Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Google Redirect and slow comp [Closed]


  • This topic is locked This topic is locked

#16
sempai

sempai

    Trusted Helper

  • Malware Removal
  • 785 posts
Hi,

I am still getting a message from Avira virus scanner that I am infected with malware.

Can you give me more information about this? File name or file path, or if you can post an Avira log... that will be better.


======================


1. Can you please delete aswMBR and then download/run a new copy.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.
Note: Do not install Avast anti virus when offered.


2. Download TDSSKiller.zip from Kaspersky and save it to your Desktop.
  • Extract the zip file to its own folder.
  • Double click TDSSKiller.exe to run the program (Run as Administrator for Vista/Windows 7).
  • Click Start scan to start scanning.
  • If infection is detected, the default setting for "action" is Cure (Please click on it and change it to skip).
  • Click on Report to generate a log.
  • Please post that log when you reply.

  • 0

Advertisements


#17
sempai

sempai

    Trusted Helper

  • Malware Removal
  • 785 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#18
sempai

sempai

    Trusted Helper

  • Malware Removal
  • 785 posts
Topic starter requested to reopened this topic.
  • 0

#19
sempai

sempai

    Trusted Helper

  • Malware Removal
  • 785 posts
Hi,

Can you please update me with the current status of your machine.

Please run OTL and click the "Quick Scan" button, post the new report for my review.
  • 0

#20
CMiz2184

CMiz2184

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Hello,
I am no longer getting the google redirect, but the computer still runs a little sluggish and slow to start up...

OTL logfile created on: 3/2/2012 11:17:10 PM - Run 6
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Mizurak\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 278.00 Mb Available Physical Memory | 27.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 105.68 Gb Total Space | 76.15 Gb Free Space | 72.05% Space Free | Partition Type: NTFS
Drive D: | 3.63 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: MIZURAK | User Name: Mizurak | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/26 22:31:55 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/01/08 21:00:16 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012/01/08 21:00:03 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/03/31 09:44:41 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mizurak\My Documents\Downloads\OTL.exe
PRC - [2010/08/02 15:09:55 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/05/14 10:44:46 | 000,501,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2010/03/30 14:13:06 | 000,389,120 | R--- | M] (Teleca) -- C:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe
PRC - [2010/03/17 15:22:52 | 001,019,904 | R--- | M] (Teleca Sweden AB) -- C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe
PRC - [2010/03/17 15:08:22 | 000,253,952 | R--- | M] (TODO: <Company name>) -- C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe
PRC - [2010/03/17 15:08:04 | 000,462,848 | R--- | M] (Teleca AB) -- C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe
PRC - [2010/01/15 07:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2010/01/14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2010/01/12 10:41:00 | 003,168,216 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
PRC - [2009/12/11 14:50:34 | 000,557,056 | R--- | M] (Teleca AB) -- C:\Program Files\Common Files\Teleca Shared\Generic.exe
PRC - [2009/11/19 16:19:48 | 000,598,016 | R--- | M] (Teleca Sweden AB) -- C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe
PRC - [2009/11/09 10:20:14 | 000,818,432 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Firewall Plus\FWService.exe
PRC - [2009/10/15 11:06:52 | 000,053,064 | ---- | M] (TechSmith Corporation) -- C:\Program Files\TechSmith\Snagit 9\TscHelp.exe
PRC - [2009/10/15 11:06:50 | 000,066,888 | ---- | M] (TechSmith Corporation) -- C:\Program Files\TechSmith\Snagit 9\SnagPriv.exe
PRC - [2009/10/15 11:06:46 | 007,168,328 | ---- | M] (TechSmith Corporation) -- C:\Program Files\TechSmith\Snagit 9\SnagitEditor.exe
PRC - [2009/10/15 11:06:46 | 006,287,176 | ---- | M] (TechSmith Corporation) -- C:\Program Files\TechSmith\Snagit 9\Snagit32.exe
PRC - [2009/06/03 09:25:16 | 000,106,496 | R--- | M] (Popwire AB) -- C:\Program Files\Common Files\Teleca Shared\logger.exe
PRC - [2009/05/21 10:55:32 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/04/14 12:14:26 | 000,139,264 | ---- | M] (Teleca Sweden AB) -- C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
PRC - [2008/08/13 17:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/04/29 06:50:40 | 000,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/03/15 10:09:36 | 000,460,784 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe
PRC - [2006/10/18 18:04:28 | 000,802,816 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2006/10/18 18:01:34 | 000,290,816 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
PRC - [2006/10/18 17:58:16 | 000,696,320 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2006/10/18 17:53:24 | 000,479,232 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2006/04/06 14:58:52 | 001,032,192 | ---- | M] (Dell Inc) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2006/04/06 14:57:54 | 000,380,928 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
PRC - [2006/03/24 16:30:44 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2005/09/30 19:22:50 | 000,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2001/07/25 09:00:00 | 000,184,376 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Money\System\Money Express.exe
PRC - [2001/07/25 09:00:00 | 000,049,206 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Money\System\urlmap.exe


