Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Multiple Infections limiting internet access

Started by AZCMer , Jul 05 2011 12:14 AM

  • Please log in to reply

#91
AZCMer
Posted 20 August 2011 - 07:40 PM

AZCMer

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 108 posts
Never mind. . . I didn't run as administrator, so I started over. Here is the entry in junk.txt:



HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
DefaultConnectionSettings REG_BINARY 46000000DB100000090000000000000000000000000000000400000000000000A0EBFCF96B5CCC010000000000000000000000000200000002000000C0A8016400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000017000000000000002001000041379E76204D1366B95D44DC0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
SavedLegacySettings REG_BINARY 46000000F1410000090000000000000000000000000000000400000000000000A0EBFCF96B5CCC010000000000000000000000000200000002000000C0A8016400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000017000000000000002001000041379E76204D1366B95D44DC0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000



I'm not sure about the binary stuff being formatted correctly. But there it is none the less.

Edited by AZCMer, 20 August 2011 - 08:42 PM.

  • 0

Advertisements

#92
AZCMer
Posted 21 August 2011 - 01:40 PM

AZCMer

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 108 posts
I started thinking about that proxy and the port number kept me thinking that I KNEW that port from somewhere. So, I checked my router settings and found that I had put in a port for playon and that port number was 57331. I think it was recommended by tversity to enable using playon remotely.

Anyway, I took that setting out of the router settings and rebooted and ran OTL created another junk.txt file.

OTL log:

OTL logfile created on: 8/21/2011 12:29:27 PM - Run 16
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\The Reeve Family\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.75 Gb Total Physical Memory | 4.29 Gb Available Physical Memory | 74.59% Memory free
17.47 Gb Paging File | 15.92 Gb Available in Paging File | 91.16% Paging File free
Paging file location(s): c:\pagefile.sys 12000 18000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 584.07 Gb Total Space | 128.76 Gb Free Space | 22.05% Space Free | Partition Type: NTFS
Drive D: | 12.00 Gb Total Space | 1.86 Gb Free Space | 15.49% Space Free | Partition Type: NTFS

Computer Name: FAMILYCOMPUTER | User Name: The Reeve Family | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/14 16:43:12 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\The Reeve Family\Desktop\OTL.exe
PRC - [2011/07/04 04:43:54 | 003,493,720 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/07/04 04:43:51 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2009/12/01 20:49:52 | 000,210,216 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2009/11/18 04:42:52 | 000,275,072 | ---- | M] (Hewlett-Packard Co.) -- C:\Users\The Reeve Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hpqtra08.exe
PRC - [2009/10/20 14:50:34 | 000,128,296 | ---- | M] (CyberLink Corp.) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2009/09/06 06:06:20 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
PRC - [2009/05/08 16:39:48 | 002,068,992 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
PRC - [2009/05/08 16:11:00 | 002,068,992 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe
PRC - [2009/05/01 14:35:54 | 000,181,544 | ---- | M] (Seagate Technology LLC) -- C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2009/02/27 19:13:04 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
PRC - [2008/11/20 10:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
PRC - [2006/06/10 02:10:57 | 000,351,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Student\Microsoft Student with Encarta Premium 2007 DVD\EDICT.EXE


========== Modules (SafeList) ==========

MOD - [2011/07/14 16:43:12 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\The Reeve Family\Desktop\OTL.exe
MOD - [2011/07/04 04:43:51 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll
MOD - [2010/11/20 05:19:48 | 002,341,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msi.dll
MOD - [2010/11/20 04:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
MOD - [2009/07/13 18:16:14 | 000,040,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sfc_os.dll
MOD - [2009/07/13 18:15:44 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msiltcfg.dll
MOD - [2009/07/13 18:10:22 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sfc.dll
MOD - [2009/07/13 18:09:00 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\normaliz.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/07/04 04:43:51 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/12/03 20:27:24 | 000,028,672 | ---- | M] (LSI Corporation) [Disabled | Stopped] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [2009/11/23 15:53:58 | 000,127,784 | ---- | M] (Wacom Technology, Corp.) [Disabled | Stopped] -- C:\Program Files\WTouch\WTouchService.exe -- (WTouchService)
SRV:64bit: - [2009/11/23 15:53:54 | 005,556,520 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Windows\SysNative\Pen_Tablet.exe -- (TabletServicePen)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/08/16 23:26:40 | 004,410,736 | ---- | M] (MediaMall Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\MediaMall\MediaMallServer.exe -- (MediaMall Server)
SRV - [2010/10/16 11:46:40 | 000,369,256 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/10/14 17:27:38 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [On_Demand | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/07/07 20:07:04 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/02/08 13:32:52 | 000,238,328 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/09/06 06:06:20 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/01 14:35:54 | 000,181,544 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2008/09/18 10:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
SRV - [2007/05/31 10:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 10:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/07/04 04:32:24 | 000,064,856 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/07/14 09:33:14 | 002,746,624 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvtcam.sys -- (DCamUSBNovatek)
DRV:64bit: - [2010/01/26 17:52:22 | 001,212,416 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2010/01/24 22:32:24 | 000,018,216 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV:64bit: - [2010/01/18 16:40:26 | 000,004,608 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rcmirror.sys -- (rcmirror)
DRV:64bit: - [2009/10/14 10:02:20 | 000,027,304 | ---- | M] (MediaMall Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\povrtdev.sys -- (msvad_simple)
DRV:64bit: - [2009/07/31 00:12:56 | 000,339,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/06/10 13:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/26 14:32:04 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV:64bit: - [2009/05/20 11:54:06 | 000,015,656 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/09/12 09:03:34 | 000,651,776 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emBDA64.sys -- (USB28xxBGA)
DRV:64bit: - [2008/09/12 09:03:34 | 000,539,520 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emOEM64.sys -- (USB28xxOEM)
DRV:64bit: - [2008/06/16 03:00:00 | 000,055,024 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2007/02/16 10:12:36 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...bestbuy&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...bestbuy&pf=cndt

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...bestbuy&pf=cndt
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = A6 9F CC 01 38 B8 C9 48 8F 66 58 1D D4 DC B4 BA [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=685749"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.msn.com/"
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.%(version)s
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.81
FF - prefs.js..extensions.enabledItems: {47624dda-b77e-4feb-820a-e4f077d5d4ca}:11.0.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {ab91efd4-6975-4081-8552-1b3922ed79e2}:1.0.5.1
FF - prefs.js..keyword.URL: "http://search.yahoo....type=685749&p="
FF - prefs.js..network.proxy.no_proxies_on: "*.local,localhost,127.0.0.1"
FF - prefs.js..network.proxy.type: 4

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.660: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.660: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.660: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.3: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Users\The Reeve Family\AppData\Local\HuluDesktop\instances\0.9.14.1\nphdplg.dll (Hulu LLC)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\The Reeve Family\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll (Move Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/07/15 17:51:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/08/07 01:03:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG10\Firefox4\ [2011/08/04 09:57:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/07/25 08:17:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/08/06 14:33:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/08/16 15:49:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/08/05 09:41:47 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\The Reeve Family\AppData\Roaming\Move Networks [2010/01/09 18:18:16 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/07/15 17:51:54 | 000,000,000 | ---D | M]

[2011/05/07 18:47:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\The Reeve Family\AppData\Roaming\Mozilla\Extensions
[2011/05/07 18:47:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\The Reeve Family\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/08/18 18:37:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\The Reeve Family\AppData\Roaming\Mozilla\Firefox\Profiles\5oidu41j.default\extensions
[2011/08/18 18:37:39 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\The Reeve Family\AppData\Roaming\Mozilla\Firefox\Profiles\5oidu41j.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/07/26 13:48:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\The Reeve Family\AppData\Roaming\Mozilla\Firefox\Profiles\8vfszevh.default\extensions
[2009/11/29 23:14:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\The Reeve Family\AppData\Roaming\Mozilla\Firefox\Profiles\8vfszevh.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2009/11/29 23:14:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\The Reeve Family\AppData\Roaming\Mozilla\Firefox\Profiles\8vfszevh.default\extensions\staged-xpis
[2010/09/22 10:01:11 | 000,002,160 | ---- | M] () -- C:\Users\The Reeve Family\AppData\Roaming\Mozilla\Firefox\Profiles\5oidu41j.default\searchplugins\startpage-https.xml
[2010/09/22 10:00:52 | 000,002,152 | ---- | M] () -- C:\Users\The Reeve Family\AppData\Roaming\Mozilla\Firefox\Profiles\5oidu41j.default\searchplugins\startpage.xml
[2011/08/17 00:10:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
File not found (No name found) --
[2011/07/25 08:17:17 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2011/08/16 15:49:19 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/11/27 08:40:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 01:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/08/16 21:10:07 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [LaunchHPOSIAPP] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe (Hewlett-Packard)
O4 - HKCU..\Run: [L07AXLRD_2040898] C:\Program Files (x86)\Microsoft Student\Microsoft Student with Encarta Premium 2007 DVD\EDICT.EXE (Microsoft Corporation)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] File not found
O4 - Startup: C:\Users\The Reeve Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hpqtra08.exe (Hewlett-Packard Co.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} https://h50203.www5....DataManager.CAB (Hewlett-Packard Online Support Services)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/18 12:43:14 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\Desktop\MagicLantern
[2011/08/18 10:01:13 | 000,000,000 | ---D | C] -- C:\ProgramData\ZoomBrowser
[2011/08/17 00:06:46 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\teehsonr.sys
[2011/08/17 00:06:46 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\jpfiyt.sys
[2011/08/17 00:06:46 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\jgfzpxfw.sys
[2011/08/17 00:06:46 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\ebimohx.sys
[2011/08/16 22:43:20 | 000,061,440 | ---- | C] ( ) -- C:\Users\The Reeve Family\Desktop\VEW.exe
[2011/08/16 21:10:12 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2011/08/16 21:03:00 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/08/16 20:47:12 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/08/13 12:29:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011/08/13 12:29:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2011/08/13 12:19:48 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\The Reeve Family\Desktop\erunt-setup.exe
[2011/08/12 21:33:43 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\AppData\Local\{9A853E91-0301-4D89-B128-ACEF06961B52}
[2011/08/12 21:33:33 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\AppData\Local\{D7BBB8B9-647E-4A3C-BACD-B397482B1370}
[2011/08/12 20:40:24 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\Desktop\avenger
[2011/08/06 14:34:16 | 000,022,360 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2011/08/06 14:34:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011/08/06 14:34:15 | 000,288,088 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2011/08/06 14:34:11 | 000,031,064 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2011/08/06 14:34:08 | 000,045,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2011/08/06 14:34:07 | 000,600,920 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2011/08/06 14:34:03 | 000,064,856 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2011/08/06 14:34:02 | 000,253,888 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2011/08/06 14:33:46 | 000,199,304 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2011/08/06 14:33:46 | 000,040,112 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/08/06 14:33:37 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011/08/06 14:33:37 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/08/06 14:25:40 | 001,819,488 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Users\The Reeve Family\Desktop\avg_remover_stf_x64_2011_1322.exe
[2011/08/05 21:12:03 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\AppData\Local\{B94F0DAD-8913-4E01-B185-7B2B6EB809BF}
[2011/08/05 21:11:51 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\AppData\Local\{007C5936-EFB4-4133-BBB5-F7F0525FADDF}
[2011/08/05 19:56:12 | 000,000,000 | ---D | C] -- C:\Windows\en
[2011/08/05 19:48:57 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\AppData\Local\{C70CD49D-93A6-4749-A45B-FF85E3A0189B}
[2011/08/05 19:48:45 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\AppData\Local\{86F47851-456E-474E-9455-5D716184E955}
[2011/08/05 14:07:30 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\AppData\Local\{26312C83-66D3-4BA8-B49C-223576547A09}
[2011/08/05 14:07:17 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\AppData\Local\{C20F9968-93CE-454B-A591-B29139E46C44}
[2011/08/05 11:51:02 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/08/05 11:51:02 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/08/05 11:51:02 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/08/05 10:01:04 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\AppData\Local\{87058962-EEDE-401B-A0CB-E1CE5AC7D52B}
[2011/08/05 10:00:52 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\AppData\Local\{7FB5818C-CB63-4AFA-B7DA-CD797443BB7B}
[2011/08/05 09:50:57 | 004,174,574 | R--- | C] (Swearware) -- C:\Users\The Reeve Family\Desktop\ComboFix.exe
[2011/08/05 08:04:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/08/04 21:22:26 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\AppData\Local\{2A15DEC5-2FD4-4354-B2F7-98881254EFDF}
[2011/08/04 17:30:47 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\Documents\Camera_Raw_6_2
[2011/08/04 12:39:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Sonic Shared
[2011/08/04 12:39:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
[2011/08/04 12:32:22 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\syncdb
[2011/07/30 12:22:37 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\Desktop\GooredFix Backups
[2011/07/30 12:21:02 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\The Reeve Family\Desktop\GooredFix.exe
[2011/07/28 01:00:57 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\AppData\Roaming\PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1
[2011/07/27 10:47:44 | 001,915,904 | ---- | C] (AVAST Software) -- C:\Users\The Reeve Family\Desktop\aswMBR.exe
[2011/07/26 12:38:42 | 000,000,000 | ---D | C] -- C:\Seagate temp
[2011/07/26 12:11:09 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/07/26 12:11:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/07/26 12:11:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/07/26 12:10:12 | 009,466,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\The Reeve Family\Desktop\mbam-setup-1.51.1.1800.exe
[2011/07/26 00:35:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlayOn
[2011/07/26 00:35:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ffdshowEx
[2011/07/25 18:20:29 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\Documents\space
[2011/07/25 18:14:53 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\AppData\Local\{352BF278-585C-4743-806A-B98D33E7D45D}
[2011/07/25 13:28:26 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\AdobeLicensingFilesBackup
[2011/07/25 13:20:54 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\Desktop\LicenseRecovery
[2011/07/25 08:17:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared
[2011/07/25 08:17:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Real
[2011/07/25 08:17:04 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2011/07/25 08:16:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\real

========== Files - Modified Within 30 Days ==========

[2011/08/21 12:08:17 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/21 12:08:17 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/21 12:00:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/21 12:00:21 | 334,942,207 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/18 23:34:03 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/08/18 23:34:03 | 000,623,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/08/18 23:34:03 | 000,106,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/08/18 12:50:54 | 000,486,912 | ---- | M] () -- C:\Users\The Reeve Family\Desktop\EOScard.exe
[2011/08/18 10:05:57 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\EOS Utility.lnk
[2011/08/18 10:05:13 | 000,001,134 | ---- | M] () -- C:\Users\Public\Desktop\Digital Photo Professional.lnk
[2011/08/18 10:04:24 | 000,001,099 | ---- | M] () -- C:\Users\Public\Desktop\Picture Style Editor.lnk
[2011/08/18 10:01:13 | 000,001,294 | ---- | M] () -- C:\Users\Public\Desktop\ZoomBrowser EX.lnk
[2011/08/18 09:59:04 | 000,001,279 | ---- | M] () -- C:\Users\The Reeve Family\Desktop\Homeschool - Shortcut.lnk
[2011/08/16 23:41:36 | 000,001,318 | ---- | M] () -- C:\Users\The Reeve Family\AppData\Roaming\wklnhst.dat
[2011/08/16 22:43:23 | 000,061,440 | ---- | M] ( ) -- C:\Users\The Reeve Family\Desktop\VEW.exe
[2011/08/16 21:10:07 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/08/16 20:46:56 | 004,174,574 | R--- | M] (Swearware) -- C:\Users\The Reeve Family\Desktop\ComboFix.exe
[2011/08/16 06:47:17 | 000,000,376 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForThe Reeve Family.job
[2011/08/15 07:07:41 | 000,002,016 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/08/13 14:02:19 | 000,004,236 | ---- | M] () -- C:\backup.reg
[2011/08/13 13:40:26 | 102,144,472 | ---- | M] () -- C:\Users\The Reeve Family\Desktop\setup_11.0.0.1245.x01_2011_08_13_23_11.exe
[2011/08/13 12:29:09 | 000,000,926 | ---- | M] () -- C:\Users\The Reeve Family\Desktop\NTREGOPT.lnk
[2011/08/13 12:29:09 | 000,000,907 | ---- | M] () -- C:\Users\The Reeve Family\Desktop\ERUNT.lnk
[2011/08/13 12:19:49 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\The Reeve Family\Desktop\erunt-setup.exe
[2011/08/12 20:37:03 | 000,724,952 | ---- | M] () -- C:\Users\The Reeve Family\Desktop\avenger.zip
[2011/08/11 05:45:09 | 000,011,892 | ---- | M] () -- C:\Users\The Reeve Family\Desktop\avptool_sysinfo.zip
[2011/08/10 10:40:43 | 000,001,135 | ---- | M] () -- C:\Users\The Reeve Family\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2011/08/10 08:06:14 | 000,475,418 | ---- | M] () -- C:\Users\The Reeve Family\Desktop\Silent Runners.vbs
[2011/08/07 14:53:17 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2011/08/07 14:53:16 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2011/08/06 14:34:16 | 000,001,843 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/08/06 14:34:03 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2011/08/06 14:25:41 | 001,819,488 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Users\The Reeve Family\Desktop\avg_remover_stf_x64_2011_1322.exe
[2011/08/06 14:25:37 | 056,727,728 | ---- | M] () -- C:\Users\The Reeve Family\Desktop\setup_av_free.exe
[2011/08/05 09:12:28 | 000,377,008 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/08/05 08:04:13 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/08/04 12:41:05 | 000,001,215 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Photoshop Elements 8.0.lnk
[2011/07/31 15:51:15 | 000,007,597 | ---- | M] () -- C:\Users\The Reeve Family\AppData\Local\Resmon.ResmonCfg
[2011/07/30 13:41:11 | 002,447,334 | ---- | M] () -- C:\Users\The Reeve Family\AppData\Local\[j0003]-[p06].bmp
[2011/07/30 12:21:03 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\The Reeve Family\Desktop\GooredFix.exe
[2011/07/27 10:48:34 | 001,915,904 | ---- | M] (AVAST Software) -- C:\Users\The Reeve Family\Desktop\aswMBR.exe
[2011/07/27 09:53:01 | 000,099,118 | ---- | M] () -- C:\Users\The Reeve Family\Documents\Sample Truth Focus Staements.pdf
[2011/07/26 12:42:39 | 000,002,150 | ---- | M] () -- C:\Users\Public\Desktop\Seagate Manager.lnk
[2011/07/26 12:11:10 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/26 12:10:17 | 009,466,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\The Reeve Family\Desktop\mbam-setup-1.51.1.1800.exe
[2011/07/26 00:35:26 | 000,002,055 | ---- | M] () -- C:\Users\Public\Desktop\PlayOn.lnk
[2011/07/25 08:17:29 | 000,001,042 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2011/07/25 08:17:04 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll

========== Files Created - No Company Name ==========

[2011/08/18 10:01:13 | 000,001,294 | ---- | C] () -- C:\Users\Public\Desktop\ZoomBrowser EX.lnk
[2011/08/18 09:59:04 | 000,001,279 | ---- | C] () -- C:\Users\The Reeve Family\Desktop\Homeschool - Shortcut.lnk
[2011/08/13 13:38:41 | 102,144,472 | ---- | C] () -- C:\Users\The Reeve Family\Desktop\setup_11.0.0.1245.x01_2011_08_13_23_11.exe
[2011/08/13 13:20:27 | 000,004,236 | ---- | C] () -- C:\backup.reg
[2011/08/13 12:29:09 | 000,000,926 | ---- | C] () -- C:\Users\The Reeve Family\Desktop\NTREGOPT.lnk
[2011/08/13 12:29:09 | 000,000,907 | ---- | C] () -- C:\Users\The Reeve Family\Desktop\ERUNT.lnk
[2011/08/12 20:37:02 | 000,724,952 | ---- | C] () -- C:\Users\The Reeve Family\Desktop\avenger.zip
[2011/08/10 08:06:13 | 000,475,418 | ---- | C] () -- C:\Users\The Reeve Family\Desktop\Silent Runners.vbs
[2011/08/10 07:40:13 | 000,011,892 | ---- | C] () -- C:\Users\The Reeve Family\Desktop\avptool_sysinfo.zip
[2011/08/07 14:53:17 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2011/08/07 14:53:16 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2011/08/06 14:34:16 | 000,001,843 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/08/06 14:34:02 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2011/08/06 14:24:53 | 056,727,728 | ---- | C] () -- C:\Users\The Reeve Family\Desktop\setup_av_free.exe
[2011/08/05 11:51:02 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/08/05 11:51:02 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/08/05 11:51:02 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/08/05 11:51:02 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/08/05 11:51:02 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/08/05 08:04:13 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/08/04 12:41:05 | 000,001,227 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Elements 8.0.lnk
[2011/08/04 12:41:05 | 000,001,215 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Photoshop Elements 8.0.lnk
[2011/07/30 13:41:10 | 002,447,334 | ---- | C] () -- C:\Users\The Reeve Family\AppData\Local\[j0003]-[p06].bmp
[2011/07/27 09:53:01 | 000,099,118 | ---- | C] () -- C:\Users\The Reeve Family\Documents\Sample Truth Focus Staements.pdf
[2011/07/26 12:42:39 | 000,002,150 | ---- | C] () -- C:\Users\Public\Desktop\Seagate Manager.lnk
[2011/07/26 12:11:10 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/26 00:35:26 | 000,002,055 | ---- | C] () -- C:\Users\Public\Desktop\PlayOn.lnk
[2011/07/25 08:17:29 | 000,001,042 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2010/07/15 18:07:36 | 000,000,558 | ---- | C] () -- C:\Windows\hpomdl37.dat.temp
[2010/07/15 17:46:54 | 000,171,932 | ---- | C] () -- C:\Windows\hpoins37.dat
[2010/06/30 00:12:16 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2010/06/27 13:29:20 | 000,000,070 | ---- | C] () -- C:\Windows\FSaver.ini
[2010/06/27 13:29:19 | 000,000,103 | ---- | C] () -- C:\Windows\Wingmakers.ini
[2010/06/06 08:18:23 | 000,003,235 | ---- | C] () -- C:\Users\The Reeve Family\AppData\Local\Temp11.html
[2010/06/06 08:18:08 | 000,000,778 | ---- | C] () -- C:\Users\The Reeve Family\AppData\Local\Temp1.html
[2010/04/30 22:34:58 | 000,000,036 | ---- | C] () -- C:\Users\The Reeve Family\AppData\Local\housecall.guid.cache
[2010/04/30 06:37:02 | 000,003,276 | ---- | C] () -- C:\Windows\SysWow64\NVTBM.ini
[2010/04/08 10:53:05 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/03/22 08:00:15 | 000,007,597 | ---- | C] () -- C:\Users\The Reeve Family\AppData\Local\Resmon.ResmonCfg
[2010/02/02 13:05:58 | 000,000,558 | ---- | C] () -- C:\Windows\hpomdl37.dat
[2009/12/21 10:06:32 | 000,002,325 | ---- | C] () -- C:\Windows\checkip.dat
[2009/12/12 09:01:02 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/12/07 14:41:31 | 000,000,022 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009/11/27 09:05:23 | 000,000,848 | -HS- | C] () -- C:\Windows\SysWow64\KGyGaAvL.sys
[2009/11/26 10:12:08 | 000,001,318 | ---- | C] () -- C:\Users\The Reeve Family\AppData\Roaming\wklnhst.dat
[2009/07/13 22:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 19:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 19:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 17:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 14:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2008/01/14 17:47:06 | 000,099,712 | ---- | C] () -- C:\Windows\HPBroker.dll
[2007/09/05 17:01:22 | 000,012,288 | ---- | C] () -- C:\Windows\SysWow64\DivXWMPExtType.dll
[2007/08/23 09:55:34 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2005/08/26 15:28:34 | 000,143,360 | ---- | C] () -- C:\Windows\unzip.exe
[2005/08/26 15:28:20 | 000,024,576 | ---- | C] () -- C:\Windows\shortcut.exe
[2005/08/26 15:27:58 | 000,045,056 | ---- | C] () -- C:\Windows\devenum.exe
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI
[2000/06/28 03:00:00 | 000,124,416 | ---- | C] () -- C:\Windows\SysWow64\dXCtrls.dll

========== LOP Check ==========

[2011/03/24 13:22:25 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\Amazon
[2010/01/20 09:15:56 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\Audio Recorder for Free
[2011/07/18 13:54:03 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\AVG10
[2010/05/28 18:01:32 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\Barnes & Noble
[2009/11/27 07:32:06 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\BNeReader
[2010/05/29 12:00:54 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\calibre
[2011/06/20 23:37:11 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\Canon
[2010/11/04 07:37:06 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\Digiarty
[2011/08/05 09:44:34 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\Dropbox
[2009/12/02 09:14:06 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\Foxit
[2010/01/07 23:08:35 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\Foxit Software
[2011/03/19 11:53:45 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\Jasc
[2010/03/26 18:02:45 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\Leadertech
[2010/08/24 15:32:49 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\muvee Technologies
[2010/07/15 06:30:48 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\OpenDNS Updater
[2010/01/09 18:27:12 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\OverDrive
[2011/07/28 01:00:57 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1
[2009/11/25 20:14:55 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\PictureMover
[2010/11/27 14:49:57 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\QuickScan
[2011/07/26 12:36:49 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\SecondLife
[2010/03/24 21:27:43 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\SystemRequirementsLab
[2009/11/26 10:12:30 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\Template
[2011/05/07 18:47:17 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\Thunderbird
[2011/02/02 11:46:05 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\Visan
[2009/12/18 20:09:29 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\WildTangent
[2009/11/26 21:09:37 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\WinBatch
[2010/08/07 18:35:16 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\Windows Live Writer
[2010/07/03 07:49:54 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\WTouch
[2011/08/06 17:27:33 | 000,032,634 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 985 bytes -> C:\Users\The Reeve Family\Documents\Lezli, welcome to www_realmindpowersecrets_com !.eml:OECustomProperty
@Alternate Data Stream - 1719 bytes -> C:\Users\The Reeve Family\Documents\Nieuwjaar 2010.eml:OECustomProperty
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:CB0AACC9

< End of report >

Attached Files

  • Attached File  junk.txt   1.4KB   159 downloads

  • 0

#93
RKinner
Posted 29 August 2011 - 07:57 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
It appears I missed your last reply some how. What is your status now that you have cleared up the mystery proxy?

Ron
  • 0

#94
RKinner
Posted 29 August 2011 - 10:48 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
I searched my gmail account and had no notifications that you replied (except an old one from 11/27/10 guess I've talked to you before) so something is not working right with the forum notification process. IF you don't hear from me in 24 hrs (it will usually be a lot less as I check the forum many times a day.) then please PM me.

Ron
  • 0

#95
AZCMer
Posted 29 August 2011 - 11:05 AM

AZCMer

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 108 posts
I just reran OTL and did not find a proxy setting for port 57331 (or for any other port for that matter). It turns out that is the port used by playon used for mobile media access.

So, are we clean here? Do I just uninstall everything here and count us fini?

BTW, everything is running well.

Edited by AZCMer, 29 August 2011 - 11:43 AM.

  • 0

#96
RKinner
Posted 29 August 2011 - 05:46 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
No notification again. Going to complain to Admin about it.

Yes I think we are done. Cleanup time:

Copy the following:

Let's cleanup System Restore:

Copy the text in the code box by highlighting and Ctrl + c 


    
:Commands
[CLEARALLRESTOREPOINTS]

then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered. It shouldn't need to reboot.



You can uninstall or delete any tools we had you download and their logs.
To uninstall combofix, copy the next line:

"%userprofile%\Desktop\combofix.exe" /Uninstall

Start, All Programs, Accessories then right click on Command Prompt and Run As Administrator.
then right click, Paste, then hit Enter.

OTL has a cleanup tab if you go there it will remove itself and its logs.

To hide hidden files again (OTL may do it for you):

Vista or Win7

# Open the Control Panel menu and click Folder Options.
# After the new window appears select the View tab.
# Remove the check in the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the radio button labeled Do not Show hidden files and folders.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and exit My Computer.

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

To help keep your programs up-to-date you should download and run the UpdateChecker:
http://www.filehippo.../updatechecker/
(You don't need to download Betas and if there is a program you don't use you can just uninstall it rather than update it. Exception is MSN messenger which appears to be part of Windows.)


If you use Firefox then get the AdBlock Plus Add-on. WOT (Web of Trust) is another you might want to try.
The equivalent to AdBlock Plus for IE is called Simple Adblock and you should install it too: Adhttp://simple-adblock.com/

If Firefox is slow loading make sure it only has the current Java Console add-on/Extension. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox . It seems to work best if you reboot right after running it. You can run it any time that Firefox seems slow.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.


If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.

Ron
  • 0

#97
AZCMer
Posted 30 August 2011 - 11:15 PM

AZCMer

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 108 posts
Everything is done except me figuring out how to encrypt the router which I'll check out on their website. Currently it is set on WPA/WPA2 mixed setup. I have already changed the passwords. All the programs I downloaded are uninstalled and firefox has been boosted with the popup blockers you've recommended. Everything has been updated.

Currently I'm using Avast and I will never go back to McAfee. My firewall I'm using currently is the Windows firewall. How is Windows Defender?

Thank you, folks, for all your help and especially for your patience. I have learned a lot going through this process with you all and appreciate your tenacity and knowledge. Thank you, thank you, thank you!
  • 0

#98
RKinner
Posted 31 August 2011 - 12:33 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Your router encryption sounds like it's probably good enough. Just don't want to run wep or none.

Windows Defender is OK. It doesn't hurt to let it run and it might once in a while find something.

If you want a better firewall you can try the free Online Armor. http://www.online-ar...-armor-free.php

There is another add on for Firefox called noscript for the really paranoid. It's a bit of a pain to use but it does prevent websites from running scripts which might hurt your PC. You can allow certain websites you trust to run scripts. http://noscript.net/ Takes some getting used to.

Ron
  • 0

#99
AZCMer
Posted 01 September 2011 - 12:32 AM

AZCMer

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 108 posts
Is Windows Defender something that can run at the same time as a virus shield such as Avast? Wouldn't the two cause a conflict? And what about a spyware? Would that conflict? Can I have them installed and just run them to check and keep them from running while Avast is my main antivirus?

I am looking into the firewall you've suggested.

Thank you so much for all of your help. And, please thank Cold Titanium for his help as well.
  • 0

#100
RKinner
Posted 07 September 2011 - 08:48 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Notifications broken again. Sorry.

Windows Defender and Avast work together OK. Spyware S&D is OK too tho I don't much care for their TeaTimer or their immunize routine.

Ron
  • 0

Advertisements

#101
AZCMer
Posted 10 September 2011 - 02:30 PM

AZCMer

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 108 posts
It's broken on my end as well.

Thank you so much for the feedback. I think I will allow Windows Defender to run along side my Avast. One thing I've learned the hard way is that McAfee is not worth the time. It did not find or protect me from any of this. It's a shame. It seems corporations think they can only make money from service agreements and not from good relationships with their customers.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP