This topic is locked
Some nasty little thing(s) causing windows to freak out on start-up, hide most files and programs, disable update-ability on Avast! and Malwarebytes', restrict capacity to download new files, and generally run amok through my system tearing everything apart. Trying to deal with this for some time now.
An Avast! security recommendation pops up immediately after logging into Windows, upon taking action 'Windows XP Recovery' begins an automatic system scan along with a flurry of error messages suggesting a system reboot, ultimately causing my Dellosaurus to overheat and crash... :/ Help please? I appreciate it!
OTL logfile created on: 10/31/2011 5:16:20 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Matthew\My Documents\Downloads
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
894.02 Mb Total Physical Memory | 495.64 Mb Available Physical Memory | 55.44% Memory free
2.12 Gb Paging File | 1.78 Gb Available in Paging File | 84.32% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 52.21 Gb Total Space | 0.06 Gb Free Space | 0.12% Space Free | Partition Type: NTFS
Computer Name: DH9QL3C1 | User Name: Matthew | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/10/31 17:16:08 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Matthew\My Documents\Downloads\OTL(2).scr
PRC - [2011/09/27 23:56:56 | 000,912,344 | -H-- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/07/12 15:18:35 | 000,046,208 | -H-- | M] (CenturyLink Inc) -- C:\Program Files\CenturyLink\Desktop\CenturyLinkTouchPointAgent.exe
PRC - [2011/02/23 08:04:20 | 003,451,496 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/02/23 08:04:19 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2008/01/08 12:02:16 | 001,213,728 | -H-- | M] (SupportSoft, Inc.) -- C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe
PRC - [2007/07/24 13:17:31 | 001,174,152 | -H-- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2007/06/13 03:23:07 | 001,033,216 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/08/23 15:13:28 | 000,380,928 | -H-- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
========== Modules (No Company Name) ==========
MOD - [2011/09/27 23:56:56 | 001,015,256 | -H-- | M] () -- C:\Program Files\Mozilla Firefox\js3250.dll
MOD - [2011/06/14 15:20:37 | 000,064,512 | -H-- | M] () -- C:\WINDOWS\eventvdm.dll
MOD - [2011/02/24 02:55:49 | 000,844,288 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\11022400\algo.dll
MOD - [2011/02/23 08:04:14 | 000,144,672 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\aswDld.dll
MOD - [2010/11/11 19:51:23 | 005,971,408 | -H-- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2010/06/11 18:48:36 | 000,971,264 | -H-- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\631b3eba1ba5bd3c3f027f34011cadeb\System.Configuration.ni.dll
MOD - [2010/06/11 18:15:22 | 012,430,848 | -H-- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\2dfe045e4b1577fdea9a2f456db0afc2\System.Windows.Forms.ni.dll
MOD - [2010/06/08 20:37:37 | 001,840,640 | -H-- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Services\8ef8d556899a4a10b7f288a80925489f\System.Web.Services.ni.dll
MOD - [2010/06/08 20:34:45 | 000,998,400 | -H-- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\16670b6870746e5a8dc4a73a76a90bed\System.Management.ni.dll
MOD - [2010/06/08 20:21:53 | 005,450,752 | -H-- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\563a54b98adb70fae862974042298348\System.Xml.ni.dll
MOD - [2010/06/08 20:20:55 | 001,587,200 | -H-- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\f3440ea00eb3c40dc073b2fe03843638\System.Drawing.ni.dll
MOD - [2010/06/08 20:15:25 | 007,949,824 | -H-- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\37217abe2c5164e59aba251860f4c79e\System.ni.dll
MOD - [2009/10/15 02:21:38 | 011,486,720 | -H-- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\7124a40b9998f7b63c86bd1a2125ce26\mscorlib.ni.dll
MOD - [2005/12/19 14:08:30 | 000,757,760 | -H-- | M] () -- C:\WINDOWS\system32\bcm1xsup.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [On_Demand | Stopped] -- -- (SupportSoft RemoteAssist)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [Auto | Stopped] -- -- (Automatic LiveUpdate Scheduler)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/02/23 08:04:19 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2008/01/08 12:02:16 | 001,213,728 | -H-- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe -- (sprtlisten)
SRV - [2007/07/24 13:17:31 | 001,174,152 | -H-- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2006/08/23 15:13:28 | 000,380,928 | -H-- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)
========== Driver Services (SafeList) ==========
DRV - [2011/02/23 07:56:55 | 000,371,544 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/02/23 07:56:45 | 000,301,528 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/02/23 07:55:49 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/02/23 07:55:47 | 000,102,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/02/23 07:55:10 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/02/23 07:54:57 | 000,030,680 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/02/23 07:54:55 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2006/11/14 14:41:34 | 000,010,344 | -H-- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2006/09/23 01:56:40 | 001,681,920 | -H-- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/09/22 10:06:26 | 001,171,464 | -H-- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/08/17 12:55:16 | 000,044,544 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/07/01 21:39:40 | 000,036,864 | -H-- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/01/10 11:07:58 | 000,004,864 | -H-- | M] (GTek Technologies Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/11/02 18:24:34 | 000,424,320 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2005/08/12 16:50:46 | 000,016,128 | -H-- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2005/07/14 22:58:14 | 000,028,544 | -H-- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2004/06/09 08:29:56 | 000,006,977 | -H-- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\DDMI2.sys -- (SDDMI2)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4061114
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4061114
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qwest.live.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = qwest.live.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:56808
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "http://marriedtothesea.com/"
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.0.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {7EC8EF17-B3B5-4943-8AF5-B91B0863BB75}:1.0
FF - prefs.js..extensions.enabledItems: {AC2F4FDB-87C1-48E6-8868-C375623AF577}:1.9.1
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778
FF - prefs.js..extensions.enabledItems: [email protected]:20110101
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 56808
FF - prefs.js..network.proxy.type: 4
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60129.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Josh\Application Data\Move Networks\plugins\npqmp071503000010.dll (Move Networks)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{7EC8EF17-B3B5-4943-8AF5-B91B0863BB75}: C:\Documents and Settings\Matthew\Local Settings\Application Data\{7EC8EF17-B3B5-4943-8AF5-B91B0863BB75} [2009/04/22 17:01:43 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{AC2F4FDB-87C1-48E6-8868-C375623AF577}: C:\Documents and Settings\Josh\Local Settings\Application Data\{AC2F4FDB-87C1-48E6-8868-C375623AF577} [2009/09/23 22:35:57 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/04/17 18:45:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/06 22:25:52 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/27 23:57:08 | 000,000,000 | -H-D | M]
[2009/03/11 16:37:31 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Matthew\Application Data\Mozilla\Extensions
[2009/03/11 16:37:31 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Matthew\Application Data\Mozilla\Extensions\[email protected]
[2011/10/30 03:37:05 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\xn4cc6wh.default\extensions
[2010/09/23 23:26:42 | 000,000,000 | -H-D | M] (Forecastfox Weather) -- C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\xn4cc6wh.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2009/09/04 01:19:35 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\xn4cc6wh.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/07/24 03:29:49 | 000,000,000 | -H-D | M] (MidnightFox) -- C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\xn4cc6wh.default\extensions\{66871bd1-5ba2-4739-b485-2a15f5969bd8}
[2007/05/03 01:01:30 | 000,007,431 | -H-- | M] () -- C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\xn4cc6wh.default\searchplugins\dictionarycom.xml
[2008/06/24 01:02:01 | 000,000,908 | -H-- | M] () -- C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\xn4cc6wh.default\searchplugins\imdb.xml
[2008/06/24 01:02:01 | 000,001,108 | -H-- | M] () -- C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\xn4cc6wh.default\searchplugins\wikipedia-en.xml
[2008/06/02 12:57:27 | 000,001,628 | -H-- | M] () -- C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\xn4cc6wh.default\searchplugins\youtube.xml
[2011/10/30 03:37:05 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/11/26 19:30:41 | 000,000,000 | -H-D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2009/09/23 22:35:57 | 000,000,000 | -H-D | M] (XULRunner) -- C:\DOCUMENTS AND SETTINGS\JOSH\LOCAL SETTINGS\APPLICATION DATA\{AC2F4FDB-87C1-48E6-8868-C375623AF577}
[2009/04/22 17:01:43 | 000,000,000 | -H-D | M] (XUL Cache) -- C:\DOCUMENTS AND SETTINGS\MATTHEW\LOCAL SETTINGS\APPLICATION DATA\{7EC8EF17-B3B5-4943-8AF5-B91B0863BB75}
[2011/04/17 18:45:00 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2009/03/11 16:31:48 | 000,000,000 | -H-D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2006/01/18 12:50:00 | 000,319,488 | -H-- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npsnapfish.dll
========== Chrome ==========
CHR - default_search_provider: Google ()
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
Hosts file not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll ()
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll ()
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CenturyLinkTouchPointAgent] C:\Program Files\CenturyLink\Desktop\CenturyLinkTouchPointAgent.exe (CenturyLink Inc)
O4 - HKLM..\Run: [conhost] C:\Documents and Settings\Matthew\Application Data\Microsoft\conhost.exe ()
O4 - HKCU..\Run: [DellSupport] C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)
O4 - HKCU..\Run: [KcGKxXpEJYTtjJY] C:\Documents and Settings\All Users\Application Data\KcGKxXpEJYTtjJY.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netwaiting.exe ()
O4 - HKCU..\Run: [Rbexeju] rundll32.exe "C:\WINDOWS\wsecuil.dll",Startup File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableProfileQuota = 1
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx File not found
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {00000161-0000-0010-8000-00AA00389B71} http://codecs.micros...386/msaudio.cab (Reg Error: Key error.)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.micr...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} http://asp.mathxl.co...nstallAsst2.cab (Pearson Installation Assistant 2)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} http://asp.mathxl.co.../MathPlayer.cab (Pearson MathXL Player)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.3.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{07A7D238-0106-4F39-A5C7-4BE4E4E64956}: DhcpNameServer = 192.168.0.1 205.171.3.25
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Matthew\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Matthew\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 12:04:08 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O36 - AppCertDlls: bcmwnet - (C:\WINDOWS\system32\evenntsd.dll) - File not found
O36 - AppCertDlls: bcmwnet1 - (C:\WINDOWS\eventvdm.dll) -C:\WINDOWS\eventvdm.dll ()
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/10/31 00:14:16 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Matthew\Recent
[2011/10/13 23:01:53 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Matthew\My Documents\cornish - matt aguayo
[2011/08/28 01:55:17 | 000,816,128 | -H-- | C] (Heaventools Software) -- C:\Documents and Settings\All Users\Application Data\defender.exe
[2011/06/03 14:23:47 | 000,333,824 | -H-- | C] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\16244516.exe
[2011/06/03 14:14:35 | 000,419,328 | -H-- | C] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\KcGKxXpEJYTtjJY.exe
[2 C:\Documents and Settings\Matthew\My Documents\*.tmp files -> C:\Documents and Settings\Matthew\My Documents\*.tmp -> ]
[1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/10/31 17:13:22 | 000,002,206 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/10/31 17:12:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/10/31 17:11:57 | 937,521,152 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/15 15:26:27 | 000,000,099 | -H-- | M] () -- C:\Documents and Settings\Matthew\Desktop\fix.reg
[2 C:\Documents and Settings\Matthew\My Documents\*.tmp files -> C:\Documents and Settings\Matthew\My Documents\*.tmp -> ]
[1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/10/15 15:26:27 | 000,000,099 | -H-- | C] () -- C:\Documents and Settings\Matthew\Desktop\fix.reg
[2011/10/10 01:27:02 | 937,521,152 | -HS- | C] () -- C:\hiberfil.sys
[2011/09/13 23:28:38 | 000,185,856 | -H-- | C] () -- C:\Documents and Settings\Matthew\Application Data\dwm.exe
[2011/09/11 13:51:46 | 000,186,368 | -H-- | C] () -- C:\Documents and Settings\Matthew\Application Data\dwmu.exe
[2011/06/16 03:33:44 | 000,050,984 | -H-- | C] () -- C:\Documents and Settings\Matthew\Application Data\2752.1AC
[2011/06/14 15:20:37 | 000,064,512 | -H-- | C] () -- C:\WINDOWS\eventvdm.dll
[2011/06/14 15:20:02 | 000,064,512 | -H-- | C] () -- C:\WINDOWS\System32\eventvdm.dll
[2011/06/03 14:25:02 | 000,000,152 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~16244516r
[2011/06/03 14:25:02 | 000,000,136 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~16244516
[2011/06/03 14:24:07 | 000,000,336 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\16244516
[2011/04/17 17:53:52 | 000,015,962 | -HS- | C] () -- C:\Documents and Settings\Matthew\Local Settings\Application Data\1ro18l3y70b46o6kj0v70
[2011/04/17 17:53:52 | 000,015,962 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\1ro18l3y70b46o6kj0v70
[2011/03/06 21:20:48 | 000,015,870 | -HS- | C] () -- C:\Documents and Settings\Matthew\Local Settings\Application Data\.))S](VL)0[(+
[2011/03/06 21:20:48 | 000,015,870 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.))S](VL)0[(+
[2011/02/06 17:26:21 | 000,000,012 | -H-- | C] () -- C:\Documents and Settings\Matthew\Application Data\kuhzmn.dat
[2010/11/26 19:31:48 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/01/12 14:48:28 | 000,042,824 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/06/30 00:20:16 | 000,002,713 | -HS- | C] () -- C:\WINDOWS\System32\tuzatazo.exe
[2009/06/26 12:36:48 | 000,002,713 | -HS- | C] () -- C:\WINDOWS\System32\telemize.exe
[2009/06/24 21:34:35 | 000,002,713 | -HS- | C] () -- C:\WINDOWS\System32\dapotado.exe
[2009/06/09 22:54:22 | 000,002,713 | -HS- | C] () -- C:\WINDOWS\System32\gufipato.exe
[2009/06/08 13:31:37 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\91142176.ini
[2009/06/04 23:33:33 | 000,001,324 | -H-- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/04/22 17:01:44 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\Thubexi.bin
[2009/04/22 17:01:40 | 000,000,120 | -H-- | C] () -- C:\WINDOWS\Byazigere.dat
[2007/04/22 17:15:29 | 003,596,288 | -H-- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/04/22 17:01:47 | 000,012,288 | -H-- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/02/02 13:59:03 | 000,018,494 | -H-- | C] () -- C:\Documents and Settings\Matthew\Application Data\wklnhst.dat
[2007/01/24 19:28:48 | 000,071,680 | -H-- | C] () -- C:\Documents and Settings\Matthew\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/01/15 21:04:35 | 000,002,828 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2007/01/15 21:04:35 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\7FD562AE33.sys
[2007/01/05 11:28:28 | 000,001,938 | -H-- | C] () -- C:\WINDOWS\mozver.dat
[2006/11/27 23:41:19 | 000,001,359 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/11/27 15:12:02 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\nsreg.dat
[2006/11/23 14:58:33 | 000,000,130 | -H-- | C] () -- C:\Documents and Settings\Matthew\Local Settings\Application Data\fusioncache.dat
[2006/11/14 14:55:00 | 000,000,061 | -H-- | C] () -- C:\WINDOWS\smscfg.ini
[2006/11/14 14:38:20 | 000,000,376 | -H-- | C] () -- C:\WINDOWS\ODBC.INI
[2006/11/14 14:27:50 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2006/11/14 14:02:18 | 000,086,016 | -H-- | C] () -- C:\WINDOWS\System32\preflib.dll
[2006/11/14 14:02:18 | 000,018,944 | -H-- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2006/11/14 14:02:12 | 000,757,760 | -H-- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2006/11/14 14:01:54 | 000,133,246 | -H-- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2006/11/14 14:01:52 | 000,049,152 | -H-- | C] () -- C:\WINDOWS\setpwrcg.exe
[2006/11/14 14:01:50 | 000,000,390 | -H-- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/10 12:12:05 | 000,000,780 | -H-- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 12:07:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/10 12:02:15 | 000,021,640 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 11:57:52 | 000,004,161 | -H-- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 11:57:15 | 000,219,248 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/10 11:51:21 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 11:51:20 | 000,443,034 | -H-- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 11:51:20 | 000,272,128 | -H-- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 11:51:20 | 000,072,134 | -H-- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 11:51:20 | 000,028,626 | -H-- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 11:51:18 | 000,004,627 | -H-- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 11:51:17 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/10 11:51:16 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/10 11:51:12 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 11:51:11 | 000,046,258 | -H-- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 11:51:05 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 11:50:56 | 000,001,788 | -H-- | C] () -- C:\WINDOWS\System32\Dcache.bin
========== LOP Check ==========
[2010/11/12 17:02:32 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2011/04/17 18:44:48 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/02/24 18:37:51 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\bKnPeJc06511
[2009/07/13 12:32:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\butazaji
[2008/01/27 15:25:33 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2011/10/31 02:24:14 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CenturyLink
[2009/07/13 12:33:07 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\kapidapu
[2009/07/13 12:33:07 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\lejiwafe
[2009/07/13 12:33:18 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\narudoku
[2009/07/13 12:33:18 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\pejonavi
[2009/07/13 12:33:18 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\redivegi
[2009/07/13 12:33:18 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\rurileka
[2009/07/13 12:33:24 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\tokurepa
[2009/07/13 12:33:24 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\tomatofi
[2009/07/13 12:33:24 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\vozizowu
[2009/07/13 12:33:24 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\wepozara
[2009/07/13 12:33:24 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\woyevepa
[2007/04/16 10:19:25 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\YAHOO
[2009/12/09 00:03:50 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/07/03 14:09:58 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2011/02/08 20:54:17 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Matthew\Application Data\Aharoq
[2011/02/12 22:04:29 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Matthew\Application Data\Amtor
[2011/10/09 15:55:35 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Matthew\Application Data\Azureus
[2008/04/14 23:06:04 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Matthew\Application Data\CVS
[2011/02/12 11:51:21 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Matthew\Application Data\Evyc
[2007/08/20 11:58:04 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Matthew\Application Data\iPodSoft
[2010/11/03 00:27:41 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Matthew\Application Data\LimeWire
[2011/02/06 17:31:42 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Matthew\Application Data\Mapui
[2007/01/09 20:03:20 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Matthew\Application Data\Purple Ghost Software, Inc
[2007/05/05 22:20:15 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Matthew\Application Data\SecondLife
[2008/02/21 18:58:46 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Matthew\Application Data\Snapfish
[2008/09/28 01:43:48 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Matthew\Application Data\yoclient
========== Purity Check ==========
< End of report >
Sign In
Create Account