========== Modules (SafeList) ==========

MOD - [2011/03/31 09:44:41 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mizurak\My Documents\Downloads\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (ACDaemon)
SRV - [2012/01/08 21:00:16 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/01/08 21:00:03 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/11/09 10:20:14 | 000,818,432 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools Firewall Plus\FWService.exe -- (PCToolsFirewallPlus)
SRV - [2008/09/12 00:58:40 | 000,258,048 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Franson\GpsGate 2.0\GpsGateService.exe -- (Franson GpsGate 2.0)
SRV - [2008/08/13 17:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2007/03/07 14:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2006/10/18 18:01:34 | 000,290,816 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER) Intel®
SRV - [2006/04/06 14:57:54 | 000,380,928 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)
SRV - [2005/09/30 19:22:50 | 000,096,341 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)


========== Driver Services (SafeList) ==========

DRV - [2012/01/08 21:00:19 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2012/01/08 21:00:18 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/06/17 14:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/06/17 14:27:12 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2010/01/13 07:59:28 | 000,115,216 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctplfw.sys -- (pctplfw)
DRV - [2010/01/12 08:34:14 | 000,070,664 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctNdis-PacketFilter.sys -- (PCTFW-PacketFilter)
DRV - [2010/01/07 11:40:26 | 000,233,136 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pctgntdi.sys -- (pctgntdi)
DRV - [2010/01/07 10:35:06 | 000,058,816 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctNdis.sys -- (pctNDIS)
DRV - [2009/11/23 12:54:20 | 000,088,040 | ---- | M] (PC Tools) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PCTAppEvent.sys -- (PCTAppEvent)
DRV - [2009/11/19 13:33:20 | 000,051,200 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2009/06/10 15:49:32 | 000,024,576 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2009/02/19 13:22:52 | 000,127,744 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ArcHlp.sys -- (archlp)
DRV - [2007/02/25 11:10:48 | 000,005,376 | ---- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/12/18 18:01:20 | 000,012,672 | ---- | M] (SingleClick Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\packet.sys -- (Packet)
DRV - [2006/10/19 09:29:22 | 000,012,544 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2006/10/05 15:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Running] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/09/24 08:28:46 | 000,005,248 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2006/04/26 16:13:04 | 001,429,632 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel®
DRV - [2006/04/03 21:00:56 | 000,014,949 | ---- | M] (franson.biz) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\bizVSerialNT.sys -- (bizVSerial)
DRV - [2006/03/24 16:34:30 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/10/14 08:40:18 | 000,307,968 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/10/14 08:40:18 | 000,051,328 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/10/14 08:40:18 | 000,028,544 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/08/12 17:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2005/08/05 09:32:16 | 000,045,312 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2005/07/21 20:02:12 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/07/21 20:01:08 | 000,201,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/07/21 20:01:00 | 000,717,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/02/23 13:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/02/13 09:46:00 | 000,017,153 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)
DRV - [1996/04/03 14:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Live Search"
FF - prefs.js..browser.search.useDBForOrder: true


FF - HKLM\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/26 22:31:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/02 20:39:54 | 000,000,000 | ---D | M]

[2008/09/18 16:48:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mizurak\Application Data\Mozilla\Extensions
[2012/02/26 20:30:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mizurak\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\extensions
[2011/12/08 18:46:33 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Documents and Settings\Mizurak\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2008/12/21 11:43:19 | 000,000,000 | ---D | M] ("AOL Toolbar") -- C:\Documents and Settings\Mizurak\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
[2012/02/13 18:10:26 | 000,000,000 | ---D | M] (Cooliris) -- C:\Documents and Settings\Mizurak\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\extensions\[email protected]
[2010/05/14 10:45:20 | 000,001,758 | ---- | M] () -- C:\Documents and Settings\Mizurak\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\searchplugins\aim-search.xml
[2007/10/25 12:29:02 | 000,001,877 | ---- | M] () -- C:\Documents and Settings\Mizurak\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\searchplugins\aolsearch.xml
[2008/10/29 04:13:46 | 000,000,890 | ---- | M] () -- C:\Documents and Settings\Mizurak\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\searchplugins\conduit.xml
[2008/01/12 13:06:21 | 000,002,386 | ---- | M] () -- C:\Documents and Settings\Mizurak\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\searchplugins\siteadvisor.xml
[2011/11/11 16:00:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
[2012/02/26 22:31:55 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2011/01/28 13:23:02 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPcol400.dll
[2011/01/28 13:23:02 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPcol500.dll
[2009/11/19 17:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2010/10/19 15:46:14 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/11/19 17:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
[2006/04/11 08:28:57 | 001,711,104 | ---- | M] (Oklahoma Climatological Survey) -- C:\Program Files\Mozilla Firefox\plugins\NPWXM32.DLL
[2008/06/03 00:35:57 | 000,002,275 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\aolsearch.xml
[2012/02/26 20:14:04 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2007/12/12 22:32:57 | 000,000,897 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\livecom.png
[2007/12/12 22:32:57 | 000,001,015 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\livecom.src
[2012/02/26 20:14:04 | 000,002,040 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/01/19 21:27:20 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O2 - BHO: (Viewpoint Toolbar BHO) - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll (Viewpoint Corporation)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: [00PCTFW] C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe (PC Tools)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [Mobile Connectivity Suite] C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe (Teleca Sweden AB)
O4 - HKLM..\Run: [MoneyStartUp10.0] C:\Program Files\Microsoft Money\System\Activation.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [MoneyAgent] C:\Program Files\Microsoft Money\System\Money Express.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Snagit 9.lnk = C:\Program Files\TechSmith\Snagit 9\Snagit32.exe (TechSmith Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &AOL Toolbar Search - c:\Program Files\AOL\AOL Toolbar 5.0\resources\en-us\local\search.html ()
O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O9 - Extra Button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} http://download.micr...tualEarth3D.cab (SentinelVE3D Class)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Mizurak\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Mizurak\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 04:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2002/06/19 17:13:38 | 000,000,134 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/26 22:23:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mizurak\Desktop\Whaler Project

========== Files - Modified Within 30 Days ==========

[2012/03/02 23:12:13 | 007,245,824 | ---- | M] () -- C:\Documents and Settings\Mizurak\My Documents\Chris.mny
[2012/03/02 15:57:46 | 000,462,688 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/03/02 15:57:46 | 000,080,928 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/03/02 15:54:55 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/03/02 15:54:47 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/02 15:53:42 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/02 15:53:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/03/02 15:53:28 | 1063,714,816 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/01 20:54:27 | 007,247,974 | R--- | M] () -- C:\Documents and Settings\Mizurak\My Documents\Chris Backup.mbf
[2012/02/26 21:12:17 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Mizurak\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2012/02/26 21:09:09 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/23 19:52:42 | 001,148,260 | ---- | M] () -- C:\Documents and Settings\Mizurak\Desktop\Angler2011-022.JPG
[2012/02/23 19:51:48 | 000,747,275 | ---- | M] () -- C:\Documents and Settings\Mizurak\Desktop\Angler2011-053.JPG
[2012/02/23 19:20:11 | 000,325,112 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/02/23 18:40:31 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/02/16 14:22:01 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2012/02/16 14:22:01 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2012/02/13 22:03:47 | 000,026,258 | ---- | M] () -- C:\Documents and Settings\Mizurak\Desktop\floorplan.jpg

========== Files Created - No Company Name ==========

[2012/02/23 19:52:42 | 001,148,260 | ---- | C] () -- C:\Documents and Settings\Mizurak\Desktop\Angler2011-022.JPG
[2012/02/23 19:51:47 | 000,747,275 | ---- | C] () -- C:\Documents and Settings\Mizurak\Desktop\Angler2011-053.JPG
[2012/02/16 14:22:01 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2012/02/16 14:22:01 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2012/02/16 14:00:30 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/16 14:00:30 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2012/02/13 22:03:56 | 000,026,258 | ---- | C] () -- C:\Documents and Settings\Mizurak\Desktop\floorplan.jpg
[2012/01/09 20:55:39 | 000,023,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro36.sys
[2011/12/06 20:25:21 | 000,023,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/03/31 21:51:49 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/03/31 21:51:49 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/03/31 21:51:49 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/03/31 21:51:49 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/03/31 21:51:49 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/11/02 19:40:08 | 000,127,744 | ---- | C] () -- C:\WINDOWS\System32\drivers\ArcHlp.sys
[2010/10/07 19:23:01 | 000,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2010/07/24 18:01:56 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/09/18 22:32:34 | 000,002,328 | ---- | C] () -- C:\WINDOWS\Contour.INI
[2008/09/12 00:58:50 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\GpsGateComClient.dll
[2008/09/12 00:56:54 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\GateApiXP.dll
[2008/06/09 20:02:21 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\FileOps.exe
[2007/11/10 18:40:38 | 000,000,050 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/02/19 16:47:54 | 000,000,791 | ---- | C] () -- C:\WINDOWS\{0240BDFB-2995-4A3F-8C96-18D41282B716}_WiseFW.ini
[2007/02/01 17:15:54 | 000,372,736 | R--- | C] () -- C:\WINDOWS\System32\hpzidi01.dll
[2007/02/01 17:15:53 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2007/01/29 19:46:29 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2007/01/29 19:46:29 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2006/12/01 15:47:44 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\instlsp.exe
[2006/11/05 21:22:52 | 000,291,601 | ---- | C] () -- C:\WINDOWS\SETUP1.EXE
[2006/10/08 14:06:10 | 000,032,200 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2006/10/08 14:06:10 | 000,000,022 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2006/10/08 14:06:09 | 000,020,910 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2006/10/08 14:06:09 | 000,020,869 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2006/10/08 14:03:50 | 000,000,044 | ---- | C] () -- C:\WINDOWS\EPSPR320.ini
[2006/10/08 14:03:26 | 000,000,058 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI
[2006/10/07 20:31:30 | 000,012,288 | ---- | C] () -- C:\Documents and Settings\Mizurak\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/09/16 20:56:26 | 000,000,021 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/09/12 20:30:01 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\A4CDBF4FD7.sys
[2006/09/12 20:30:00 | 000,003,766 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/09/07 21:01:30 | 000,003,635 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/09/07 19:37:53 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\Mizurak\Local Settings\Application Data\fusioncache.dat
[2006/09/01 21:47:00 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/09/01 21:33:14 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2006/09/01 21:30:03 | 000,004,173 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/09/01 21:28:32 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/09/01 21:26:13 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/09/01 21:22:08 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2006/09/01 20:53:44 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2006/09/01 20:53:36 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2006/09/01 20:52:01 | 000,000,391 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/04/03 21:00:54 | 000,024,576 | ---- | C] () -- C:\WINDOWS\FransonRegistryRestoration.exe
[2005/09/21 13:05:30 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\GpsToolsXP.dll
[2005/09/21 13:05:30 | 000,258,048 | ---- | C] () -- C:\WINDOWS\System32\GpsViewXP.dll
[2005/09/21 13:05:30 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\MapLibXP.dll
[2005/09/21 13:05:28 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\GpsShapeXP.dll
[2005/08/16 04:48:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/08/16 04:38:45 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/08/16 04:37:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/16 04:33:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/16 04:27:59 | 000,325,112 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/08/16 04:18:35 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/08/16 04:18:33 | 000,462,688 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/08/16 04:18:33 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2005/08/16 04:18:33 | 000,080,928 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/08/16 04:18:33 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2005/08/16 04:18:32 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005/08/16 04:18:30 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/08/16 04:18:28 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/08/16 04:18:23 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2005/08/16 04:18:23 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2005/08/16 04:18:15 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2005/08/16 04:18:08 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2005/08/05 14:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/04/09 10:04:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1996/04/03 14:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2007/10/23 21:49:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DassaultSystemes
[2005/08/16 20:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream
[2011/12/06 20:32:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2012/01/09 21:05:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2010/09/28 19:54:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HTC
[2006/09/12 20:28:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OLYMPUS
[2006/09/22 19:44:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2008/01/30 11:37:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2010/03/09 22:07:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2010/09/28 19:54:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Teleca
[2012/03/02 15:54:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/03/31 21:12:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2011/04/04 20:41:53 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{13953265-A71E-4F4B-BB43-3E5917DC296C}
[2011/03/28 18:48:11 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{54382947-1603-4034-9E59-B73270A1EB55}
[2006/09/16 21:00:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mizurak\Application Data\acccore
[2007/11/03 18:03:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mizurak\Application Data\Canon
[2011/01/28 13:23:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mizurak\Application Data\Catalina Marketing Corp
[2007/10/23 21:52:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mizurak\Application Data\DassaultSystemes
[2011/07/06 18:14:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mizurak\Application Data\ElevatedDiagnostics
[2010/06/28 21:25:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mizurak\Application Data\Facebook
[2010/05/19 19:29:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mizurak\Application Data\GARMIN
[2007/01/29 00:33:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mizurak\Application Data\InterVideo
[2006/10/08 14:06:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mizurak\Application Data\Leadertech
[2010/11/04 19:54:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mizurak\Application Data\PCToolsFirewallPlus
[2006/09/22 19:44:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mizurak\Application Data\PlayFirst
[2007/05/02 15:55:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mizurak\Application Data\SecondLife
[2010/09/29 15:32:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mizurak\Application Data\Teleca

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C31F31E6

< End of report >
  • 0

#21
sempai

sempai

    Trusted Helper

  • Malware Removal
  • 785 posts
Hi,

Are you still getting a message from Avira that the PC is infected?


ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista/Windows 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here to run the scan.

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, but make sure you copy the logfile first.
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!
  • 0

#22
CMiz2184

CMiz2184

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
[email protected] as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=f92dec85c9dcd649b006204a7fd6c178
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-03-04 04:35:40
# local_time=2012-03-03 11:35:40 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 92568016 92568016 0 0
# compatibility_mode=1797 16775141 100 93 0 66427442 0 0
# compatibility_mode=2560 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 28035853 28035853 0 0
# scanned=27802
# found=0
# cleaned=0
# scan_time=1648
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=f92dec85c9dcd649b006204a7fd6c178
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-03-04 11:56:52
# local_time=2012-03-04 06:56:52 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 92633965 92633965 0 0
# compatibility_mode=1797 16775125 100 93 0 66493391 0 0
# compatibility_mode=2560 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 28101802 28101802 0 0
# scanned=66753
# found=0
# cleaned=0
# scan_time=5371
[email protected] as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=f92dec85c9dcd649b006204a7fd6c178
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-03-05 01:34:00
# local_time=2012-03-04 08:34:00 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 92639444 92639444 0 0
# compatibility_mode=1797 16775125 100 93 0 66498870 0 0
# compatibility_mode=2560 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 28107281 28107281 0 0
# scanned=116405
# found=9
# cleaned=0
# scan_time=5718
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP486\A0296976.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP486\A0297000.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP486\A0299149.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP486\A0300149.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP486\A0300240.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP486\A0301240.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP486\A0301266.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP486\A0302266.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP486\A0302322.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I
  • 0

#23
sempai

sempai

    Trusted Helper

  • Malware Removal
  • 785 posts
ESET only found system restore entries. There are some unnecessary applications/programs that runs on start-up that can slow the start-up process. Aside from that I do think that the computer is malware free.

When is the last time that you run a disk check and hard drive defragmentation?
  • 0

#24
CMiz2184

CMiz2184

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Hello,
How can I prevent these programs from running on start up? I do not recall the last time i ran a disk check or defrag.
  • 0

#25
sempai

sempai

    Trusted Helper

  • Malware Removal
  • 785 posts
A good application to manage your start-up entries is Startup Control Panel, install it and then double click the Start-up icon inside the Control Panel. Carefully review the entries listed and unchecked those that are not needed.


But before disabling any start-up programs, let's first run a disk check a disk defragmentation.


1. Please check volume for errors.
  • To check the volume for errors:
  • Click start and then My Computer.
  • Right click the drive C and select Properties.
  • Under Tools tab press Check Now...
  • Put a check mark on
    • Automatically fix file system errors
    • Scan for and attempt recovery of bad sectors
  • Press start.
  • Click Yes to schedule the disk check and click OK and then restart your computer to start the disk check.

Note: Please be patient and let the system run. In some cases it might take a couple of hours and you don't have to sit there the whole time.



2. Please go to this link -> http://www.bleepingc...tutorial55.html and follow the steps to perform a Disk Defragmentation.
  • 0

Advertisements


#26
sempai

sempai

    Trusted Helper

  • Malware Removal
  • 785 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP