUNCTION>     Default User [C:\Users\Default]
               0 File(s)              0 bytes
 Directory of C:\Users\All Users
11/02/2006  06:59 AM    <JUNCTION>     Application Data [C:\ProgramData]
11/02/2006  06:59 AM    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
11/02/2006  06:59 AM    <JUNCTION>     Documents [C:\Users\Public\Documents]
11/02/2006  06:59 AM    <JUNCTION>     Favorites [C:\Users\Public\Favorites]
11/02/2006  06:59 AM    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
11/02/2006  06:59 AM    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Annie
03/27/2013  07:17 PM    <JUNCTION>     Application Data [C:\Users\Annie\AppData\Roaming]
03/27/2013  07:17 PM    <JUNCTION>     Cookies [C:\Users\Annie\AppData\Roaming\Microsoft\Windows\Cookies]
03/27/2013  07:17 PM    <JUNCTION>     Local Settings [C:\Users\Annie\AppData\Local]
03/27/2013  07:17 PM    <JUNCTION>     My Documents [C:\Users\Annie\Documents]
03/27/2013  07:17 PM    <JUNCTION>     NetHood [C:\Users\Annie\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
03/27/2013  07:17 PM    <JUNCTION>     PrintHood [C:\Users\Annie\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
03/27/2013  07:17 PM    <JUNCTION>     Recent [C:\Users\Annie\AppData\Roaming\Microsoft\Windows\Recent]
03/27/2013  07:17 PM    <JUNCTION>     SendTo [C:\Users\Annie\AppData\Roaming\Microsoft\Windows\SendTo]
03/27/2013  07:17 PM    <JUNCTION>     Start Menu [C:\Users\Annie\AppData\Roaming\Microsoft\Windows\Start Menu]
03/27/2013  07:17 PM    <JUNCTION>     Templates [C:\Users\Annie\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Annie\AppData\Local
03/27/2013  07:17 PM    <JUNCTION>     Application Data [C:\Users\Annie\AppData\Local]
03/27/2013  07:17 PM    <JUNCTION>     History [C:\Users\Annie\AppData\Local\Microsoft\Windows\History]
03/27/2013  07:17 PM    <JUNCTION>     Temporary Internet Files [C:\Users\Annie\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\Annie\Documents
03/27/2013  07:17 PM    <JUNCTION>     My Music [C:\Users\Annie\Music]
03/27/2013  07:17 PM    <JUNCTION>     My Pictures [C:\Users\Annie\Pictures]
03/27/2013  07:17 PM    <JUNCTION>     My Videos [C:\Users\Annie\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\Default
11/02/2006  06:59 AM    <JUNCTION>     Application Data [C:\Users\Default\AppData\Roaming]
11/02/2006  06:59 AM    <JUNCTION>     Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
11/02/2006  06:59 AM    <JUNCTION>     Local Settings [C:\Users\Default\AppData\Local]
11/02/2006  06:59 AM    <JUNCTION>     My Documents [C:\Users\Default\Documents]
11/02/2006  06:59 AM    <JUNCTION>     NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
11/02/2006  06:59 AM    <JUNCTION>     PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
11/02/2006  06:59 AM    <JUNCTION>     Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
11/02/2006  06:59 AM    <JUNCTION>     SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
11/02/2006  06:59 AM    <JUNCTION>     Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
11/02/2006  06:59 AM    <JUNCTION>     Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Default\AppData\Local
11/02/2006  06:59 AM    <JUNCTION>     Application Data [C:\Users\Default\AppData\Local]
11/02/2006  06:59 AM    <JUNCTION>     History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
11/02/2006  06:59 AM    <JUNCTION>     Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\Default\Documents
11/02/2006  06:59 AM    <JUNCTION>     My Music [C:\Users\Default\Music]
11/02/2006  06:59 AM    <JUNCTION>     My Pictures [C:\Users\Default\Pictures]
11/02/2006  06:59 AM    <JUNCTION>     My Videos [C:\Users\Default\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\Public\Documents
11/02/2006  06:59 AM    <JUNCTION>     My Music [C:\Users\Public\Music]
11/02/2006  06:59 AM    <JUNCTION>     My Pictures [C:\Users\Public\Pictures]
11/02/2006  06:59 AM    <JUNCTION>     My Videos [C:\Users\Public\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\UpdatusUser
04/13/2013  08:33 AM    <JUNCTION>     Application Data [C:\Users\UpdatusUser\AppData\Roaming]
04/13/2013  08:33 AM    <JUNCTION>     Cookies [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Cookies]
04/13/2013  08:33 AM    <JUNCTION>     Local Settings [C:\Users\UpdatusUser\AppData\Local]
04/13/2013  08:33 AM    <JUNCTION>     My Documents [C:\Users\UpdatusUser\Documents]
04/13/2013  08:33 AM    <JUNCTION>     NetHood [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
04/13/2013  08:33 AM    <JUNCTION>     PrintHood [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
04/13/2013  08:33 AM    <JUNCTION>     Recent [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Recent]
04/13/2013  08:33 AM    <JUNCTION>     SendTo [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\SendTo]
04/13/2013  08:33 AM    <JUNCTION>     Start Menu [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu]
04/13/2013  08:33 AM    <JUNCTION>     Templates [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\UpdatusUser\AppData\Local
04/13/2013  08:33 AM    <JUNCTION>     Application Data [C:\Users\UpdatusUser\AppData\Local]
04/13/2013  08:33 AM    <JUNCTION>     History [C:\Users\UpdatusUser\AppData\Local\Microsoft\Windows\History]
04/13/2013  08:33 AM    <JUNCTION>     Temporary Internet Files [C:\Users\UpdatusUser\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\UpdatusUser\Documents
04/13/2013  08:33 AM    <JUNCTION>     My Music [C:\Users\UpdatusUser\Music]
04/13/2013  08:33 AM    <JUNCTION>     My Pictures [C:\Users\UpdatusUser\Pictures]
04/13/2013  08:33 AM    <JUNCTION>     My Videos [C:\Users\UpdatusUser\Videos]
               0 File(s)              0 bytes
     Total Files Listed:
               0 File(s)              0 bytes
              66 Dir(s)  45,898,846,208 bytes free
 
<     %systemroot%\System32\config\*.sav >
[2009/04/11 08:02:52 | 021,975,040 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2009/04/11 08:02:36 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2009/04/11 08:02:53 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 04:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 04:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
<     %PROGRAMFILES%\bak. /s >
 
<     %systemroot%\system32\bak. /s >
 
<     %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
 
<     %systemroot%\system32\config\systemprofile\*.dat /x >
 
<     %systemroot%\*.config >
 
<     %systemroot%\system32\*.db >
 
<     %PROGRAMFILES%\Internet Explorer\*.dat >
 
<     %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2013/06/12 14:48:29 | 000,000,286 | -HS- | M] () -- C:\Users\Annie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
 
<     %USERPROFILE%\Desktop\*.exe >
[2014/08/05 19:35:10 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Annie\Desktop\HijackThis.exe
[2014/08/06 07:13:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Annie\Desktop\OTL.exe
 
<     %PROGRAMFILES%\Common Files\*.* >
 
<     %systemroot%\*.src >
 
<     %systemroot%\install\*.* >
 
<     %systemroot%\system32\DLL\*.* >
 
<     %systemroot%\system32\HelpFiles\*.* >
 
<     %systemroot%\system32\rundll\*.* >
 
<     %systemroot%\winn32\*.* >
 
<     %systemroot%\Java\*.* >
 
<     %systemroot%\system32\test\*.* >
 
<     %systemroot%\system32\Rundll32\*.* >
 
<     %systemroot%\AppPatch\Custom\*.* >
 
<  >
[2006/11/02 06:58:10 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2006/11/02 06:58:10 | 000,032,614 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2013/03/29 11:23:48 | 000,000,830 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
 
<     HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
<     HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2014-07-24 21:41:03

< End of report >

 

Extras:

 

 

OTL Extras logfile created on: 8/6/2014 7:24:51 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Annie\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.44 Gb Total Physical Memory | 0.75 Gb Available Physical Memory | 51.98% Memory free
3.12 Gb Paging File | 2.32 Gb Available in Paging File | 74.31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.46 Gb Total Space | 42.90 Gb Free Space | 57.62% Space Free | Partition Type: NTFS
 
Computer Name: ANNIE-PC | User Name: Annie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3E84ADED-3D40-447E-828D-C00B76C5ACF3}" = lport=5357 | protocol=6 | dir=in | name=ws-eventing tcp port 5357 |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06DBD941-84D8-4147-8634-4DCB23CE3492}" = protocol=6 | dir=in | app=c:\program files\avg\avg2014\avgdiagex.exe |
"{249DFFB5-CD43-4431-816F-E08111899022}" = protocol=17 | dir=in | app=c:\program files\avg\avg2014\avgdiagex.exe |
"{2F08999F-990F-4E2E-9AE0-DA71764BCCA5}" = protocol=17 | dir=in | app=c:\program files\avg\avg2014\avgnsx.exe |
"{3D153392-5AAF-4AE3-B1A5-5ED691AF05E5}" = protocol=6 | dir=in | app=c:\program files\avg\avg2014\avgemcx.exe |
"{44C02E19-EBB9-4400-9229-2AED4305FD3E}" = protocol=6 | dir=in | app=c:\program files\avg\avg2014\avgmfapx.exe |
"{7464A421-8022-479E-8BB0-AEB9BCFE81D5}" = dir=in | app=c:\program files\hp\hp deskjet 2540 series\bin\devicesetup.exe |
"{A5D5497E-81FA-4958-A1FC-0CDE92382BB3}" = dir=in | app=c:\program files\hp\hp deskjet 2540 series\bin\hpnetworkcommunicatorcom.exe |
"{BC79E462-4234-4A6E-87E2-23BA1EAA4195}" = protocol=17 | dir=in | app=c:\program files\avg\avg2014\avgmfapx.exe |
"{CCFF297E-469F-4BC8-BFE5-0EB01BFFF638}" = protocol=6 | dir=in | app=c:\program files\avg\avg2014\avgnsx.exe |
"{EBCE1B44-E39C-4395-8B5C-F90924462D50}" = protocol=17 | dir=in | app=c:\program files\avg\avg2014\avgemcx.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 45
"{42B25A3A-C287-4000-9BE4-6C8110778BFC}" = GenuTax Standard
"{4539575D-C09D-4E71-B207-0F2D6BD74DA2}" = HP Deskjet 2540 series Help
"{4903D172-DCCB-392F-93A3-34CA9D47FE3D}" = Microsoft .NET Framework 4.5.1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{575A25F9-3018-46F6-AB97-552B52770877}" = HP Deskjet 2540 series Basic Device Software
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2F8F3F6-5AE8-4BE7-AE0E-9FA930C8EE90}" = AVG 2014
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.10)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 307.83
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 307.83
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C330C4F4-FD7C-4821-A210-F8058E1FB81C}" = AVG 2014
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"Adobe Flash Player ActiveX" = Adobe Flash Player 14 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 14 Plugin
"AVG" = AVG 2014
"Free Games" = Free Games
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 31.0 (x86 en-US)" = Mozilla Firefox 31.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 8/2/2014 6:00:21 PM | Computer Name = Annie-PC | Source = Application Error | ID = 1000
Description = Faulting application avgui.exe, version 14.0.0.4714, time stamp 0x53a04dfa,
 faulting module mfc110u.dll, version 6.0.6002.18881, time stamp 0x51da3e27, exception
 code 0xc0000135, fault offset 0x00009f5d,  process id 0xae0, application start time
 0x01cfae9d23725dde.
 
Error - 8/3/2014 3:37:46 PM | Computer Name = Annie-PC | Source = Application Error | ID = 1000
Description = Faulting application avgui.exe, version 14.0.0.4714, time stamp 0x53a04dfa,
 faulting module mfc110u.dll, version 6.0.6002.18881, time stamp 0x51da3e27, exception
 code 0xc0000135, fault offset 0x00009f5d,  process id 0x778, application start time
 0x01cfaf52266ceea5.
 
Error - 8/4/2014 3:16:54 PM | Computer Name = Annie-PC | Source = Application Error | ID = 1000
Description = Faulting application avgui.exe, version 14.0.0.4714, time stamp 0x53a04dfa,
 faulting module mfc110u.dll, version 6.0.6002.18881, time stamp 0x51da3e27, exception
 code 0xc0000135, fault offset 0x00009f5d,  process id 0x524, application start time
 0x01cfb018775bc350.
 
Error - 8/4/2014 10:45:20 PM | Computer Name = Annie-PC | Source = Application Error | ID = 1000
Description = Faulting application avgui.exe, version 14.0.0.4714, time stamp 0x53a04dfa,
 faulting module mfc110u.dll, version 6.0.6002.18881, time stamp 0x51da3e27, exception
 code 0xc0000135, fault offset 0x00009f5d,  process id 0x3e4, application start time
 0x01cfb05738072f72.
 
Error - 8/5/2014 9:33:48 AM | Computer Name = Annie-PC | Source = Application Error | ID = 1000
Description = Faulting application avgui.exe, version 14.0.0.4714, time stamp 0x53a04dfa,
 faulting module mfc110u.dll, version 6.0.6002.18881, time stamp 0x51da3e27, exception
 code 0xc0000135, fault offset 0x00009f5d,  process id 0x6c0, application start time
 0x01cfb0b1d7349832.
 
Error - 8/5/2014 8:48:27 PM | Computer Name = Annie-PC | Source = Application Error | ID = 1000
Description = Faulting application avgui.exe, version 14.0.0.4714, time stamp 0x53a04dfa,
 faulting module mfc110u.dll, version 6.0.6002.18881, time stamp 0x51da3e27, exception
 code 0xc0000135, fault offset 0x00009f5d,  process id 0x3e4, application start time
 0x01cfb1100454e012.
 
Error - 8/5/2014 9:07:38 PM | Computer Name = Annie-PC | Source = Application Error | ID = 1000
Description = Faulting application fixcfg.exe, version 14.0.0.4714, time stamp 0x53a04cd1,
 faulting module MSVCR110.dll, version 6.0.6002.18881, time stamp 0x51da3e27, exception
 code 0xc0000135, fault offset 0x00009f5d,  process id 0x378, application start time
 0x01cfb112d07f50d7.
 
Error - 8/5/2014 9:52:52 PM | Computer Name = Annie-PC | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 31.0.0.5310, time
 stamp 0x53c75e91, faulting module mozalloc.dll, version 31.0.0.5310, time stamp
 0x53c72e91, exception code 0x80000003, fault offset 0x0000141b,  process id 0xbc4,
 application start time 0x01cfb118bb4db6f3.
 
Error - 8/6/2014 5:53:32 AM | Computer Name = Annie-PC | Source = Windows Search Service | ID = 3013
Description =
 
Error - 8/6/2014 5:53:32 AM | Computer Name = Annie-PC | Source = Windows Search Service | ID = 3013
Description =
 
[ System Events ]
Error - 8/5/2014 9:34:53 AM | Computer Name = Annie-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 8/5/2014 8:21:14 PM | Computer Name = Annie-PC | Source = Service Control Manager | ID = 7009
Description =
 
Error - 8/5/2014 8:21:14 PM | Computer Name = Annie-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 8/5/2014 8:21:14 PM | Computer Name = Annie-PC | Source = Service Control Manager | ID = 7009
Description =
 
Error - 8/5/2014 8:21:14 PM | Computer Name = Annie-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 8/5/2014 8:49:05 PM | Computer Name = Annie-PC | Source = Service Control Manager | ID = 7009
Description =
 
Error - 8/5/2014 8:49:05 PM | Computer Name = Annie-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 8/5/2014 8:49:05 PM | Computer Name = Annie-PC | Source = Service Control Manager | ID = 7009
Description =
 
Error - 8/5/2014 8:49:05 PM | Computer Name = Annie-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 8/5/2014 9:39:49 PM | Computer Name = Annie-PC | Source = Microsoft-Windows-Kernel-General | ID = 5
Description =
 
 
< End of report >
 

Hijackthis log:

 

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 7:44:48 AM, on 8/6/2014
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16561)

FIREFOX: 31.0 (x86 en-US)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVG\AVG2014\avgui.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\RunDll32.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Users\Annie\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Free Games - {0D5F364D-D6A9-43C1-BF0C-99B378972C5B} - C:\Program Files\Free Games\ScriptHost.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2014\avgui.exe" /TRAYONLY
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1448573655-2994080838-3063704634-1001\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'UpdatusUser')
O4 - Startup: Monitor Ink Alerts - HP Deskjet 2540 series.lnk = ?
O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\Smart Print\SmartPrintSetup.exe
O9 - Extra 'Tools' menuitem: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\Smart Print\SmartPrintSetup.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2014\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2014\avgwdsvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

--
End of file - 3948 bytes
 

DDS:

 

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 7:44:48 AM, on 8/6/2014
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16561)

FIREFOX: 31.0 (x86 en-US)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVG\AVG2014\avgui.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\RunDll32.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Users\Annie\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Free Games - {0D5F364D-D6A9-43C1-BF0C-99B378972C5B} - C:\Program Files\Free Games\ScriptHost.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2014\avgui.exe" /TRAYONLY
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1448573655-2994080838-3063704634-1001\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'UpdatusUser')
O4 - Startup: Monitor Ink Alerts - HP Deskjet 2540 series.lnk = ?
O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\Smart Print\SmartPrintSetup.exe
O9 - Extra 'Tools' menuitem: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\Smart Print\SmartPrintSetup.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2014\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2014\avgwdsvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

--
End of file - 3948 bytes
 

DDS (first part):

 

.
DDS (Ver_11-03-05.01) - NTFSx86  
Run by Annie at  7:49:04.05 on Wed 08/06/2014
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.45.2
Microsoft® Windows Vista™ Home Basic   6.0.6002.2.1252.1.1033.18.1470.568 [GMT -6:00]
.
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
c:\PROGRA~1\AVG\AVG2014\avgrsx.exe
C:\Program Files\AVG\AVG2014\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVG\AVG2014\avgui.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\RunDll32.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\AVG\AVG2014\avgidsagent.exe
C:\Program Files\AVG\AVG2014\avgwdsvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG2014\avgnsx.exe
C:\Program Files\AVG\AVG2014\avgemcx.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Users\Annie\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
BHO: Free Games: {0d5f364d-d6a9-43c1-bf0c-99b378972c5b} - c:\program files\free games\ScriptHost.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [AVG_UI] "c:\program files\avg\avg2014\avgui.exe" /TRAYONLY
StartupFolder: c:\users\annie\appdata\roaming\micros~1\windows\startm~1\programs\startup\monito~1.lnk - c:\windows\system32\RunDll32.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - c:\program files\hewlett-packard\smart print\SmartPrintSetup.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\annie\appdata\roaming\mozilla\firefox\profiles\soiskhuh.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.searchassist.net/search?p=s&q={searchTerms}&m=1980&c=d&s=sp
FF - prefs.js: browser.search.selectedEngine - Search  
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://www.searchassist.net/search?p=s&q=
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_14_0_0_145.dll
.
---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.brc - BRI/1
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2014-6-17 147736]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2014-6-17 241944]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2014-6-17 98584]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2014-6-17 27416]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [2014-6-30 121624]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2014-6-17 199960]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2014-6-17 21272]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2014-6-17 188696]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2014-6-17 197400]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2013-12-18 65432]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2014\avgidsagent.exe [2014-7-10 3244048]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2014\avgwdsvc.exe [2014-7-10 289328]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia update core\daemonu.exe [2013-4-13 1259296]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2013-3-29 262320]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2013-7-13 119408]
S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [2013-12-2 13464]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-9-11 770168]
.
=============== Created Last 30 ================
.
2014-08-06 13:14:12    --------    d-----w-    C:\ZTools
2014-08-06 02:49:09    --------    d-----w-    c:\users\annie\appdata\roaming\AVG2014
2014-08-06 02:45:17    --------    d--h--w-    C:\$AVG
2014-08-06 02:45:17    --------    d-----w-    c:\progra~2\AVG2014
2014-08-06 02:14:43    --------    d-----w-    c:\users\annie\appdata\local\Avg2014
2014-08-06 01:56:06    --------    d-----w-    c:\users\annie\appdata\local\SweepTools
2014-08-06 01:55:59    --------    d-----w-    c:\program files\SweepTools PC Cleaner
2014-08-02 22:23:24    --------    d-----w-    c:\users\annie\appdata\local\AVG
2014-08-02 22:23:23    --------    d-----w-    c:\users\annie\appdata\roaming\AVG
2014-08-02 22:17:35    --------    d-sh--w-    c:\progra~2\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-08-02 22:17:32    --------    d-----w-    c:\progra~2\AVG
2014-07-29 23:20:51    --------    d-----w-    c:\users\annie\appdata\local\speedtest199
2014-07-29 23:20:44    --------    d-----w-    c:\program files\Free Games
2014-07-29 23:20:36    --------    d-----w-    c:\users\annie\appdata\local\freegames197
2014-07-29 23:19:53    --------    d-----w-    c:\users\annie\appdata\roaming\Performersoft
2014-07-29 23:19:41    --------    d-----w-    c:\program files\PC Performer
2014-07-29 16:57:55    --------    d-----w-    c:\users\annie\appdata\local\globalUpdate
2014-07-29 16:57:55    --------    d-----w-    c:\program files\globalUpdate
2014-07-09 13:29:44    2051072    ----a-w-    c:\windows\system32\win32k.sys
.
==================== Find3M  ====================
.
2014-07-09 06:28:46    71344    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2014-07-09 06:28:46    699056    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2014-06-06 23:12:01    1810432    ----a-w-    c:\windows\system32\jscript9.dll
2014-06-06 23:03:02    1427968    ----a-w-    c:\windows\system32\inetcpl.cpl
2014-06-06 23:02:16    1129472    ----a-w-    c:\windows\system32\wininet.dll
2014-06-06 22:57:04    142848    ----a-w-    c:\windows\system32\ieUnatt.exe
2014-06-06 22:56:20    421376    ----a-w-    c:\windows\system32\vbscript.dll
2014-06-06 22:52:42    2382848    ----a-w-    c:\windows\system32\mshtml.tlb
2014-06-06 22:51:59    11776    ----a-w-    c:\windows\system32\mshta.exe
2014-06-06 08:59:38    506880    ----a-w-    c:\windows\system32\qedit.dll
.
============= FINISH:  7:49:41.04 ===============
 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 


    Advertisements

Register to Remove


#2 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 07 August 2014 - 08:59 PM

Hi accinab,

My name is OCD. I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:
  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • Copy and Paste logs directly into the reply window. DO NOT attach the logs unless specifically instructed to do so.
IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.

Please stay with this topic until I let you know that your system appears to be "All Clear"

Important: All tools MUST be run from the Desktop.

=========================

bullseye_zpse9eaf36e.gif Run OTL.exe
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    :OTL
    IE - HKLM\..\SearchScopes\{BA1BE292-1D15-488B-934D-008742212380}: "URL" = http://www.SearchAss...m=1980&c=d&s=sp
    IE - HKCU\..\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" = http://search.condui...rchTerms}&SSPV=
    IE - HKCU\..\SearchScopes\{ac47396a-0d65-4584-a14b-b3be5b87172a}: "URL" = http://www.searchalg...Terms}&cid=4301
    IE - HKCU\..\SearchScopes\{BA1BE292-1D15-488B-934D-008742212380}: "URL" = http://www.SearchAss...m=1980&c=d&s=sp
    FF - prefs.js..keyword.URL: "http://www.searchass.../search?p=s&q="
    FF - prefs.js..browser.search.defaulturl: "http://www.searchass...=1980&c=d&s=sp"
    CHR - homepage: http:\/\/www.searchassist.net\/?p=h&m=1980&c=d&s=sp
    CHR - plugin: SearchAssist (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    :Files
    
    :Services
    
    :Reg
    
    :Commands
    [purity]
    [createrestorepoint]
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
=========================

bullseye_zpse9eaf36e.gif Reset Firefox to its default state
  • At the top of the Firefox window, click the Firefox button, go over to the Help sub-menu
    (on Windows XP, click the Help menu at the top of the Firefox window) and select Troubleshooting Information.
    restfirefox1.png
  • Click the Reset Firefox button in the upper-right corner of the Troubleshooting Information page.
    resetfirefox2.png
  • To continue, click Reset Firefox in the confirmation window that opens.
  • Firefox will close and be reset. When it's done, a window will list the information that was imported. Click Finish and Firefox will open.
=========================

bullseye_zpse9eaf36e.gif Disable Plug-ins in Google Chrome
  • Click the Chrome menu chromebrowsertoolbar.png on the browser toolbar.
  • Select Settings.
  • Scroll down to Show advanced settings...
  • Locate the Privacy Section, select Content Settings
  • In the pop up window scoll to Plug-Ins, select Disable individual plug-ins...
  • Locate the following plug-ins and set them to Disable:
    • SearchAssist
  • Exit Chrome settings menu.
=========================

bullseye_zpse9eaf36e.gif AdwCleaner v3: Scan & Clean
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
  • Click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a log file report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that log file in your next reply.
  • A copy of that log file will also be saved in the C:\AdwCleaner folder.
=========================

bullseye_zpse9eaf36e.gif Junkware Removal Tool

Download Junkware Removal Tool to your desktop.
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Shut down your protection software now to avoid potential conflicts.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
=========================

bullseye_zpse9eaf36e.gif Re-run OTL (it should be located on your desktop).
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Uncheck the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open one notepad window. OTL.Txt. (No Extras.txt will be produced)
    Note:The log can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
  • Please copy (Edit->Select All, Edit->Copy) the contents of the file, and post it with your next reply.
=========================

In your next post please provide the following:
  • OTL fix log
  • AdwCleaner[S0].txt
  • JRT.txt
  • new OTL.txt
  • How is the computer running, any symptoms?

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#3 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 10 August 2014 - 08:02 PM

Hi accinab,

Just checking in to see if you still need help?
OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#4 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 12 August 2014 - 11:52 PM

Due to inactivity this topic will be closed.
If you need help please start a new thread.

New members follow the instructions here http://forums.whatth...ed_t106388.html and start a new topic
OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users