Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

JS:Redirect-KT[Trj] still Or?

Started by yvilene , Oct 20 2011 07:40 PM

  • This topic is locked This topic is locked

#1
yvilene
Posted 20 October 2011 - 07:40 PM

yvilene

    New Member

  • Member
  • Pip
  • 1 posts
Hi,

I think I may still have a redirect virus but I'm not sure. I ran Avast, it caught what I mentioned in the topic above, but when I am using Firefox 7.01, I still see "Firefox prevented this page being redirected" thing. I also ran Microsoft security Scan afterward, it came up clean. I ran OTL and here is my report: I make my living using this pc so I really am trying to be sure I am not totally screwed:) THANK you!! Oh I'm using Vists ultimate on Windows PC.

OTL logfile created on: 10/20/2011 9:29:00 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Admin\Desktop
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 1.24 Gb Available Physical Memory | 38.09% Memory free
6.72 Gb Paging File | 5.08 Gb Available in Paging File | 75.62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 118.62 Gb Free Space | 50.93% Space Free | Partition Type: NTFS
Drive D: | 111.79 Gb Total Space | 111.69 Gb Free Space | 99.91% Space Free | Partition Type: NTFS

Computer Name: GINA | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/20 20:00:06 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
PRC - [2011/09/29 02:53:40 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/09/06 16:45:30 | 003,722,416 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/09/06 16:45:28 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/08/19 09:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/08/18 18:27:53 | 001,172,992 | ---- | M] (Vitalwerks LLC) -- C:\Program Files\No-IP\DUC20.exe
PRC - [2011/08/12 12:18:42 | 000,205,336 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2011/08/03 07:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/08/03 07:50:00 | 000,812,648 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2011/08/03 03:31:42 | 000,379,496 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/08/02 03:33:30 | 004,910,912 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2011/07/17 00:56:48 | 001,038,848 | ---- | M] () -- C:\Program Files\WebcamMax\wcmmon.exe
PRC - [2011/07/11 17:48:10 | 001,595,520 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winamp.exe
PRC - [2011/07/11 17:47:06 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winampa.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/03/15 15:18:04 | 000,066,824 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectDisk\PDAgentS1.exe
PRC - [2011/03/15 15:18:00 | 001,570,056 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
PRC - [2011/03/15 15:17:46 | 001,475,848 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
PRC - [2009/05/25 00:00:00 | 002,389,600 | ---- | M] (Lavalys, Inc.) -- C:\Program Files\Lavalys\EVEREST Ultimate Edition\everest.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/11/18 13:15:30 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/02 04:06:16 | 000,605,944 | ---- | M] (iExpert Software) -- C:\Program Files\Registry Clean Expert\RCHelper.exe
PRC - [2008/01/20 22:21:41 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/09/14 04:01:56 | 000,492,600 | ---- | M] () -- C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
PRC - [2007/09/14 03:02:34 | 000,905,056 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
PRC - [2007/09/14 02:55:30 | 000,140,568 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2007/09/14 02:55:26 | 000,427,288 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2007/09/14 02:52:46 | 002,595,480 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2006/11/27 15:18:48 | 001,582,616 | ---- | M] (Hagel Technologies Ltd) -- C:\Program Files\DU Meter\DUMeter.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/15 13:16:33 | 008,522,400 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2011/09/29 02:53:40 | 001,833,944 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/08/18 15:49:00 | 000,090,112 | ---- | M] () -- C:\Program Files\Winamp\System\xml.w5s
MOD - [2011/08/18 15:49:00 | 000,083,968 | ---- | M] () -- C:\Program Files\Winamp\tataki.dll
MOD - [2011/08/18 15:49:00 | 000,047,616 | ---- | M] () -- C:\Program Files\Winamp\zlib.dll
MOD - [2011/08/18 15:48:58 | 000,035,328 | ---- | M] () -- C:\Program Files\Winamp\System\timer.w5s
MOD - [2011/08/18 15:48:58 | 000,021,504 | ---- | M] () -- C:\Program Files\Winamp\System\tagz.w5s
MOD - [2011/08/18 15:48:58 | 000,013,824 | ---- | M] () -- C:\Program Files\Winamp\System\primo.w5s
MOD - [2011/08/18 15:48:57 | 000,103,936 | ---- | M] () -- C:\Program Files\Winamp\System\png.w5s
MOD - [2011/08/18 15:48:57 | 000,084,480 | ---- | M] () -- C:\Program Files\Winamp\System\playlist.w5s
MOD - [2011/08/18 15:48:56 | 000,623,616 | ---- | M] () -- C:\Program Files\Winamp\System\jnetlib.w5s
MOD - [2011/08/18 15:48:56 | 000,154,624 | ---- | M] () -- C:\Program Files\Winamp\System\jpeg.w5s
MOD - [2011/08/18 15:48:56 | 000,019,456 | ---- | M] () -- C:\Program Files\Winamp\System\gif.w5s
MOD - [2011/08/18 15:48:56 | 000,016,384 | ---- | M] () -- C:\Program Files\Winamp\System\gracenote.w5s
MOD - [2011/08/18 15:48:55 | 000,174,080 | ---- | M] () -- C:\Program Files\Winamp\System\auth.w5s
MOD - [2011/08/18 15:48:55 | 000,044,544 | ---- | M] () -- C:\Program Files\Winamp\System\devices.w5s
MOD - [2011/08/18 15:48:55 | 000,023,040 | ---- | M] () -- C:\Program Files\Winamp\System\albumart.w5s
MOD - [2011/08/18 15:48:55 | 000,019,456 | ---- | M] () -- C:\Program Files\Winamp\System\bmp.w5s
MOD - [2011/08/18 15:48:55 | 000,016,896 | ---- | M] () -- C:\Program Files\Winamp\System\dlmgr.w5s
MOD - [2011/08/18 15:48:55 | 000,014,336 | ---- | M] () -- C:\Program Files\Winamp\System\filereader.w5s
MOD - [2011/08/18 15:48:54 | 000,170,496 | ---- | M] () -- C:\Program Files\Winamp\Plugins\pmp_ipod.dll
MOD - [2011/08/18 15:48:54 | 000,118,272 | ---- | M] () -- C:\Program Files\Winamp\Plugins\pmp_p4s.dll
MOD - [2011/08/18 15:48:54 | 000,113,152 | ---- | M] () -- C:\Program Files\Winamp\Plugins\pmp_wifi.dll
MOD - [2011/08/18 15:48:54 | 000,060,928 | ---- | M] () -- C:\Program Files\Winamp\Plugins\pmp_android.dll
MOD - [2011/08/18 15:48:54 | 000,053,760 | ---- | M] () -- C:\Program Files\Winamp\Plugins\pmp_usb.dll
MOD - [2011/08/18 15:48:54 | 000,052,224 | ---- | M] () -- C:\Program Files\Winamp\Plugins\out_ds.dll
MOD - [2011/08/18 15:48:54 | 000,022,528 | ---- | M] () -- C:\Program Files\Winamp\Plugins\out_disk.dll
MOD - [2011/08/18 15:48:54 | 000,020,480 | ---- | M] () -- C:\Program Files\Winamp\Plugins\pmp_njb.dll
MOD - [2011/08/18 15:48:54 | 000,018,432 | ---- | M] () -- C:\Program Files\Winamp\Plugins\out_wave.dll
MOD - [2011/08/18 15:48:53 | 000,240,640 | ---- | M] () -- C:\Program Files\Winamp\Plugins\ml_pmp.dll
MOD - [2011/08/18 15:48:53 | 000,083,456 | ---- | M] () -- C:\Program Files\Winamp\Plugins\ml_plg.dll
MOD - [2011/08/18 15:48:53 | 000,082,944 | ---- | M] () -- C:\Program Files\Winamp\Plugins\ml_playlists.dll
MOD - [2011/08/18 15:48:53 | 000,033,792 | ---- | M] () -- C:\Program Files\Winamp\Plugins\ml_rg.dll
MOD - [2011/08/18 15:48:53 | 000,031,744 | ---- | M] () -- C:\Program Files\Winamp\Plugins\ml_transcode.dll
MOD - [2011/08/18 15:48:52 | 000,293,376 | ---- | M] () -- C:\Program Files\Winamp\Plugins\ml_local.dll
MOD - [2011/08/18 15:48:52 | 000,124,928 | ---- | M] () -- C:\Program Files\Winamp\Plugins\ml_online.dll
MOD - [2011/08/18 15:48:51 | 000,249,856 | ---- | M] () -- C:\Program Files\Winamp\Plugins\ml_devices.dll
MOD - [2011/08/18 15:48:51 | 000,200,192 | ---- | M] () -- C:\Program Files\Winamp\Plugins\ml_disc.dll
MOD - [2011/08/18 15:48:51 | 000,057,344 | ---- | M] () -- C:\Program Files\Winamp\Plugins\ml_impex.dll
MOD - [2011/08/18 15:48:51 | 000,052,224 | ---- | M] () -- C:\Program Files\Winamp\Plugins\ml_history.dll
MOD - [2011/08/18 15:48:50 | 000,028,672 | ---- | M] () -- C:\Program Files\Winamp\Plugins\ml_autotag.dll
MOD - [2011/08/18 15:48:50 | 000,027,648 | ---- | M] () -- C:\Program Files\Winamp\Plugins\ml_bookmarks.dll
MOD - [2011/08/18 15:48:48 | 000,313,344 | ---- | M] () -- C:\Program Files\Winamp\Plugins\in_wm.dll
MOD - [2011/08/18 15:48:48 | 000,252,416 | ---- | M] () -- C:\Program Files\Winamp\Plugins\in_vorbis.dll
MOD - [2011/08/18 15:48:48 | 000,016,896 | ---- | M] () -- C:\Program Files\Winamp\Plugins\in_wave.dll
MOD - [2011/08/18 15:48:47 | 000,285,696 | ---- | M] () -- C:\Program Files\Winamp\Plugins\in_mp3.dll
MOD - [2011/08/18 15:48:47 | 000,074,752 | ---- | M] () -- C:\Program Files\Winamp\Plugins\in_nsv.dll
MOD - [2011/08/18 15:48:47 | 000,050,688 | ---- | M] () -- C:\Program Files\Winamp\Plugins\in_mp4.dll
MOD - [2011/08/18 15:48:47 | 000,023,552 | ---- | M] () -- C:\Program Files\Winamp\Plugins\in_swf.dll
MOD - [2011/08/18 15:48:46 | 000,165,376 | ---- | M] () -- C:\Program Files\Winamp\Plugins\in_mod.dll
MOD - [2011/08/18 15:48:45 | 000,109,568 | ---- | M] () -- C:\Program Files\Winamp\Plugins\in_midi.dll
MOD - [2011/08/18 15:48:45 | 000,049,152 | ---- | M] () -- C:\Program Files\Winamp\Plugins\in_mkv.dll
MOD - [2011/08/18 15:48:44 | 000,102,400 | ---- | M] () -- C:\Program Files\Winamp\Plugins\in_cdda.dll
MOD - [2011/08/18 15:48:44 | 000,072,192 | ---- | M] () -- C:\Program Files\Winamp\Plugins\in_dshow.dll
MOD - [2011/08/18 15:48:44 | 000,060,928 | ---- | M] () -- C:\Program Files\Winamp\Plugins\in_flac.dll
MOD - [2011/08/18 15:48:44 | 000,043,008 | ---- | M] () -- C:\Program Files\Winamp\Plugins\in_flv.dll
MOD - [2011/08/18 15:48:44 | 000,007,168 | ---- | M] () -- C:\Program Files\Winamp\Plugins\in_linein.dll
MOD - [2011/08/18 15:48:43 | 000,312,832 | ---- | M] () -- C:\Program Files\Winamp\Plugins\gen_ml.dll
MOD - [2011/08/18 15:48:43 | 000,068,608 | ---- | M] () -- C:\Program Files\Winamp\Plugins\in_avi.dll
MOD - [2011/08/18 15:48:43 | 000,057,344 | ---- | M] () -- C:\Program Files\Winamp\Plugins\gen_orgler.dll
MOD - [2011/08/18 15:48:43 | 000,025,600 | ---- | M] () -- C:\Program Files\Winamp\Plugins\gen_tray.dll
MOD - [2011/08/18 15:48:42 | 001,737,728 | ---- | M] () -- C:\Program Files\Winamp\Plugins\gen_ff.dll
MOD - [2011/08/18 15:48:42 | 000,183,808 | ---- | M] () -- C:\Program Files\Winamp\Plugins\gen_jumpex.dll
MOD - [2011/08/18 15:48:42 | 000,027,648 | ---- | M] () -- C:\Program Files\Winamp\Plugins\gen_hotkeys.dll
MOD - [2011/08/18 15:48:41 | 000,410,624 | ---- | M] () -- C:\Program Files\Winamp\nsutil.dll
MOD - [2011/08/18 15:48:41 | 000,253,440 | ---- | M] () -- C:\Program Files\Winamp\libsndfile.dll
MOD - [2011/08/18 15:48:41 | 000,078,848 | ---- | M] () -- C:\Program Files\Winamp\nde.dll
MOD - [2011/08/03 03:31:28 | 000,255,592 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MOD - [2011/07/17 00:56:48 | 001,038,848 | ---- | M] () -- C:\Program Files\WebcamMax\wcmmon.exe
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/01 23:15:28 | 000,126,808 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2011/03/01 23:15:28 | 000,027,480 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2011/03/01 23:15:04 | 000,340,824 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2011/03/01 23:14:42 | 007,954,776 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2011/03/01 23:14:30 | 002,143,576 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2009/07/10 09:07:18 | 000,166,912 | ---- | M] () -- C:\Windows\System32\APOMngr.DLL
MOD - [2009/02/14 05:04:38 | 000,756,040 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL
MOD - [2009/02/06 18:52:24 | 000,073,728 | ---- | M] () -- C:\Windows\System32\CmdRtr.DLL
MOD - [2008/10/26 05:42:14 | 000,065,376 | ---- | M] () -- C:\Program Files\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
MOD - [2007/09/14 01:45:10 | 001,328,408 | ---- | M] () -- C:\Program Files\Acronis\TrueImageHome\fox.dll
MOD - [2006/10/27 15:35:18 | 000,436,512 | ---- | M] () -- C:\Program Files\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/09/06 16:45:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/08/19 09:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011/08/18 03:12:26 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2011/08/03 07:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/08/03 03:31:42 | 000,379,496 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/03/15 15:18:00 | 001,570,056 | ---- | M] (Raxco Software, Inc.) [Auto | Running] -- C:\Program Files\Raxco\PerfectDisk\PDAgent.exe -- (PDAgent)
SRV - [2011/03/15 15:17:46 | 001,475,848 | ---- | M] (Raxco Software, Inc.) [On_Demand | Running] -- C:\Program Files\Raxco\PerfectDisk\PDEngine.exe -- (PDEngine)
SRV - [2008/11/18 13:15:30 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/01/20 22:21:41 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/09/14 04:01:56 | 000,492,600 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe -- (TryAndDecideService)
SRV - [2007/09/14 02:55:26 | 000,427,288 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)


========== Driver Services (SafeList) ==========

DRV - [2011/09/06 16:38:05 | 000,442,200 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/09/06 16:37:53 | 000,320,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/09/06 16:36:38 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/09/06 16:36:36 | 000,052,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/09/06 16:36:26 | 000,054,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/09/06 16:36:12 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/08/19 09:26:50 | 004,334,624 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam Pro 9000(UVC)
DRV - [2011/08/19 09:26:46 | 000,315,808 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2011/08/17 23:14:39 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2011/08/17 23:14:39 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\Windows\System32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2011/08/17 23:14:33 | 000,129,248 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2011/08/17 23:14:31 | 000,368,736 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tdrpman.sys -- (tdrpman)
DRV - [2011/08/17 22:45:11 | 000,443,448 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2011/08/03 07:50:00 | 010,304,104 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011/06/23 02:43:04 | 001,068,216 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\wcmvcam.sys -- (WCMVCAM)
DRV - [2010/06/23 05:21:32 | 000,259,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009/12/22 11:33:08 | 000,135,184 | ---- | M] (Raxco Software, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\DefragFs.sys -- (DefragFS)
DRV - [2009/10/16 02:11:56 | 001,168,896 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\P17.sys -- (P17)
DRV - [2009/05/25 00:00:00 | 000,026,736 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt -- (EverestDriver)
DRV - [2008/01/14 06:06:32 | 000,021,632 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ManyCam.sys -- (ManyCam)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://news.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EB 60 24 C3 DE 5D CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://news.google.com/"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:12.0.0.1806
FF - prefs.js..extensions.enabledItems: [email protected]:1.23.0.5
FF - prefs.js..extensions.enabledItems: [email protected]:3.1.5.5


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\npDisplayEngine: C:\Program Files\LivingPlay Games\nplplaypop.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/10/15 12:06:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/05 12:17:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/05 12:17:56 | 000,000,000 | ---D | M]

[2011/08/24 20:34:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\Mozilla\Extensions
[2011/08/24 20:34:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/10/02 23:24:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qko2isfa.default\extensions
[2011/09/08 21:21:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qko2isfa.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/10/02 23:24:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qko2isfa.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}-trash
[2011/09/10 11:33:22 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qko2isfa.default\extensions\[email protected]
[2011/07/26 18:19:58 | 000,002,333 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qko2isfa.default\searchplugins\askcom.xml
[2011/09/04 18:40:26 | 000,003,674 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qko2isfa.default\searchplugins\avg-secure-search.xml
[2011/10/05 12:17:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/09/08 22:18:47 | 000,000,000 | ---D | M] (Performer Optimum) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2011/09/08 22:18:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2011/10/15 12:06:05 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2011/09/29 02:53:40 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/09/28 20:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/08/24 12:50:57 | 000,000,789 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe (Hagel Technologies Ltd)
O4 - HKLM..\Run: [LiveZilla] C:\Program Files\LiveZilla\LiveZilla.exe (LiveZilla GmbH)
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [P17RunE] C:\Windows\System32\P17RunE.dll (Creative Technology Ltd.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [EVEREST AutoStart] C:\Program Files\Lavalys\EVEREST Ultimate Edition\everest_start.exe ()
O4 - HKCU..\Run: [RegClean Expert Scheduler] C:\Program Files\Registry Clean Expert\RCHelper.exe (iExpert Software)
O4 - HKCU..\Run: [WebcamMaxAutoRun] C:\Program Files\WebcamMax\wcmmon.exe ()
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\No-IP DUC.lnk = C:\Program Files\No-IP\DUC20.exe (Vitalwerks LLC)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creat...13/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creat...015/CTSUEng.cab (Creative Software AutoUpdate 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creat...15118/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6033D1A7-C427-44F6-81AB-0DBD62389187}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\System32\DreamScene.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Admin\Desktop\Gina's Stuff\Images\witchboard.jpg
O24 - Desktop BackupWallPaper: C:\Users\Admin\Desktop\Gina's Stuff\Images\witchboard.jpg
O30 - LSA: Authentication Packages - (relog_ap) -C:\Windows\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (PDBoot.exe)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/20 21:26:34 | 000,407,680 | ---- | C] (ALWIL Software) -- C:\Users\Admin\Desktop\aswclnr.exe
[2011/10/20 20:00:03 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
[2011/10/20 19:28:32 | 071,661,064 | ---- | C] (Microsoft Corporation) -- C:\Users\Admin\Desktop\msert.exe
[2011/10/19 20:14:03 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\R Player 3
[2011/10/19 19:25:50 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\New Folder (5)
[2011/10/18 16:35:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Telestream
[2011/10/18 16:35:17 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Wirecast
[2011/10/18 16:35:16 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Vara Software
[2011/10/18 16:35:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\eSellerate
[2011/10/17 18:57:05 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\FreeEbooks
[2011/10/16 21:06:07 | 000,000,000 | ---D | C] -- C:\ProgramData\{A62B1D7C-24D3-439F-9F20-9CAE91F685B3}
[2011/10/16 21:06:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LiveZilla
[2011/10/16 21:06:04 | 000,000,000 | ---D | C] -- C:\Program Files\LiveZilla
[2011/10/16 15:17:42 | 000,000,000 | ---D | C] -- C:\Users\Admin\Documents\Visual Studio 2005
[2011/10/15 12:06:26 | 000,320,856 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011/10/15 12:06:26 | 000,020,568 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011/10/15 12:06:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011/10/15 12:06:21 | 000,034,392 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011/10/15 12:06:20 | 000,442,200 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011/10/15 12:06:20 | 000,052,568 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011/10/15 12:06:18 | 000,054,616 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/10/15 12:06:04 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/10/15 12:06:03 | 000,199,304 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011/10/15 12:05:47 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011/10/15 12:05:47 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/10/13 19:02:53 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\Psychomanteum Show Notes
[2011/10/11 22:10:21 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/10/11 22:10:21 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/10/11 22:10:20 | 001,798,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/10/11 22:10:20 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/10/11 22:10:20 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/10/11 22:04:57 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2011/10/11 22:04:57 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2011/10/11 22:04:57 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mpeg2Data.ax
[2011/10/11 22:04:57 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSDvbNP.ax
[2011/10/11 22:04:56 | 002,043,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/10/11 22:03:55 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll
[2011/10/11 22:03:54 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll
[2011/10/09 15:14:18 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\New Folder (3)
[2011/10/06 20:24:55 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\Premium Theme Purchase
[2011/10/05 11:51:18 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\New Folder (2)
[2011/10/04 19:04:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oranum - Oranum Expert Software
[2011/10/04 15:48:25 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\CURRENT DB & wp-CONTENT
[2011/10/02 23:05:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger
[2011/09/27 22:32:18 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\New Folder
[2011/09/26 16:03:15 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\vintage leaders
[2011/09/24 21:16:12 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\uTorrent
[2011/09/24 15:01:27 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\Nelson Berry subliminal videos
[2011/09/23 22:42:58 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{6883B344-2B88-4C1A-88D2-8ED220B6AF4F}
[2011/09/23 22:42:47 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{BF3BAFEE-D97A-4FE3-9E53-099A1CE367DD}
[2011/09/23 19:57:22 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{F5406EBA-7D78-4312-949A-958B6C385A29}
[2011/09/22 18:22:16 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{CE6745AB-2900-49EC-BA27-8641AB60FAD8}
[2011/09/22 18:22:05 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{4C5D4C72-327A-4425-AB50-1260FC05C05F}
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/20 21:32:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/20 21:26:35 | 000,407,680 | ---- | M] (ALWIL Software) -- C:\Users\Admin\Desktop\aswclnr.exe
[2011/10/20 21:07:26 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/10/20 20:48:09 | 000,003,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/20 20:48:09 | 000,003,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/20 20:00:06 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
[2011/10/20 19:30:30 | 071,661,064 | ---- | M] (Microsoft Corporation) -- C:\Users\Admin\Desktop\msert.exe
[2011/10/20 18:56:28 | 000,643,046 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/10/20 18:56:28 | 000,119,238 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/10/20 18:54:00 | 000,002,657 | ---- | M] () -- C:\Users\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook 2007.lnk
[2011/10/20 18:53:31 | 000,000,418 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2011/10/20 18:49:37 | 000,000,063 | ---- | M] () -- C:\Windows\System32\everest_cpl.ini
[2011/10/20 18:48:31 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/20 18:47:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/20 17:57:22 | 3488,800,768 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/20 17:57:21 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs
[2011/10/20 16:19:06 | 000,002,377 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/10/20 13:56:18 | 000,023,040 | ---- | M] () -- C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/19 20:08:34 | 000,002,966 | ---- | M] () -- C:\Users\Admin\Desktop\rtmp_config_wide_low.xml
[2011/10/19 18:30:32 | 000,430,505 | ---- | M] () -- C:\Users\Admin\Desktop\the_art_of_mentalism1.pdf
[2011/10/18 20:43:55 | 000,002,047 | ---- | M] () -- C:\Users\Public\Desktop\PsychicAccessVCP.lnk
[2011/10/18 19:04:20 | 001,452,643 | ---- | M] () -- C:\Users\Admin\Desktop\Trusted-Authority-Blueprint.pdf
[2011/10/18 16:57:43 | 000,000,453 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\net.telestream.wirecast.xml
[2011/10/17 19:29:18 | 000,051,711 | ---- | M] () -- C:\Users\Admin\.recently-used.xbel
[2011/10/16 21:06:06 | 000,000,889 | ---- | M] () -- C:\Users\Public\Desktop\LiveZilla Server Admin.lnk
[2011/10/16 21:06:05 | 000,000,880 | ---- | M] () -- C:\Users\Public\Desktop\LiveZilla Client.lnk
[2011/10/15 13:16:33 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/10/15 12:06:26 | 000,001,829 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/10/11 22:17:00 | 000,389,008 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/10/09 15:16:44 | 000,000,162 | -H-- | M] () -- C:\Users\Admin\Desktop\~$cument.rtf
[2011/10/05 12:17:59 | 000,000,870 | ---- | M] () -- C:\Users\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/10/05 12:17:59 | 000,000,846 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/10/04 21:30:36 | 009,371,718 | ---- | M] () -- C:\Users\Admin\Desktop\dejavu_v1.3.rar
[2011/10/04 19:37:29 | 000,000,224 | ---- | M] () -- C:\Users\Admin\Documents\OranumExpertSoftware.cfg
[2011/10/04 19:04:50 | 000,000,989 | ---- | M] () -- C:\Users\Public\Desktop\Oranum Expert Software.lnk
[2011/10/03 16:24:42 | 000,000,510 | ---- | M] () -- C:\Windows\WORDPAD.INI
[2011/10/02 23:05:10 | 000,000,966 | ---- | M] () -- C:\Users\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2011/10/02 19:23:52 | 000,003,968 | ---- | M] () -- C:\Users\Admin\Desktop\ustream.fme.psychomanteumtheothersideofthemirror.xml
[2011/10/02 16:25:07 | 015,050,708 | ---- | M] () -- C:\Users\Admin\Desktop\The Ghosts of Auschwitz and Birkenau by Cole Thompson.mp4
[2011/09/27 18:45:45 | 000,001,473 | ---- | M] () -- C:\Users\Public\Desktop\Logitech Webcam Software .lnk
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/20 18:53:31 | 000,000,418 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/10/19 20:08:33 | 000,002,966 | ---- | C] () -- C:\Users\Admin\Desktop\rtmp_config_wide_low.xml
[2011/10/19 18:30:32 | 000,430,505 | ---- | C] () -- C:\Users\Admin\Desktop\the_art_of_mentalism1.pdf
[2011/10/18 19:04:14 | 001,452,643 | ---- | C] () -- C:\Users\Admin\Desktop\Trusted-Authority-Blueprint.pdf
[2011/10/18 16:35:16 | 000,000,453 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\net.telestream.wirecast.xml
[2011/10/17 19:29:18 | 000,051,711 | ---- | C] () -- C:\Users\Admin\.recently-used.xbel
[2011/10/16 21:06:06 | 000,000,889 | ---- | C] () -- C:\Users\Public\Desktop\LiveZilla Server Admin.lnk
[2011/10/16 21:06:05 | 000,000,880 | ---- | C] () -- C:\Users\Public\Desktop\LiveZilla Client.lnk
[2011/10/15 12:06:26 | 000,001,829 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/10/09 15:16:44 | 000,000,162 | -H-- | C] () -- C:\Users\Admin\Desktop\~$cument.rtf
[2011/10/05 12:17:59 | 000,000,858 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/10/04 21:29:34 | 009,371,718 | ---- | C] () -- C:\Users\Admin\Desktop\dejavu_v1.3.rar
[2011/10/02 23:58:14 | 000,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2011/10/02 23:05:10 | 000,000,966 | ---- | C] () -- C:\Users\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2011/10/02 19:23:52 | 000,003,968 | ---- | C] () -- C:\Users\Admin\Desktop\ustream.fme.psychomanteumtheothersideofthemirror.xml
[2011/10/02 16:24:41 | 015,050,708 | ---- | C] () -- C:\Users\Admin\Desktop\The Ghosts of Auschwitz and Birkenau by Cole Thompson.mp4
[2011/08/19 09:26:20 | 010,898,456 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2011/08/19 09:26:20 | 000,336,408 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2011/08/19 09:26:20 | 000,104,472 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2011/08/18 18:24:14 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/08/18 14:38:40 | 000,023,040 | ---- | C] () -- C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/18 05:38:55 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/08/18 05:38:55 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/08/18 05:37:24 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/08/18 02:45:56 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011/08/17 23:03:42 | 000,000,063 | ---- | C] () -- C:\Windows\System32\everest_cpl.ini
[2011/08/17 22:31:18 | 000,166,912 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL
[2011/08/17 22:31:18 | 000,073,728 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL
[2011/08/17 22:12:49 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2011/08/17 21:59:05 | 000,000,680 | ---- | C] () -- C:\Users\Admin\AppData\Local\d3d9caps.dat
[2011/08/12 12:20:14 | 000,015,896 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2011/08/03 03:31:54 | 000,311,912 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2011/07/26 06:48:54 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2009/10/16 06:50:54 | 000,003,930 | ---- | C] () -- C:\Windows\System32\ludap17.ini
[2008/11/13 06:07:24 | 000,002,177 | ---- | C] () -- C:\Windows\P17EP.ini
[2008/01/20 22:23:41 | 000,081,158 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en
[2007/12/04 05:20:30 | 000,001,489 | ---- | C] () -- C:\Windows\P17EP51.ini
[2007/06/07 13:25:42 | 000,001,578 | ---- | C] () -- C:\Windows\P17EPLS.ini
[2006/11/02 08:55:52 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:46:27 | 000,389,008 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:34:20 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,643,046 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,119,238 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2005/03/08 06:17:00 | 000,000,054 | ---- | C] () -- C:\Windows\System32\ctzapxx.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 250 bytes -> C:\ProgramData\TEMP:8E236DBE
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:0B4227B4

< End of report >
  • 0

Advertisements

#2
Essexboy
Posted 21 October 2011 - 12:52 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi is Avast still giving alerts ?

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

THEN

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image
  • 0

#3
Essexboy
Posted 25 October 2011 - 01:11 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP