Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Search Engine Redirect Virus

Started by JimInUtica , Aug 01 2011 11:21 AM

  • This topic is locked This topic is locked

#1
JimInUtica
Posted 01 August 2011 - 11:21 AM

JimInUtica

    New Member

  • Member
  • Pip
  • 8 posts
I have a case of Google and Bing redirect virus here. Just started a few days ago. My details:

It affects both Firefox and IE. I get redirects using Google and Bing but not Yahoo (usually to find-fast-answers and similar).

I had been running Norton Antivirus all along. I ran a full system scan and it found nothing. Also tried their Power Eraser and FixTDSS with no luck.

I've tried Kaspersky's TDSSkiller, HitMan Pro 3.5, Malwarebytes and am now running Avast. I've turned off Norton Antivirus as Avast seems to be doing better. Hitman, Malwarebytes and Avast found and fixed a few things but didn't solve it.

I have also reinstalled Firefox 5.0.1, cleared the cache and most cookies. The Hosts file only shows local host.

Currently, if I do a search and get a redirect, Malwarebytes pops up and prevents it.

Does anyone know if this infection does anything more than be a nuisance?

I'm running XP Pro on an older Dell machine.

OTL Log follows...

Thanks for any assistance,
Jim in Utica




OTL logfile created on: 8/1/2011 1:09:54 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\jim\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.00 Mb Total Physical Memory | 250.52 Mb Available Physical Memory | 24.49% Memory free
2.41 Gb Paging File | 1.82 Gb Available in Paging File | 75.69% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.46 Gb Total Space | 37.92 Gb Free Space | 50.93% Space Free | Partition Type: NTFS

Computer Name: Jum | User Name: jim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/01 13:09:11 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jim\Desktop\OTL.exe
PRC - [2011/07/08 03:16:28 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/07/06 19:52:38 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/07/04 07:43:54 | 003,493,720 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/07/04 07:43:51 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton AntiVirus\Engine\18.6.0.29\ccsvchst.exe
PRC - [2010/12/15 18:03:02 | 000,080,448 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files\Kodak\MediaImpression\ArcMonitor.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2008/08/13 14:34:08 | 001,891,416 | ---- | M] (GARMIN Corp.) -- C:\Garmin\gStart.exe
PRC - [2008/04/29 08:05:43 | 001,245,064 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/13 20:12:14 | 000,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\cmd.exe
PRC - [2008/02/09 20:06:33 | 000,238,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2007/03/12 18:30:14 | 000,517,768 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
PRC - [2005/09/30 20:22:50 | 000,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2004/05/27 21:05:42 | 000,323,584 | ---- | M] (Dell) -- C:\Program Files\Common Files\Dell\EUSW\Support.exe
PRC - [2003/10/07 17:20:18 | 000,352,256 | ---- | M] ( ) -- C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
PRC - [2003/08/13 12:27:40 | 000,028,672 | ---- | M] (Dell - Advanced Desktop Engineering) -- C:\WINDOWS\SYSTEM32\DSentry.exe
PRC - [2003/02/14 07:13:36 | 000,094,208 | ---- | M] (Visioneer Inc) -- C:\Program Files\Visioneer OneTouch\OneTouchMon.exe


========== Modules (SafeList) ==========

MOD - [2011/08/01 13:09:11 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jim\Desktop\OTL.exe
MOD - [2011/07/04 07:43:51 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/07/04 07:43:51 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe -- (NAV)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2008/08/04 11:20:16 | 003,220,856 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
SRV - [2008/04/29 08:05:43 | 001,245,064 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2008/02/09 20:06:33 | 000,238,968 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007/03/12 18:30:14 | 000,517,768 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe -- (LiveUpdate Notice Service)
SRV - [2005/09/30 20:22:50 | 000,096,341 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2003/03/03 15:33:40 | 000,143,360 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc)


========== Driver Services (SafeList) ==========

DRV - [2011/07/28 07:54:31 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/07/28 07:54:31 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/07/22 20:27:23 | 000,815,736 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20110723.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/07/07 17:01:40 | 000,355,256 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20110729.030\IDSXpx86.sys -- (IDSxpx86)
DRV - [2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mbam.sys -- (MBAMProtector)
DRV - [2011/07/04 07:36:43 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/07/04 07:36:32 | 000,309,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/07/04 07:35:23 | 000,043,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/07/04 07:35:12 | 000,102,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/07/04 07:32:32 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/07/04 07:32:13 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/07/04 07:32:12 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/05/18 17:11:57 | 001,542,392 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20110731.003\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/05/18 17:11:57 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20110731.003\NAVENG.SYS -- (NAVENG)
DRV - [2011/05/12 08:51:00 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/03/30 23:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\NAV\1206000.01D\SRTSP.SYS -- (SRTSP)
DRV - [2011/03/30 23:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1206000.01D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/03/21 20:39:49 | 000,369,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\NAV\1206000.01D\SYMTDI.SYS -- (SYMTDI)
DRV - [2011/03/14 22:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NAV\1206000.01D\SYMEFA.SYS -- (SymEFA)
DRV - [2011/01/27 02:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NAV\1206000.01D\SYMDS.SYS -- (SymDS)
DRV - [2011/01/27 01:07:05 | 000,136,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1206000.01D\Ironx86.SYS -- (SymIRON)
DRV - [2008/09/08 23:58:14 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2007/11/06 13:22:00 | 000,036,224 | ---- | M] (ArcSoft Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\ArcCD.sys -- (ArcCD)
DRV - [2007/09/05 12:04:34 | 000,079,408 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\TPkd.sys -- (TPkd)
DRV - [2007/04/25 08:55:02 | 000,134,912 | ---- | M] (ArcSoft Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\ArcUdfs.sys -- (ArcUdfs)
DRV - [2006/11/10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\afc.sys -- (Afc)
DRV - [2006/01/28 12:12:41 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\symlcbrd.sys -- (symlcbrd)
DRV - [2004/08/04 01:29:49 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys -- (iAimFP4)
DRV - [2004/08/04 01:29:47 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys -- (iAimFP3)
DRV - [2004/08/04 01:29:45 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys -- (iAimTV4)
DRV - [2004/08/04 01:29:43 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys -- (iAimTV3)
DRV - [2004/08/04 01:29:42 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys -- (iAimTV1)
DRV - [2004/08/04 01:29:41 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys -- (iAimTV0)
DRV - [2004/08/04 01:29:37 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys -- (iAimFP0)
DRV - [2004/08/04 01:29:37 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys -- (iAimFP1)
DRV - [2004/08/04 01:29:37 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys -- (iAimFP2)
DRV - [2004/08/04 01:29:36 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys -- (i81x)
DRV - [2004/08/04 01:29:26 | 000,701,440 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtag.sys -- (ati2mtag)
DRV - [2003/06/02 07:00:30 | 001,101,696 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\BCMSM.sys -- (BCMModem)
DRV - [2002/11/08 15:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2002/10/14 01:40:32 | 000,017,616 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\tj2knd5.sys -- (tj2knd5) Terayon Cable Modem (NDIS)
DRV - [2002/10/14 01:40:24 | 000,069,680 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\tj2kunic.sys -- (tj2kunic) Terayon Cable Modem (WDM)
DRV - [2002/05/13 20:59:20 | 000,004,272 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\bvrp_pci.sys -- (bvrp_pci)
DRV - [2001/08/17 14:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS -- (EL90XBC)
DRV - [2001/08/17 14:11:02 | 000,153,631 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XND5.SYS -- (EL90X)
DRV - [2000/03/29 18:11:20 | 000,008,096 | ---- | M] (MicroStaff Co.,Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\MASPINT.SYS -- (MASPINT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://email.mvcc.edu/exchange/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 64 61 20 18 BE F5 54 48 B6 E9 9B 73 3D 87 55 CE [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {C0D0F6D1-9FC9-4b0a-B485-D5E13AF40D51}:2.3.54
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2027: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2088: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1040: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\IPSFFPlgn\ [2011/07/07 07:31:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/07/31 19:26:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/31 19:37:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/17 07:53:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.11\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/06/22 12:24:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.11\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011/06/17 07:53:08 | 000,000,000 | ---D | M]

[2010/08/31 09:53:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\jim\Application Data\Mozilla\Extensions
[2010/08/31 09:53:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\jim\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/05/03 07:13:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\jim\Application Data\Mozilla\Firefox\Profiles\4e5gn8zg.default\extensions
[2010/04/28 08:28:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\jim\Application Data\Mozilla\Firefox\Profiles\4e5gn8zg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/02/11 17:00:10 | 000,000,000 | ---D | M] (Answers) -- C:\Documents and Settings\jim\Application Data\Mozilla\Firefox\Profiles\4e5gn8zg.default\extensions\{C0D0F6D1-9FC9-4b0a-B485-D5E13AF40D51}
[2011/07/31 15:55:10 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\jim\Application Data\Mozilla\Firefox\Profiles\4e5gn8zg.default\extensions\{d2d56ef2-be4b-4136-9356-aee299afa1af}
[2011/05/03 07:13:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
[2011/07/07 07:31:28 | 000,000,000 | ---D | M] (Symantec IPS) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\IPSFFPLGN
[2011/07/31 19:26:10 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2010/04/06 08:54:24 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/07/08 03:16:28 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/07/12 12:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2010/03/31 10:09:22 | 010,437,264 | ---- | M] (PDFTron Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\PDFNetC.dll
[2010/04/08 12:36:02 | 000,107,760 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\ScorchPDFWrapper.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2002/08/29 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\18.6.0.29\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [ArcSoft MediaImpression Monitor] C:\Program Files\Kodak\MediaImpression\ArcMonitor.exe (ArcSoft, Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DVDSentry] C:\WINDOWS\SYSTEM32\DSentry.exe (Dell - Advanced Desktop Engineering)
O4 - HKLM..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe (Dell)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [OneTouch Monitor] C:\Program Files\Visioneer OneTouch\OneTouchMon.exe (Visioneer Inc)
O4 - HKLM..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE (FUJI PHOTO FILM CO., LTD.)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKCU..\Run: [gStart] C:\Garmin\gStart.exe (GARMIN Corp.)
O4 - Startup: C:\Documents and Settings\jim\Start Menu\Programs\Startup\Command Prompt.lnk = C:\WINDOWS\SYSTEM32\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\jim\Start Menu\Programs\Startup\thunderbird.exe.lnk = C:\Program Files\Mozilla Thunderbird\thunderbird.exe (Mozilla Messaging)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: aol.com ([free] http in Trusted sites)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.micros...ontent/opuc.cab (Office Update Installation Engine)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupd...8018.4698726852 (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.1_02)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\jim\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\jim\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/01/31 17:37:05 | 000,000,033 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{8ed0408a-9f0a-11df-8940-0007e94b2bc8}\Shell - "" = AutoRun
O33 - MountPoints2\{8ed0408a-9f0a-11df-8940-0007e94b2bc8}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8ed0408a-9f0a-11df-8940-0007e94b2bc8}\Shell\AutoRun\command - "" = F:\MI.exe
O33 - MountPoints2\{9a54c2d8-f491-11de-870b-0007e94b2bc8}\Shell - "" = AutoRun
O33 - MountPoints2\{9a54c2d8-f491-11de-870b-0007e94b2bc8}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9a54c2d8-f491-11de-870b-0007e94b2bc8}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/01 13:09:08 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\jim\Desktop\OTL.exe
[2011/08/01 11:51:02 | 001,915,904 | ---- | C] (AVAST Software) -- C:\Documents and Settings\jim\Desktop\aswMBR.exe
[2011/07/31 19:48:35 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\jim\Recent
[2011/07/31 19:39:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2011/07/31 19:39:10 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/07/31 19:18:21 | 000,019,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/07/31 19:18:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2011/07/31 19:18:20 | 000,309,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/07/31 19:18:05 | 000,025,432 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/07/31 19:18:04 | 000,441,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/07/31 19:18:04 | 000,043,608 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/07/31 19:18:03 | 000,102,616 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/07/31 19:18:03 | 000,096,344 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/07/31 19:18:02 | 000,030,808 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/07/31 19:17:36 | 000,040,112 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/07/31 19:17:33 | 000,199,304 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/07/31 19:17:16 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/07/31 19:17:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/07/31 18:42:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jim\Application Data\Malwarebytes
[2011/07/31 18:42:22 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/07/31 18:42:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/07/31 18:42:17 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/07/31 18:42:17 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/07/31 17:31:31 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security
[2011/07/31 17:31:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2011/07/31 17:29:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2011/07/31 17:23:42 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2011/07/31 15:55:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2011/07/31 15:53:01 | 006,619,456 | ---- | C] (SurfRight B.V.) -- C:\Documents and Settings\jim\Desktop\HitmanPro35.exe
[2011/07/31 14:10:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jim\Local Settings\Application Data\NPE
[2011/07/31 12:12:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/07/29 17:26:08 | 001,404,208 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\jim\Desktop\TDSSKiller.exe
[2011/07/10 11:19:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[15 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[1 C:\Documents and Settings\jim\*.tmp files -> C:\Documents and Settings\jim\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/01 13:09:11 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jim\Desktop\OTL.exe
[2011/08/01 12:21:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/01 12:06:46 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\jim\Desktop\MBR.dat
[2011/08/01 11:51:59 | 001,915,904 | ---- | M] (AVAST Software) -- C:\Documents and Settings\jim\Desktop\aswMBR.exe
[2011/08/01 11:21:29 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2011/08/01 11:20:10 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/08/01 11:19:22 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/01 11:19:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2011/08/01 11:19:08 | 1072,762,880 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/01 11:11:47 | 000,000,519 | ---- | M] () -- C:\WINDOWS\frontpg.ini
[2011/08/01 11:03:43 | 000,445,370 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2011/08/01 11:03:42 | 000,072,576 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2011/08/01 07:57:29 | 000,021,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/07/31 19:39:12 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/07/31 19:37:29 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\jim\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/07/31 19:37:28 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/07/31 19:26:11 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/07/31 19:18:21 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/07/31 18:42:23 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/31 17:32:33 | 000,852,316 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/07/31 17:23:42 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2011/07/31 16:50:12 | 000,001,394 | ---- | M] () -- C:\WINDOWS\pagebreeze.ini
[2011/07/31 16:50:10 | 000,000,048 | ---- | M] () -- C:\WINDOWS\.prj
[2011/07/31 16:28:09 | 000,006,283 | ---- | M] () -- C:\Documents and Settings\jim\.recently-used.xbel
[2011/07/31 16:00:36 | 000,001,642 | ---- | M] () -- C:\WINDOWS\System32\.crusader
[2011/07/31 15:54:48 | 000,015,872 | ---- | M] () -- C:\Documents and Settings\jim\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/31 15:53:10 | 006,619,456 | ---- | M] (SurfRight B.V.) -- C:\Documents and Settings\jim\Desktop\HitmanPro35.exe
[2011/07/31 15:08:51 | 000,000,558 | ---- | M] () -- C:\Documents and Settings\jim\Desktop\MS Dev Studio.lnk
[2011/07/31 14:22:33 | 000,002,230 | ---- | M] () -- C:\Documents and Settings\jim\Application Data\SMRResults200.dat
[2011/07/31 14:21:39 | 000,000,211 | RHS- | M] () -- C:\BOOT.INI
[2011/07/31 12:12:42 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\jim\Desktop\SpywareBlaster.lnk
[2011/07/30 07:14:32 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\2116538450
[2011/07/29 17:26:08 | 001,404,208 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\jim\Desktop\TDSSKiller.exe
[2011/07/29 15:27:22 | 000,000,223 | ---- | M] () -- C:\WINDOWS\hpbafd.ini
[2011/07/28 14:04:53 | 000,002,505 | ---- | M] () -- C:\Documents and Settings\jim\Desktop\Word.lnk
[2011/07/13 15:06:43 | 000,242,328 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/10 11:19:18 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/07/04 07:43:53 | 000,040,112 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/07/04 07:43:51 | 000,199,304 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/07/04 07:36:43 | 000,441,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/07/04 07:36:32 | 000,309,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/07/04 07:35:23 | 000,043,608 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/07/04 07:35:12 | 000,102,616 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/07/04 07:35:09 | 000,096,344 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/07/04 07:32:32 | 000,025,432 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/07/04 07:32:13 | 000,030,808 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/07/04 07:32:12 | 000,019,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[15 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[1 C:\Documents and Settings\jim\*.tmp files -> C:\Documents and Settings\jim\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/01 12:06:46 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\jim\Desktop\MBR.dat
[2011/07/31 19:39:12 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/07/31 19:18:21 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/07/31 18:42:22 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/31 17:32:08 | 000,852,316 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/07/31 16:28:09 | 000,006,283 | ---- | C] () -- C:\Documents and Settings\jim\.recently-used.xbel
[2011/07/31 16:00:36 | 000,001,642 | ---- | C] () -- C:\WINDOWS\System32\.crusader
[2011/07/31 15:55:30 | 000,021,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/07/31 15:08:51 | 000,000,558 | ---- | C] () -- C:\Documents and Settings\jim\Desktop\MS Dev Studio.lnk
[2011/07/31 14:22:19 | 000,002,230 | ---- | C] () -- C:\Documents and Settings\jim\Application Data\SMRResults200.dat
[2011/07/30 07:14:31 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\2116538450
[2011/07/10 11:19:18 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/10/05 19:35:56 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\jim\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/10/05 17:53:09 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/06/06 20:46:20 | 000,122,880 | ---- | C] () -- C:\WINDOWS\UnGins.exe
[2009/12/30 09:25:04 | 000,047,404 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/07/01 12:22:48 | 000,484,352 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2009/03/24 10:01:16 | 000,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini
[2007/10/31 17:43:47 | 000,003,646 | ---- | C] () -- C:\WINDOWS\scad3.INI
[2007/04/11 20:31:12 | 000,001,394 | ---- | C] () -- C:\WINDOWS\pagebreeze.ini
[2007/04/11 20:31:12 | 000,000,044 | ---- | C] () -- C:\WINDOWS\formbreeze.ini
[2006/12/21 09:27:59 | 000,000,038 | ---- | C] () -- C:\WINDOWS\pdf2text.INI
[2005/02/22 10:09:46 | 000,001,601 | ---- | C] () -- C:\WINDOWS\C2Cw.INI
[2005/01/25 10:20:07 | 000,194,560 | ---- | C] () -- C:\WINDOWS\runsetup.exe
[2005/01/24 17:56:50 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\WNASPI32.DLL
[2005/01/24 17:56:50 | 000,000,291 | ---- | C] () -- C:\WINDOWS\msfsetup.ini
[2004/12/05 09:15:00 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\jim\Local Settings\Application Data\fusioncache.dat
[2004/12/01 22:14:41 | 000,099,965 | ---- | C] () -- C:\WINDOWS\UninstallThunderbird.exe
[2004/12/01 21:39:49 | 000,099,965 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2004/11/02 09:27:31 | 000,000,108 | ---- | C] () -- C:\WINDOWS\Anw_IP.ini
[2004/10/01 19:43:14 | 000,000,091 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2004/09/10 15:27:20 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/09/02 08:36:31 | 000,000,006 | ---- | C] () -- C:\WINDOWS\System32\cuatro.ini
[2004/02/29 18:34:19 | 000,015,872 | ---- | C] () -- C:\Documents and Settings\jim\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/02/21 16:17:12 | 000,000,223 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
[2004/02/03 21:30:49 | 000,909,824 | ---- | C] () -- C:\WINDOWS\System32\Tre32.dll
[2004/02/03 21:30:49 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\Vbis4032.dll
[2004/02/03 21:30:45 | 000,053,248 | ---- | C] () -- C:\WINDOWS\Hmspl32.dll
[2004/02/03 20:09:37 | 000,000,767 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2004/02/02 20:28:30 | 000,004,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys
[2004/02/01 12:52:11 | 000,000,683 | ---- | C] () -- C:\WINDOWS\fpexplor.INI
[2004/02/01 11:58:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\netscape.INI
[2004/02/01 11:49:32 | 000,634,087 | ---- | C] () -- C:\WINDOWS\cd32.exe
[2004/02/01 10:48:56 | 000,025,334 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2004/01/31 18:07:47 | 000,008,163 | ---- | C] () -- C:\WINDOWS\lviewp.ini
[2004/01/31 17:44:34 | 000,170,496 | ---- | C] () -- C:\WINDOWS\System32\ENABLE32.DLL
[2004/01/31 16:22:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2004/01/31 15:56:43 | 000,000,519 | ---- | C] () -- C:\WINDOWS\frontpg.ini
[2004/01/31 15:31:17 | 000,002,156 | ---- | C] () -- C:\WINDOWS\FONTSMRT.INI
[2004/01/31 15:17:08 | 000,119,704 | ---- | C] () -- C:\WINDOWS\WL50EN.DLL
[2004/01/31 14:55:03 | 000,000,048 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2004/01/30 22:34:35 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2004/01/23 21:34:50 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/01/23 21:33:06 | 000,001,860 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/01/23 21:30:13 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2004/01/23 21:25:12 | 000,040,387 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2004/01/23 21:24:04 | 000,000,197 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/01/23 21:14:12 | 000,002,048 | --S- | C] () -- C:\WINDOWS\BOOTSTAT.DAT
[2004/01/23 21:12:42 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/01/23 21:12:38 | 000,445,370 | ---- | C] () -- C:\WINDOWS\System32\PERFH009.DAT
[2004/01/23 21:12:38 | 000,072,576 | ---- | C] () -- C:\WINDOWS\System32\PERFC009.DAT
[2004/01/23 21:12:27 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/01/23 21:00:48 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2003/10/16 17:50:50 | 000,000,791 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2003/08/14 00:54:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/01/07 17:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/09/03 15:42:36 | 000,242,328 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2002/09/03 15:35:18 | 000,004,274 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2002/09/03 15:31:48 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2002/09/03 10:31:46 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.BIN
[2002/09/03 10:31:44 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.DAT
[2002/08/29 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\MLANG.DAT
[2002/08/29 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\PERFI009.DAT
[2002/08/29 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\DSSEC.DAT
[2002/08/29 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\MIB.BIN
[2002/08/29 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\PERFD009.DAT
[2002/08/29 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2002/08/29 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\NOISE.DAT
[2002/08/09 14:15:16 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\Welsof32.dll
[2002/01/08 17:57:34 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Jpeg32.dll
[1996/02/06 19:27:49 | 000,138,240 | ---- | C] () -- C:\WINDOWS\System32\VVTENG32.DLL
[1996/02/06 19:27:47 | 000,078,848 | ---- | C] () -- C:\WINDOWS\System32\VVLIB32.DLL
[1996/02/06 19:27:47 | 000,057,856 | ---- | C] () -- C:\WINDOWS\System32\VVTAPI32.DLL
[1996/02/06 19:27:32 | 000,631,808 | ---- | C] () -- C:\WINDOWS\System32\SMTHLPHP.EXE
[1996/02/06 19:27:22 | 000,004,528 | ---- | C] () -- C:\WINDOWS\System32\SETBROWS.EXE
[1996/02/06 19:26:47 | 000,009,136 | ---- | C] () -- C:\WINDOWS\System32\INETWH16.DLL
[1996/02/06 19:26:34 | 001,473,536 | ---- | C] () -- C:\WINDOWS\System32\ABOUTSAX.DLL
[1995/09/15 20:31:14 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[1980/01/01 02:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

========== LOP Check ==========

[2011/07/31 19:17:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2009/06/07 11:51:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN
[2011/07/31 16:00:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2009/04/29 19:41:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy
[2009/02/26 16:38:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2004/02/03 20:23:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2011/07/31 17:57:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2004/01/23 21:26:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/12/27 10:15:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2007/01/02 23:43:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jim\Application Data\Canon
[2005/01/24 18:01:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jim\Application Data\FUJIFILM
[2009/06/07 11:51:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jim\Application Data\GARMIN
[2009/05/05 10:05:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jim\Application Data\Garritan
[2009/04/28 14:09:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jim\Application Data\GenieSoft
[2011/07/31 16:28:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jim\Application Data\gtk-2.0
[2010/09/05 18:46:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jim\Application Data\ISTool
[2004/01/31 14:36:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jim\Application Data\Leadertech
[2009/04/29 19:41:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jim\Application Data\PACE Anti-Piracy
[2010/08/31 09:53:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jim\Application Data\Thunderbird
[2010/08/12 13:06:31 | 000,000,276 | ---- | M] () -- C:\WINDOWS\Tasks\videopadShakeIcon.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 1071 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:0JfaTFnOpB5l9al4tpNX0Vs53
@Alternate Data Stream - 1052 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:EhoqZJPGU03s9IdOlxM
@Alternate Data Stream - 1029 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:MRtiCn73K4nh0ZKUs7hFkqdiTB

< End of report >
  • 0

Advertisements

#2
BlackOxide
Posted 01 August 2011 - 12:55 PM

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Hi, Jim! Welcome to GeeksToGo! My name is BlackOxide and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any queries or you are unsure about anything, just say and I'll help you out :unsure:

It may well be worth you printing/saving the instructions throughout the fix, so you have them to hand just incase you are unable to access this site.

Please note the following:
  • Remember to post your logs, not attach them. So, any logs from any programs we run, should be just 'copied & pasted' into your reply, unless I specifically need you to attach them.
  • Please only run the tools that I request. I know malware can be frustrating but running other tools in the meantime and between posts, only makes it harder for me to analyse and fix your PC in the long run.
  • I will always try and respond to replies as soon as possible, but please be patient as some logs require more time than others to fully analyse.
  • If you are not sure of anything along the way, just ask.

OK, lets start :)



Could you do the following scans for me please, then get back to me with the logs that are created :yes:




1)
OTL Quick Scan
  • Double click on the OTL icon to run it.
  • When the window appears, underneath Output at the top, make sure Standard Output is selected.
  • Tick the Scan All Users box at the top
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open a notepad window.
  • Please post the contents of this log




2)
Download aswMBR.exe (1.8mb) to your desktop.

Double click aswMBR.exe to run it.

Click the "Scan" button to start the scan.

Posted Image


On completion of the scan click save log, save it to your desktop and post it in your next reply.

Posted Image




In your next reply
Please post the contents of...
OTL log
aswMBR log
  • 0

#3
JimInUtica
Posted 01 August 2011 - 01:52 PM

JimInUtica

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Hello Black Oxide, and thanks for the assistance (love the avatar, BTW). Here is the OTL.txt log, the aswMBR.txt log follows it:


OTL logfile created on: 8/1/2011 3:26:33 PM - Run 2
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\jim\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.00 Mb Total Physical Memory | 430.11 Mb Available Physical Memory | 42.04% Memory free
2.41 Gb Paging File | 1.94 Gb Available in Paging File | 80.76% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.46 Gb Total Space | 37.96 Gb Free Space | 50.99% Space Free | Partition Type: NTFS

Computer Name: Jum | User Name: jim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/01 13:09:11 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jim\Desktop\OTL.exe
PRC - [2011/07/08 03:16:28 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/07/06 19:52:38 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/07/04 07:43:54 | 003,493,720 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/07/04 07:43:51 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton AntiVirus\Engine\18.6.0.29\ccsvchst.exe
PRC - [2010/12/15 18:03:02 | 000,080,448 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files\Kodak\MediaImpression\ArcMonitor.exe
PRC - [2010/10/27 19:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/08/25 11:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2008/08/13 14:34:08 | 001,891,416 | ---- | M] (GARMIN Corp.) -- C:\Garmin\gStart.exe
PRC - [2008/04/29 08:05:43 | 001,245,064 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/13 20:12:14 | 000,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\cmd.exe
PRC - [2008/02/09 20:06:33 | 000,238,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2007/03/12 18:30:14 | 000,517,768 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
PRC - [2005/09/30 20:22:50 | 000,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2004/05/27 21:05:42 | 000,323,584 | ---- | M] (Dell) -- C:\Program Files\Common Files\Dell\EUSW\Support.exe
PRC - [2003/10/07 17:20:18 | 000,352,256 | ---- | M] ( ) -- C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
PRC - [2003/08/19 02:01:00 | 000,110,592 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
PRC - [2003/08/13 12:27:40 | 000,028,672 | ---- | M] (Dell - Advanced Desktop Engineering) -- C:\WINDOWS\SYSTEM32\DSentry.exe
PRC - [2003/02/14 07:13:36 | 000,094,208 | ---- | M] (Visioneer Inc) -- C:\Program Files\Visioneer OneTouch\OneTouchMon.exe


========== Modules (SafeList) ==========

MOD - [2011/08/01 13:09:11 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jim\Desktop\OTL.exe
MOD - [2011/07/04 07:43:51 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/07/04 07:43:51 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe -- (NAV)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2008/08/04 11:20:16 | 003,220,856 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
SRV - [2008/04/29 08:05:43 | 001,245,064 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2008/02/09 20:06:33 | 000,238,968 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007/03/12 18:30:14 | 000,517,768 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe -- (LiveUpdate Notice Service)
SRV - [2005/09/30 20:22:50 | 000,096,341 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2003/03/03 15:33:40 | 000,143,360 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc)


========== Driver Services (SafeList) ==========

DRV - [2011/07/28 07:54:31 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/07/28 07:54:31 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/07/22 20:27:23 | 000,815,736 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20110723.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/07/07 17:01:40 | 000,355,256 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20110729.030\IDSXpx86.sys -- (IDSxpx86)
DRV - [2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mbam.sys -- (MBAMProtector)
DRV - [2011/07/04 07:36:43 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/07/04 07:36:32 | 000,309,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/07/04 07:35:23 | 000,043,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/07/04 07:35:12 | 000,102,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/07/04 07:32:32 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/07/04 07:32:13 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/07/04 07:32:12 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/05/18 17:11:57 | 001,542,392 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20110731.003\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/05/18 17:11:57 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20110731.003\NAVENG.SYS -- (NAVENG)
DRV - [2011/05/12 08:51:00 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/03/30 23:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\NAV\1206000.01D\SRTSP.SYS -- (SRTSP)
DRV - [2011/03/30 23:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1206000.01D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/03/21 20:39:49 | 000,369,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\NAV\1206000.01D\SYMTDI.SYS -- (SYMTDI)
DRV - [2011/03/14 22:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NAV\1206000.01D\SYMEFA.SYS -- (SymEFA)
DRV - [2011/01/27 02:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NAV\1206000.01D\SYMDS.SYS -- (SymDS)
DRV - [2011/01/27 01:07:05 | 000,136,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1206000.01D\Ironx86.SYS -- (SymIRON)
DRV - [2008/09/08 23:58:14 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2007/11/06 13:22:00 | 000,036,224 | ---- | M] (ArcSoft Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\ArcCD.sys -- (ArcCD)
DRV - [2007/09/05 12:04:34 | 000,079,408 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\TPkd.sys -- (TPkd)
DRV - [2007/04/25 08:55:02 | 000,134,912 | ---- | M] (ArcSoft Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\ArcUdfs.sys -- (ArcUdfs)
DRV - [2006/11/10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\afc.sys -- (Afc)
DRV - [2006/01/28 12:12:41 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\symlcbrd.sys -- (symlcbrd)
DRV - [2004/08/04 01:29:49 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys -- (iAimFP4)
DRV - [2004/08/04 01:29:47 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys -- (iAimFP3)
DRV - [2004/08/04 01:29:45 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys -- (iAimTV4)
DRV - [2004/08/04 01:29:43 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys -- (iAimTV3)
DRV - [2004/08/04 01:29:42 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys -- (iAimTV1)
DRV - [2004/08/04 01:29:41 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys -- (iAimTV0)
DRV - [2004/08/04 01:29:37 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys -- (iAimFP0)
DRV - [2004/08/04 01:29:37 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys -- (iAimFP1)
DRV - [2004/08/04 01:29:37 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys -- (iAimFP2)
DRV - [2004/08/04 01:29:36 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys -- (i81x)
DRV - [2004/08/04 01:29:26 | 000,701,440 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtag.sys -- (ati2mtag)
DRV - [2003/06/02 07:00:30 | 001,101,696 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\BCMSM.sys -- (BCMModem)
DRV - [2002/11/08 15:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2002/10/14 01:40:32 | 000,017,616 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\tj2knd5.sys -- (tj2knd5) Terayon Cable Modem (NDIS)
DRV - [2002/10/14 01:40:24 | 000,069,680 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\tj2kunic.sys -- (tj2kunic) Terayon Cable Modem (WDM)
DRV - [2002/05/13 20:59:20 | 000,004,272 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\bvrp_pci.sys -- (bvrp_pci)
DRV - [2001/08/17 14:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS -- (EL90XBC)
DRV - [2001/08/17 14:11:02 | 000,153,631 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XND5.SYS -- (EL90X)
DRV - [2000/03/29 18:11:20 | 000,008,096 | ---- | M] (MicroStaff Co.,Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\MASPINT.SYS -- (MASPINT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 64 61 20 18 BE F5 54 48 B6 E9 9B 73 3D 87 55 CE [binary data]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 64 61 20 18 BE F5 54 48 B6 E9 9B 73 3D 87 55 CE [binary data]
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 64 61 20 18 BE F5 54 48 B6 E9 9B 73 3D 87 55 CE [binary data]
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 64 61 20 18 BE F5 54 48 B6 E9 9B 73 3D 87 55 CE [binary data]
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-33608459-2442173641-3971502971-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-33608459-2442173641-3971502971-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-33608459-2442173641-3971502971-1007\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-33608459-2442173641-3971502971-1007\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKU\S-1-5-21-33608459-2442173641-3971502971-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://email.mvcc.edu/exchange/
IE - HKU\S-1-5-21-33608459-2442173641-3971502971-1007\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 64 61 20 18 BE F5 54 48 B6 E9 9B 73 3D 87 55 CE [binary data]
IE - HKU\S-1-5-21-33608459-2442173641-3971502971-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-33608459-2442173641-3971502971-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..extensions.enabledItems: {C0D0F6D1-9FC9-4b0a-B485-D5E13AF40D51}:2.3.54
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2027: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2088: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1040: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\IPSFFPlgn\ [2011/07/07 07:31:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/07/31 19:26:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/31 19:37:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/17 07:53:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.11\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/06/22 12:24:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.11\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011/06/17 07:53:08 | 000,000,000 | ---D | M]

[2010/08/31 09:53:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\jim\Application Data\Mozilla\Extensions
[2010/08/31 09:53:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\jim\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/05/03 07:13:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\jim\Application Data\Mozilla\Firefox\Profiles\4e5gn8zg.default\extensions
[2010/04/28 08:28:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\jim\Application Data\Mozilla\Firefox\Profiles\4e5gn8zg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/02/11 17:00:10 | 000,000,000 | ---D | M] (Answers) -- C:\Documents and Settings\jim\Application Data\Mozilla\Firefox\Profiles\4e5gn8zg.default\extensions\{C0D0F6D1-9FC9-4b0a-B485-D5E13AF40D51}
[2011/07/31 15:55:10 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\jim\Application Data\Mozilla\Firefox\Profiles\4e5gn8zg.default\extensions\{d2d56ef2-be4b-4136-9356-aee299afa1af}
[2011/05/03 07:13:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
[2011/07/07 07:31:28 | 000,000,000 | ---D | M] (Symantec IPS) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\IPSFFPLGN
[2011/07/31 19:26:10 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2010/04/06 08:54:24 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/07/08 03:16:28 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/07/12 12:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2010/03/31 10:09:22 | 010,437,264 | ---- | M] (PDFTron Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\PDFNetC.dll
[2010/04/08 12:36:02 | 000,107,760 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\ScorchPDFWrapper.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2002/08/29 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\18.6.0.29\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKU\S-1-5-21-33608459-2442173641-3971502971-1007\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [ArcSoft MediaImpression Monitor] C:\Program Files\Kodak\MediaImpression\ArcMonitor.exe (ArcSoft, Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DVDSentry] C:\WINDOWS\SYSTEM32\DSentry.exe (Dell - Advanced Desktop Engineering)
O4 - HKLM..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe (Dell)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [OneTouch Monitor] C:\Program Files\Visioneer OneTouch\OneTouchMon.exe (Visioneer Inc)
O4 - HKLM..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE (FUJI PHOTO FILM CO., LTD.)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKU\.DEFAULT..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNOTIFY.EXE (Symantec Corporation)
O4 - HKU\S-1-5-18..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNOTIFY.EXE (Symantec Corporation)
O4 - HKU\S-1-5-21-33608459-2442173641-3971502971-1007..\Run: [gStart] C:\Garmin\gStart.exe (GARMIN Corp.)
O4 - Startup: C:\Documents and Settings\jim\Start Menu\Programs\Startup\Command Prompt.lnk = C:\WINDOWS\SYSTEM32\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\jim\Start Menu\Programs\Startup\thunderbird.exe.lnk = C:\Program Files\Mozilla Thunderbird\thunderbird.exe (Mozilla Messaging)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-33608459-2442173641-3971502971-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-33608459-2442173641-3971502971-1007\..Trusted Domains: aol.com ([free] http in Trusted sites)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.micros...ontent/opuc.cab (Office Update Installation Engine)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupd...8018.4698726852 (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.1_02)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\jim\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\jim\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/01/31 17:37:05 | 000,000,033 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{8ed0408a-9f0a-11df-8940-0007e94b2bc8}\Shell - "" = AutoRun
O33 - MountPoints2\{8ed0408a-9f0a-11df-8940-0007e94b2bc8}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8ed0408a-9f0a-11df-8940-0007e94b2bc8}\Shell\AutoRun\command - "" = F:\MI.exe
O33 - MountPoints2\{9a54c2d8-f491-11de-870b-0007e94b2bc8}\Shell - "" = AutoRun
O33 - MountPoints2\{9a54c2d8-f491-11de-870b-0007e94b2bc8}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9a54c2d8-f491-11de-870b-0007e94b2bc8}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/01 13:09:08 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\jim\Desktop\OTL.exe
[2011/08/01 11:51:02 | 001,915,904 | ---- | C] (AVAST Software) -- C:\Documents and Settings\jim\Desktop\aswMBR.exe
[2011/07/31 19:48:35 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\jim\Recent
[2011/07/31 19:39:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2011/07/31 19:39:10 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/07/31 19:18:21 | 000,019,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/07/31 19:18:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2011/07/31 19:18:20 | 000,309,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/07/31 19:18:05 | 000,025,432 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/07/31 19:18:04 | 000,441,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/07/31 19:18:04 | 000,043,608 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/07/31 19:18:03 | 000,102,616 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/07/31 19:18:03 | 000,096,344 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/07/31 19:18:02 | 000,030,808 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/07/31 19:17:36 | 000,040,112 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/07/31 19:17:33 | 000,199,304 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/07/31 19:17:16 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/07/31 19:17:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/07/31 18:42:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jim\Application Data\Malwarebytes
[2011/07/31 18:42:22 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/07/31 18:42:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/07/31 18:42:17 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/07/31 18:42:17 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/07/31 17:31:31 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security
[2011/07/31 17:31:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2011/07/31 17:29:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2011/07/31 17:23:42 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2011/07/31 15:55:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2011/07/31 15:53:01 | 006,619,456 | ---- | C] (SurfRight B.V.) -- C:\Documents and Settings\jim\Desktop\HitmanPro35.exe
[2011/07/31 14:10:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jim\Local Settings\Application Data\NPE
[2011/07/31 12:12:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/07/29 17:26:08 | 001,404,208 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\jim\Desktop\TDSSKiller.exe
[2011/07/10 11:19:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[15 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[1 C:\Documents and Settings\jim\*.tmp files -> C:\Documents and Settings\jim\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/01 15:22:41 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2011/08/01 15:21:24 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/01 15:21:09 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/08/01 15:21:02 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/01 15:20:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2011/08/01 15:20:40 | 1072,762,880 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/01 13:09:11 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jim\Desktop\OTL.exe
[2011/08/01 12:06:46 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\jim\Desktop\MBR.dat
[2011/08/01 11:51:59 | 001,915,904 | ---- | M] (AVAST Software) -- C:\Documents and Settings\jim\Desktop\aswMBR.exe
[2011/08/01 11:11:47 | 000,000,519 | ---- | M] () -- C:\WINDOWS\frontpg.ini
[2011/08/01 11:03:43 | 000,445,370 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2011/08/01 11:03:42 | 000,072,576 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2011/08/01 07:57:29 | 000,021,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/07/31 19:39:12 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/07/31 19:37:29 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\jim\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/07/31 19:37:28 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/07/31 19:26:11 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/07/31 19:18:21 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/07/31 18:42:23 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/31 17:32:33 | 000,852,316 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/07/31 17:23:42 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2011/07/31 16:50:12 | 000,001,394 | ---- | M] () -- C:\WINDOWS\pagebreeze.ini
[2011/07/31 16:50:10 | 000,000,048 | ---- | M] () -- C:\WINDOWS\.prj
[2011/07/31 16:28:09 | 000,006,283 | ---- | M] () -- C:\Documents and Settings\jim\.recently-used.xbel
[2011/07/31 16:00:36 | 000,001,642 | ---- | M] () -- C:\WINDOWS\System32\.crusader
[2011/07/31 15:54:48 | 000,015,872 | ---- | M] () -- C:\Documents and Settings\jim\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/31 15:53:10 | 006,619,456 | ---- | M] (SurfRight B.V.) -- C:\Documents and Settings\jim\Desktop\HitmanPro35.exe
[2011/07/31 15:08:51 | 000,000,558 | ---- | M] () -- C:\Documents and Settings\jim\Desktop\MS Dev Studio.lnk
[2011/07/31 14:22:33 | 000,002,230 | ---- | M] () -- C:\Documents and Settings\jim\Application Data\SMRResults200.dat
[2011/07/31 14:21:39 | 000,000,211 | RHS- | M] () -- C:\BOOT.INI
[2011/07/31 12:12:42 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\jim\Desktop\SpywareBlaster.lnk
[2011/07/30 07:14:32 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\2116538450
[2011/07/29 17:26:08 | 001,404,208 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\jim\Desktop\TDSSKiller.exe
[2011/07/29 15:27:22 | 000,000,223 | ---- | M] () -- C:\WINDOWS\hpbafd.ini
[2011/07/28 14:04:53 | 000,002,505 | ---- | M] () -- C:\Documents and Settings\jim\Desktop\Word.lnk
[2011/07/13 15:06:43 | 000,242,328 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/10 11:19:18 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/07/04 07:43:53 | 000,040,112 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/07/04 07:43:51 | 000,199,304 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/07/04 07:36:43 | 000,441,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/07/04 07:36:32 | 000,309,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/07/04 07:35:23 | 000,043,608 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/07/04 07:35:12 | 000,102,616 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/07/04 07:35:09 | 000,096,344 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/07/04 07:32:32 | 000,025,432 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/07/04 07:32:13 | 000,030,808 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/07/04 07:32:12 | 000,019,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[15 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[1 C:\Documents and Settings\jim\*.tmp files -> C:\Documents and Settings\jim\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/01 12:06:46 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\jim\Desktop\MBR.dat
[2011/07/31 19:39:12 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/07/31 19:18:21 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/07/31 18:42:22 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/31 17:32:08 | 000,852,316 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/07/31 16:28:09 | 000,006,283 | ---- | C] () -- C:\Documents and Settings\jim\.recently-used.xbel
[2011/07/31 16:00:36 | 000,001,642 | ---- | C] () -- C:\WINDOWS\System32\.crusader
[2011/07/31 15:55:30 | 000,021,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/07/31 15:08:51 | 000,000,558 | ---- | C] () -- C:\Documents and Settings\jim\Desktop\MS Dev Studio.lnk
[2011/07/31 14:22:19 | 000,002,230 | ---- | C] () -- C:\Documents and Settings\jim\Application Data\SMRResults200.dat
[2011/07/30 07:14:31 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\2116538450
[2011/07/10 11:19:18 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/10/05 19:35:56 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\jim\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/10/05 17:53:09 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/06/06 20:46:20 | 000,122,880 | ---- | C] () -- C:\WINDOWS\UnGins.exe
[2009/12/30 09:25:04 | 000,047,404 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/07/01 12:22:48 | 000,484,352 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2009/03/24 10:01:16 | 000,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini
[2007/10/31 17:43:47 | 000,003,646 | ---- | C] () -- C:\WINDOWS\scad3.INI
[2007/04/11 20:31:12 | 000,001,394 | ---- | C] () -- C:\WINDOWS\pagebreeze.ini
[2007/04/11 20:31:12 | 000,000,044 | ---- | C] () -- C:\WINDOWS\formbreeze.ini
[2006/12/21 09:27:59 | 000,000,038 | ---- | C] () -- C:\WINDOWS\pdf2text.INI
[2005/02/22 10:09:46 | 000,001,601 | ---- | C] () -- C:\WINDOWS\C2Cw.INI
[2005/01/25 10:20:07 | 000,194,560 | ---- | C] () -- C:\WINDOWS\runsetup.exe
[2005/01/24 17:56:50 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\WNASPI32.DLL
[2005/01/24 17:56:50 | 000,000,291 | ---- | C] () -- C:\WINDOWS\msfsetup.ini
[2004/12/05 09:15:00 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\jim\Local Settings\Application Data\fusioncache.dat
[2004/12/01 22:14:41 | 000,099,965 | ---- | C] () -- C:\WINDOWS\UninstallThunderbird.exe
[2004/12/01 21:39:49 | 000,099,965 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2004/11/02 09:27:31 | 000,000,108 | ---- | C] () -- C:\WINDOWS\Anw_IP.ini
[2004/10/01 19:43:14 | 000,000,091 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2004/09/10 15:27:20 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/09/02 08:36:31 | 000,000,006 | ---- | C] () -- C:\WINDOWS\System32\cuatro.ini
[2004/02/29 18:34:19 | 000,015,872 | ---- | C] () -- C:\Documents and Settings\jim\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/02/21 16:17:12 | 000,000,223 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
[2004/02/03 21:30:49 | 000,909,824 | ---- | C] () -- C:\WINDOWS\System32\Tre32.dll
[2004/02/03 21:30:49 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\Vbis4032.dll
[2004/02/03 21:30:45 | 000,053,248 | ---- | C] () -- C:\WINDOWS\Hmspl32.dll
[2004/02/03 20:09:37 | 000,000,767 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2004/02/02 20:28:30 | 000,004,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys
[2004/02/01 12:52:11 | 000,000,683 | ---- | C] () -- C:\WINDOWS\fpexplor.INI
[2004/02/01 11:58:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\netscape.INI
[2004/02/01 11:49:32 | 000,634,087 | ---- | C] () -- C:\WINDOWS\cd32.exe
[2004/02/01 10:48:56 | 000,025,334 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2004/01/31 18:07:47 | 000,008,163 | ---- | C] () -- C:\WINDOWS\lviewp.ini
[2004/01/31 17:44:34 | 000,170,496 | ---- | C] () -- C:\WINDOWS\System32\ENABLE32.DLL
[2004/01/31 16:22:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2004/01/31 15:56:43 | 000,000,519 | ---- | C] () -- C:\WINDOWS\frontpg.ini
[2004/01/31 15:31:17 | 000,002,156 | ---- | C] () -- C:\WINDOWS\FONTSMRT.INI
[2004/01/31 15:17:08 | 000,119,704 | ---- | C] () -- C:\WINDOWS\WL50EN.DLL
[2004/01/31 14:55:03 | 000,000,048 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2004/01/30 22:34:35 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2004/01/23 21:34:50 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/01/23 21:33:06 | 000,001,860 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/01/23 21:30:13 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2004/01/23 21:25:12 | 000,040,387 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2004/01/23 21:24:04 | 000,000,197 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/01/23 21:14:12 | 000,002,048 | --S- | C] () -- C:\WINDOWS\BOOTSTAT.DAT
[2004/01/23 21:12:42 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/01/23 21:12:38 | 000,445,370 | ---- | C] () -- C:\WINDOWS\System32\PERFH009.DAT
[2004/01/23 21:12:38 | 000,072,576 | ---- | C] () -- C:\WINDOWS\System32\PERFC009.DAT
[2004/01/23 21:12:27 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/01/23 21:00:48 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2003/10/16 17:50:50 | 000,000,791 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2003/08/14 00:54:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/01/07 17:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/09/03 15:42:36 | 000,242,328 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2002/09/03 15:35:18 | 000,004,274 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2002/09/03 15:31:48 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2002/09/03 10:31:46 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.BIN
[2002/09/03 10:31:44 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.DAT
[2002/08/29 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\MLANG.DAT
[2002/08/29 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\PERFI009.DAT
[2002/08/29 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\DSSEC.DAT
[2002/08/29 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\MIB.BIN
[2002/08/29 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\PERFD009.DAT
[2002/08/29 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2002/08/29 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\NOISE.DAT
[2002/08/09 14:15:16 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\Welsof32.dll
[2002/01/08 17:57:34 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Jpeg32.dll
[1996/02/06 19:27:49 | 000,138,240 | ---- | C] () -- C:\WINDOWS\System32\VVTENG32.DLL
[1996/02/06 19:27:47 | 000,078,848 | ---- | C] () -- C:\WINDOWS\System32\VVLIB32.DLL
[1996/02/06 19:27:47 | 000,057,856 | ---- | C] () -- C:\WINDOWS\System32\VVTAPI32.DLL
[1996/02/06 19:27:32 | 000,631,808 | ---- | C] () -- C:\WINDOWS\System32\SMTHLPHP.EXE
[1996/02/06 19:27:22 | 000,004,528 | ---- | C] () -- C:\WINDOWS\System32\SETBROWS.EXE
[1996/02/06 19:26:47 | 000,009,136 | ---- | C] () -- C:\WINDOWS\System32\INETWH16.DLL
[1996/02/06 19:26:34 | 001,473,536 | ---- | C] () -- C:\WINDOWS\System32\ABOUTSAX.DLL
[1995/09/15 20:31:14 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[1980/01/01 02:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

========== LOP Check ==========

[2011/07/31 19:17:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2009/06/07 11:51:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN
[2011/07/31 16:00:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2009/04/29 19:41:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy
[2009/02/26 16:38:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2004/02/03 20:23:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2011/07/31 17:57:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2004/01/23 21:26:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/12/27 10:15:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2007/01/02 23:43:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jim\Application Data\Canon
[2005/01/24 18:01:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jim\Application Data\FUJIFILM
[2009/06/07 11:51:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jim\Application Data\GARMIN
[2009/05/05 10:05:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jim\Application Data\Garritan
[2009/04/28 14:09:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jim\Application Data\GenieSoft
[2011/07/31 16:28:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jim\Application Data\gtk-2.0
[2010/09/05 18:46:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jim\Application Data\ISTool
[2004/01/31 14:36:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jim\Application Data\Leadertech
[2009/04/29 19:41:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jim\Application Data\PACE Anti-Piracy
[2010/08/31 09:53:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jim\Application Data\Thunderbird
[2005/10/03 07:04:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\karen\Application Data\Thunderbird
[2010/08/12 13:06:31 | 000,000,276 | ---- | M] () -- C:\WINDOWS\Tasks\videopadShakeIcon.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 1071 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:0JfaTFnOpB5l9al4tpNX0Vs53
@Alternate Data Stream - 1052 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:EhoqZJPGU03s9IdOlxM
@Alternate Data Stream - 1029 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:MRtiCn73K4nh0ZKUs7hFkqdiTB

< End of report >





aswMBR version 0.9.8.978 Copyright© 2011 AVAST Software
Run date: 2011-08-01 15:36:59
-----------------------------
15:36:59.656 OS Version: Windows 5.1.2600 Service Pack 3
15:36:59.656 Number of processors: 2 586 0x209
15:36:59.656 ComputerName: Jum UserName: jim
15:37:00.140 Initialize success
15:37:00.250 AVAST engine defs: 11080100
15:37:04.546 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
15:37:04.546 Disk 0 Vendor: ST380011A 3.16 Size: 76293MB BusType: 3
15:37:06.546 Disk 0 MBR read successfully
15:37:06.546 Disk 0 MBR scan
15:37:06.562 Disk 0 Windows XP default MBR code
15:37:06.562 Disk 0 scanning sectors +156232125
15:37:06.703 Disk 0 scanning C:\WINDOWS\system32\drivers
15:37:18.328 Service scanning
15:37:19.531 Modules scanning
15:37:32.843 Disk 0 trace - called modules:
15:37:32.859 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
15:37:32.859 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f04ab8]
15:37:32.859 3 CLASSPNP.SYS[f7561fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86f09d98]
15:37:33.421 AVAST engine scan C:\WINDOWS
15:37:41.250 AVAST engine scan C:\WINDOWS\system32
15:39:23.593 AVAST engine scan C:\WINDOWS\system32\drivers
15:39:40.515 AVAST engine scan C:\Documents and Settings\jim
15:47:23.734 AVAST engine scan C:\Documents and Settings\All Users
15:49:36.078 Scan finished successfully
15:49:50.546 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\jim\Desktop\MBR.dat"
15:49:50.546 The log file has been saved successfully to "C:\Documents and Settings\jim\Desktop\aswMBR.txt"
  • 0

#4
BlackOxide
Posted 01 August 2011 - 03:33 PM

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
:)

Thanks for the logs, lets start getting rid of this infection now. Could you do the following with OTL, then get back to me with the relevant log please.



Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 64 61 20 18 BE F5 54 48 B6 E9 9B 73 3D 87 55 CE [binary data]
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 64 61 20 18 BE F5 54 48 B6 E9 9B 73 3D 87 55 CE [binary data]
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 64 61 20 18 BE F5 54 48 B6 E9 9B 73 3D 87 55 CE [binary data]
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 64 61 20 18 BE F5 54 48 B6 E9 9B 73 3D 87 55 CE [binary data]
IE - HKU\S-1-5-21-33608459-2442173641-3971502971-1007\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 64 61 20 18 BE F5 54 48 B6 E9 9B 73 3D 87 55 CE [binary data]
[2011/07/31 15:55:10 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\jim\Application Data\Mozilla\Firefox\Profiles\4e5gn8zg.default\extensions\{d2d56ef2-be4b-4136-9356-aee299afa1af}
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.1_02)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2)
[2011/07/30 07:14:32 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\2116538450

:Services

:Reg
[HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"XMLHTTP_UUID_Default" =-
[HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"XMLHTTP_UUID_Default" =-
[HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]
"XMLHTTP_UUID_Default" =-
[HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]
"XMLHTTP_UUID_Default" =-
[HKU\S-1-5-21-33608459-2442173641-3971502971-1007\SOFTWARE\Microsoft\Internet Explorer\Main]
"XMLHTTP_UUID_Default" =-

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done.
  • Open OTL again, Tick the Scan All Users box at the top and then click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#5
JimInUtica
Posted 01 August 2011 - 04:59 PM

JimInUtica

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
OK, here's what OTL gave:


OTL logfile created on: 8/1/2011 6:50:21 PM - Run 3
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\jim\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.00 Mb Total Physical Memory | 304.71 Mb Available Physical Memory | 29.79% Memory free
2.41 Gb Paging File | 1.86 Gb Available in Paging File | 77.20% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.46 Gb Total Space | 39.15 Gb Free Space | 52.58% Space Free | Partition Type: NTFS

Computer Name: Jum | User Name: jim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/01 13:09:11 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jim\Desktop\OTL.exe
PRC - [2011/07/08 03:16:28 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/07/06 19:52:38 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/07/04 07:43:54 | 003,493,720 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/07/04 07:43:51 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/06/22 12:24:37 | 012,596,912 | ---- | M] (Mozilla Messaging) -- C:\Program Files\Mozilla Thunderbird\thunderbird.exe
PRC - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton AntiVirus\Engine\18.6.0.29\ccsvchst.exe
PRC - [2010/12/15 18:03:02 | 000,080,448 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files\Kodak\MediaImpression\ArcMonitor.exe
PRC - [2010/10/27 19:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/08/25 11:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2008/08/13 14:34:08 | 001,891,416 | ---- | M] (GARMIN Corp.) -- C:\Garmin\gStart.exe
PRC - [2008/04/29 08:05:43 | 001,245,064 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/13 20:12:14 | 000,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\cmd.exe
PRC - [2008/02/09 20:06:33 | 000,238,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2007/03/12 18:30:14 | 000,517,768 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
PRC - [2005/09/30 20:22:50 | 000,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2004/05/27 21:05:42 | 000,323,584 | ---- | M] (Dell) -- C:\Program Files\Common Files\Dell\EUSW\Support.exe
PRC - [2003/10/07 17:20:18 | 000,352,256 | ---- | M] ( ) -- C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
PRC - [2003/08/19 02:01:00 | 000,110,592 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
PRC - [2003/08/13 12:27:40 | 000,028,672 | ---- | M] (Dell - Advanced Desktop Engineering) -- C:\WINDOWS\SYSTEM32\DSentry.exe
PRC - [2003/02/14 07:13:36 | 000,094,208 | ---- | M] (Visioneer Inc) -- C:\Program Files\Visioneer OneTouch\OneTouchMon.exe


========== Modules (SafeList) ==========

MOD - [2011/08/01 13:09:11 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jim\Desktop\OTL.exe
MOD - [2011/07/04 07:43:51 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/07/04 07:43:51 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe -- (NAV)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2008/08/04 11:20:16 | 003,220,856 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
SRV - [2008/04/29 08:05:43 | 001,245,064 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2008/02/09 20:06:33 | 000,238,968 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007/03/12 18:30:14 | 000,517,768 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe -- (LiveUpdate Notice Service)
SRV - [2005/09/30 20:22:50 | 000,096,341 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2003/03/03 15:33:40 | 000,143,360 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc)


========== Driver Services (SafeList) ==========

DRV - [2011/07/28 07:54:31 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/07/28 07:54:31 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/07/22 20:27:23 | 000,815,736 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20110723.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/07/07 17:01:40 | 000,355,256 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20110729.030\IDSXpx86.sys -- (IDSxpx86)
DRV - [2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mbam.sys -- (MBAMProtector)
DRV - [2011/07/04 07:36:43 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/07/04 07:36:32 | 000,309,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/07/04 07:35:23 | 000,043,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/07/04 07:35:12 | 000,102,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/07/04 07:32:32 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/07/04 07:32:13 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/07/04 07:32:12 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/05/18 17:11:57 | 001,542,392 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20110801.005\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/05/18 17:11:57 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20110801.005\NAVENG.SYS -- (NAVENG)
DRV - [2011/05/12 08:51:00 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/03/30 23:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\NAV\1206000.01D\SRTSP.SYS -- (SRTSP)
DRV - [2011/03/30 23:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1206000.01D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/03/21 20:39:49 | 000,369,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\NAV\1206000.01D\SYMTDI.SYS -- (SYMTDI)
DRV - [2011/03/14 22:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NAV\1206000.01D\SYMEFA.SYS -- (SymEFA)
DRV - [2011/01/27 02:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NAV\1206000.01D\SYMDS.SYS -- (SymDS)
DRV - [2011/01/27 01:07:05 | 000,136,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1206000.01D\Ironx86.SYS -- (SymIRON)
DRV - [2008/09/08 23:58:14 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2007/11/06 13:22:00 | 000,036,224 | ---- | M] (ArcSoft Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\ArcCD.sys -- (ArcCD)
DRV - [2007/09/05 12:04:34 | 000,079,408 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\TPkd.sys -- (TPkd)
DRV - [2007/04/25 08:55:02 | 000,134,912 | ---- | M] (ArcSoft Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\ArcUdfs.sys -- (ArcUdfs)
DRV - [2006/11/10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\afc.sys -- (Afc)
DRV - [2006/01/28 12:12:41 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\symlcbrd.sys -- (symlcbrd)
DRV - [2004/08/04 01:29:49 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys -- (iAimFP4)
DRV - [2004/08/04 01:29:47 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys -- (iAimFP3)
DRV - [2004/08/04 01:29:45 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys -- (iAimTV4)
DRV - [2004/08/04 01:29:43 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys -- (iAimTV3)
DRV - [2004/08/04 01:29:42 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys -- (iAimTV1)
DRV - [2004/08/04 01:29:41 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys -- (iAimTV0)
DRV - [2004/08/04 01:29:37 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys -- (iAimFP0)
DRV - [2004/08/04 01:29:37 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys -- (iAimFP1)
DRV - [2004/08/04 01:29:37 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys -- (iAimFP2)
DRV - [2004/08/04 01:29:36 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys -- (i81x)
DRV - [2004/08/04 01:29:26 | 000,701,440 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtag.sys -- (ati2mtag)
DRV - [2003/06/02 07:00:30 | 001,101,696 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\BCMSM.sys -- (BCMModem)
DRV - [2002/11/08 15:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2002/10/14 01:40:32 | 000,017,616 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\tj2knd5.sys -- (tj2knd5) Terayon Cable Modem (NDIS)
DRV - [2002/10/14 01:40:24 | 000,069,680 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\tj2kunic.sys -- (tj2kunic) Terayon Cable Modem (WDM)
DRV - [2002/05/13 20:59:20 | 000,004,272 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\bvrp_pci.sys -- (bvrp_pci)
DRV - [2001/08/17 14:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS -- (EL90XBC)
DRV - [2001/08/17 14:11:02 | 000,153,631 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XND5.SYS -- (EL90X)
DRV - [2000/03/29 18:11:20 | 000,008,096 | ---- | M] (MicroStaff Co.,Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\MASPINT.SYS -- (MASPINT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-33608459-2442173641-3971502971-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-33608459-2442173641-3971502971-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-33608459-2442173641-3971502971-1007\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-33608459-2442173641-3971502971-1007\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKU\S-1-5-21-33608459-2442173641-3971502971-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://email.mvcc.edu/exchange/
IE - HKU\S-1-5-21-33608459-2442173641-3971502971-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-33608459-2442173641-3971502971-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..extensions.enabledItems: {C0D0F6D1-9FC9-4b0a-B485-D5E13AF40D51}:2.3.54
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2027: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2088: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1040: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\IPSFFPlgn\ [2011/07/07 07:31:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/07/31 19:26:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/31 19:37:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/17 07:53:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.11\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/06/22 12:24:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.11\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011/06/17 07:53:08 | 000,000,000 | ---D | M]

[2010/08/31 09:53:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\jim\Application Data\Mozilla\Extensions
[2010/08/31 09:53:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\jim\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/08/01 18:36:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\jim\Application Data\Mozilla\Firefox\Profiles\4e5gn8zg.default\extensions
[2010/04/28 08:28:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\jim\Application Data\Mozilla\Firefox\Profiles\4e5gn8zg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/02/11 17:00:10 | 000,000,000 | ---D | M] (Answers) -- C:\Documents and Settings\jim\Application Data\Mozilla\Firefox\Profiles\4e5gn8zg.default\extensions\{C0D0F6D1-9FC9-4b0a-B485-D5E13AF40D51}
[2011/05/03 07:13:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
[2011/07/07 07:31:28 | 000,000,000 | ---D | M] (Symantec IPS) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\IPSFFPLGN
[2011/07/31 19:26:10 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2010/04/06 08:54:24 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/07/08 03:16:28 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/07/12 12:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2010/03/31 10:09:22 | 010,437,264 | ---- | M] (PDFTron Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\PDFNetC.dll
[2010/04/08 12:36:02 | 000,107,760 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\ScorchPDFWrapper.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/08/01 18:37:04 | 000,000,098 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\18.6.0.29\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKU\S-1-5-21-33608459-2442173641-3971502971-1007\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [ArcSoft MediaImpression Monitor] C:\Program Files\Kodak\MediaImpression\ArcMonitor.exe (ArcSoft, Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DVDSentry] C:\WINDOWS\SYSTEM32\DSentry.exe (Dell - Advanced Desktop Engineering)
O4 - HKLM..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe (Dell)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [OneTouch Monitor] C:\Program Files\Visioneer OneTouch\OneTouchMon.exe (Visioneer Inc)
O4 - HKLM..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE (FUJI PHOTO FILM CO., LTD.)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKU\.DEFAULT..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNOTIFY.EXE (Symantec Corporation)
O4 - HKU\S-1-5-18..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNOTIFY.EXE (Symantec Corporation)
O4 - HKU\S-1-5-21-33608459-2442173641-3971502971-1007..\Run: [gStart] C:\Garmin\gStart.exe (GARMIN Corp.)
O4 - Startup: C:\Documents and Settings\jim\Start Menu\Programs\Startup\Command Prompt.lnk = C:\WINDOWS\SYSTEM32\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\jim\Start Menu\Programs\Startup\thunderbird.exe.lnk = C:\Program Files\Mozilla Thunderbird\thunderbird.exe (Mozilla Messaging)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-33608459-2442173641-3971502971-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-33608459-2442173641-3971502971-1007\..Trusted Domains: aol.com ([free] http in Trusted sites)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.micros...ontent/opuc.cab (Office Update Installation Engine)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupd...8018.4698726852 (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\jim\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\jim\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/01/31 17:37:05 | 000,000,033 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{8ed0408a-9f0a-11df-8940-0007e94b2bc8}\Shell - "" = AutoRun
O33 - MountPoints2\{8ed0408a-9f0a-11df-8940-0007e94b2bc8}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8ed0408a-9f0a-11df-8940-0007e94b2bc8}\Shell\AutoRun\command - "" = F:\MI.exe
O33 - MountPoints2\{9a54c2d8-f491-11de-870b-0007e94b2bc8}\Shell - "" = AutoRun
O33 - MountPoints2\{9a54c2d8-f491-11de-870b-0007e94b2bc8}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9a54c2d8-f491-11de-870b-0007e94b2bc8}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/01 18:36:37 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/08/01 13:09:08 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\jim\Desktop\OTL.exe
[2011/08/01 11:51:02 | 001,915,904 | ---- | C] (AVAST Software) -- C:\Documents and Settings\jim\Desktop\aswMBR.exe
[2011/07/31 19:48:35 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\jim\Recent
[2011/07/31 19:39:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2011/07/31 19:39:10 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/07/31 19:18:21 | 000,019,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/07/31 19:18:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2011/07/31 19:18:20 | 000,309,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/07/31 19:18:05 | 000,025,432 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/07/31 19:18:04 | 000,441,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/07/31 19:18:04 | 000,043,608 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/07/31 19:18:03 | 000,102,616 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/07/31 19:18:03 | 000,096,344 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/07/31 19:18:02 | 000,030,808 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/07/31 19:17:36 | 000,040,112 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/07/31 19:17:33 | 000,199,304 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/07/31 19:17:16 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/07/31 19:17:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/07/31 18:42:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jim\Application Data\Malwarebytes
[2011/07/31 18:42:22 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/07/31 18:42:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/07/31 18:42:17 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/07/31 18:42:17 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/07/31 17:31:31 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security
[2011/07/31 17:31:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2011/07/31 17:29:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2011/07/31 17:23:42 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2011/07/31 15:55:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2011/07/31 15:53:01 | 006,619,456 | ---- | C] (SurfRight B.V.) -- C:\Documents and Settings\jim\Desktop\HitmanPro35.exe
[2011/07/31 14:10:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jim\Local Settings\Application Data\NPE
[2011/07/31 12:12:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/07/29 17:26:08 | 001,404,208 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\jim\Desktop\TDSSKiller.exe
[2011/07/10 11:19:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[1 C:\Documents and Settings\jim\*.tmp files -> C:\Documents and Settings\jim\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/01 18:46:25 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2011/08/01 18:45:45 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/08/01 18:45:31 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/01 18:45:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2011/08/01 18:45:16 | 1072,762,880 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/01 18:37:04 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\Hosts
[2011/08/01 16:21:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/01 15:49:50 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\jim\Desktop\MBR.dat
[2011/08/01 13:09:11 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jim\Desktop\OTL.exe
[2011/08/01 11:51:59 | 001,915,904 | ---- | M] (AVAST Software) -- C:\Documents and Settings\jim\Desktop\aswMBR.exe
[2011/08/01 11:11:47 | 000,000,519 | ---- | M] () -- C:\WINDOWS\frontpg.ini
[2011/08/01 11:03:43 | 000,445,370 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2011/08/01 11:03:42 | 000,072,576 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2011/08/01 07:57:29 | 000,021,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/07/31 19:39:12 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/07/31 19:37:29 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\jim\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/07/31 19:37:28 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/07/31 19:26:11 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/07/31 19:18:21 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/07/31 18:42:23 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/31 17:32:33 | 000,852,316 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/07/31 17:23:42 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2011/07/31 16:50:12 | 000,001,394 | ---- | M] () -- C:\WINDOWS\pagebreeze.ini
[2011/07/31 16:50:10 | 000,000,048 | ---- | M] () -- C:\WINDOWS\.prj
[2011/07/31 16:28:09 | 000,006,283 | ---- | M] () -- C:\Documents and Settings\jim\.recently-used.xbel
[2011/07/31 16:00:36 | 000,001,642 | ---- | M] () -- C:\WINDOWS\System32\.crusader
[2011/07/31 15:54:48 | 000,015,872 | ---- | M] () -- C:\Documents and Settings\jim\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/31 15:53:10 | 006,619,456 | ---- | M] (SurfRight B.V.) -- C:\Documents and Settings\jim\Desktop\HitmanPro35.exe
[2011/07/31 15:08:51 | 000,000,558 | ---- | M] () -- C:\Documents and Settings\jim\Desktop\MS Dev Studio.lnk
[2011/07/31 14:22:33 | 000,002,230 | ---- | M] () -- C:\Documents and Settings\jim\Application Data\SMRResults200.dat
[2011/07/31 14:21:39 | 000,000,211 | RHS- | M] () -- C:\BOOT.INI
[2011/07/31 12:12:42 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\jim\Desktop\SpywareBlaster.lnk
[2011/07/29 17:26:08 | 001,404,208 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\jim\Desktop\TDSSKiller.exe
[2011/07/29 15:27:22 | 000,000,223 | ---- | M] () -- C:\WINDOWS\hpbafd.ini
[2011/07/28 14:04:53 | 000,002,505 | ---- | M] () -- C:\Documents and Settings\jim\Desktop\Word.lnk
[2011/07/13 15:06:43 | 000,242,328 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/10 11:19:18 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/07/04 07:43:53 | 000,040,112 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/07/04 07:43:51 | 000,199,304 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/07/04 07:36:43 | 000,441,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/07/04 07:36:32 | 000,309,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/07/04 07:35:23 | 000,043,608 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/07/04 07:35:12 | 000,102,616 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/07/04 07:35:09 | 000,096,344 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/07/04 07:32:32 | 000,025,432 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/07/04 07:32:13 | 000,030,808 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/07/04 07:32:12 | 000,019,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[1 C:\Documents and Settings\jim\*.tmp files -> C:\Documents and Settings\jim\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/01 15:49:50 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\jim\Desktop\MBR.dat
[2011/07/31 19:39:12 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/07/31 19:18:21 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/07/31 18:42:22 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/31 17:32:08 | 000,852,316 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/07/31 16:28:09 | 000,006,283 | ---- | C] () -- C:\Documents and Settings\jim\.recently-used.xbel
[2011/07/31 16:00:36 | 000,001,642 | ---- | C] () -- C:\WINDOWS\System32\.crusader
[2011/07/31 15:55:30 | 000,021,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/07/31 15:08:51 | 000,000,558 | ---- | C] () -- C:\Documents and Settings\jim\Desktop\MS Dev Studio.lnk
[2011/07/31 14:22:19 | 000,002,230 | ---- | C] () -- C:\Documents and Settings\jim\Application Data\SMRResults200.dat
[2011/07/10 11:19:18 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/10/05 19:35:56 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\jim\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/10/05 17:53:09 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/06/06 20:46:20 | 000,122,880 | ---- | C] () -- C:\WINDOWS\UnGins.exe
[2009/12/30 09:25:04 | 000,047,404 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/07/01 12:22:48 | 000,484,352 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2009/03/24 10:01:16 | 000,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini
[2007/10/31 17:43:47 | 000,003,646 | ---- | C] () -- C:\WINDOWS\scad3.INI
[2007/04/11 20:31:12 | 000,001,394 | ---- | C] () -- C:\WINDOWS\pagebreeze.ini
[2007/04/11 20:31:12 | 000,000,044 | ---- | C] () -- C:\WINDOWS\formbreeze.ini
[2006/12/21 09:27:59 | 000,000,038 | ---- | C] () -- C:\WINDOWS\pdf2text.INI
[2005/02/22 10:09:46 | 000,001,601 | ---- | C] () -- C:\WINDOWS\C2Cw.INI
[2005/01/25 10:20:07 | 000,194,560 | ---- | C] () -- C:\WINDOWS\runsetup.exe
[2005/01/24 17:56:50 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\WNASPI32.DLL
[2005/01/24 17:56:50 | 000,000,291 | ---- | C] () -- C:\WINDOWS\msfsetup.ini
[2004/12/05 09:15:00 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\jim\Local Settings\Application Data\fusioncache.dat
[2004/12/01 22:14:41 | 000,099,965 | ---- | C] () -- C:\WINDOWS\UninstallThunderbird.exe
[2004/12/01 21:39:49 | 000,099,965 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2004/11/02 09:27:31 | 000,000,108 | ---- | C] () -- C:\WINDOWS\Anw_IP.ini
[2004/10/01 19:43:14 | 000,000,091 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2004/09/10 15:27:20 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/09/02 08:36:31 | 000,000,006 | ---- | C] () -- C:\WINDOWS\System32\cuatro.ini
[2004/02/29 18:34:19 | 000,015,872 | ---- | C] () -- C:\Documents and Settings\jim\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/02/21 16:17:12 | 000,000,223 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
[2004/02/03 21:30:49 | 000,909,824 | ---- | C] () -- C:\WINDOWS\System32\Tre32.dll
[2004/02/03 21:30:49 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\Vbis4032.dll
[2004/02/03 21:30:45 | 000,053,248 | ---- | C] () -- C:\WINDOWS\Hmspl32.dll
[2004/02/03 20:09:37 | 000,000,767 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2004/02/02 20:28:30 | 000,004,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys
[2004/02/01 12:52:11 | 000,000,683 | ---- | C] () -- C:\WINDOWS\fpexplor.INI
[2004/02/01 11:58:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\netscape.INI
[2004/02/01 11:49:32 | 000,634,087 | ---- | C] () -- C:\WINDOWS\cd32.exe
[2004/02/01 10:48:56 | 000,025,334 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2004/01/31 18:07:47 | 000,008,163 | ---- | C] () -- C:\WINDOWS\lviewp.ini
[2004/01/31 17:44:34 | 000,170,496 | ---- | C] () -- C:\WINDOWS\System32\ENABLE32.DLL
[2004/01/31 16:22:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2004/01/31 15:56:43 | 000,000,519 | ---- | C] () -- C:\WINDOWS\frontpg.ini
[2004/01/31 15:31:17 | 000,002,156 | ---- | C] () -- C:\WINDOWS\FONTSMRT.INI
[2004/01/31 15:17:08 | 000,119,704 | ---- | C] () -- C:\WINDOWS\WL50EN.DLL
[2004/01/31 14:55:03 | 000,000,048 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2004/01/30 22:34:35 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2004/01/23 21:34:50 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/01/23 21:33:06 | 000,001,860 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/01/23 21:30:13 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2004/01/23 21:25:12 | 000,040,387 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2004/01/23 21:24:04 | 000,000,197 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/01/23 21:14:12 | 000,002,048 | --S- | C] () -- C:\WINDOWS\BOOTSTAT.DAT
[2004/01/23 21:12:42 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/01/23 21:12:38 | 000,445,370 | ---- | C] () -- C:\WINDOWS\System32\PERFH009.DAT
[2004/01/23 21:12:38 | 000,072,576 | ---- | C] () -- C:\WINDOWS\System32\PERFC009.DAT
[2004/01/23 21:12:27 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/01/23 21:00:48 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2003/10/16 17:50:50 | 000,000,791 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2003/08/14 00:54:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/01/07 17:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/09/03 15:42:36 | 000,242,328 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2002/09/03 15:35:18 | 000,004,274 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2002/09/03 15:31:48 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2002/09/03 10:31:46 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.BIN
[2002/09/03 10:31:44 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.DAT
[2002/08/29 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\MLANG.DAT
[2002/08/29 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\PERFI009.DAT
[2002/08/29 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\DSSEC.DAT
[2002/08/29 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\MIB.BIN
[2002/08/29 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\PERFD009.DAT
[2002/08/29 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2002/08/29 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\NOISE.DAT
[2002/08/09 14:15:16 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\Welsof32.dll
[2002/01/08 17:57:34 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Jpeg32.dll
[1996/02/06 19:27:49 | 000,138,240 | ---- | C] () -- C:\WINDOWS\System32\VVTENG32.DLL
[1996/02/06 19:27:47 | 000,078,848 | ---- | C] () -- C:\WINDOWS\System32\VVLIB32.DLL
[1996/02/06 19:27:47 | 000,057,856 | ---- | C] () -- C:\WINDOWS\System32\VVTAPI32.DLL
[1996/02/06 19:27:32 | 000,631,808 | ---- | C] () -- C:\WINDOWS\System32\SMTHLPHP.EXE
[1996/02/06 19:27:22 | 000,004,528 | ---- | C] () -- C:\WINDOWS\System32\SETBROWS.EXE
[1996/02/06 19:26:47 | 000,009,136 | ---- | C] () -- C:\WINDOWS\System32\INETWH16.DLL
[1996/02/06 19:26:34 | 001,473,536 | ---- | C] () -- C:\WINDOWS\System32\ABOUTSAX.DLL
[1995/09/15 20:31:14 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[1980/01/01 02:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

========== LOP Check ==========

[2011/07/31 19:17:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2009/06/07 11:51:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN
[2011/07/31 16:00:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2009/04/29 19:41:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy
[2009/02/26 16:38:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2004/02/03 20:23:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2011/07/31 17:57:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2004/01/23 21:26:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/12/27 10:15:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2007/01/02 23:43:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jim\Application Data\Canon
[2005/01/24 18:01:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jim\Application Data\FUJIFILM
[2009/06/07 11:51:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jim\Application Data\GARMIN
[2009/05/05 10:05:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jim\Application Data\Garritan
[2009/04/28 14:09:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jim\Application Data\GenieSoft
[2011/07/31 16:28:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jim\Application Data\gtk-2.0
[2010/09/05 18:46:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jim\Application Data\ISTool
[2004/01/31 14:36:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jim\Application Data\Leadertech
[2009/04/29 19:41:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jim\Application Data\PACE Anti-Piracy
[2010/08/31 09:53:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jim\Application Data\Thunderbird
[2005/10/03 07:04:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\karen\Application Data\Thunderbird
[2010/08/12 13:06:31 | 000,000,276 | ---- | M] () -- C:\WINDOWS\Tasks\videopadShakeIcon.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 1071 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:0JfaTFnOpB5l9al4tpNX0Vs53
@Alternate Data Stream - 1052 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:EhoqZJPGU03s9IdOlxM
@Alternate Data Stream - 1029 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:MRtiCn73K4nh0ZKUs7hFkqdiTB

< End of report >
  • 0

#6
BlackOxide
Posted 02 August 2011 - 11:48 AM

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Excellent, that's looking much better now :)

Lets give Kaspersky a run to see if any leftovers are lurking...


1)
Kaspersky Virus Removal Tool

Click here to download the Kaspersky Virus Removal Tool.
  • Save it to your desktop.
  • Double click the setup file to run it.
  • Follow the onscreen prompts until it is installed
  • Click the Options button (the 'cog' icon), then make sure only the following are ticked:

  • System Memory
  • Hidden startup objects
  • Disk boot sectors
  • Local Disk (C:)
  • Also any other drives (Removable that you may have)


Leave the rest of the settings as they appear as default.

  • Then click on Automatic Scan
  • Now click the Start Scanning button, to run the scan
  • If a message appears asking how to handle an infection, tick the Apply to all objects box, then click Disinfection
  • If it says it cannot be Disinfected, then chooose the Delete option when prompted.
  • After the scan is complete, click the reports button ('Paper icon', next to the 'cog' icon) on the right hand side
  • Click Detected threats on the left
  • Now click the Save button, and save it as kaslog.txt to your Desktop
  • Please copy and paste the contents of kaslog.txt in your next reply.




2)
Could you now check for any redirects please, then let me know if they are still occurring.




In your next reply
Please post the contents of...
Kaspersky log
Let me know if the redirects are still occurring
  • 0

#7
JimInUtica
Posted 02 August 2011 - 05:06 PM

JimInUtica

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Here is kaslog.txt:

Status: Deleted (events: 1)
8/2/2011 6:24:51 PM Deleted Trojan program Trojan.Win32.BHO.bpct C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP368\A0146971.dll High



I have done some preliminary Google searches and haven't seen any redirects. I will do more exhaustive testing tomorrow. I also plan on removing Norton Antivirus and either leaving Avast or switching to Sophos (the product we use at work). Do you have a preference?

I will leave another message tomorrow after checking Bing and IE (just to be safe, I almost never use Bing or IE).

Hopefully you have solved my problem. Thank you, 'til tomorrow...
  • 0

#8
JimInUtica
Posted 02 August 2011 - 06:40 PM

JimInUtica

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
I did a bunch of testing with Firefox using Google and Bing, and also IE with Google. No redirects found. I will do a bunch more tomorrow. I removed Norton also. Using Avast and Malwarebytes now.

Look for a PM.
  • 0

#9
BlackOxide
Posted 03 August 2011 - 12:12 PM

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Great to hear things are back to normal. Yep, the redirects should have gone now, but do let me know if they return.


I also plan on removing Norton Antivirus and either leaving Avast or switching to Sophos (the product we use at work). Do you have a preference?

I would prefer Avast from those :unsure:


I removed Norton also. Using Avast and Malwarebytes now.

:)


Let me know if you have any other queries. If not, I shall post my cleanup steps, as your logs look good now :yes:
  • 0

#10
JimInUtica
Posted 03 August 2011 - 01:11 PM

JimInUtica

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
So far so good. No redirects. I'll keep checking and let you know in a day or two.

Edited by JimInUtica, 03 August 2011 - 01:18 PM.

  • 0

Advertisements

#11
BlackOxide
Posted 03 August 2011 - 02:59 PM

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
:)
  • 0

#12
BlackOxide
Posted 10 August 2011 - 12:39 PM

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Lets now do the cleanup steps, then afterwards, we'll see if we can speed up the PC a bit :yes:




Good stuff, your logs now appear clean :)

Please go through the Cleanup section below and have a read of the other information which will help keep your PC protected

Thank you for following the procedures, your system now appears free from Malware. Below is a list of steps that are well worth following, they help finalize the fixes we have been doing and will help minimize the risk of a smilar situation happening again by protecting your PC and helping secure it.

Please make sure you follow the Cleanup stage just below.


========== CLEANUP ==========

Remove the Tools used in this cleanup

1)
Tools on the Desktop:
You can now safely remove aswMBR from the Desktop (if present)

2)
Clear Old Restore Points
  • Run OTL, copy and paste the following into the Custom Scans/Fixes area at the bottom
    :Commands
[CLEARALLRESTOREPOINTS]
  • Then Click Run Fix

3)
OTL Cleanup
  • Open OTL
  • Click the CleanUp button at the top, it will ask to reboot your PC, please allow it to do so

4)
We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.


========== Updates ==========

Keeping your PC updated is vital in the battle against infections and exploits. There are many infections which will exploit loopholes within Windows itself, Java and Adobe Reader. Keeping these updated is a very good habit to get into.

Automatic Updates

Updates to your Operating System are vital in closing loopholes and fixing bugs which some infections exploit.
To keep your Windows updated, ensure that 'Automatic Updates' is enabled on your PC so updates are downloaded and installed automatically. Click on your version of Windows below to find out how...
Windows XP
Windows Vista
Windows 7

Java updates
  • Click the Start button
  • Click Control Panel
  • Double Click Java
  • Click the Update tab
  • Click Update Now
  • Allow any updates to be downloaded and installed
Adobe Reader updates
  • Open Adobe Reader
  • Click Help on the menu at the top
  • Click Check for Updates
  • Allow any updates to be downloaded and installed



========== Alternate Browsers ==========

Using an alternative web browser can help protect your PC from infections which exploit security holes within Internet Explorer. They can also be quicker to load pages and offer more tools and features such as Firefox's huge addon list.

Firefox - My personal choice, easy to use and has a large number of excellent addons that can be installed to help keep you away from malicious sites and reduce advertisements and popups etc. AdBlockPlus and WOT are very useful addons that are well worth having installed.

Google Chrome - Very nippy browser that's easy to use and is well worth a go if you are trying out different browsers.


Have fun and stay safe online :unsure:
BlackOxide





Lets now try and get the PC running more quickly...



1)
Autoruns - Startup Items
  • Click here to download Autoruns and Save it to your Desktop
  • Extract the contents of Autoruns.zip by Right clicking it and choose Extract All (or Extract here if using WinRar)
  • Once the contents have been extracted you will see a folder called Autoruns
  • Open the folder and Double click on autoruns to launch the program
  • Let the program finish scanning your PC. You will know it has finished scanning when it says Ready in the bottom left
  • Click File then Save, then in the Save as type box select Text (.txt) then in the File Name box above, call it StartupItems.txt and save it to your Desktop
  • Please attach the StartupItems.txt to your next reply

To attach a file...
  • Click Add Reply as you would do normally
  • Then within the 'Attachments' area, click Browse and select the file that you want to attach
  • Click the Attach This File button
  • Now click Add to Post on the right hand side, to insert the attachment into your post.




2)
Auslogics Disk Defrag
  • Click here to download Auslogics Disk Defrag
  • Once downloaded double click the file and follow the prompts to install (I would advise to UNtick the options to Install the Auslogics Toolbar and the Ask.com homepage as you go through the setup)
  • Once installed, run the program and at the top make sure the C: Drive is ticked
  • Then click the little downwards arrow next to Defrag and choose Defrag and Optimize
  • Once complete, please reboot the PC




In your next reply
Please attach the following...
Autoruns log
  • 0

#13
JimInUtica
Posted 12 August 2011 - 02:35 PM

JimInUtica

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Here you go, StartupItems.txt

Attached File  StartupItems.txt   56.79KB   84 downloads
  • 0

#14
BlackOxide
Posted 13 August 2011 - 08:15 AM

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Autoruns Startup Modify
Open Autoruns
Once it has finished scanning and you see Ready in the bottom left corner, click the Logon tab at the top
Untick the following items:
  • Adobe ARM
  • Adobe Reader Speed Launcher
  • BCMSMMSG
  • DVDSentry
  • DwlClient
  • PCMService
  • QuickTime Task
  • REGSHAVE
  • UpdateManager
  • MSMSGS
Once you have unticked those items, just close Autoruns using the top right X
Now reboot your PC



After you have done this, if you haven't already done so, give Auslogics Defrag a run. Then, let me know if you think the startup speed has improved at all :)
  • 0

#15
JimInUtica
Posted 14 August 2011 - 05:12 AM

JimInUtica

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
All done. I think we have a marginal speed-up but it's an old computer with a lot of software on it so I don't know how much faster it can be.

Thanks
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP