Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Ads playing in background, Script Errors, and Google Redirect

Started by Dogma Condemned , Apr 28 2011 09:39 AM

  • Please log in to reply

#16
Dogma Condemned
Posted 30 April 2011 - 11:16 AM

Dogma Condemned

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
OTL Extras logfile created on: 4/30/2011 12:05:58 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Aleq\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.7930.16406)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 254.00 Mb Available Physical Memory | 25.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 42.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 110.32 Gb Total Space | 11.25 Gb Free Space | 10.20% Space Free | Partition Type: NTFS

Computer Name: ALEQ-PC | User Name: Aleq | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java™ 6 Update 24
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D6FAB8B-F22B-4272-AA27-9A188E21D047}" = iRip
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari
"{7261A500-FBE5-4B0B-BF46-0403FADEF156}" = Sony ACID Music Studio 6.0
"{7A3DF2E2-CF13-44FB-A93E-F71D5381DB3F}" = HP Deskjet 2050 J510 series Help
"{7D42B43A-EA63-4234-B00A-757C15B2B185}_is1" = Leawo Free AVI Converter version 2.5.0.5
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{88FD4472-F950-4083-A6FA-A829AC785B04}" = HP Deskjet 2050 J510 series Product Improvement Study
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90024193-9F13-4877-89D5-A1CDF0CBBF28}" = Feedback Tool
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAF4238F-7C29-451D-9925-C753271A5728}" = Microsoft Visual C++ Run Time Lib Setup
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
"{AF7733C1-FB0B-4FED-9730-E0433AF7A2EF}" = Magic Online
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D7716C7E-75F1-4C51-A2D5-C6A1E8311D53}" = HP Deskjet 2050 J510 series Basic Device Software
"{DE77FE3F-A33D-499A-87AD-5FC406617B40}" = HP Update
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2D09AC2-4153-4817-AAEB-24F92A8BCE88}" = Windows Media Center Add-in for Flash
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"AbiWord2" = AbiWord 2.6.4
"Acoustica Beatcraft" = Acoustica Beatcraft
"Acoustica Effects Pack" = Acoustica Effects Pack
"Acoustica Mixcraft 5" = Acoustica Mixcraft 5
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Audacity_is1" = Audacity 1.2.6
"avast" = avast! Free Antivirus
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"Google Chrome" = Google Chrome
"Guitar Pro 5_is1" = Guitar Pro 5.2
"HDMI" = Intel® Graphics Media Accelerator Driver
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.1.0 (Basic)
"LADSPA_plugins-win_is1" = LADSPA_plugins-win-0.4.15
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"LastFM_is1" = Last.fm 1.5.4.27091
"Marvell Miniport Driver" = Marvell Miniport Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Pixillion" = Pixillion Image Converter
"Recover Data for FAT & NTFS_is1" = Recover Data for FAT & NTFS
"StarCraft" = StarCraft
"TabIt for Windows_is1" = TabIt version 2.03
"TVWiz" = Intel® TV Wizard
"VirtualCloneDrive" = VirtualCloneDrive
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"World of Warcraft" = World of Warcraft

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

OTL logfile created on: 4/30/2011 12:05:58 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Aleq\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.7930.16406)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 254.00 Mb Available Physical Memory | 25.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 42.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 110.32 Gb Total Space | 11.25 Gb Free Space | 10.20% Space Free | Partition Type: NTFS

Computer Name: ALEQ-PC | User Name: Aleq | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/30 11:42:55 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Aleq\Desktop\OTL.exe
PRC - [2011/04/18 12:25:12 | 003,460,784 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/03/24 07:37:21 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/10/27 22:21:54 | 001,155,072 | ---- | M] (Last.fm) -- C:\Program Files\Last.fm\LastFM.exe
PRC - [2009/07/13 20:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe


========== Modules (SafeList) ==========

MOD - [2011/04/30 11:42:55 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Aleq\Desktop\OTL.exe
MOD - [2011/04/18 12:25:09 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll
MOD - [2010/08/21 00:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/04/18 12:25:10 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/08/20 03:01:17 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/01/21 17:51:12 | 030,963,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2009/11/05 22:04:20 | 000,468,320 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011/04/18 12:17:46 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/04/18 12:17:34 | 000,307,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/04/18 12:16:18 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/04/18 12:13:21 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/04/18 12:13:09 | 000,053,592 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/04/18 12:12:58 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/04/01 02:22:02 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/09/23 04:11:28 | 000,316,192 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/07/14 15:28:42 | 000,023,512 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2009/07/13 20:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/13 20:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 20:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/13 18:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 18:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 18:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/13 17:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/07/13 17:02:53 | 000,347,136 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8187B.sys -- (RTL8187B)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=15179&l=dis
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 95 39 DB 05 31 4A CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.facebook....1965339?ref=ts"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: [email protected]:20110101


FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/04/28 15:05:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/24 07:37:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/24 07:37:23 | 000,000,000 | ---D | M]

[2010/08/19 11:34:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Aleq\AppData\Roaming\Mozilla\Extensions
[2010/10/16 11:58:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Aleq\AppData\Roaming\Mozilla\Firefox\Profiles\vboj4svp.default\extensions
[2010/09/27 16:19:08 | 000,002,564 | ---- | M] () -- C:\Users\Aleq\AppData\Roaming\Mozilla\Firefox\Profiles\vboj4svp.default\searchplugins\askcom.xml
[2011/04/15 20:12:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/09/16 16:57:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/04/15 20:12:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/04/28 15:05:02 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2009/11/06 11:37:19 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/11/06 11:37:20 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll

O1 HOSTS File: ([2011/04/28 10:23:58 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.238.96.12
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/30 11:56:28 | 001,377,112 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Aleq\Desktop\run.com.exe
[2011/04/30 11:42:38 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Aleq\Desktop\OTL.exe
[2011/04/28 15:05:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011/04/28 15:05:44 | 000,019,544 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011/04/28 15:05:43 | 000,307,288 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011/04/28 15:05:36 | 000,025,432 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011/04/28 15:05:34 | 000,049,240 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011/04/28 15:05:31 | 000,441,176 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011/04/28 15:05:24 | 000,053,592 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/04/28 15:04:55 | 000,199,304 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011/04/28 15:04:55 | 000,040,112 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/04/28 15:04:39 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011/04/28 15:04:39 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/04/28 14:56:18 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2011/04/28 10:23:53 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/04/28 09:49:32 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/04/28 09:48:02 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/04/28 09:33:30 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/04/27 00:22:29 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/04/27 00:16:27 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Program Files
[2011/04/26 17:24:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/04/26 17:24:26 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/04/26 16:16:39 | 000,000,000 | ---D | C] -- C:\Users\Aleq\AppData\Local\Temp
[2011/04/26 15:30:05 | 000,000,000 | ---D | C] -- C:\Users\Aleq\AppData\Roaming\toshiba
[2011/04/26 15:30:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA
[2011/04/26 15:25:23 | 000,000,000 | ---D | C] -- C:\Program Files\TOSHIBA
[2011/04/25 14:43:47 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011/04/25 11:38:43 | 000,000,000 | ---D | C] -- C:\Program Files\Lotoshare Registry Cleaner
[2011/04/20 20:09:51 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011/04/20 10:08:18 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/04/20 10:08:18 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/04/20 10:08:18 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/04/20 10:07:56 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/04/20 10:07:27 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/04/17 01:50:07 | 000,000,000 | ---D | C] -- C:\Program Files\Marvell
[2011/04/15 19:42:27 | 000,000,000 | ---D | C] -- C:\Users\Aleq\AppData\Roaming\ParetoLogic
[2011/04/15 19:42:27 | 000,000,000 | ---D | C] -- C:\Users\Aleq\AppData\Roaming\DriverCure
[2011/04/15 19:42:01 | 000,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic
[2011/04/15 19:42:01 | 000,000,000 | ---D | C] -- C:\Program Files\ParetoLogic
[2011/04/15 14:18:24 | 000,064,512 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2011/04/15 14:18:17 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2011/04/15 14:17:31 | 000,000,000 | ---D | C] -- C:\Users\Aleq\AppData\Local\Sunbelt Software
[2011/04/14 22:06:45 | 000,000,000 | ---D | C] -- C:\Program Files\EASEUS
[2011/04/14 22:00:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2011/04/14 21:33:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recover Data
[2011/04/14 21:33:25 | 000,028,672 | ---- | C] (Unistal Systems Pvt. Ltd.) -- C:\Windows\Getdisk.exe
[2011/04/14 21:33:24 | 000,000,000 | ---D | C] -- C:\Windows\Recover Data for FAT & NTFS
[2011/04/14 21:33:24 | 000,000,000 | ---D | C] -- C:\Program Files\Recover Data for FAT & NTFS
[2011/04/14 15:26:19 | 000,000,000 | ---D | C] -- C:\Users\Aleq\AppData\Roaming\Registry Mechanic
[2011/04/14 15:20:44 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011/04/13 22:33:39 | 000,000,000 | ---D | C] -- C:\Users\Aleq\AppData\Local\ElevatedDiagnostics
[2011/04/13 22:02:33 | 000,000,000 | ---D | C] -- C:\Users\Aleq\AppData\Roaming\Malwarebytes
[2011/04/13 22:02:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/04/13 22:02:05 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/04/12 00:11:49 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2011/04/07 17:39:51 | 000,000,000 | ---D | C] -- C:\Users\Aleq\Documents\TabIt Tabs
[2011/04/07 17:39:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TabIt
[2011/04/07 17:39:35 | 000,000,000 | ---D | C] -- C:\Program Files\TabIt

========== Files - Modified Within 30 Days ==========

[2011/04/30 11:56:36 | 001,377,112 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Aleq\Desktop\run.com.exe
[2011/04/30 11:42:55 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Aleq\Desktop\OTL.exe
[2011/04/30 11:41:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/30 11:29:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/04/30 00:15:41 | 000,624,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/04/30 00:15:41 | 000,106,522 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/04/29 23:52:53 | 000,688,560 | ---- | M] () -- C:\Users\Aleq\Desktop\IMG_0543.JPG
[2011/04/29 23:41:01 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/29 15:41:39 | 000,017,168 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/29 15:41:39 | 000,017,168 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/29 15:33:53 | 000,408,360 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/04/29 15:33:29 | 797,753,344 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/29 00:23:59 | 000,301,568 | ---- | M] () -- C:\Users\Aleq\Documents\8zeyrs1d.exe
[2011/04/29 00:15:17 | 000,301,568 | ---- | M] () -- C:\Users\Aleq\sv7f35h1.exe
[2011/04/28 15:05:45 | 000,002,009 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/04/28 15:05:24 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/04/28 10:23:58 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/04/26 16:14:28 | 000,002,030 | ---- | M] () -- C:\0.bak
[2011/04/25 15:13:25 | 000,006,887 | ---- | M] () -- C:\Users\Aleq\Documents\hijackthislog
[2011/04/25 14:21:53 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2011/04/25 14:21:53 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2011/04/20 10:22:43 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20110426-214402.backup
[2011/04/18 12:25:12 | 000,040,112 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/04/18 12:25:10 | 000,199,304 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011/04/18 12:17:46 | 000,441,176 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011/04/18 12:17:34 | 000,307,288 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011/04/18 12:16:18 | 000,049,240 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011/04/18 12:13:21 | 000,025,432 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011/04/18 12:13:09 | 000,053,592 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/04/18 12:12:58 | 000,019,544 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011/04/15 14:18:15 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2011/04/13 21:08:03 | 000,000,128 | ---- | M] () -- C:\ProgramData\~33414920r
[2011/04/13 21:08:03 | 000,000,096 | ---- | M] () -- C:\ProgramData\~33414920
[2011/04/13 21:07:57 | 000,000,344 | ---- | M] () -- C:\ProgramData\33414920
[2011/04/08 21:37:13 | 000,009,552 | ---- | M] () -- C:\Users\Aleq\.recently-used.xbel
[2011/04/07 17:42:03 | 000,000,936 | ---- | M] () -- C:\Users\Public\Desktop\TabIt.lnk
[2011/04/01 02:22:02 | 000,064,512 | ---- | M] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys

========== Files Created - No Company Name ==========

[2011/04/29 23:49:47 | 000,688,560 | ---- | C] () -- C:\Users\Aleq\Desktop\IMG_0543.JPG
[2011/04/29 00:23:56 | 000,301,568 | ---- | C] () -- C:\Users\Aleq\Documents\8zeyrs1d.exe
[2011/04/29 00:15:07 | 000,301,568 | ---- | C] () -- C:\Users\Aleq\sv7f35h1.exe
[2011/04/28 17:31:28 | 003,432,128 | ---- | C] () -- C:\Users\Aleq\Documents\Dismembered.jpg
[2011/04/28 15:05:45 | 000,002,009 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/04/25 15:13:25 | 000,006,887 | ---- | C] () -- C:\Users\Aleq\Documents\hijackthislog
[2011/04/20 15:17:34 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011/04/20 15:17:34 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2011/04/20 10:08:18 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/04/20 10:08:18 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/04/20 10:08:18 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/04/20 10:08:18 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/04/20 10:08:18 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/04/15 19:55:16 | 000,002,030 | ---- | C] () -- C:\0.bak
[2011/04/13 21:08:03 | 000,000,128 | ---- | C] () -- C:\ProgramData\~33414920r
[2011/04/13 21:08:02 | 000,000,096 | ---- | C] () -- C:\ProgramData\~33414920
[2011/04/13 21:07:57 | 000,000,344 | ---- | C] () -- C:\ProgramData\33414920
[2011/04/08 21:37:13 | 000,009,552 | ---- | C] () -- C:\Users\Aleq\.recently-used.xbel
[2011/04/07 17:39:36 | 000,000,936 | ---- | C] () -- C:\Users\Public\Desktop\TabIt.lnk
[2011/02/13 23:58:45 | 000,010,344 | ---- | C] () -- C:\Windows\scunin.dat
[2010/10/10 01:26:08 | 000,000,362 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/08/27 21:47:04 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010/08/20 03:29:32 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2009/09/23 19:16:08 | 002,050,952 | ---- | C] () -- C:\Windows\System32\igkrng400.bin
[2009/07/13 23:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 23:33:53 | 000,408,360 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 21:05:48 | 000,624,178 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 21:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 21:05:48 | 000,106,522 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 21:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 21:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 21:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 19:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009/07/13 18:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2010/10/09 22:59:01 | 000,000,000 | ---D | M] -- C:\Users\Aleq\AppData\Roaming\Acoustica
[2011/02/11 01:36:51 | 000,000,000 | ---D | M] -- C:\Users\Aleq\AppData\Roaming\Digital Liquid Ltd
[2011/04/15 19:42:27 | 000,000,000 | ---D | M] -- C:\Users\Aleq\AppData\Roaming\DriverCure
[2011/04/13 22:38:03 | 000,000,000 | ---D | M] -- C:\Users\Aleq\AppData\Roaming\gtk-2.0
[2010/10/10 00:03:22 | 000,000,000 | ---D | M] -- C:\Users\Aleq\AppData\Roaming\NCH Swift Sound
[2011/03/29 17:06:23 | 000,000,000 | ---D | M] -- C:\Users\Aleq\AppData\Roaming\NetMedia Providers
[2011/04/15 19:42:27 | 000,000,000 | ---D | M] -- C:\Users\Aleq\AppData\Roaming\ParetoLogic
[2011/03/29 17:06:23 | 000,000,000 | ---D | M] -- C:\Users\Aleq\AppData\Roaming\Publish Providers
[2011/04/14 15:26:19 | 000,000,000 | ---D | M] -- C:\Users\Aleq\AppData\Roaming\Registry Mechanic
[2011/03/29 17:06:09 | 000,000,000 | ---D | M] -- C:\Users\Aleq\AppData\Roaming\Sony
[2011/04/26 15:30:05 | 000,000,000 | ---D | M] -- C:\Users\Aleq\AppData\Roaming\toshiba
[2010/08/19 15:24:47 | 000,000,000 | ---D | M] -- C:\Users\Aleq\AppData\Roaming\Uniblue
[2010/09/11 15:51:07 | 000,000,000 | ---D | M] -- C:\Users\Aleq\AppData\Roaming\WinBatch
[2010/11/03 00:58:02 | 000,000,000 | ---D | M] -- C:\Users\Aleq\AppData\Roaming\Wizards of the Coast
[2009/07/13 23:53:46 | 000,030,970 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >
  • 0

Advertisements

#17
RKinner
Posted 30 April 2011 - 11:57 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
I guess it is not going to work. See if you can delete these files manually:

C:\ProgramData\~33414920r
C:\ProgramData\~33414920
C:\ProgramData\33414920
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
  • 0

#18
Dogma Condemned
Posted 30 April 2011 - 12:14 PM

Dogma Condemned

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
where would i find them?
  • 0

#19
RKinner
Posted 30 April 2011 - 12:28 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
OK Let's try Combofix. You may need to download it again:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe
and Save it to your desktop.

Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************

Killall::

DirLook::
C:\Program Files\Common
%user%\library

File::
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
C:\ProgramData\~33414920r
C:\ProgramData\~33414920
C:\ProgramData\33414920
c:\windows\Tasks\ParetoLogic Registration3.job
c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe
c:\program files\ParetoLogic\PCHA\PCHA.exe

Firefox::
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0021-0000-0017-ABCDEFFEDCBA}




Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes' Anti-Malware (reboot)"=-

******************************************

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.

Pause your anti-virus. (Right click on the avast ball and select Avast Shields Control then Disable until computer is restarted.

Drag it over to combofix and let it start as before. Copy and Paste the log into a reply.

Ron
  • 0

#20
Dogma Condemned
Posted 30 April 2011 - 03:31 PM

Dogma Condemned

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
ComboFix 11-04-30.02 - Aleq 04/30/2011 16:08:47.4.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.1014.418 [GMT -5:00]
Running from: c:\users\Aleq\Desktop\ComboFix.exe
Command switches used :: c:\users\Aleq\Desktop\CFScript.txt
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe"
"c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}"
"c:\program files\ParetoLogic\PCHA\PCHA.exe"
"c:\programdata\~33414920"
"c:\programdata\~33414920r"
"c:\programdata\33414920"
"c:\windows\Tasks\ParetoLogic Registration3.job"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\~33414920
c:\programdata\~33414920r
c:\programdata\33414920
c:\users\Aleq\sv7f35h1.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-03-28 to 2011-04-30 )))))))))))))))))))))))))))))))
.
.
2011-04-30 21:19 . 2011-04-30 21:21 -------- d-----w- c:\users\Aleq\AppData\Local\temp
2011-04-30 21:19 . 2011-04-30 21:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-29 20:39 . 2011-04-11 07:04 7071056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1DB37A3A-2638-413D-A3A0-75CFA65136F3}\mpengine.dll
2011-04-28 20:05 . 2011-04-18 17:12 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-04-28 20:05 . 2011-04-18 17:17 307288 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-04-28 20:05 . 2011-04-18 17:13 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-04-28 20:05 . 2011-04-18 17:16 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-04-28 20:05 . 2011-04-18 17:17 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-04-28 20:05 . 2011-04-18 17:13 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-04-28 20:04 . 2011-04-18 17:25 40112 ----a-w- c:\windows\avastSS.scr
2011-04-28 20:04 . 2011-04-18 17:25 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-04-28 20:04 . 2011-04-28 20:04 -------- d-----w- c:\programdata\AVAST Software
2011-04-28 20:04 . 2011-04-28 20:04 -------- d-----w- c:\program files\AVAST Software
2011-04-28 15:23 . 2011-04-28 15:23 -------- d-----w- C:\_OTL
2011-04-27 05:22 . 2011-04-27 05:22 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-04-27 05:16 . 2011-04-27 05:16 -------- d-----w- c:\windows\Downloaded Program Files
2011-04-26 22:24 . 2011-04-28 19:54 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-04-26 22:24 . 2011-04-28 19:52 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-04-26 20:30 . 2011-04-26 20:30 -------- d-----w- c:\users\Aleq\AppData\Roaming\toshiba
2011-04-26 20:25 . 2011-04-26 20:29 -------- d-----w- c:\program files\TOSHIBA
2011-04-26 20:25 . 1999-10-12 23:47 24576 ----a-w- c:\windows\system32\TSCI.dll
2011-04-26 20:25 . 1999-10-12 23:45 24576 ----a-w- c:\windows\system32\THCI.dll
2011-04-25 19:43 . 2011-04-25 19:43 -------- d-----w- c:\programdata\PC Tools
2011-04-25 16:38 . 2011-04-27 03:18 -------- d-----w- c:\program files\Lotoshare Registry Cleaner
2011-04-17 06:50 . 2011-04-17 06:50 -------- d-----w- c:\program files\Marvell
2011-04-16 00:42 . 2011-04-16 00:42 -------- d-----w- c:\users\Aleq\AppData\Roaming\ParetoLogic
2011-04-16 00:42 . 2011-04-16 00:42 -------- d-----w- c:\users\Aleq\AppData\Roaming\DriverCure
2011-04-16 00:42 . 2011-04-28 19:57 -------- d-----w- c:\programdata\ParetoLogic
2011-04-16 00:42 . 2011-04-16 00:42 -------- d-----w- c:\program files\ParetoLogic
2011-04-15 19:18 . 2011-04-01 07:22 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-04-15 19:18 . 2011-04-15 19:18 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-04-15 19:17 . 2011-04-15 19:17 -------- d-----w- c:\users\Aleq\AppData\Local\Sunbelt Software
2011-04-15 03:06 . 2011-04-15 03:06 -------- d-----w- c:\program files\EASEUS
2011-04-15 03:00 . 2011-04-15 03:05 -------- d-----w- c:\programdata\Lavasoft
2011-04-15 02:33 . 2008-07-10 15:38 28672 ----a-w- c:\windows\Getdisk.exe
2011-04-15 02:33 . 2011-04-15 02:33 -------- d-----w- c:\program files\Recover Data for FAT & NTFS
2011-04-15 02:33 . 2011-04-15 02:33 -------- d-----w- c:\windows\Recover Data for FAT & NTFS
2011-04-14 20:26 . 2011-04-14 20:26 -------- d-----w- c:\users\Aleq\AppData\Roaming\Registry Mechanic
2011-04-14 03:33 . 2011-04-17 07:12 -------- d-----w- c:\users\Aleq\AppData\Local\ElevatedDiagnostics
2011-04-14 03:02 . 2011-04-14 03:02 -------- d-----w- c:\users\Aleq\AppData\Roaming\Malwarebytes
2011-04-14 03:02 . 2011-04-14 03:02 -------- d-----w- c:\programdata\Malwarebytes
2011-04-14 03:02 . 2011-04-28 20:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-12 21:39 . 2011-02-23 05:06 311296 ----a-w- c:\windows\system32\drivers\srv.sys
2011-04-12 21:39 . 2011-02-23 05:05 309760 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-12 21:39 . 2011-02-23 05:05 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-12 21:39 . 2011-03-03 05:29 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-04-12 21:39 . 2011-03-03 05:27 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-04-12 21:39 . 2011-02-19 05:32 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-04-12 21:39 . 2011-02-19 03:37 294912 ----a-w- c:\windows\system32\atmfd.dll
2011-04-12 21:38 . 2011-03-03 03:31 2331136 ----a-w- c:\windows\system32\win32k.sys
2011-04-12 21:38 . 2011-02-12 05:30 191488 ----a-w- c:\windows\system32\FXSCOVER.exe
2011-04-12 21:38 . 2011-02-24 05:32 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-04-12 21:38 . 2011-03-08 05:38 740864 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-12 21:38 . 2011-03-11 05:40 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2011-04-12 21:38 . 2011-03-11 05:40 1137664 ----a-w- c:\windows\system32\mfc42.dll
2011-04-12 21:38 . 2011-02-23 05:05 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-04-12 21:38 . 2011-02-23 05:05 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-04-12 21:38 . 2011-02-23 05:05 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-12 21:38 . 2011-02-23 05:05 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-04-12 05:11 . 2011-04-29 06:18 -------- d-----w- c:\program files\Microsoft
2011-04-12 05:10 . 2011-04-12 05:10 469256 ----a-w- c:\program files\Common Files\Windows Live\.cache\e62db99a1cbf8cf02\InstallManager_WLE_WLE.exe
2011-04-12 05:09 . 2011-04-12 05:09 15712 ----a-w- c:\program files\Common Files\Windows Live\.cache\d7d776b01cbf8cf01\MeshBetaRemover.exe
2011-04-07 22:39 . 2011-04-07 22:42 -------- d-----w- c:\program files\TabIt
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-30 16:40 . 2010-06-24 17:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-02-19 05:56 . 2011-03-09 07:17 805376 ----a-w- c:\windows\system32\FntCache.dll
2011-02-19 05:56 . 2011-03-09 07:17 1076736 ----a-w- c:\windows\system32\DWrite.dll
2011-02-19 05:56 . 2011-03-09 07:17 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-02-14 04:58 . 2011-02-14 04:58 967 ----a-w- c:\windows\ScUnin.pif
2011-02-14 04:58 . 2011-02-14 04:58 94208 ----a-w- c:\windows\ScUnin.exe
2011-02-03 05:45 . 2011-02-08 23:11 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-02-03 02:40 . 2010-09-16 21:57 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-02 23:11 . 2010-08-19 16:37 222080 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of %user%\library ----
.
.
---- Directory of c:\program files\Common ----
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-04-18 17:25 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-24 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-24 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-24 150552]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-04-18 3460784]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-16 135664]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-16 135664]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-20 1343400]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2011-04-01 64512]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-04-18 53592]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2009-07-13 347136]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2010-09-23 316192]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-16 07:07]
.
2011-04-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-16 07:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ask.com?o=15179&l=dis
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\users\Aleq\AppData\Roaming\Mozilla\Firefox\Profiles\vboj4svp.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/pages/Sculpting-Atrocity/239991965339?ref=ts
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: avast! WebRep: [email protected] - c:\program files\AVAST Software\Avast\WebRep\FF
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(876)
c:\windows\system32\igd10umd32.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2011-04-30 16:29:33 - machine was rebooted
ComboFix-quarantined-files.txt 2011-04-30 21:29
ComboFix2.txt 2011-04-28 14:49
ComboFix3.txt 2011-04-26 17:24
ComboFix4.txt 2011-04-20 15:25
.
Pre-Run: 11,841,970,176 bytes free
Post-Run: 11,867,426,816 bytes free
.
- - End Of File - - 2185EFF29B43B1F0FF77B71B50CEB1F0
  • 0

#21
RKinner
Posted 30 April 2011 - 04:43 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
OK. That worked.

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it


Click the "Scan" button to start scan


On completion of the scan click save log, save it to your desktop and post in your next reply
  • 0

#22
Dogma Condemned
Posted 30 April 2011 - 11:56 PM

Dogma Condemned

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
aswMBR version 0.9.5 Copyright© 2011 AVAST Software
Run date: 2011-05-01 00:54:11
-----------------------------
00:54:11.398 OS Version: Windows 6.1.7600
00:54:11.398 Number of processors: 2 586 0xF0D
00:54:11.398 ComputerName: ALEQ-PC UserName: Aleq
00:54:14.768 Initialize success
00:54:17.155 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4
00:54:17.170 Disk 0 Vendor: Hitachi_HTS542512K9SA00 BB2OC33P Size: 114473MB BusType: 11
00:54:19.214 Disk 0 MBR read successfully
00:54:19.214 Disk 0 MBR scan
00:54:21.226 Disk 0 scanning sectors +234434560
00:54:21.258 Disk 0 scanning C:\Windows\system32\drivers
00:54:26.936 Service scanning
00:54:28.512 Disk 0 trace - called modules:
00:54:28.527 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x851a71ed]<<
00:54:28.543 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8517a6e0]
00:54:28.558 3 CLASSPNP.SYS[873a659e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-4[0x85078908]
00:54:28.590 \Driver\atapi[0x8506ada8] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0x851a71ed
00:54:28.605 Scan finished successfully
00:54:55.968 Disk 0 MBR has been saved successfully to "C:\Users\Aleq\Desktop\MBR.dat"
00:54:55.968 The log file has been saved successfully to "C:\Users\Aleq\Desktop\aswMBR.txt"
  • 0

#23
RKinner
Posted 01 May 2011 - 12:40 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
On your desktop should be a file MBR.dat. Can you go to http://virustotal.com, hit the Browse button then point it at your desktop and the file MBR.dat and then Open. Then hit SEND FILE. It will query about 40 anti-virus companies and ask their opinion of the file. IF it doesn't say 0/40 or so please copy the report and paste it into a reply.

I have had one client who ran the Avast boot-scan three times in a row. The first two times it removed something and the last time it was clean and the problem was gone so I think it's probably worthwhile running it again.

Click on the Avast ball. Then click on Scan Computer, then on
Boot-Time Scan then Schedule Now. Reboot and let it run a scan. It may take hours.
Once it finishes it should load windows.

Ron
  • 0

#24
Dogma Condemned
Posted 01 May 2011 - 09:33 AM

Dogma Condemned

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
from what I can see the problems have been taken care of symptom wise but yes I will do these steps as well. thanks again for the help.
  • 0

#25
Dogma Condemned
Posted 01 May 2011 - 09:35 AM

Dogma Condemned

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
It says 0/42
  • 0

Advertisements

#26
RKinner
Posted 01 May 2011 - 10:11 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Good to know. I thought we still had "Ads playing in the background" but I guess the last Combofix run must have got them.

If the symptoms are gone there is no need to run the boot-time scan again.

We need to clean up System Restore.
The best way is to follow Jim's procedure here http://aumha.net/vie...581099691bf108f
tho it hasn't been updated for Vista or Win 7 yet so To create a Restore Point try this:
right click on Computer and select Properties and System Protection (Continue) and then Create (at the bottom). OK Give it a name like Clean and then Create. OK. OK.

Once you have created a Restore Point:

Now Start (Windows Logo Button), Programs, Accessories, Right click on Command Prompt and select Run As Administrator,
cleanmgr

Select "Files from All Users."
Continue

Select OS (C:)
OK

It will think for a few minutes.

Then come up with a few suggestions. Ignore those and press More Options. Under System Restore and Shadow Copies, click Clean Up and let it do its thing.


You can uninstall or delete any tools we had you download and their logs.
To uninstall combofix, copy the next line:

"%userprofile%\Desktop\ComboFix.exe" /Uninstall

To hide hidden files again:


Vista or Win7

# Open the Control Panel menu and click Folder Options.
# After the new window appears select the View tab.
# Remove the check in the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the radio button labeled Do not Show hidden files and folders.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and exit My Computer.


Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.
Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

I recommend you install the free WinPatrol from http://www.winpatrol.com/download.html

It's a small program that will sit in your systray and warn you if something tries to make changes to your system.

If you use USB drives you might want to install Autorun Eater v2.5.
http://download.cnet...4-10752777.html
Another small program which will stay resident and prevent an infected USB drive from infecting your PC.

If you use Firefox then get the AdBlock Plus Add-on.

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox



If your current antivirus is not a paid up subscription you should dump it and install the free Avast
http://www.avast.com...avast-home.html


Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.

If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.

Ron
  • 0

#27
Dogma Condemned
Posted 01 May 2011 - 11:08 AM

Dogma Condemned

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
well i thought we had gotten the problem taken care of but the script errors and ads are still going on.
  • 0

#28
RKinner
Posted 01 May 2011 - 11:29 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Then try the boot-timescan one more time.

Ron
  • 0

#29
Dogma Condemned
Posted 02 May 2011 - 11:09 PM

Dogma Condemned

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
problem solved! thank you so much my friend
  • 0

#30
RKinner
Posted 03 May 2011 - 12:02 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Can you run aswMBR again and post the log it makes. I want to see if the last boot-time scan healed it completely.

Also does TDSSKiller run now?

Ron
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP