Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojans/Spyware trouble on XP computer

Started by Georgex , Jul 23 2010 10:09 AM

  • This topic is locked This topic is locked

#31
Georgex
Posted 02 August 2010 - 04:19 PM

Georgex

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Here is the saved log for drweb.

RegUBP2b-Bill.reg;C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2;Trojan.StartPage.1505;Deleted.;
A0193616.reg;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1167;Trojan.StartPage.1505;Deleted.;

avast is now initializing with no errors, but hasnt done anything after that for several minutes.
The OTL scan is coming shortly.
  • 0

Advertisements

#32
Georgex
Posted 02 August 2010 - 04:48 PM

Georgex

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Here is the OTL log....
Avast is still initializing.

OTL logfile created on: 8/2/2010 6:20:38 PM - Run 6
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Bill\Desktop\George 7.2010 troubleshooting folder
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 544.00 Mb Available Physical Memory | 54.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): D:\pagefile.sys 3000 3000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 108.59 Gb Total Space | 87.60 Gb Free Space | 80.67% Space Free | Partition Type: NTFS
Drive D: | 37.05 Gb Total Space | 34.05 Gb Free Space | 91.89% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BR-95QW6B1
Current User Name: Bill
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Bill\Desktop\George 7.2010 troubleshooting folder\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
PRC - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe (Linksys)
PRC - C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft ActiveSync\rapimgr.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
PRC - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe (GEMTEKS)
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
PRC - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (America Online, Inc.)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Bill\Desktop\George 7.2010 troubleshooting folder\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (WUSB54GCSVC) -- C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe WUSB54GC.exe File not found
SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found
SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (MSSQL$MICROSOFTSMLBIZ) -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe ()
SRV - (SQLAgent$MICROSOFTSMLBIZ) -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE (Microsoft Corporation)
SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (America Online, Inc.)


========== Driver Services (SafeList) ==========

DRV - (catchme) -- C:\DOCUME~1\Bill\LOCALS~1\Temp\catchme.sys File not found
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (ALWIL Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (ALWIL Software)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (dsunidrv) -- C:\WINDOWS\system32\drivers\dsunidrv.sys (Gteko Ltd.)
DRV - (DSproct) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)
DRV - (RT73) -- C:\WINDOWS\system32\drivers\rt73.sys (Ralink Technology, Corp.)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (DRVMCDB) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (DRVNDDM) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS (Sonic Solutions)
DRV - (BANTExt) -- C:\WINDOWS\System32\Drivers\BANTExt.sys ()
DRV - (BCM42RLY) -- C:\WINDOWS\system32\bcm42rly.sys (Broadcom Corporation)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\system32\drivers\wanatw4.sys (America Online, Inc.)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5643

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"


FF - HKLM\software\mozilla\Mozilla Firefox 1.5.0.12\Extensions\\Components: C:\Program Files\Mozilla Firefox\components\ [2010/03/27 12:56:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 1.5.0.12\Extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins\ [2010/07/22 16:03:40 | 000,000,000 | ---D | M]

[2006/11/02 10:39:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\ga8o288o.default\extensions
[2008/09/01 22:07:05 | 000,001,406 | ---- | M] () -- C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\ga8o288o.default\searchplugins\siteadvisor.gif
[2008/09/01 22:07:05 | 000,000,276 | ---- | M] () -- C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\ga8o288o.default\searchplugins\siteadvisor.src
[2010/07/25 21:33:10 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2006/11/02 10:36:23 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/07/25 21:33:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2008/09/24 21:15:50 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2008/09/30 15:28:15 | 000,061,038 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jar50.dll
[2008/09/30 15:28:15 | 000,049,256 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jsd3250.dll
[2008/09/30 15:28:16 | 000,166,000 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\xpinstal.dll
[2008/11/18 00:33:49 | 000,027,976 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\atgpcdec.dll
[2008/11/18 00:33:49 | 000,125,848 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\atgpcext.dll
[2008/11/18 00:33:48 | 000,060,824 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\npatgpc.dll
[2010/07/25 21:32:55 | 000,423,656 | ---- | M] (Oracle) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2008/09/30 17:35:30 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
[2008/09/30 15:28:25 | 000,000,680 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.png
[2008/09/30 15:28:25 | 000,000,741 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.src
[2008/09/30 15:28:25 | 000,001,150 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.png
[2008/09/30 15:28:25 | 000,000,539 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.src
[2008/09/30 15:28:25 | 000,000,356 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.png
[2008/09/30 15:28:25 | 000,001,007 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.src
[2008/09/30 15:28:25 | 000,000,210 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.gif
[2008/09/30 15:28:25 | 000,001,056 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.src
[2008/09/30 15:28:25 | 000,001,076 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.gif
[2008/09/30 15:28:25 | 000,000,733 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.src
[2008/09/30 15:28:25 | 000,000,088 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.gif
[2008/09/30 15:28:25 | 000,001,122 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.src

O1 HOSTS File: ([2010/08/02 10:49:47 | 000,000,789 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitd...can8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://toysrus.webe...bex/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: vzTCPConfig http://www2.verizon....vzTCPConfig.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 65.32.5.111 65.32.5.112
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Bill\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Bill\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 17:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/08/02 10:31:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill\DoctorWeb
[2010/07/29 21:31:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Desktop\avz4
[2010/07/28 18:31:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Desktop\tdsskiller
[2010/07/26 18:55:06 | 000,165,456 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/07/26 18:55:06 | 000,017,744 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/07/26 18:55:05 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/07/26 18:55:03 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/07/26 18:55:02 | 000,100,176 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/07/26 18:55:02 | 000,094,544 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/07/26 18:55:01 | 000,028,880 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/07/26 18:54:46 | 000,165,032 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/07/26 18:54:46 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
[2010/07/25 21:33:07 | 000,153,376 | ---- | C] (Oracle) -- C:\WINDOWS\System32\javaws.exe
[2010/07/25 21:33:07 | 000,145,184 | ---- | C] (Oracle) -- C:\WINDOWS\System32\javaw.exe
[2010/07/25 21:33:07 | 000,145,184 | ---- | C] (Oracle) -- C:\WINDOWS\System32\java.exe
[2010/07/25 21:22:07 | 016,066,336 | ---- | C] (Oracle) -- C:\Documents and Settings\Bill\Desktop\jre-6u21-windows-i586.exe
[2010/07/25 18:56:54 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/07/25 18:56:30 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Bill\Desktop\TFC.exe
[2010/07/25 18:34:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Desktop\combofix marraige
[2010/07/25 12:42:33 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/07/25 12:40:43 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/07/25 12:40:43 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/07/25 12:40:43 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/07/25 12:39:38 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/07/24 22:19:12 | 000,000,000 | ---D | C] -- C:\HelpAsst_backup
[2010/07/24 22:19:06 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\swreg.exe
[2010/07/24 22:11:43 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/07/23 15:27:17 | 000,000,000 | ---D | C] -- C:\Program Files\TweakNow RegCleaner
[2010/07/23 15:27:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Application Data\TweakNow RegCleaner
[2010/07/23 13:30:21 | 000,000,000 | ---D | C] -- C:\VundoFix Backups
[2010/07/23 11:49:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Desktop\George 7.2010 troubleshooting folder
[2010/07/22 19:10:12 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/07/22 16:38:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\BDOSCAN8
[2010/07/22 16:04:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/07/22 16:03:40 | 000,423,656 | ---- | C] (Oracle) -- C:\WINDOWS\System32\deployJava1.dll
[2010/07/22 13:16:40 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/07/22 13:16:37 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/07/22 13:16:37 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/22 11:18:48 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2010/07/21 22:05:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Desktop\index.php_files
[2010/07/21 21:33:42 | 000,000,000 | ---D | C] -- C:\Program Files\Glary Utilities
[2010/07/21 21:19:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Application Data\GlarySoft
[2010/07/21 21:19:28 | 000,000,000 | ---D | C] -- C:\Program Files\Glary Registry Repair
[2010/07/21 18:34:24 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/07/21 18:34:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/07/21 16:22:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MpEngineStore
[2010/07/16 07:41:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/07/16 07:41:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/07/14 19:31:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Real
[2010/07/14 18:05:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/07/14 16:09:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/06/28 08:35:24 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Bill\My Documents\cache
[2010/06/26 00:08:28 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2010/06/26 00:07:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010/06/26 00:06:51 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010/06/26 00:02:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Local Settings\Application Data\Microsoft Help
[2010/06/26 00:02:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2010/06/26 00:00:43 | 000,000,000 | R--D | C] -- C:\MSOCache
[2006/07/24 09:41:19 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\IMPLODE.DLL

========== Files - Modified Within 90 Days ==========

[2010/08/02 18:11:56 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/02 18:11:42 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/02 18:11:37 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/02 18:11:36 | 1063,407,616 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/02 18:10:57 | 008,650,752 | ---- | M] () -- C:\Documents and Settings\Bill\ntuser.dat
[2010/08/02 18:10:33 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Bill\ntuser.ini
[2010/08/02 18:09:58 | 006,953,040 | -H-- | M] () -- C:\Documents and Settings\Bill\Local Settings\Application Data\IconCache.db
[2010/08/02 18:08:41 | 000,000,270 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\DrWeb log.csv
[2010/08/02 10:49:47 | 000,000,789 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/08/02 10:18:05 | 048,091,864 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\drweb-cureit.exe
[2010/07/29 21:30:57 | 006,079,521 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\avz4.zip
[2010/07/28 18:31:34 | 001,108,900 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\tdsskiller.zip
[2010/07/26 18:55:06 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/07/26 18:55:02 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/07/26 17:46:09 | 054,835,272 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\setup_av_free.exe
[2010/07/25 22:36:33 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/07/25 21:32:54 | 000,423,656 | ---- | M] (Oracle) -- C:\WINDOWS\System32\deployJava1.dll
[2010/07/25 21:32:54 | 000,153,376 | ---- | M] (Oracle) -- C:\WINDOWS\System32\javaws.exe
[2010/07/25 21:32:54 | 000,145,184 | ---- | M] (Oracle) -- C:\WINDOWS\System32\javaw.exe
[2010/07/25 21:32:54 | 000,145,184 | ---- | M] (Oracle) -- C:\WINDOWS\System32\java.exe
[2010/07/25 21:32:54 | 000,073,728 | ---- | M] (Oracle) -- C:\WINDOWS\System32\javacpl.cpl
[2010/07/25 21:22:07 | 016,066,336 | ---- | M] (Oracle) -- C:\Documents and Settings\Bill\Desktop\jre-6u21-windows-i586.exe
[2010/07/25 18:56:30 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bill\Desktop\TFC.exe
[2010/07/25 18:43:40 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/07/25 12:42:40 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/07/23 11:45:37 | 000,012,443 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\alureon.h removal - Tech Support Guy Forums.url
[2010/07/22 19:10:17 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\Spybot - Search & Destroy.lnk
[2010/07/22 13:16:42 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/22 12:53:35 | 000,000,707 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/07/22 12:53:35 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/07/22 11:18:16 | 000,000,671 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100722-191435.backup
[2010/07/21 22:05:59 | 000,153,522 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\index.php.htm
[2010/07/21 18:13:38 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/07/21 18:11:44 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Bill\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/07/21 17:21:00 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Bill\Local Settings\Application Data\prvlcl.dat
[2010/07/21 16:59:30 | 000,470,942 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/07/21 16:59:30 | 000,402,426 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/07/21 16:59:30 | 000,062,032 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/07/21 15:08:38 | 000,000,172 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2010/07/14 16:22:08 | 002,004,649 | ---- | M] () -- C:\WINDOWS\iis6.BAK
[2010/07/07 21:05:56 | 000,019,602 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\CE Requirements for 220.docx
[2010/07/06 17:28:22 | 000,117,760 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\Copy of June 10 Cypress Creek.xls
[2010/06/28 16:57:33 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
[2010/06/28 16:57:12 | 000,165,032 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/06/28 16:37:52 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/06/28 16:37:30 | 000,165,456 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/06/28 16:33:13 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/06/28 16:32:45 | 000,100,176 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/06/28 16:32:42 | 000,094,544 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/06/28 16:32:33 | 000,017,744 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/06/28 16:32:16 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/06/28 10:01:00 | 011,188,224 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\Taleo Training for Stores - Manager WebTop.ppt
[2010/06/27 19:56:31 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Bill\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2010/06/27 19:55:29 | 000,078,328 | ---- | M] () -- C:\Documents and Settings\Bill\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/06/26 12:30:22 | 000,290,888 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/22 00:48:08 | 000,691,712 | ---- | M] () -- C:\Documents and Settings\Bill\My Documents\RAFFIC CRASH PROBLEM.doc
[2010/06/22 00:48:08 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Bill\My Documents\~$FFIC CRASH PROBLEM.doc
[2010/06/19 08:36:38 | 000,026,112 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\Elder Meeting Minutes.doc
[2010/06/18 09:05:57 | 000,003,350 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2010/06/14 23:32:19 | 000,077,312 | ---- | M] () -- C:\Documents and Settings\Bill\My Documents\Loretta.doc
[2010/05/21 16:03:02 | 000,029,184 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\Member%20Services[1].doc
[2010/05/09 22:18:05 | 000,000,492 | ---- | M] () -- C:\Documents and Settings\Bill\My Documents\spider.sav
[2010/05/08 10:26:46 | 000,046,080 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\public talk.doc
[2010/05/05 12:42:04 | 000,403,456 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\BRsconcept2.doc

========== Files Created - No Company Name ==========

[2010/08/02 18:08:41 | 000,000,270 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\DrWeb log.csv
[2010/08/02 10:18:03 | 048,091,864 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\drweb-cureit.exe
[2010/07/29 21:30:56 | 006,079,521 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\avz4.zip
[2010/07/28 18:31:31 | 001,108,900 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\tdsskiller.zip
[2010/07/26 18:55:06 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/07/26 17:46:07 | 054,835,272 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\setup_av_free.exe
[2010/07/25 12:42:39 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/07/25 12:42:37 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/07/25 12:40:43 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/07/25 12:40:43 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/07/25 12:40:43 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/07/24 22:19:06 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/07/22 22:01:34 | 000,012,443 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\alureon.h removal - Tech Support Guy Forums.url
[2010/07/22 19:10:17 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\Spybot - Search & Destroy.lnk
[2010/07/22 13:16:42 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/21 22:05:58 | 000,153,522 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\index.php.htm
[2010/07/21 15:08:38 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/07/17 04:33:31 | 1063,407,616 | -HS- | C] () -- C:\hiberfil.sys
[2010/07/10 21:37:13 | 008,650,752 | ---- | C] () -- C:\Documents and Settings\Bill\ntuser.dat
[2010/07/07 21:05:55 | 000,019,602 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\CE Requirements for 220.docx
[2010/07/04 15:09:52 | 000,117,760 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\Copy of June 10 Cypress Creek.xls
[2010/06/28 10:01:00 | 011,188,224 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\Taleo Training for Stores - Manager WebTop.ppt
[2010/06/26 00:19:40 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Bill\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2010/06/22 00:48:08 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Bill\My Documents\~$FFIC CRASH PROBLEM.doc
[2010/06/22 00:48:07 | 000,691,712 | ---- | C] () -- C:\Documents and Settings\Bill\My Documents\RAFFIC CRASH PROBLEM.doc
[2010/06/15 23:45:50 | 000,026,112 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\Elder Meeting Minutes.doc
[2010/06/14 23:32:19 | 000,077,312 | ---- | C] () -- C:\Documents and Settings\Bill\My Documents\Loretta.doc
[2010/05/21 16:03:02 | 000,029,184 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\Member%20Services[1].doc
[2010/05/10 12:58:41 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Bill\Local Settings\Application Data\prvlcl.dat
[2010/05/04 22:25:52 | 000,046,080 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\public talk.doc
[2009/10/20 19:43:56 | 000,000,210 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/01/05 15:44:10 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2007/10/12 19:51:55 | 000,001,361 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2007/10/12 19:39:46 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2007/04/09 12:07:57 | 000,000,012 | ---- | C] () -- C:\WINDOWS\dirsaver.ini
[2007/02/03 13:41:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\UES07.INI
[2007/01/05 10:08:34 | 000,000,044 | ---- | C] () -- C:\WINDOWS\liveup.ini
[2006/11/28 16:59:10 | 000,051,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys
[2006/11/03 14:59:28 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A5W.INI
[2006/11/02 10:39:05 | 000,000,088 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/09/06 18:11:10 | 000,000,041 | ---- | C] () -- C:\WINDOWS\crw.ini
[2006/07/25 17:20:55 | 000,040,960 | R--- | C] () -- C:\WINDOWS\System32\wh2robo.dll
[2006/07/24 12:41:48 | 000,003,350 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/07/24 12:41:48 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\3592AEE09E.sys
[2006/07/24 09:41:35 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL
[2006/07/24 09:41:21 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\P2SODBC.DLL
[2006/07/24 09:41:21 | 000,054,272 | ---- | C] () -- C:\WINDOWS\System32\P2IRDAO.DLL
[2006/07/24 09:41:21 | 000,050,176 | ---- | C] () -- C:\WINDOWS\System32\P2CTDAO.DLL
[2006/07/24 09:41:20 | 000,748,160 | ---- | C] () -- C:\WINDOWS\System32\CO2C40EN.DLL
[2006/07/24 09:41:20 | 000,036,352 | ---- | C] () -- C:\WINDOWS\System32\P2BBND.DLL
[2006/07/22 15:27:09 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2006/06/23 10:23:46 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/06/23 10:18:01 | 000,000,173 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/06/23 10:13:17 | 000,712,704 | ---- | C] () -- C:\WINDOWS\System32\DellSystemRestore.dll
[2006/06/23 10:08:16 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/06/23 09:46:42 | 000,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/10 08:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/11 17:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 17:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

========== LOP Check ==========

[2010/07/21 18:34:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2008/01/17 15:40:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Geek Squad
[2006/06/23 10:11:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/10/14 22:14:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2006/07/31 14:32:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Broadlook Technologies
[2010/07/22 11:22:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\GlarySoft
[2006/09/28 14:58:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Leadertech
[2010/07/23 15:27:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\TweakNow RegCleaner
[2007/06/18 08:52:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Viewpoint
[2008/01/06 21:24:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Watchtower
[2010/06/29 16:11:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\webex

========== Purity Check ==========


< End of report >
  • 0

#33
hammerman
Posted 03 August 2010 - 02:47 PM

hammerman

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,183 posts
Hi,

Can you try a clean re-install of Avast.

Uninstall Avast and then use the Avast uninstall utility ASWclear utility to completely remove all traces of Avast. Re-install and see if you can update.
  • 0

#34
Georgex
Posted 03 August 2010 - 06:14 PM

Georgex

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Sorry, I uninstalled and used the exe you posted to clear it all the way, and then reinstalled, but Avast will not update! Same error, cant connect to the servers.

What do you think is preventing it, spyware/virus, or a problem with the install (I downloaded the free version from cnet and tried updating both before and after registering successfully)?
  • 0

#35
hammerman
Posted 04 August 2010 - 04:52 PM

hammerman

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,183 posts
Hi,

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5643
[2010/07/21 17:21:00 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Bill\Local Settings\Application Data\prvlcl.dat

:Services

:Reg

:Files
ipconfig /flushall /c
ipconfig /all /c

:Commands
[purity]
[emptytemp]
[emptyflash]
[start explorer]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • This fix will produce a report. Please add this to your reply.

Go to Control Panel and select Internet Options
Select the Connections TAB
Select LAN settings button
Ensure there is no tick in the Proxy Server box
Select OK and restart Internet explorer


And for Firefox there are instructions on this page and you want the setting to be no proxy

  • Double-click on Avast tray icon to open Avast.
  • Select Settings (top right of GUI)
  • Select Updates and then Proxy Settings
  • Check the setting Direct connection (no proxy)

Please check if you can update Avast.

Edited by hammerman, 04 August 2010 - 05:28 PM.

  • 0

#36
Georgex
Posted 04 August 2010 - 06:42 PM

Georgex

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
You are the hammerMAN!! I would love to know what was wrong. Was it the conficker virus or just because I changed the proxy from auto detect use internet explorer settings-which are fine on another computer running Windows 7-to Direct connection within Avast itself?

I really appreciate you hanging in there with me. Was the main problem that this computer was infected with trojans and MBRs? How can these clearly stronger viruses get onto a computer and why does it take so many different programs to clean them off? (not like the good old days when MBAM solved everything).

oops, almost forgot......OTL log below...

All processes killed
========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
C:\Documents and Settings\Bill\Local Settings\Application Data\prvlcl.dat moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushall /c >
Error: unrecongnized or incomplete command line.
USAGE:
ipconfig [/? | /all | /renew [adapter] | /release [adapter] |
/flushdns | /displaydns | /registerdns |
/showclassid adapter |
/setclassid adapter [classid] ]
where
adapter Connection name
(wildcard characters * and ? allowed, see examples)
Options:
/? Display this help message
/all Display full configuration information.
/release Release the IP address for the specified adapter.
/renew Renew the IP address for the specified adapter.
/flushdns Purges the DNS Resolver cache.
/registerdns Refreshes all DHCP leases and re-registers DNS names
/displaydns Display the contents of the DNS Resolver Cache.
/showclassid Displays all the dhcp class IDs allowed for adapter.
/setclassid Modifies the dhcp class id.
The default is to display only the IP address, subnet mask and
default gateway for each adapter bound to TCP/IP.
For Release and Renew, if no adapter name is specified, then the IP address
leases for all adapters bound to TCP/IP will be released or renewed.
For Setclassid, if no ClassId is specified, then the ClassId is removed.
Examples:
> ipconfig ... Show information.
> ipconfig /all ... Show detailed information
> ipconfig /renew ... renew all adapters
> ipconfig /renew EL* ... renew any connection that has its
name starting with EL
> ipconfig /release *Con* ... release all matching connections,
eg. "Local Area Connection 1" or
"Local Area Connection 2"
C:\Documents and Settings\Bill\Desktop\George 7.2010 troubleshooting folder\cmd.bat deleted successfully.
C:\Documents and Settings\Bill\Desktop\George 7.2010 troubleshooting folder\cmd.txt deleted successfully.
< ipconfig /all /c >
Windows IP Configuration
Host Name . . . . . . . . . . . . : BR-95QW6B1
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : tampabay.rr.com
Ethernet adapter Local Area Connection 3:
Connection-specific DNS Suffix . : tampabay.rr.com
Description . . . . . . . . . . . : Intel® PRO/100 VE Network Connection
Physical Address. . . . . . . . . : 00-16-76-72-E6-96
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.1.102
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 65.32.5.111
65.32.5.112
Lease Obtained. . . . . . . . . . : Wednesday, August 04, 2010 7:59:08 PM
Lease Expires . . . . . . . . . . : Thursday, August 05, 2010 7:59:08 PM
C:\Documents and Settings\Bill\Desktop\George 7.2010 troubleshooting folder\cmd.bat deleted successfully.
C:\Documents and Settings\Bill\Desktop\George 7.2010 troubleshooting folder\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Bill
->Temp folder emptied: 885170 bytes
->Temporary Internet Files folder emptied: 21303200 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 434 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: HelpAssistant
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Melody
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16065 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 45260160 bytes

Total Files Cleaned = 64.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Bill
->Flash cache emptied: 0 bytes

User: Default User

User: HelpAssistant
->Flash cache emptied: 0 bytes

User: LocalService

User: Melody
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.9.1 log created on 08042010_201354

Files\Folders moved on Reboot...
C:\Documents and Settings\Bill\Local Settings\Temporary Internet Files\Content.IE5\N7Z9WIYI\page__st__30[1].htm moved successfully.
C:\Documents and Settings\Bill\Local Settings\Temporary Internet Files\Content.IE5\5ZW9X6AX\like[1].htm moved successfully.
C:\Documents and Settings\Bill\Local Settings\Temporary Internet Files\Content.IE5\5ZW9X6AX\like[2].htm moved successfully.
C:\Documents and Settings\Bill\Local Settings\Temporary Internet Files\Content.IE5\5ZW9X6AX\like[3].htm moved successfully.
C:\Documents and Settings\Bill\Local Settings\Temporary Internet Files\Content.IE5\4CAXIFDH\page__st__30[2].htm moved successfully.
C:\Documents and Settings\Bill\Local Settings\Temporary Internet Files\AntiPhishing\A0AB7674-8D67-4F4D-B5E1-96FAEADFB79D.dat moved successfully.
File move failed. C:\WINDOWS\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Edited by Georgex, 04 August 2010 - 06:43 PM.

  • 0

#37
hammerman
Posted 05 August 2010 - 03:31 PM

hammerman

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,183 posts
Hi,

You had the Mebroot/HelpAssistant infection along with a TDSS rootkit. Specialist tools are needed for these.

Click Start>Run and type helpasst -folder then hit Enter.
The tool will run and prompt for confirmation to remove any HelpAssistant folders found.
If prompted, restart your computer.
When complete, click Start>Run and type helpasst -mbrt then hit Enter.
Post the new log that opens when it finishes.
  • 0

#38
Georgex
Posted 05 August 2010 - 05:55 PM

Georgex

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Thanks Hammerman. Here is the requested log...

C:\Documents and Settings\Bill\Desktop\HelpAsst_mebroot_fix.exe
Sat 07/24/2010 at 22:19:07.87

HelpAssistant account is Active ~ attempting to de-activate

Account active Yes
Local Group Memberships *Administrators

HelpAssistant successfully set Inactive

~~ Checking for termsrv32.dll ~~

termsrv32.dll present! ~ attempting to remove
Remove on reboot: C:\WINDOWS\system32\termsrv32.dll

~~ Checking firewall ports ~~

backing up DomainProfile\GloballyOpenPorts\List registry key
closing rogue ports

HKLM\~\services\sharedaccess\parameters\firewallpolicy\domainprofile\globallyopenports\list
"65533:TCP"=-
"52344:TCP"=-
"1957:TCP"=-
"2479:TCP"=-
"3389:TCP"=-
"3246:TCP"=-

backing up StandardProfile\GloballyOpenPorts\List registry key
closing rogue ports

HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\globallyopenports\list
"65533:TCP"=-
"52344:TCP"=-
"1957:TCP"=-
"2479:TCP"=-
"3389:TCP"=-
"3246:TCP"=-

~~ Checking profile list ~~

HelpAssistant profile found in registry ~ backing up and removing S-1-5-21-1290752151-1124636852-1696457617-1005
HelpAssistant profile directory exists at C:\Documents and Settings\HelpAssistant.BR-95QW6B1 ~ attempting to remove
~ All C:\Documents and Settings\HelpAssistant.BR-95QW6B1 files successfully removed ~

~~ Checking mbr ~~

user & kernel MBR OK

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Status check on Sat 07/24/2010 at 22:52:28.46

Account active No
Local Group Memberships

~~ Checking mbr ~~

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86D07EC5]<<
kernel: MBR read successfully
user & kernel MBR OK
copy of MBR has been found in sector 0x012A050FC
malicious code @ sector 0x012A050FF !
PE file found in sector at 0x012A05115 !

~~ Checking for termsrv32.dll ~~

termsrv32.dll not found


HKEY_LOCAL_MACHINE\system\currentcontrolset\services\termservice\parameters
ServiceDll REG_EXPAND_SZ %systemroot%\System32\termsrv.dll

~~ Checking profile list ~~

No HelpAssistant profile in registry

~~ Checking for HelpAssistant directories ~~

HelpAssistant

~~ Checking firewall ports ~~

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\domainprofile\GloballyOpenPorts\List]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]


~~ EOF ~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Folder removal routine ~ Thu 08/05/2010 at 19:45:07.62

~~ Checking for termsrv32.dll ~~

termsrv32.dll not found

~~ Checking for HelpAssistant directories ~~

C:\DOCUME~1\HelpAssistant found
backing up C:\DOCUME~1\HelpAssistant

C:\DOCUME~1\HelpAssistant removed

~~ EOF ~~

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Status check on Thu 08/05/2010 at 19:54:52.85

Account active No
Local Group Memberships

~~ Checking mbr ~~

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK
copy of MBR has been found in sector 0x012A050FC
malicious code @ sector 0x012A050FF !
PE file found in sector at 0x012A05115 !

~~ Checking for termsrv32.dll ~~

termsrv32.dll not found


HKEY_LOCAL_MACHINE\system\currentcontrolset\services\termservice\parameters
ServiceDll REG_EXPAND_SZ %SystemRoot%\System32\termsrv.dll

~~ Checking profile list ~~

No HelpAssistant profile in registry

~~ Checking for HelpAssistant directories ~~

none found

~~ Checking firewall ports ~~

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\domainprofile\GloballyOpenPorts\List]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]


~~ EOF ~~
  • 0

#39
hammerman
Posted 06 August 2010 - 12:42 AM

hammerman

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,183 posts
Hi,

Click Start>Run and type helpasst -cleanup then hit Enter.

Then..

Run OTL and select Minimal Output. Use the Quick Scan button to start a scan.
Please post the OTL report in your reply.
  • 0

#40
Georgex
Posted 06 August 2010 - 11:07 AM

Georgex

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Hi,

Here is the new OTL log....
OTL logfile created on: 8/6/2010 8:39:25 AM - Run 7
OTL by OldTimer - Version 3.2.9.1 Folder = H:\FIXED I.T\Rainey Virus July 2010\George 7.2010 troubleshooting folder
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 565.00 Mb Available Physical Memory | 56.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): D:\pagefile.sys 3000 3000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 108.59 Gb Total Space | 87.29 Gb Free Space | 80.39% Space Free | Partition Type: NTFS
Drive D: | 37.05 Gb Total Space | 34.05 Gb Free Space | 91.89% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 97.65 Gb Total Space | 97.38 Gb Free Space | 99.72% Space Free | Partition Type: NTFS
Drive G: | 97.65 Gb Total Space | 96.55 Gb Free Space | 98.87% Space Free | Partition Type: NTFS
Drive H: | 172.80 Gb Total Space | 105.89 Gb Free Space | 61.28% Space Free | Partition Type: NTFS
Drive I: | 73.24 Gb Total Space | 47.61 Gb Free Space | 65.00% Space Free | Partition Type: NTFS
Drive J: | 24.40 Gb Total Space | 24.40 Gb Free Space | 100.00% Space Free | Partition Type: FAT32

Computer Name: BR-95QW6B1
Current User Name: Bill
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan

========== Processes (SafeList) ==========

PRC - H:\FIXED I.T\Rainey Virus July 2010\George 7.2010 troubleshooting folder\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe (Linksys)
PRC - C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft ActiveSync\rapimgr.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
PRC - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe (GEMTEKS)
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
PRC - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (America Online, Inc.)


========== Modules (SafeList) ==========

MOD - H:\FIXED I.T\Rainey Virus July 2010\George 7.2010 troubleshooting folder\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (WUSB54GCSVC) -- C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe WUSB54GC.exe File not found
SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found
SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (MSSQL$MICROSOFTSMLBIZ) -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe ()
SRV - (SQLAgent$MICROSOFTSMLBIZ) -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE (Microsoft Corporation)
SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (America Online, Inc.)


========== Driver Services (SafeList) ==========

DRV - (catchme) -- C:\DOCUME~1\Bill\LOCALS~1\Temp\catchme.sys File not found
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (ALWIL Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (ALWIL Software)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (dsunidrv) -- C:\WINDOWS\system32\drivers\dsunidrv.sys (Gteko Ltd.)
DRV - (DSproct) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)
DRV - (RT73) -- C:\WINDOWS\system32\drivers\rt73.sys (Ralink Technology, Corp.)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (DRVMCDB) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (DRVNDDM) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS (Sonic Solutions)
DRV - (BANTExt) -- C:\WINDOWS\System32\Drivers\BANTExt.sys ()
DRV - (BCM42RLY) -- C:\WINDOWS\system32\bcm42rly.sys (Broadcom Corporation)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\system32\drivers\wanatw4.sys (America Online, Inc.)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5643

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"


FF - HKLM\software\mozilla\Mozilla Firefox 1.5.0.12\Extensions\\Components: C:\Program Files\Mozilla Firefox\components\ [2010/03/27 12:56:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 1.5.0.12\Extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins\ [2010/07/22 16:03:40 | 000,000,000 | ---D | M]

[2006/11/02 10:39:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\ga8o288o.default\extensions
[2008/09/01 22:07:05 | 000,001,406 | ---- | M] () -- C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\ga8o288o.default\searchplugins\siteadvisor.gif
[2008/09/01 22:07:05 | 000,000,276 | ---- | M] () -- C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\ga8o288o.default\searchplugins\siteadvisor.src
[2010/07/25 21:33:10 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2006/11/02 10:36:23 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/07/25 21:33:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2008/09/24 21:15:50 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2008/09/30 15:28:15 | 000,061,038 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jar50.dll
[2008/09/30 15:28:15 | 000,049,256 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jsd3250.dll
[2008/09/30 15:28:16 | 000,166,000 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\xpinstal.dll
[2008/11/18 00:33:49 | 000,027,976 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\atgpcdec.dll
[2008/11/18 00:33:49 | 000,125,848 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\atgpcext.dll
[2008/11/18 00:33:48 | 000,060,824 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\npatgpc.dll
[2010/07/25 21:32:55 | 000,423,656 | ---- | M] (Oracle) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2008/09/30 17:35:30 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
[2008/09/30 15:28:25 | 000,000,680 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.png
[2008/09/30 15:28:25 | 000,000,741 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.src
[2008/09/30 15:28:25 | 000,001,150 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.png
[2008/09/30 15:28:25 | 000,000,539 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.src
[2008/09/30 15:28:25 | 000,000,356 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.png
[2008/09/30 15:28:25 | 000,001,007 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.src
[2008/09/30 15:28:25 | 000,000,210 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.gif
[2008/09/30 15:28:25 | 000,001,056 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.src
[2008/09/30 15:28:25 | 000,001,076 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.gif
[2008/09/30 15:28:25 | 000,000,733 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.src
[2008/09/30 15:28:25 | 000,000,088 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.gif
[2008/09/30 15:28:25 | 000,001,122 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.src

O1 HOSTS File: ([2010/08/02 10:49:47 | 000,000,789 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitd...can8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://toysrus.webe...bex/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: vzTCPConfig http://www2.verizon....vzTCPConfig.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 65.32.5.111 65.32.5.112
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Bill\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Bill\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 17:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/10/28 22:09:36 | 000,000,000 | ---D | M] - F:\autorun -- [ NTFS ]
O32 - AutoRun File - [2008/02/25 10:30:42 | 000,000,054 | RHS- | M] () - F:\autorun.in_2.org -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/08/03 20:07:12 | 000,165,456 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/08/03 20:07:12 | 000,017,744 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/08/03 20:07:10 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/08/03 20:07:09 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/08/03 20:07:08 | 000,100,176 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/08/03 20:07:08 | 000,094,544 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/08/03 20:07:07 | 000,028,880 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/08/03 20:06:54 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
[2010/08/03 20:06:53 | 000,165,032 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/08/03 20:06:47 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/08/02 10:31:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill\DoctorWeb
[2010/07/25 21:33:07 | 000,153,376 | ---- | C] (Oracle) -- C:\WINDOWS\System32\javaws.exe
[2010/07/25 21:33:07 | 000,145,184 | ---- | C] (Oracle) -- C:\WINDOWS\System32\javaw.exe
[2010/07/25 21:33:07 | 000,145,184 | ---- | C] (Oracle) -- C:\WINDOWS\System32\java.exe
[2010/07/25 21:22:07 | 016,066,336 | ---- | C] (Oracle) -- C:\Documents and Settings\Bill\Desktop\jre-6u21-windows-i586.exe
[2010/07/25 18:56:54 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/07/25 12:42:33 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/07/25 12:40:43 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/07/25 12:40:43 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/07/25 12:40:43 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/07/25 12:39:38 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/07/24 22:19:06 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\swreg.exe
[2010/07/24 22:11:43 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/07/23 15:27:17 | 000,000,000 | ---D | C] -- C:\Program Files\TweakNow RegCleaner
[2010/07/23 15:27:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Application Data\TweakNow RegCleaner
[2010/07/23 13:30:21 | 000,000,000 | ---D | C] -- C:\VundoFix Backups
[2010/07/22 19:10:12 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/07/22 16:38:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\BDOSCAN8
[2010/07/22 16:04:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/07/22 16:03:40 | 000,423,656 | ---- | C] (Oracle) -- C:\WINDOWS\System32\deployJava1.dll
[2010/07/22 13:16:40 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/07/22 13:16:37 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/07/22 13:16:37 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/22 11:18:48 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2010/07/21 21:33:42 | 000,000,000 | ---D | C] -- C:\Program Files\Glary Utilities
[2010/07/21 21:19:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Application Data\GlarySoft
[2010/07/21 21:19:28 | 000,000,000 | ---D | C] -- C:\Program Files\Glary Registry Repair
[2010/07/21 18:34:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/07/21 16:22:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MpEngineStore
[2010/07/16 07:41:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/07/16 07:41:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/07/14 19:31:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Real
[2010/07/14 18:05:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/07/14 16:09:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/06/28 08:35:24 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Bill\My Documents\cache
[2010/06/26 00:08:28 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2010/06/26 00:07:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010/06/26 00:06:51 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010/06/26 00:02:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Local Settings\Application Data\Microsoft Help
[2010/06/26 00:02:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2010/06/26 00:00:43 | 000,000,000 | R--D | C] -- C:\MSOCache
[2006/07/24 09:41:19 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\IMPLODE.DLL

========== Files - Modified Within 90 Days ==========

[2010/08/06 08:28:58 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/06 08:28:44 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/06 08:28:37 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/06 08:28:36 | 1063,407,616 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/05 21:11:56 | 008,650,752 | ---- | M] () -- C:\Documents and Settings\Bill\ntuser.dat
[2010/08/05 21:11:49 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Bill\ntuser.ini
[2010/08/04 20:44:06 | 004,840,900 | -H-- | M] () -- C:\Documents and Settings\Bill\Local Settings\Application Data\IconCache.db
[2010/08/04 20:32:47 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/08/02 10:49:47 | 000,000,789 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/07/25 22:36:41 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/07/25 21:32:54 | 000,423,656 | ---- | M] (Oracle) -- C:\WINDOWS\System32\deployJava1.dll
[2010/07/25 21:32:54 | 000,153,376 | ---- | M] (Oracle) -- C:\WINDOWS\System32\javaws.exe
[2010/07/25 21:32:54 | 000,145,184 | ---- | M] (Oracle) -- C:\WINDOWS\System32\javaw.exe
[2010/07/25 21:32:54 | 000,145,184 | ---- | M] (Oracle) -- C:\WINDOWS\System32\java.exe
[2010/07/25 21:32:54 | 000,073,728 | ---- | M] (Oracle) -- C:\WINDOWS\System32\javacpl.cpl
[2010/07/25 21:22:07 | 016,066,336 | ---- | M] (Oracle) -- C:\Documents and Settings\Bill\Desktop\jre-6u21-windows-i586.exe
[2010/07/25 18:43:40 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/07/25 12:42:40 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/07/24 22:16:36 | 000,490,232 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\HelpAsst_mebroot_fix.exe
[2010/07/22 19:10:17 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\Spybot - Search & Destroy.lnk
[2010/07/22 13:16:42 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/22 12:53:35 | 000,000,707 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/07/22 12:53:35 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/07/22 11:18:16 | 000,000,671 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100722-191435.backup
[2010/07/21 18:13:38 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/07/21 18:11:44 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Bill\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/07/21 16:59:30 | 000,470,942 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/07/21 16:59:30 | 000,402,426 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/07/21 16:59:30 | 000,062,032 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/07/21 15:08:38 | 000,000,172 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2010/07/14 16:22:08 | 002,004,649 | ---- | M] () -- C:\WINDOWS\iis6.BAK
[2010/07/07 21:05:56 | 000,019,602 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\CE Requirements for 220.docx
[2010/07/06 17:28:22 | 000,117,760 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\Copy of June 10 Cypress Creek.xls
[2010/06/28 16:57:33 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
[2010/06/28 16:57:12 | 000,165,032 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/06/28 16:37:52 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/06/28 16:37:30 | 000,165,456 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/06/28 16:33:13 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/06/28 16:32:45 | 000,100,176 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/06/28 16:32:42 | 000,094,544 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/06/28 16:32:33 | 000,017,744 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/06/28 16:32:16 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/06/28 10:01:00 | 011,188,224 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\Taleo Training for Stores - Manager WebTop.ppt
[2010/06/27 19:56:31 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Bill\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2010/06/27 19:55:29 | 000,078,328 | ---- | M] () -- C:\Documents and Settings\Bill\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/06/26 12:30:22 | 000,290,888 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/22 00:48:08 | 000,691,712 | ---- | M] () -- C:\Documents and Settings\Bill\My Documents\RAFFIC CRASH PROBLEM.doc
[2010/06/22 00:48:08 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Bill\My Documents\~$FFIC CRASH PROBLEM.doc
[2010/06/19 08:36:38 | 000,026,112 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\Elder Meeting Minutes.doc
[2010/06/18 09:05:57 | 000,003,350 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2010/06/14 23:32:19 | 000,077,312 | ---- | M] () -- C:\Documents and Settings\Bill\My Documents\Loretta.doc
[2010/05/21 16:03:02 | 000,029,184 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\Member%20Services[1].doc
[2010/05/09 22:18:05 | 000,000,492 | ---- | M] () -- C:\Documents and Settings\Bill\My Documents\spider.sav
[2010/05/08 10:26:46 | 000,046,080 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\public talk.doc

========== Files Created - No Company Name ==========

[2010/08/06 08:31:53 | 000,490,232 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\HelpAsst_mebroot_fix.exe
[2010/08/03 17:20:41 | 1063,407,616 | -HS- | C] () -- C:\hiberfil.sys
[2010/07/25 12:42:39 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/07/25 12:42:37 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/07/25 12:40:43 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/07/25 12:40:43 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/07/25 12:40:43 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/07/24 22:19:06 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/07/22 19:10:17 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\Spybot - Search & Destroy.lnk
[2010/07/22 13:16:42 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/21 15:08:38 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/07/10 21:37:13 | 008,650,752 | ---- | C] () -- C:\Documents and Settings\Bill\ntuser.dat
[2010/07/07 21:05:55 | 000,019,602 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\CE Requirements for 220.docx
[2010/07/04 15:09:52 | 000,117,760 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\Copy of June 10 Cypress Creek.xls
[2010/06/28 10:01:00 | 011,188,224 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\Taleo Training for Stores - Manager WebTop.ppt
[2010/06/26 00:19:40 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Bill\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2010/06/22 00:48:08 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Bill\My Documents\~$FFIC CRASH PROBLEM.doc
[2010/06/22 00:48:07 | 000,691,712 | ---- | C] () -- C:\Documents and Settings\Bill\My Documents\RAFFIC CRASH PROBLEM.doc
[2010/06/15 23:45:50 | 000,026,112 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\Elder Meeting Minutes.doc
[2010/06/14 23:32:19 | 000,077,312 | ---- | C] () -- C:\Documents and Settings\Bill\My Documents\Loretta.doc
[2010/05/21 16:03:02 | 000,029,184 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\Member%20Services[1].doc
[2009/10/20 19:43:56 | 000,000,210 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/01/05 15:44:10 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2007/10/12 19:51:55 | 000,001,361 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2007/10/12 19:39:46 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2007/04/09 12:07:57 | 000,000,012 | ---- | C] () -- C:\WINDOWS\dirsaver.ini
[2007/02/03 13:41:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\UES07.INI
[2007/01/05 10:08:34 | 000,000,044 | ---- | C] () -- C:\WINDOWS\liveup.ini
[2006/11/28 16:59:10 | 000,051,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys
[2006/11/03 14:59:28 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A5W.INI
[2006/11/02 10:39:05 | 000,000,088 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/09/06 18:11:10 | 000,000,041 | ---- | C] () -- C:\WINDOWS\crw.ini
[2006/07/25 17:20:55 | 000,040,960 | R--- | C] () -- C:\WINDOWS\System32\wh2robo.dll
[2006/07/24 12:41:48 | 000,003,350 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/07/24 12:41:48 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\3592AEE09E.sys
[2006/07/24 09:41:35 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL
[2006/07/24 09:41:21 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\P2SODBC.DLL
[2006/07/24 09:41:21 | 000,054,272 | ---- | C] () -- C:\WINDOWS\System32\P2IRDAO.DLL
[2006/07/24 09:41:21 | 000,050,176 | ---- | C] () -- C:\WINDOWS\System32\P2CTDAO.DLL
[2006/07/24 09:41:20 | 000,748,160 | ---- | C] () -- C:\WINDOWS\System32\CO2C40EN.DLL
[2006/07/24 09:41:20 | 000,036,352 | ---- | C] () -- C:\WINDOWS\System32\P2BBND.DLL
[2006/07/22 15:27:09 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2006/06/23 10:23:46 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/06/23 10:18:01 | 000,000,173 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/06/23 10:13:17 | 000,712,704 | ---- | C] () -- C:\WINDOWS\System32\DellSystemRestore.dll
[2006/06/23 10:08:16 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/06/23 09:46:42 | 000,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/10 08:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/11 17:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 17:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

========== LOP Check ==========

[2010/07/21 18:34:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2008/01/17 15:40:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Geek Squad
[2006/06/23 10:11:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/10/14 22:14:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2006/07/31 14:32:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Broadlook Technologies
[2010/07/22 11:22:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\GlarySoft
[2006/09/28 14:58:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Leadertech
[2010/07/23 15:27:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\TweakNow RegCleaner
[2007/06/18 08:52:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Viewpoint
[2008/01/06 21:24:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Watchtower
[2010/06/29 16:11:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\webex

========== Purity Check ==========


< End of report >
  • 0

Advertisements

#41
hammerman
Posted 07 August 2010 - 08:33 AM

hammerman

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,183 posts
Hi,

To ensure that I get all the information, this log will need to be attached (instructions at the end).

Download OTS to your Desktop
  • Close ALL OTHER PROGRAMS.
  • Double-click on OTS.exe to start the program.
  • Check the box that says Scan All Users
  • Under Additional Scans check the following:
    • Reg - ActiveX StubPath
    • Reg - App Paths
    • Reg - Approved Shell Extensions
    • Reg - Desktop Components
    • Reg - Disabled MS Config Items
    • Reg - Ext
    • Reg - File Associations
    • Reg - IE Explorer Bars
    • Reg - Protocol Handlers
    • Reg - SafeBoot Minimal
    • Reg - SafeBoot Network
    • Reg - Security Center Settings
    • Reg - Shell Spawning
    • Reg - Uninstall List
    • File - Lop Check
    • File - Purity Scan
    • Evnt - EvtViewer (last 10)
  • Under the Custom Scans box at the bottom left paste the following in

    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\*.wt
    %systemroot%\system32\*.ruy
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Please attach the log in your next post.

To attach a file, do the following:
  • Click Add Reply
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on Posted Image to insert the attachment into your post

  • 0

#42
Georgex
Posted 07 August 2010 - 03:48 PM

Georgex

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Attached File  OTS.Txt   295.91KB   150 downloads
  • 0

#43
hammerman
Posted 07 August 2010 - 03:59 PM

hammerman

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,183 posts
Hi,

Could you run the OTS scan again and make sure the Scan All Users box is checked. Thanks.
  • 0

#44
Georgex
Posted 08 August 2010 - 06:51 AM

Georgex

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Attached File  OTS.Txt   311.51KB   123 downloads

Sorry Hammerman. Here is the OTS as requested.
  • 0

#45
hammerman
Posted 08 August 2010 - 09:54 AM

hammerman

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,183 posts
Hi,

Please follow these steps.

-- Step 1 --

Start OTS. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.

[Kill All Processes]
[Unregister Dlls]
[Registry - Safe List]
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > ->
YN -> HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 1
YN -> HKEY_USERS\.DEFAULT\: "ProxyOverride" -> <local>
YN -> HKEY_USERS\.DEFAULT\: "ProxyServer" -> http=127.0.0.1:5643
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > ->
YN -> HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 1
YN -> HKEY_USERS\S-1-5-18\: "ProxyOverride" -> <local>
YN -> HKEY_USERS\S-1-5-18\: "ProxyServer" -> http=127.0.0.1:5643
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-1290752151-1124636852-1696457617-1006\] > ->
YN -> HKEY_USERS\S-1-5-21-1290752151-1124636852-1696457617-1006\: "ProxyOverride" -> <local>
YN -> HKEY_USERS\S-1-5-21-1290752151-1124636852-1696457617-1006\: "ProxyServer" -> http=127.0.0.1:5643
[Registry - Additional Scans - Safe List]
< App Paths [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\
YN -> table30.exe -> Reg Error: Value error. [Reg Error: Value error.]
YN -> winnt32.exe -> Reg Error: Value error. [Reg Error: Value error.]
[Empty Temp Folders]
[EmptyFlash]
[CreateRestorePoint]
[Start Explorer]
[Reboot]


The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here

I will review the information when it comes back in.

-- Step 2 --

Please run another OTS scan and attach the log. Use the same settings as before (post #41).
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP