Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

web redirect - fake antivirus pop ups - super slow

Started by Big O , Dec 28 2010 05:23 PM

  • Please log in to reply

#16
Big O
Posted 29 December 2010 - 09:44 PM

Big O

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 104 posts
Speed is significantly faster, especially booting up. No pop up ads, no redirects from Google. Everything seems to be running smooth.
  • 0

Advertisements

#17
Big O
Posted 29 December 2010 - 10:49 PM

Big O

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 104 posts
Do you think we've got it cleaned up?
  • 0

#18
RKinner
Posted 30 December 2010 - 06:32 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
I am never happy until I see a clean combofix log.

We need to clean it up System Restore. Follow Jim's procedure here:
http://forum.aumha.o...581099691bf108f


Download and save but do not install the free Avast.
http://www.avast.com...ivirus-download
(You will get a popup trying to talk you into buying the pro version, Just tell them no.)
Uninstall AVG (it's very obsolete anyway - you have 8 and they are at 10 these days)
Download and save and run the AVG Uninstall tool:
http://download.avg....6_2011_1165.exe
reboot.

then install Avast. It will ask you if you want it to run a boot-time scan. Tell it yes. This will take a long time (hours) and you should check back with it once in a while to see if it needs an input from you.

Right click on the Avast ball and select Avast Shields Control, Disable until Computer is Restarted.
Download combofix again and call it george3.exe.
Let it update if it wants to.
If it finishes, copy and paste the log.

Ron
  • 0

#19
Big O
Posted 30 December 2010 - 11:35 AM

Big O

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 104 posts
Well I've caught up again and just waiting on the boot scan, you are right, this thing takes awhile, still have a long way to go. Will post up the log when its done, just an update to let you know where I'm at. Thanks again for sticking it out with me and your quick reponse times, I really appreciate it.

So far it has found about 7 files that were infected with Win32:Malware-gen, half were in the system restore area, I did the purge as per the instructions in the link you gave me. I'm assuming they are in a purge holding/quarantine area and no longer active?

up to 91% lol

Edited by Big O, 30 December 2010 - 01:33 PM.

  • 0

#20
Big O
Posted 30 December 2010 - 02:47 PM

Big O

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 104 posts
Well Avast completed boot scan, came up with 16 infected files, those were all deleted. I disabled Avast until reboot and d/l the combofix again. It seemed to work just fine until the scan, it sat at the screen saying "this should only take 10 minutes" and never changed. I let it crunch away until the system finally froze up and forced me to restart. It did try and tell me that AVG was still active, although I have run the removal tool 4 times and did not find any remnantes when searching through the directories.

Also I am unable to update Avast, it errors and says it can't connect to the server.

Edited by Big O, 30 December 2010 - 02:48 PM.

  • 0

#21
RKinner
Posted 30 December 2010 - 04:58 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Not a good sign. Run OTL, Quickscan and post the log.

Also:

Start, Run, cmd, OK

ipconfig  /all  >  junk.txt

nslookup  avast.com  >>  junk.txt

tracert  -d  avast.com  >>  junk.txt

notepad  junk.txt

Then copy and paste the text from notepad into a reply. (I use two spaces in the code box so you can see where 1 space goes.)

Ron
  • 0

#22
Big O
Posted 30 December 2010 - 05:49 PM

Big O

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 104 posts
OTL logfile created on: 12/30/2010 4:42:46 PM - Run 2
OTL by OldTimer - Version 3.2.18.0 Folder = C:\Documents and Settings\Tim Oakley\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 512.00 Mb Available Physical Memory | 50.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 222.65 Gb Total Space | 36.82 Gb Free Space | 16.54% Space Free | Partition Type: NTFS

Computer Name: SYSTEMAX | User Name: Tim Oakley | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/28 16:44:22 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tim Oakley\Desktop\OTL.exe
PRC - [2010/09/07 09:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/09/07 09:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2009/03/05 15:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/09/10 21:37:36 | 000,024,576 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/09 00:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2007/03/15 18:16:42 | 000,454,784 | ---- | M] (Linksys, a Division of Cisco Systems, Inc.) -- C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
PRC - [2006/11/13 12:39:52 | 001,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
PRC - [2006/11/13 12:39:34 | 000,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe
PRC - [2006/04/05 17:14:04 | 000,040,960 | ---- | M] (Phoenix Technologies Ltd.) -- C:\WINDOWS\system32\PhxPsSvr.exe
PRC - [2006/02/10 07:56:12 | 000,479,232 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
PRC - [2005/12/14 12:40:12 | 000,053,248 | ---- | M] (Phoenix Technologies Ltd.) -- C:\WINDOWS\system32\PhxVtSvr.exe


========== Modules (SafeList) ==========

MOD - [2010/12/28 16:44:22 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tim Oakley\Desktop\OTL.exe
MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\george3\PEV.cfx -- (PEVSystemStart)
SRV - [2010/09/07 09:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/09/07 09:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/09/07 09:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2008/09/10 21:37:36 | 000,024,576 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2008/08/08 20:10:46 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2008/01/02 17:34:00 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007/10/25 14:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007/08/09 00:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2006/04/05 17:14:04 | 000,040,960 | ---- | M] (Phoenix Technologies Ltd.) [Auto | Running] -- C:\WINDOWS\system32\PhxPsSvr.exe -- (PhnxPsaService)
SRV - [2006/01/04 23:06:02 | 000,163,840 | ---- | M] (Alex Feinman) [On_Demand | Stopped] -- C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe -- (Imapi Helper)
SRV - [2005/12/14 12:40:12 | 000,053,248 | ---- | M] (Phoenix Technologies Ltd.) [Auto | Running] -- C:\WINDOWS\system32\PhxVtSvr.exe -- (PhnxVaultService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\TIMOAK~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/09/07 08:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/09/07 08:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/09/07 08:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/09/07 08:47:19 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/09/07 08:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/09/07 08:46:51 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2008/04/13 11:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 11:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 11:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 09:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/03/22 12:57:14 | 000,028,672 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\elagopro.sys -- (elagopro)
DRV - [2007/03/22 12:57:14 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\elaunidr.sys -- (elaunidr)
DRV - [2007/01/20 00:11:07 | 000,031,644 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2006/06/14 11:56:40 | 000,247,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2006/04/03 06:51:06 | 000,199,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel®
DRV - [2006/03/21 12:37:44 | 000,047,488 | ---- | M] (Phoenix Technologies Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\phnxvcd.sys -- (PhnxVcd)
DRV - [2006/03/20 12:06:04 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/12/02 15:43:22 | 000,008,832 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\FBAPI.sys -- (FBAPI)
DRV - [2005/12/02 13:38:04 | 000,041,728 | ---- | M] (Sonic Focus, Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sfng32.sys -- (sfng32)
DRV - [2005/10/18 14:47:10 | 000,008,320 | ---- | M] (Phoenix Technologies Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ptpd.sys -- (ptpd)
DRV - [2005/06/07 15:13:02 | 000,042,240 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\DCDisk.sys -- (DCDisk)
DRV - [2005/03/31 18:58:00 | 000,450,400 | R--- | M] (D-Link Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\A3AB.sys -- (A3AB) D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB)
DRV - [2004/09/29 16:35:30 | 000,219,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2004/09/29 16:34:24 | 000,702,592 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/09/29 16:33:50 | 001,036,928 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004/08/03 21:31:20 | 000,036,224 | ---- | M] (ADMtek Incorporated.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\an983.sys -- (AN983)
DRV - [2004/08/03 20:29:28 | 000,701,440 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2003/08/13 00:27:00 | 000,002,304 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\Machnm32.sys -- (Machnm32)
DRV - [2001/08/17 12:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 12:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 12:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 12:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 12:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 11:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 11:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 11:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 11:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 11:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 11:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 11:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 11:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 11:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 11:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 10:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

FF - HKLM\software\mozilla\Firefox\Extensions\\{3F174225-6496-4A74-B549-C4358CE3B826}: C:\Documents and Settings\Tim Oakley\Local Settings\Application Data\{3F174225-6496-4A74-B549-C4358CE3B826}\ [2010/08/30 21:58:56 | 000,000,000 | ---D | M]

[2009/08/23 11:52:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim Oakley\Application Data\Mozilla\Extensions
[2009/08/23 11:52:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim Oakley\Application Data\Mozilla\Extensions\[email protected]

O1 HOSTS File: ([2010/12/29 10:05:58 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKCU..\Run: [EasyLinkAdvisor] C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe (Linksys, a Division of Cisco Systems, Inc.)
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\Wcescomm.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: &ieSpell Options - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Check &Spelling - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Lookup on Merriam Webster - C:\Program Files\ieSpell\Merriam Webster.HTM ()
O8 - Extra context menu item: Lookup on Wikipedia - C:\Program Files\ieSpell\wikipedia.HTM ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll (Sun Microsystems, Inc.)
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1159453796765 (WUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} https://mail.pcaengs...emote/msrdp.cab (Microsoft RDP Client Control (redist))
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} http://dlm.tools.aka...vex-2.2.1.6.cab (DownloadManager Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 69.145.248.4 69.146.17.2 69.144.49.29
O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Tim Oakley\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Tim Oakley\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/28 06:29:48 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/12/30 13:59:44 | 000,017,744 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/12/30 13:59:43 | 000,165,584 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/12/30 13:59:42 | 000,023,376 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/12/30 13:59:41 | 000,046,672 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/12/30 13:59:38 | 000,100,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/12/30 13:59:38 | 000,094,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/12/30 13:59:38 | 000,028,880 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/12/30 13:59:02 | 000,038,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2010/12/30 13:59:01 | 000,167,592 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/12/30 13:10:27 | 000,000,000 | --SD | C] -- C:\george3
[2010/12/29 20:51:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/12/29 20:46:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tim Oakley\Local Settings\Application Data\Temp
[2010/12/29 20:46:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010/12/29 20:46:06 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/12/29 20:46:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/12/29 18:25:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tim Oakley\Desktop\tdsskiller
[2010/12/29 17:09:39 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/12/29 16:23:07 | 000,061,440 | ---- | C] ( ) -- C:\Documents and Settings\Tim Oakley\Desktop\VEW.exe
[2010/12/29 15:54:33 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/12/29 14:57:55 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/12/29 14:57:55 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/12/29 14:57:55 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/12/29 14:57:54 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/12/29 14:57:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/12/29 14:35:40 | 001,086,304 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\Tim Oakley\Desktop\avg_remover_stf_x86_2011_1165.exe
[2010/12/29 10:41:49 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Tim Oakley\Desktop\mbam-setup-1.50.1.1100.exe
[2010/12/29 10:34:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tim Oakley\Desktop\New Folder (2)
[2010/12/29 10:13:52 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/12/29 10:04:01 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/12/28 16:44:35 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Tim Oakley\Desktop\OTL.exe
[2004/09/08 09:47:52 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\RCCOLLAB.DLL

========== Files - Modified Within 30 Days ==========

[2010/12/30 15:51:00 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/12/30 13:59:44 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/12/30 13:59:39 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/12/30 13:57:53 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/12/30 13:57:35 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2010/12/30 13:57:34 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/12/30 13:57:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/12/30 13:57:29 | 1063,247,872 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/30 13:54:39 | 051,515,288 | ---- | M] () -- C:\Documents and Settings\Tim Oakley\Desktop\setup_av_free.exe
[2010/12/30 13:09:46 | 004,011,777 | R--- | M] () -- C:\Documents and Settings\Tim Oakley\Desktop\george3.exe
[2010/12/30 03:16:24 | 000,303,624 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/12/29 21:29:05 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/12/29 21:19:53 | 000,444,832 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/12/29 21:19:53 | 000,072,582 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/12/29 20:52:48 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2010/12/29 20:52:48 | 000,001,791 | ---- | M] () -- C:\Documents and Settings\Tim Oakley\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/12/29 20:51:41 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/12/29 20:51:41 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2010/12/29 17:51:28 | 000,296,448 | ---- | M] () -- C:\9vi668e6.exe
[2010/12/29 17:50:44 | 001,232,020 | ---- | M] () -- C:\Documents and Settings\Tim Oakley\Desktop\tdsskiller.zip
[2010/12/29 17:50:22 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Tim Oakley\Desktop\MBRCheck.exe
[2010/12/29 16:33:24 | 003,999,590 | R--- | M] () -- C:\Documents and Settings\Tim Oakley\Desktop\george2.exe
[2010/12/29 16:23:07 | 000,061,440 | ---- | M] ( ) -- C:\Documents and Settings\Tim Oakley\Desktop\VEW.exe
[2010/12/29 15:54:46 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2010/12/29 14:35:22 | 001,086,304 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\Tim Oakley\Desktop\avg_remover_stf_x86_2011_1165.exe
[2010/12/29 10:40:54 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Tim Oakley\Desktop\mbam-setup-1.50.1.1100.exe
[2010/12/29 10:05:58 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/12/28 16:44:22 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tim Oakley\Desktop\OTL.exe
[2010/12/22 16:14:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2010/12/30 13:59:44 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/12/30 13:09:46 | 004,011,777 | R--- | C] () -- C:\Documents and Settings\Tim Oakley\Desktop\george3.exe
[2010/12/29 20:52:48 | 000,001,813 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2010/12/29 20:52:48 | 000,001,791 | ---- | C] () -- C:\Documents and Settings\Tim Oakley\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/12/29 20:51:41 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2010/12/29 20:51:41 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2010/12/29 20:46:38 | 000,000,894 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/12/29 20:46:38 | 000,000,890 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/12/29 17:51:22 | 000,296,448 | ---- | C] () -- C:\9vi668e6.exe
[2010/12/29 17:50:36 | 001,232,020 | ---- | C] () -- C:\Documents and Settings\Tim Oakley\Desktop\tdsskiller.zip
[2010/12/29 17:50:22 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Tim Oakley\Desktop\MBRCheck.exe
[2010/12/29 17:01:01 | 051,515,288 | ---- | C] () -- C:\Documents and Settings\Tim Oakley\Desktop\setup_av_free.exe
[2010/12/29 16:33:24 | 003,999,590 | R--- | C] () -- C:\Documents and Settings\Tim Oakley\Desktop\george2.exe
[2010/12/29 15:54:45 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/12/29 15:54:37 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/12/29 14:57:55 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/12/29 14:57:55 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/12/29 14:57:55 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/12/29 14:57:55 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/12/29 14:57:55 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/12/29 14:39:00 | 1063,247,872 | -HS- | C] () -- C:\hiberfil.sys
[2009/08/26 19:09:55 | 000,000,095 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2008/10/12 17:42:52 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll
[2008/10/12 17:41:41 | 000,000,412 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2007/06/09 16:31:25 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Tim Oakley\Application Data\$_hpcst$.hpc
[2007/03/26 15:53:37 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/03/10 20:57:23 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/03/03 18:20:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2007/02/07 21:25:54 | 000,208,384 | ---- | C] () -- C:\Documents and Settings\Tim Oakley\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/02/07 19:04:30 | 000,000,848 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/02/07 18:19:58 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\Tim Oakley\Local Settings\Application Data\fusioncache.dat
[2007/02/06 17:56:13 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2007/02/06 17:53:32 | 000,001,334 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2007/01/29 22:03:40 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/01/29 06:33:45 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/01/29 06:21:41 | 000,042,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\DCDisk.sys
[2007/01/29 06:21:40 | 000,014,074 | ---- | C] () -- C:\WINDOWS\System32\drivers\exdisk.sys
[2007/01/29 06:21:38 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\RitShell.dll
[2007/01/29 06:21:37 | 000,008,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\FBAPI.sys
[2007/01/29 06:21:31 | 000,000,307 | ---- | C] () -- C:\WINDOWS\System32\phnxPsa.ini
[2007/01/29 06:21:25 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\PhxVtUsr.dll
[2007/01/29 06:21:25 | 000,002,304 | ---- | C] () -- C:\WINDOWS\System32\Machnm32.sys
[2007/01/29 06:21:25 | 000,000,307 | ---- | C] () -- C:\WINDOWS\System32\phnxVaul.ini
[2007/01/29 05:54:04 | 000,000,503 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/12/12 09:24:42 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2006/09/28 06:22:25 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/10/14 03:56:50 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2005/10/14 03:56:50 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2005/10/14 03:56:50 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2005/10/14 03:56:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2005/10/14 03:56:50 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2005/10/14 03:56:50 | 000,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2005/10/14 03:56:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/07/31 15:08:44 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\lttls13n.dll
[2002/07/31 15:08:30 | 000,708,608 | ---- | C] () -- C:\WINDOWS\System32\ltcry13n.dll
[2002/07/31 15:08:14 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\lfkodak.dll
[2002/07/31 15:08:10 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll

========== LOP Check ==========

[2010/12/29 20:46:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2009/08/26 19:09:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2007/04/21 06:50:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fellowes
[2007/07/16 21:09:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\River Past G5
[2008/10/12 17:41:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2009/08/31 17:49:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 10
[2010/11/28 12:20:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/11/29 20:10:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YNAB
[2007/10/16 20:55:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim Oakley\Application Data\Alien Skin
[2010/02/27 12:36:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim Oakley\Application Data\AnvSoft
[2007/03/10 04:39:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim Oakley\Application Data\BitTorrent
[2008/10/12 18:36:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim Oakley\Application Data\Canon
[2007/12/29 19:29:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim Oakley\Application Data\Fisher-Price
[2010/08/26 19:52:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim Oakley\Application Data\ICQ
[2007/02/11 09:16:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim Oakley\Application Data\ICQLite
[2007/12/12 22:18:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim Oakley\Application Data\ieSpell
[2008/05/09 15:14:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim Oakley\Application Data\Opera
[2007/01/29 06:21:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim Oakley\Application Data\Recover Pro
[2007/07/16 21:01:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim Oakley\Application Data\River Past G5
[2008/10/12 17:41:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim Oakley\Application Data\ScanSoft
[2007/06/02 04:14:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim Oakley\Application Data\Snapfish
[2010/12/30 13:57:35 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 155 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FB1B13D8

< End of report >

OTL logfile created on: 12/30/2010 4:42:46 PM - Run 2
OTL by OldTimer - Version 3.2.18.0 Folder = C:\Documents and Settings\Tim Oakley\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 512.00 Mb Available Physical Memory | 50.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 222.65 Gb Total Space | 36.82 Gb Free Space | 16.54% Space Free | Partition Type: NTFS

Computer Name: SYSTEMAX | User Name: Tim Oakley | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/28 16:44:22 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tim Oakley\Desktop\OTL.exe
PRC - [2010/09/07 09:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/09/07 09:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2009/03/05 15:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/09/10 21:37:36 | 000,024,576 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/09 00:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2007/03/15 18:16:42 | 000,454,784 | ---- | M] (Linksys, a Division of Cisco Systems, Inc.) -- C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
PRC - [2006/11/13 12:39:52 | 001,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
PRC - [2006/11/13 12:39:34 | 000,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe
PRC - [2006/04/05 17:14:04 | 000,040,960 | ---- | M] (Phoenix Technologies Ltd.) -- C:\WINDOWS\system32\PhxPsSvr.exe
PRC - [2006/02/10 07:56:12 | 000,479,232 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
PRC - [2005/12/14 12:40:12 | 000,053,248 | ---- | M] (Phoenix Technologies Ltd.) -- C:\WINDOWS\system32\PhxVtSvr.exe


========== Modules (SafeList) ==========

MOD - [2010/12/28 16:44:22 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tim Oakley\Desktop\OTL.exe
MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\george3\PEV.cfx -- (PEVSystemStart)
SRV - [2010/09/07 09:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/09/07 09:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/09/07 09:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2008/09/10 21:37:36 | 000,024,576 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2008/08/08 20:10:46 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2008/01/02 17:34:00 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007/10/25 14:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007/08/09 00:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2006/04/05 17:14:04 | 000,040,960 | ---- | M] (Phoenix Technologies Ltd.) [Auto | Running] -- C:\WINDOWS\system32\PhxPsSvr.exe -- (PhnxPsaService)
SRV - [2006/01/04 23:06:02 | 000,163,840 | ---- | M] (Alex Feinman) [On_Demand | Stopped] -- C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe -- (Imapi Helper)
SRV - [2005/12/14 12:40:12 | 000,053,248 | ---- | M] (Phoenix Technologies Ltd.) [Auto | Running] -- C:\WINDOWS\system32\PhxVtSvr.exe -- (PhnxVaultService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\TIMOAK~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/09/07 08:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/09/07 08:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/09/07 08:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/09/07 08:47:19 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/09/07 08:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/09/07 08:46:51 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2008/04/13 11:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 11:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 11:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 09:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/03/22 12:57:14 | 000,028,672 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\elagopro.sys -- (elagopro)
DRV - [2007/03/22 12:57:14 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\elaunidr.sys -- (elaunidr)
DRV - [2007/01/20 00:11:07 | 000,031,644 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2006/06/14 11:56:40 | 000,247,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2006/04/03 06:51:06 | 000,199,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel®
DRV - [2006/03/21 12:37:44 | 000,047,488 | ---- | M] (Phoenix Technologies Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\phnxvcd.sys -- (PhnxVcd)
DRV - [2006/03/20 12:06:04 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/12/02 15:43:22 | 000,008,832 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\FBAPI.sys -- (FBAPI)
DRV - [2005/12/02 13:38:04 | 000,041,728 | ---- | M] (Sonic Focus, Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sfng32.sys -- (sfng32)
DRV - [2005/10/18 14:47:10 | 000,008,320 | ---- | M] (Phoenix Technologies Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ptpd.sys -- (ptpd)
DRV - [2005/06/07 15:13:02 | 000,042,240 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\DCDisk.sys -- (DCDisk)
DRV - [2005/03/31 18:58:00 | 000,450,400 | R--- | M] (D-Link Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\A3AB.sys -- (A3AB) D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB)
DRV - [2004/09/29 16:35:30 | 000,219,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2004/09/29 16:34:24 | 000,702,592 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/09/29 16:33:50 | 001,036,928 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004/08/03 21:31:20 | 000,036,224 | ---- | M] (ADMtek Incorporated.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\an983.sys -- (AN983)
DRV - [2004/08/03 20:29:28 | 000,701,440 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2003/08/13 00:27:00 | 000,002,304 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\Machnm32.sys -- (Machnm32)
DRV - [2001/08/17 12:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 12:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 12:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 12:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 12:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 11:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 11:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 11:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 11:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 11:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 11:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 11:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 11:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 11:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 11:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 10:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

FF - HKLM\software\mozilla\Firefox\Extensions\\{3F174225-6496-4A74-B549-C4358CE3B826}: C:\Documents and Settings\Tim Oakley\Local Settings\Application Data\{3F174225-6496-4A74-B549-C4358CE3B826}\ [2010/08/30 21:58:56 | 000,000,000 | ---D | M]

[2009/08/23 11:52:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim Oakley\Application Data\Mozilla\Extensions
[2009/08/23 11:52:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim Oakley\Application Data\Mozilla\Extensions\[email protected]

O1 HOSTS File: ([2010/12/29 10:05:58 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKCU..\Run: [EasyLinkAdvisor] C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe (Linksys, a Division of Cisco Systems, Inc.)
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\Wcescomm.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: &ieSpell Options - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Check &Spelling - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Lookup on Merriam Webster - C:\Program Files\ieSpell\Merriam Webster.HTM ()
O8 - Extra context menu item: Lookup on Wikipedia - C:\Program Files\ieSpell\wikipedia.HTM ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll (Sun Microsystems, Inc.)
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1159453796765 (WUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} https://mail.pcaengs...emote/msrdp.cab (Microsoft RDP Client Control (redist))
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} http://dlm.tools.aka...vex-2.2.1.6.cab (DownloadManager Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 69.145.248.4 69.146.17.2 69.144.49.29
O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Tim Oakley\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Tim Oakley\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/28 06:29:48 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/12/30 13:59:44 | 000,017,744 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/12/30 13:59:43 | 000,165,584 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/12/30 13:59:42 | 000,023,376 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/12/30 13:59:41 | 000,046,672 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/12/30 13:59:38 | 000,100,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/12/30 13:59:38 | 000,094,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/12/30 13:59:38 | 000,028,880 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/12/30 13:59:02 | 000,038,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2010/12/30 13:59:01 | 000,167,592 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/12/30 13:10:27 | 000,000,000 | --SD | C] -- C:\george3
[2010/12/29 20:51:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/12/29 20:46:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tim Oakley\Local Settings\Application Data\Temp
[2010/12/29 20:46:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010/12/29 20:46:06 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/12/29 20:46:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/12/29 18:25:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tim Oakley\Desktop\tdsskiller
[2010/12/29 17:09:39 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/12/29 16:23:07 | 000,061,440 | ---- | C] ( ) -- C:\Documents and Settings\Tim Oakley\Desktop\VEW.exe
[2010/12/29 15:54:33 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/12/29 14:57:55 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/12/29 14:57:55 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/12/29 14:57:55 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/12/29 14:57:54 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/12/29 14:57:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/12/29 14:35:40 | 001,086,304 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\Tim Oakley\Desktop\avg_remover_stf_x86_2011_1165.exe
[2010/12/29 10:41:49 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Tim Oakley\Desktop\mbam-setup-1.50.1.1100.exe
[2010/12/29 10:34:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tim Oakley\Desktop\New Folder (2)
[2010/12/29 10:13:52 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/12/29 10:04:01 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/12/28 16:44:35 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Tim Oakley\Desktop\OTL.exe
[2004/09/08 09:47:52 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\RCCOLLAB.DLL

========== Files - Modified Within 30 Days ==========

[2010/12/30 15:51:00 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/12/30 13:59:44 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/12/30 13:59:39 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/12/30 13:57:53 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/12/30 13:57:35 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2010/12/30 13:57:34 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/12/30 13:57:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/12/30 13:57:29 | 1063,247,872 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/30 13:54:39 | 051,515,288 | ---- | M] () -- C:\Documents and Settings\Tim Oakley\Desktop\setup_av_free.exe
[2010/12/30 13:09:46 | 004,011,777 | R--- | M] () -- C:\Documents and Settings\Tim Oakley\Desktop\george3.exe
[2010/12/30 03:16:24 | 000,303,624 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/12/29 21:29:05 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/12/29 21:19:53 | 000,444,832 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/12/29 21:19:53 | 000,072,582 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/12/29 20:52:48 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2010/12/29 20:52:48 | 000,001,791 | ---- | M] () -- C:\Documents and Settings\Tim Oakley\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/12/29 20:51:41 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/12/29 20:51:41 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2010/12/29 17:51:28 | 000,296,448 | ---- | M] () -- C:\9vi668e6.exe
[2010/12/29 17:50:44 | 001,232,020 | ---- | M] () -- C:\Documents and Settings\Tim Oakley\Desktop\tdsskiller.zip
[2010/12/29 17:50:22 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Tim Oakley\Desktop\MBRCheck.exe
[2010/12/29 16:33:24 | 003,999,590 | R--- | M] () -- C:\Documents and Settings\Tim Oakley\Desktop\george2.exe
[2010/12/29 16:23:07 | 000,061,440 | ---- | M] ( ) -- C:\Documents and Settings\Tim Oakley\Desktop\VEW.exe
[2010/12/29 15:54:46 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2010/12/29 14:35:22 | 001,086,304 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\Tim Oakley\Desktop\avg_remover_stf_x86_2011_1165.exe
[2010/12/29 10:40:54 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Tim Oakley\Desktop\mbam-setup-1.50.1.1100.exe
[2010/12/29 10:05:58 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/12/28 16:44:22 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tim Oakley\Desktop\OTL.exe
[2010/12/22 16:14:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2010/12/30 13:59:44 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/12/30 13:09:46 | 004,011,777 | R--- | C] () -- C:\Documents and Settings\Tim Oakley\Desktop\george3.exe
[2010/12/29 20:52:48 | 000,001,813 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2010/12/29 20:52:48 | 000,001,791 | ---- | C] () -- C:\Documents and Settings\Tim Oakley\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/12/29 20:51:41 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2010/12/29 20:51:41 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2010/12/29 20:46:38 | 000,000,894 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/12/29 20:46:38 | 000,000,890 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/12/29 17:51:22 | 000,296,448 | ---- | C] () -- C:\9vi668e6.exe
[2010/12/29 17:50:36 | 001,232,020 | ---- | C] () -- C:\Documents and Settings\Tim Oakley\Desktop\tdsskiller.zip
[2010/12/29 17:50:22 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Tim Oakley\Desktop\MBRCheck.exe
[2010/12/29 17:01:01 | 051,515,288 | ---- | C] () -- C:\Documents and Settings\Tim Oakley\Desktop\setup_av_free.exe
[2010/12/29 16:33:24 | 003,999,590 | R--- | C] () -- C:\Documents and Settings\Tim Oakley\Desktop\george2.exe
[2010/12/29 15:54:45 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/12/29 15:54:37 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/12/29 14:57:55 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/12/29 14:57:55 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/12/29 14:57:55 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/12/29 14:57:55 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/12/29 14:57:55 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/12/29 14:39:00 | 1063,247,872 | -HS- | C] () -- C:\hiberfil.sys
[2009/08/26 19:09:55 | 000,000,095 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2008/10/12 17:42:52 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll
[2008/10/12 17:41:41 | 000,000,412 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2007/06/09 16:31:25 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Tim Oakley\Application Data\$_hpcst$.hpc
[2007/03/26 15:53:37 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/03/10 20:57:23 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/03/03 18:20:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2007/02/07 21:25:54 | 000,208,384 | ---- | C] () -- C:\Documents and Settings\Tim Oakley\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/02/07 19:04:30 | 000,000,848 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/02/07 18:19:58 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\Tim Oakley\Local Settings\Application Data\fusioncache.dat
[2007/02/06 17:56:13 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2007/02/06 17:53:32 | 000,001,334 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2007/01/29 22:03:40 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/01/29 06:33:45 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/01/29 06:21:41 | 000,042,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\DCDisk.sys
[2007/01/29 06:21:40 | 000,014,074 | ---- | C] () -- C:\WINDOWS\System32\drivers\exdisk.sys
[2007/01/29 06:21:38 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\RitShell.dll
[2007/01/29 06:21:37 | 000,008,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\FBAPI.sys
[2007/01/29 06:21:31 | 000,000,307 | ---- | C] () -- C:\WINDOWS\System32\phnxPsa.ini
[2007/01/29 06:21:25 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\PhxVtUsr.dll
[2007/01/29 06:21:25 | 000,002,304 | ---- | C] () -- C:\WINDOWS\System32\Machnm32.sys
[2007/01/29 06:21:25 | 000,000,307 | ---- | C] () -- C:\WINDOWS\System32\phnxVaul.ini
[2007/01/29 05:54:04 | 000,000,503 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/12/12 09:24:42 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2006/09/28 06:22:25 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/10/14 03:56:50 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2005/10/14 03:56:50 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2005/10/14 03:56:50 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2005/10/14 03:56:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2005/10/14 03:56:50 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2005/10/14 03:56:50 | 000,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2005/10/14 03:56:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/07/31 15:08:44 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\lttls13n.dll
[2002/07/31 15:08:30 | 000,708,608 | ---- | C] () -- C:\WINDOWS\System32\ltcry13n.dll
[2002/07/31 15:08:14 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\lfkodak.dll
[2002/07/31 15:08:10 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll

========== LOP Check ==========

[2010/12/29 20:46:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2009/08/26 19:09:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2007/04/21 06:50:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fellowes
[2007/07/16 21:09:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\River Past G5
[2008/10/12 17:41:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2009/08/31 17:49:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 10
[2010/11/28 12:20:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/11/29 20:10:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YNAB
[2007/10/16 20:55:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim Oakley\Application Data\Alien Skin
[2010/02/27 12:36:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim Oakley\Application Data\AnvSoft
[2007/03/10 04:39:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim Oakley\Application Data\BitTorrent
[2008/10/12 18:36:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim Oakley\Application Data\Canon
[2007/12/29 19:29:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim Oakley\Application Data\Fisher-Price
[2010/08/26 19:52:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim Oakley\Application Data\ICQ
[2007/02/11 09:16:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim Oakley\Application Data\ICQLite
[2007/12/12 22:18:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim Oakley\Application Data\ieSpell
[2008/05/09 15:14:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim Oakley\Application Data\Opera
[2007/01/29 06:21:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim Oakley\Application Data\Recover Pro
[2007/07/16 21:01:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim Oakley\Application Data\River Past G5
[2008/10/12 17:41:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim Oakley\Application Data\ScanSoft
[2007/06/02 04:14:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim Oakley\Application Data\Snapfish
[2010/12/30 13:57:35 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 155 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FB1B13D8

< End of report >
SRV - File not found [Auto | Stopped] -- C:\george3\PEV.cfx -- (PEVSystemStart)
SRV - [2010/09/07 09:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/09/07 09:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/09/07 09:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2008/09/10 21:37:36 | 000,024,576 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2008/08/08 20:10:46 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2008/01/02 17:34:00 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007/10/25 14:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007/08/09 00:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2006/04/05 17:14:04 | 000,040,960 | ---- | M] (Phoenix Technologies Ltd.) [Auto | Running] -- C:\WINDOWS\system32\PhxPsSvr.exe -- (PhnxPsaService)
SRV - [2006/01/04 23:06:02 | 000,163,840 | ---- | M] (Alex Feinman) [On_Demand | Stopped] -- C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe -- (Imapi Helper)
SRV - [2005/12/14 12:40:12 | 000,053,248 | ---- | M] (Phoenix Technologies Ltd.) [Auto | Running] -- C:\WINDOWS\system32\PhxVtSvr.exe -- (PhnxVaultService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\TIMOAK~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/09/07 08:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/09/07 08:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/09/07 08:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/09/07 08:47:19 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/09/07 08:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/09/07 08:46:51 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2008/04/13 11:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 11:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 11:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 09:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/03/22 12:57:14 | 000,028,672 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\elagopro.sys -- (elagopro)
DRV - [2007/03/22 12:57:14 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\elaunidr.sys -- (elaunidr)
DRV - [2007/01/20 00:11:07 | 000,031,644 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2006/06/14 11:56:40 | 000,247,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2006/04/03 06:51:06 | 000,199,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel®
DRV - [2006/03/21 12:37:44 | 000,047,488 | ---- | M] (Phoenix Technologies Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\phnxvcd.sys -- (PhnxVcd)
DRV - [2006/03/20 12:06:04 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/12/02 15:43:22 | 000,008,832 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\FBAPI.sys -- (FBAPI)
DRV - [2005/12/02 13:38:04 | 000,041,728 | ---- | M] (Sonic Focus, Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sfng32.sys -- (sfng32)
DRV - [2005/10/18 14:47:10 | 000,008,320 | ---- | M] (Phoenix Technologies Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ptpd.sys -- (ptpd)
DRV - [2005/06/07 15:13:02 | 000,042,240 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\DCDisk.sys -- (DCDisk)
DRV - [2005/03/31 18:58:00 | 000,450,400 | R--- | M] (D-Link Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\A3AB.sys -- (A3AB) D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB)
DRV - [2004/09/29 16:35:30 | 000,219,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2004/09/29 16:34:24 | 000,702,592 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/09/29 16:33:50 | 001,036,928 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004/08/03 21:31:20 | 000,036,224 | ---- | M] (ADMtek Incorporated.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\an983.sys -- (AN983)
DRV - [2004/08/03 20:29:28 | 000,701,440 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2003/08/13 00:27:00 | 000,002,304 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\Machnm32.sys -- (Machnm32)
DRV - [2001/08/17 12:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 12:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 12:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 12:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 12:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 11:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 11:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 11:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 11:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 11:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 11:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 11:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 11:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 11:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 11:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 10:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

FF - HKLM\software\mozilla\Firefox\Extensions\\{3F174225-6496-4A74-B549-C4358CE3B826}: C:\Documents and Settings\Tim Oakley\Local Settings\Application Data\{3F174225-6496-4A74-B549-C4358CE3B826}\ [2010/08/30 21:58:56 | 000,000,000 | ---D | M]

[2009/08/23 11:52:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim Oakley\Application Data\Mozilla\Extensions
[2009/08/23 11:52:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim Oakley\Application Data\Mozilla\Extensions\[email protected]

O1 HOSTS File: ([2010/12/29 10:05:58 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKCU..\Run: [EasyLinkAdvisor] C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe (Linksys, a Division of Cisco Systems, Inc.)
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\Wcescomm.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: &ieSpell Options - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Check &Spelling - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Lookup on Merriam Webster - C:\Program Files\ieSpell\Merriam Webster.HTM ()
O8 - Extra context menu item: Lookup on Wikipedia - C:\Program Files\ieSpell\wikipedia.HTM ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll (Sun Microsystems, Inc.)
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1159453796765 (WUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} https://mail.pcaengs...emote/msrdp.cab (Microsoft RDP Client Control (redist))
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} http://dlm.tools.aka...vex-2.2.1.6.cab (DownloadManager Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 69.145.248.4 69.146.17.2 69.144.49.29
O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Tim Oakley\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Tim Oakley\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/28 06:29:48 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/12/30 13:59:44 | 000,017,744 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/12/30 13:59:43 | 000,165,584 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/12/30 13:59:42 | 000,023,376 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/12/30 13:59:41 | 000,046,672 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/12/30 13:59:38 | 000,100,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/12/30 13:59:38 | 000,094,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/12/30 13:59:38 | 000,028,880 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/12/30 13:59:02 | 000,038,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2010/12/30 13:59:01 | 000,167,592 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/12/30 13:10:27 | 000,000,000 | --SD | C] -- C:\george3
[2010/12/29 20:51:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/12/29 20:46:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tim Oakley\Local Settings\Application Data\Temp
[2010/12/29 20:46:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010/12/29 20:46:06 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/12/29 20:46:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/12/29 20:40:20 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll
[2010/12/29 20:40:20 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll
[2010/12/29 20:39:02 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
[2010/12/29 20:36:41 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys
[2010/12/29 20:26:09 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe
[2010/12/29 18:25:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tim Oakley\Desktop\tdsskiller
[2010/12/29 17:09:39 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/12/29 16:23:07 | 000,061,440 | ---- | C] ( ) -- C:\Documents and Settings\Tim Oakley\Desktop\VEW.exe
[2010/12/29 15:54:33 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/12/29 14:57:55 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/12/29 14:57:55 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/12/29 14:57:55 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/12/29 14:57:54 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/12/29 14:57:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/12/29 14:35:40 | 001,086,304 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\Tim Oakley\Desktop\avg_remover_stf_x86_2011_1165.exe
[2010/12/29 10:41:49 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Tim Oakley\Desktop\mbam-setup-1.50.1.1100.exe
[2010/12/29 10:34:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tim Oakley\Desktop\New Folder (2)
[2010/12/29 10:13:52 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/12/29 10:04:01 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/12/28 16:44:35 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Tim Oakley\Desktop\OTL.exe
[2004/09/08 09:47:52 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\RCCOLLAB.DLL

========== Files - Modified Within 30 Days ==========

[2010/12/30 15:51:00 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/12/30 13:59:44 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/12/30 13:59:39 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/12/30 13:57:53 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/12/30 13:57:35 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2010/12/30 13:57:34 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/12/30 13:57:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/12/30 13:57:29 | 1063,247,872 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/30 13:54:39 | 051,515,288 | ---- | M] () -- C:\Documents and Settings\Tim Oakley\Desktop\setup_av_free.exe
[2010/12/30 13:09:46 | 004,011,777 | R--- | M] () -- C:\Documents and Settings\Tim Oakley\Desktop\george3.exe
[2010/12/30 03:16:24 | 000,303,624 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/12/29 21:29:05 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/12/29 21:19:53 | 000,444,832 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/12/29 21:19:53 | 000,072,582 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/12/29 20:52:48 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2010/12/29 20:52:48 | 000,001,791 | ---- | M] () -- C:\Documents and Settings\Tim Oakley\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/12/29 20:51:41 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/12/29 20:51:41 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2010/12/29 17:51:28 | 000,296,448 | ---- | M] () -- C:\9vi668e6.exe
[2010/12/29 17:50:44 | 001,232,020 | ---- | M] () -- C:\Documents and Settings\Tim Oakley\Desktop\tdsskiller.zip
[2010/12/29 17:50:22 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Tim Oakley\Desktop\MBRCheck.exe
[2010/12/29 16:33:24 | 003,999,590 | R--- | M] () -- C:\Documents and Settings\Tim Oakley\Desktop\george2.exe
[2010/12/29 16:23:07 | 000,061,440 | ---- | M] ( ) -- C:\Documents and Settings\Tim Oakley\Desktop\VEW.exe
[2010/12/29 15:54:46 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2010/12/29 14:35:22 | 001,086,304 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\Tim Oakley\Desktop\avg_remover_stf_x86_2011_1165.exe
[2010/12/29 10:40:54 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Tim Oakley\Desktop\mbam-setup-1.50.1.1100.exe
[2010/12/29 10:05:58 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/12/28 16:44:22 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tim Oakley\Desktop\OTL.exe
[2010/12/22 16:14:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2010/12/30 13:59:44 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/12/30 13:09:46 | 004,011,777 | R--- | C] () -- C:\Documents and Settings\Tim Oakley\Desktop\george3.exe
[2010/12/29 20:52:48 | 000,001,813 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2010/12/29 20:52:48 | 000,001,791 | ---- | C] () -- C:\Documents and Settings\Tim Oakley\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/12/29 20:51:41 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2010/12/29 20:51:41 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2010/12/29 20:46:38 | 000,000,894 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/12/29 20:46:38 | 000,000,890 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/12/29 17:51:22 | 000,296,448 | ---- | C] () -- C:\9vi668e6.exe
[2010/12/29 17:50:36 | 001,232,020 | ---- | C] () -- C:\Documents and Settings\Tim Oakley\Desktop\tdsskiller.zip
[2010/12/29 17:50:22 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Tim Oakley\Desktop\MBRCheck.exe
[2010/12/29 17:01:01 | 051,515,288 | ---- | C] () -- C:\Documents and Settings\Tim Oakley\Desktop\setup_av_free.exe
[2010/12/29 16:33:24 | 003,999,590 | R--- | C] () -- C:\Documents and Settings\Tim Oakley\Desktop\george2.exe
[2010/12/29 15:54:45 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/12/29 15:54:37 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/12/29 14:57:55 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/12/29 14:57:55 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/12/29 14:57:55 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/12/29 14:57:55 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/12/29 14:57:55 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/12/29 14:39:00 | 1063,247,872 | -HS- | C] () -- C:\hiberfil.sys
[2009/08/26 19:09:55 | 000,000,095 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2008/10/12 17:42:52 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll
[2008/10/12 17:41:41 | 000,000,412 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2007/06/09 16:31:25 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Tim Oakley\Application Data\$_hpcst$.hpc
[2007/03/26 15:53:37 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/03/10 20:57:23 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/03/03 18:20:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2007/02/07 21:25:54 | 000,208,384 | ---- | C] () -- C:\Documents and Settings\Tim Oakley\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/02/07 19:04:30 | 000,000,848 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/02/07 18:19:58 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\Tim Oakley\Local Settings\Application Data\fusioncache.dat
[2007/02/06 17:56:13 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2007/02/06 17:53:32 | 000,001,334 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2007/01/29 22:03:40 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/01/29 06:33:45 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/01/29 06:21:41 | 000,042,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\DCDisk.sys
[2007/01/29 06:21:40 | 000,014,074 | ---- | C] () -- C:\WINDOWS\System32\drivers\exdisk.sys
[2007/01/29 06:21:38 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\RitShell.dll
[2007/01/29 06:21:37 | 000,008,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\FBAPI.sys
[2007/01/29 06:21:31 | 000,000,307 | ---- | C] () -- C:\WINDOWS\System32\phnxPsa.ini
[2007/01/29 06:21:25 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\PhxVtUsr.dll
[2007/01/29 06:21:25 | 000,002,304 | ---- | C] () -- C:\WINDOWS\System32\Machnm32.sys
[2007/01/29 06:21:25 | 000,000,307 | ---- | C] () -- C:\WINDOWS\System32\phnxVaul.ini
[2007/01/29 05:54:04 | 000,000,503 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/12/12 09:24:42 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2006/09/28 06:22:25 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/10/14 03:56:50 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2005/10/14 03:56:50 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2005/10/14 03:56:50 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2005/10/14 03:56:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2005/10/14 03:56:50 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2005/10/14 03:56:50 | 000,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2005/10/14 03:56:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/07/31 15:08:44 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\lttls13n.dll
[2002/07/31 15:08:30 | 000,708,608 | ---- | C] () -- C:\WINDOWS\System32\ltcry13n.dll
[2002/07/31 15:08:14 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\lfkodak.dll
[2002/07/31 15:08:10 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll

========== LOP Check ==========

[2010/12/29 20:46:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2009/08/26 19:09:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2007/04/21 06:50:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fellowes
[2007/07/16 21:09:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\River Past G5
[2008/10/12 17:41:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2009/08/31 17:49:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 10
[2010/11/28 12:20:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/11/29 20:10:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YNAB
[2007/10/16 20:55:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim Oakley\Application Data\Alien Skin
[2010/02/27 12:36:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim Oakley\Application Data\AnvSoft
[2007/03/10 04:39:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim Oakley\Application Data\BitTorrent
[2008/10/12 18:36:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim Oakley\Application Data\Canon
[2007/12/29 19:29:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim Oakley\Application Data\Fisher-Price
[2010/08/26 19:52:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim Oakley\Application Data\ICQ
[2007/02/11 09:16:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim Oakley\Application Data\ICQLite
[2007/12/12 22:18:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim Oakley\Application Data\ieSpell
[2008/05/09 15:14:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim Oakley\Application Data\Opera
[2007/01/29 06:21:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim Oakley\Application Data\Recover Pro
[2007/07/16 21:01:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim Oakley\Application Data\River Past G5
[2008/10/12 17:41:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim Oakley\Application Data\ScanSoft
[2007/06/02 04:14:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim Oakley\Application Data\Snapfish
[2010/12/30 13:57:35 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 155 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FB1B13D8

< End of report >

Edited by Big O, 30 December 2010 - 05:50 PM.

  • 0

#23
Big O
Posted 30 December 2010 - 05:54 PM

Big O

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 104 posts
nslookup = blnmt001dns.ext.bresnan.net can't find avast.com: Server failed

Edited by Big O, 30 December 2010 - 05:59 PM.

  • 0

#24
Big O
Posted 30 December 2010 - 06:00 PM

Big O

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 104 posts
Windows IP Configuration



Host Name . . . . . . . . . . . . : Systemax

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : bresnan.net



Ethernet adapter Wireless Network Connection:



Connection-specific DNS Suffix . : bresnan.net

Description . . . . . . . . . . . : D-Link AirPlus G DWL-G510 Wireless PCI Adapter(rev.B)

Physical Address. . . . . . . . . : 00-15-E9-3F-8D-AA

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.33.100

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.33.1

DHCP Server . . . . . . . . . . . : 192.168.33.1

DNS Servers . . . . . . . . . . . : 69.145.248.4

69.146.17.2

69.144.49.29

Lease Obtained. . . . . . . . . . : Thursday, December 30, 2010 1:57:37 PM

Lease Expires . . . . . . . . . . : Friday, December 31, 2010 1:57:37 PM



Ethernet adapter Local Area Connection:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Intel® PRO/1000 PL Network Connection

Physical Address. . . . . . . . . : 00-16-76-72-81-70

Server: blnmt001dns.ext.bresnan.net
Address: 69.145.248.4



Tracing route to avast.com [74.55.78.90]

over a maximum of 30 hops:



1 2 ms <1 ms <1 ms 192.168.33.1

2 * * * Request timed out.

3 9 ms 9 ms 9 ms 69.145.214.141

4 24 ms 22 ms 23 ms 72.175.111.54

5 23 ms 22 ms 22 ms 72.175.110.124

6 35 ms 33 ms 29 ms 72.175.110.121

7 31 ms 32 ms 29 ms 72.175.110.94

8 34 ms 35 ms 96 ms 72.175.110.225

9 34 ms 33 ms 34 ms 72.175.110.128

10 35 ms 68 ms 39 ms 72.175.110.229

11 37 ms 35 ms 34 ms 72.175.111.144

12 120 ms 206 ms 57 ms 4.53.10.97

13 44 ms 35 ms 37 ms 4.68.107.30

14 63 ms 55 ms 53 ms 4.69.132.106

15 60 ms 54 ms 56 ms 4.69.146.90

16 59 ms 56 ms 54 ms 4.69.137.137

17 55 ms 67 ms 56 ms 4.69.137.134

18 56 ms 54 ms 57 ms 4.78.10.30

19 82 ms 92 ms 79 ms 70.87.253.154

20 81 ms 83 ms 97 ms 74.55.252.38

21 101 ms 82 ms 85 ms 74.55.252.118

22 79 ms 82 ms 80 ms 74.55.78.90



Trace complete.
  • 0

#25
RKinner
Posted 30 December 2010 - 06:07 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Try it again. This time put a \ in front of junk.txt so the file goes to C:\

ipconfig  /all  >  \junk.txt

nslookup  avast.com  >>  \junk.txt

tracert  -d  avast.com  >>  \junk.txt

notepad  \junk.txt

  • 0

Advertisements

#26
Big O
Posted 30 December 2010 - 06:24 PM

Big O

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 104 posts
nslookup errored again with: blnmt001dns.ext.bresnan.net can't find avast.com: Server failed


Windows IP Configuration



Host Name . . . . . . . . . . . . : Systemax

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : bresnan.net



Ethernet adapter Wireless Network Connection:



Connection-specific DNS Suffix . : bresnan.net

Description . . . . . . . . . . . : D-Link AirPlus G DWL-G510 Wireless PCI Adapter(rev.B)

Physical Address. . . . . . . . . : 00-15-E9-3F-8D-AA

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.33.100

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.33.1

DHCP Server . . . . . . . . . . . : 192.168.33.1

DNS Servers . . . . . . . . . . . : 69.145.248.4

69.146.17.2

69.144.49.29

Lease Obtained. . . . . . . . . . : Thursday, December 30, 2010 1:57:37 PM

Lease Expires . . . . . . . . . . : Friday, December 31, 2010 1:57:37 PM



Ethernet adapter Local Area Connection:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Intel® PRO/1000 PL Network Connection

Physical Address. . . . . . . . . : 00-16-76-72-81-70

Server: blnmt001dns.ext.bresnan.net
Address: 69.145.248.4



Tracing route to avast.com [74.55.78.82]

over a maximum of 30 hops:



1 <1 ms <1 ms <1 ms 192.168.33.1

2 * * * Request timed out.

3 60 ms 9 ms 9 ms 69.145.214.141

4 28 ms 23 ms 21 ms 72.175.111.54

5 37 ms 22 ms 22 ms 72.175.110.124

6 32 ms 30 ms 28 ms 72.175.110.121

7 28 ms 28 ms 29 ms 72.175.110.94

8 33 ms 34 ms 32 ms 72.175.110.225

9 34 ms 33 ms 33 ms 72.175.110.128

10 38 ms 35 ms 36 ms 72.175.110.229

11 105 ms 42 ms 35 ms 72.175.111.144

12 46 ms 118 ms 39 ms 4.53.10.97

13 61 ms 61 ms 63 ms 4.68.107.94

14 63 ms 53 ms 57 ms 4.69.132.106

15 64 ms 54 ms 53 ms 4.69.146.90

16 56 ms 57 ms 59 ms 4.69.137.137

17 60 ms 69 ms 60 ms 4.69.137.134

18 59 ms 56 ms 57 ms 4.78.10.30

19 87 ms 81 ms 95 ms 70.87.253.154

20 201 ms 202 ms 202 ms 74.55.252.150

21 80 ms 79 ms 78 ms 74.55.252.118

22 78 ms 81 ms 79 ms 74.55.78.82



Trace complete.

Edited by Big O, 30 December 2010 - 06:24 PM.

  • 0

#27
RKinner
Posted 30 December 2010 - 06:32 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
The tracert got to the right address so it eventually figured out the ip address for avast.com. Sound like your local DNS is a bit stupid and slow. You might want to use google's DNS of 8.8.8.8.

1. Click "Start," click "Control Panel," click "Network and Internet Connections," and then click "Network Connections."
2. Right-click the network connection that you want to configure (the one you use to connect to the Internet), and then click Properties.
3. On the General tab (for a local area connection), or the Networking tab (for all other connections), click "Internet Protocol (TCP/IP)", and then click "Properties."

4. Click "Use the following DNS server addresses," and then type 8.8.8.8 in the Preferred DNS server and 4.2.2.1 in the Alternate DNS server boxes.

5. Click "OK"

Reboot.

Now try

nslookup avast.com

This is what I get:

>nslookup avast.com
Server: google-public-dns-a.google.com
Address: 8.8.8.8

Non-authoritative answer:
Name: avast.com
Addresses: 174.36.159.205
174.37.192.131
174.37.192.132
174.123.201.114
209.62.2.74
67.228.147.162
74.55.40.226
74.55.48.42
74.55.78.82
74.55.78.90
74.86.245.124
174.36.159.204

Ron
  • 0

#28
Big O
Posted 30 December 2010 - 06:39 PM

Big O

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 104 posts
Server: google-public-dns-a.google.com
Address: 8.8.8.8

Name: bresnan.net
Address: 64.78.178.63
Aliases: avast.com.bresnan.net


*** it said non-authoritative answer in cmd window also

Edited by Big O, 30 December 2010 - 06:40 PM.

  • 0

#29
RKinner
Posted 30 December 2010 - 06:49 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
For some reason it thinks it needs to add bresnan.net to avast.com which is not going to fly.

1. Click "Start," click "Control Panel," click "Network and Internet Connections," and then click "Network Connections."
2. Right-click the network connection that you want to configure (the one you use to connect to the Internet), and then click Properties.
3. On the General tab (for a local area connection), or the Networking tab (for all other connections), click "Internet Protocol (TCP/IP)", and then click "Properties."
4. Click Advanced, and then click the DNS tab.

There is a box which says Append These DNS Suffixes. It should be empty. IF not remove any entries. Then
click Append primary and connection specific DNS suffixes. click to select the Append parent suffixes of the primary DNS suffix check box.

DNS suffix for this connection box should be empty.

OK and reboot and try it again.

Ron
  • 0

#30
Big O
Posted 30 December 2010 - 06:56 PM

Big O

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 104 posts
There were no entries in the box, the parent suffix was not checked though. Rebooting and trying again now ...

Edited by Big O, 30 December 2010 - 06:57 PM.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP