Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

MBR Alureon k RTK Infection? Daughters laptop. [Solved]


  • This topic is locked This topic is locked

#16
The Wardog

The Wardog

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Still no change, same result. Also computer will only shutdown from Safe Mode.

Edited by The Wardog, 24 July 2012 - 10:22 AM.

  • 0

Advertisements


#17
Nedklaw

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hi. :)
Boot into Safe Mode with Networking.


Download ComboFix from one of these locations and set the Save as type to All Files before saving it.

Link 1
Link 2
Link 3


IMPORTANT!!! You need to Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you are still unsure on how to do this, see here.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click Yes, to continue scanning for malware. Please be patient and don't use the PC whilst it is scanning.

When finished, it shall produce a log for you. Please copy & paste the contents of this log at C:\ComboFix.txt in your next reply.


Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get this error "Illegal operation attempted on a registry key that has been marked for deletion" then reboot, that will cure it.



Things I want to see in your next reply

  • ComboFix.txt

  • 0

#18
The Wardog

The Wardog

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Hi, here's the combofix log.

ComboFix 12-07-26.03 - April 07/25/2012 11:22:14.1.2 - x64 NETWORK
Running from: c:\users\April\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\April\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HDD Defragmenter
c:\users\April\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HDD Defragmenter\HDD Defragmenter.lnk
c:\users\April\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HDD Defragmenter\Uninstall HDD Defragmenter.lnk
.
.
((((((((((((((((((((((((( Files Created from 2012-06-25 to 2012-07-25 )))))))))))))))))))))))))))))))
.
.
2012-07-25 14:58 . 2012-07-25 14:58 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4E8A405C-D66A-493A-8376-77B1455D181E}\offreg.dll
2012-07-24 15:35 . 2012-07-24 15:35 -------- d-----w- c:\users\April\AppData\Local\Apps
2012-07-24 15:35 . 2012-07-24 15:36 -------- d-----w- c:\users\April\AppData\Local\Deployment
2012-07-23 03:41 . 2012-07-23 03:43 -------- d-----w- c:\programdata\Kodak
2012-07-19 16:32 . 2012-07-19 16:32 -------- d-----w- C:\found.000
2012-07-18 03:39 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4E8A405C-D66A-493A-8376-77B1455D181E}\mpengine.dll
2012-07-17 03:13 . 2012-07-17 03:13 -------- d-----w- C:\_OTL
2012-07-14 00:04 . 2012-07-16 01:30 -------- d-----w- c:\windows\Microsoft Antimalware
2012-07-12 14:12 . 2012-07-12 14:12 -------- d-----w- c:\windows\en
2012-07-12 14:05 . 2012-07-12 14:05 -------- d-----w- c:\program files\Windows Live
2012-07-12 14:05 . 2012-07-12 14:05 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-07-12 14:00 . 2012-07-12 14:00 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\a45f47601cd603601\DSETUP.dll
2012-07-12 14:00 . 2012-07-12 14:00 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\a45f47601cd603601\DXSETUP.exe
2012-07-12 14:00 . 2012-07-12 14:00 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\a45f47601cd603601\dsetup32.dll
2012-07-12 08:01 . 2012-06-02 12:49 17807360 ----a-w- c:\windows\system32\mshtml.dll
2012-07-12 08:01 . 2012-06-02 12:17 10924032 ----a-w- c:\windows\system32\ieframe.dll
2012-07-12 08:01 . 2012-06-13 13:58 2769408 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 18:11 . 2012-07-03 16:21 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-07-11 18:11 . 2012-07-03 16:21 355856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-07-11 18:11 . 2012-07-03 16:21 44272 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-07-11 18:11 . 2012-07-03 16:21 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-07-11 18:11 . 2012-07-03 16:21 958400 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-07-11 18:11 . 2012-07-03 16:21 71064 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-07-11 18:11 . 2012-07-03 16:21 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-07-11 18:10 . 2012-07-03 16:21 41224 ----a-w- c:\windows\avastSS.scr
2012-07-11 18:10 . 2012-07-03 16:21 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-07-11 18:09 . 2012-07-11 18:09 -------- d-----w- c:\programdata\AVAST Software
2012-07-11 18:09 . 2012-07-11 18:09 -------- d-----w- c:\program files\AVAST Software
2012-07-11 15:57 . 2012-06-08 17:59 12899840 ----a-w- c:\windows\system32\shell32.dll
2012-07-11 15:46 . 2012-06-05 16:22 974848 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-07-11 15:46 . 2012-06-05 16:47 708608 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll
2012-07-11 15:46 . 2012-06-05 16:47 1401856 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-07-11 15:46 . 2012-06-05 16:47 1248768 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-07-11 15:46 . 2012-06-05 16:22 1797120 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 15:46 . 2012-06-05 16:22 1869824 ----a-w- c:\windows\system32\msxml3.dll
2012-07-11 15:46 . 2012-06-04 15:29 516480 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-11 15:46 . 2012-06-02 00:22 347136 ----a-w- c:\windows\system32\schannel.dll
2012-07-11 15:46 . 2012-06-02 00:22 254464 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-11 15:46 . 2012-06-02 00:04 278528 ----a-w- c:\windows\SysWow64\schannel.dll
2012-07-11 15:46 . 2012-06-02 00:03 204288 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-07-11 15:46 . 2012-06-02 00:05 77312 ----a-w- c:\windows\SysWow64\secur32.dll
2012-07-10 17:14 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-07-10 17:14 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-07-10 17:14 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-07-10 17:14 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-07-10 17:14 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-07-10 17:14 . 2012-06-02 22:19 35864 ----a-w- c:\windows\SysWow64\wups.dll
2012-07-10 17:14 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-07-10 17:14 . 2012-06-02 22:19 577048 ----a-w- c:\windows\SysWow64\wuapi.dll
2012-07-10 17:14 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-07-10 17:14 . 2012-06-02 22:12 88576 ----a-w- c:\windows\SysWow64\wudriver.dll
2012-07-10 17:13 . 2012-06-02 20:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-07-10 17:13 . 2012-06-02 20:19 171904 ----a-w- c:\windows\SysWow64\wuwebv.dll
2012-07-10 17:13 . 2012-06-02 20:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-07-10 17:13 . 2012-06-02 20:12 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-12 08:04 . 2006-11-02 12:35 59701280 ----a-w- c:\windows\system32\mrt.exe
2012-07-03 18:46 . 2010-03-14 01:24 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-16 04:19 . 2009-06-01 22:30 74703 ----a-w- c:\windows\SysWow64\mfc45.dll
2012-05-31 17:25 . 2009-10-03 01:18 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-05-01 14:29 . 2012-06-16 01:44 209920 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-17 39408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell PC TuneUp Startup"="c:\program files (x86)\iolo\Common\Lib\ioloLManager.exe" [2009-06-23 314224]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe" [2008-11-11 442536]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe [2009-03-20 89600]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ECACHE
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-08 02:55]
.
2012-07-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-08 02:55]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-11-26 1657128]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-12-22 4119552]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2008-09-26 2041112]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.att.net/
LSP: c:\windows\system32\wpclsp.dll
LSP: c:\program files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
TCP: DhcpNameServer = 192.168.1.254
DPF: {682C59F5-478C-4421-9070-AD170D143B77} - hxxp://www.dell.com/support/troubleshooting/Content/Ode/pcd86.cab
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\April\AppData\Roaming\Mozilla\Firefox\Profiles\ysqkp2be.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.att.net/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: network.proxy.type - 4
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe
HKLM-Run-SysTrayApp - c:\program files (x86)\IDT\WDM\sttray64.exe
.
.
.
Completion time: 2012-07-25 11:32:42
ComboFix-quarantined-files.txt 2012-07-25 16:32
.
Pre-Run: 231,830,011,904 bytes free
Post-Run: 231,720,001,536 bytes free
.
- - End Of File - - D3C834AF53B585C10ECFD66E92F46B74

Hope this a help.
  • 0

#19
Nedklaw

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hi. :)
ComboFix didn't remove much so we'll try out another tool:


Step 1

Download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt.
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
Things I want to see in your next reply

  • FRST.txt

  • 0

#20
The Wardog

The Wardog

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Just got finished with with the Farbar scan and log.

Scan result of Farbar Recovery Scan Tool Version: 25-07-2012 01
Ran by SYSTEM at 28-07-2012 14:06:07
Running from E:\
Windows Vista ™ Home Premium Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1657128 2008-11-25] (Synaptics, Inc.)
HKLM\...\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe [4119552 2008-12-22] (Dell Inc.)
HKLM\...\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe [2041112 2008-09-26] (Dell Inc.)
HKLM\...\Run: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m [1807600 2009-11-13] ()
HKLM\...\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray64.exe [462848 2009-03-20] (IDT, Inc.)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [161304 2010-08-25] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [386584 2010-08-25] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [415256 2010-08-25] (Intel Corporation)
HKLM-x32\...\Run: [Dell PC TuneUp Startup] "C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe" [314224 2009-06-23] (iolo technologies, LLC)
HKLM-x32\...\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [128296 2008-05-23] (CyberLink Corp.)
HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe" /mode2 [442536 2008-11-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m [1807600 2009-11-13] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4273976 2012-07-03] (AVAST Software)
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462920 2012-07-03] (Malwarebytes Corporation)
HKU\April\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-10-16] (Google Inc.)
HKU\April\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\April\...\Policies\system: [LogonHoursAction] 2
HKU\April\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Default\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 2009-04-10] (Microsoft Corporation)
HKU\Default User\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 2009-04-10] (Microsoft Corporation)
HKU\Mark\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\Mark\...\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe [x]
HKU\Mark\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-10-16] (Google Inc.)
HKU\Mark\...\Policies\system: [LogonHoursAction] 2
HKU\Mark\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Dell Remote Access.lnk
ShortcutTarget: Dell Remote Access.lnk -> C:\Windows\Installer\{F66A31D9-7831-4FBA-BA02-C411C0047CC5}\NewShortcut4_F66A31D978314FBABA02C411C0047CC5.exe (Macrovision Corporation)
Startup: C:\Users\April\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Mark\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Services (Whitelisted) ======

2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [44808 2012-07-03] (AVAST Software)
2 ioloFileInfoList; C:\Program Files (x86)\iolo\common\lib\ioloServiceManager.exe [600944 2009-06-23] ()
2 ioloSystemService; C:\Program Files (x86)\iolo\common\lib\ioloServiceManager.exe [600944 2009-06-23] ()
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-03] (Malwarebytes Corporation)
3 stllssvr; "C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe" [74384 2008-03-24] (MicroVision Development, Inc.)
2 wltrysvc; C:\Windows\System32\WLTRYSVC.EXE C:\Windows\System32\bcmwltry.exe [3051520 2008-12-22] (Dell Inc.)

========================== Drivers (Whitelisted) =============

2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [25232 2012-07-03] (AVAST Software)
2 aswMonFlt; C:\Windows\System32\Drivers\aswMonFlt.sys [71064 2012-07-03] (AVAST Software)
1 AswRdr; C:\Windows\System32\Drivers\AswRdr.sys [44272 2012-07-03] (AVAST Software)
1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [958400 2012-07-03] (AVAST Software)
1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [355856 2012-07-03] (AVAST Software)
1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [59728 2012-07-03] (AVAST Software)
1 ElRawDisk; \??\C:\Windows\system32\drivers\elrawdsk.sys [23464 2008-12-09] (EldoS Corporation)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-07-03] (Malwarebytes Corporation)
3 OA008Ufd; C:\Windows\System32\Drivers\OA008Ufd.sys [158592 2009-02-10] (Creative Technology Ltd.)
3 OA008Vid; C:\Windows\System32\Drivers\OA008Vid.sys [310784 2009-02-10] (Creative Technology Ltd.)
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-07-25 08:32 - 2012-07-25 08:32 - 00010822 ____A C:\ComboFix.txt
2012-07-25 08:20 - 2012-07-25 08:32 - 00000000 ____D C:\Qoobox
2012-07-25 08:20 - 2012-07-25 08:31 - 00000000 ____D C:\Windows\erdnt
2012-07-25 08:20 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2012-07-25 08:20 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2012-07-25 08:20 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-07-25 08:20 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-07-25 08:20 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-07-25 08:20 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2012-07-25 08:20 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2012-07-25 08:20 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2012-07-25 08:19 - 2012-07-25 08:16 - 04585817 ____R (Swearware) C:\Users\April\Desktop\ComboFix.exe
2012-07-24 07:38 - 2012-07-24 07:38 - 04147200 ____A C:\Users\April\Desktop\MyDownnloadList1.ISO
2012-07-24 07:35 - 2012-07-24 07:36 - 00000000 ____D C:\Users\April\AppData\Local\Deployment
2012-07-24 07:35 - 2012-07-24 07:35 - 00000000 ____D C:\Users\April\AppData\Local\Apps\2.0
2012-07-22 19:49 - 2012-07-22 19:49 - 12603960 ____A (Eastman Kodak Company) C:\Users\April\Downloads\aio_install(1).exe
2012-07-22 19:41 - 2012-07-22 19:43 - 00000000 ____D C:\Users\All Users\Kodak
2012-07-22 19:40 - 2012-07-22 19:40 - 12603960 ____A (Eastman Kodak Company) C:\Users\April\Downloads\aio_install.exe
2012-07-19 11:06 - 2012-07-19 11:06 - 00000527 ____A C:\Users\April\Desktop\OTL.Txt - Shortcut.lnk
2012-07-19 08:32 - 2012-07-19 08:32 - 00000000 ____D C:\found.000
2012-07-19 07:59 - 2012-07-28 10:49 - 268435456 __ASH C:\Windows\System32\temppf.sys
2012-07-17 11:25 - 2012-07-17 20:12 - 00000000 ____D C:\Users\April\Desktop\Scans716
2012-07-16 19:54 - 2012-07-16 19:54 - 00088880 ____A C:\Users\April\Downloads\716OLT,txt.txt
2012-07-16 19:13 - 2012-07-16 19:13 - 00000000 ____D C:\_OTL
2012-07-16 18:57 - 2010-02-13 12:53 - 00000903 ____A C:\Users\Public\Desktop\VLC media player.lnk
2012-07-16 18:56 - 2012-01-09 18:34 - 00001983 ____A C:\Users\Public\Desktop\The Sims™ 3 Pets.lnk
2012-07-16 18:56 - 2012-01-09 18:13 - 00002037 ____A C:\Users\Public\Desktop\The Sims™ 3 Late Night.lnk
2012-07-16 18:56 - 2012-01-09 17:56 - 00002073 ____A C:\Users\Public\Desktop\The Sims™ 3 World Adventures.lnk
2012-07-16 18:56 - 2012-01-09 17:32 - 00002047 ____A C:\Users\Public\Desktop\The Sims™ 3 Generations.lnk
2012-07-16 18:56 - 2012-01-09 17:12 - 00002029 ____A C:\Users\Public\Desktop\The Sims™ 3 Ambitions.lnk
2012-07-16 18:56 - 2012-01-09 16:48 - 00001913 ____A C:\Users\Public\Desktop\The Sims™ 3.lnk
2012-07-16 18:56 - 2010-03-13 17:24 - 00000850 ____A C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
2012-07-16 18:56 - 2009-08-15 17:27 - 00001758 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2012-07-16 18:56 - 2009-08-15 16:43 - 00001780 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2012-07-16 18:50 - 2012-07-16 18:50 - 01558528 ____A C:\Users\April\Downloads\RogueKiller.exe
2012-07-15 10:23 - 2012-07-15 10:23 - 04731392 ____A (AVAST Software) C:\Users\April\Downloads\aswMBR(1).exe
2012-07-15 09:33 - 2012-07-15 11:37 - 00045422 ____A C:\Users\April\Downloads\Extras.Txt
2012-07-15 09:31 - 2012-07-19 11:03 - 00084126 ____A C:\Users\April\Downloads\OTL.Txt
2012-07-15 09:23 - 2012-07-15 09:23 - 00596480 ____A (OldTimer Tools) C:\Users\April\Downloads\OTL.exe
2012-07-15 08:56 - 2012-07-15 08:56 - 00000035 ____A C:\Users\April\AppData\Roaming\mbam.context.scan
2012-07-15 07:41 - 2012-07-15 07:41 - 02135640 ____A (Kaspersky Lab ZAO) C:\Users\April\Downloads\tdsskiller.exe
2012-07-15 06:41 - 2012-07-15 06:41 - 04731392 ____A (AVAST Software) C:\Users\April\Downloads\aswMBR.exe
2012-07-14 22:10 - 2012-07-14 22:10 - 02115791 ____A C:\Users\April\Downloads\tdsskiller.zip
2012-07-13 18:35 - 2012-07-13 18:40 - 72349728 ____A (Microsoft Corporation) C:\Users\April\Downloads\msert.exe
2012-07-13 16:04 - 2012-07-15 17:30 - 00000000 ____D C:\Windows\Microsoft Antimalware
2012-07-13 12:40 - 2012-07-13 12:40 - 00803584 ____A (Microsoft Corporation) C:\Users\April\Downloads\mssstool64.exe
2012-07-13 10:54 - 2012-07-13 10:54 - 00000099 ____A C:\Users\April\Documents\antivirus.txt
2012-07-13 10:48 - 2012-07-13 10:48 - 00002052 ____A C:\Windows\epplauncher.mif
2012-07-13 10:48 - 2012-07-13 10:48 - 00000000 ____D C:\Users\April\Documents\Virus Program
2012-07-13 10:45 - 2012-07-13 10:45 - 12621696 ____A (Microsoft Corporation) C:\Users\April\Downloads\mseinstall.exe
2012-07-13 08:39 - 2012-07-13 08:39 - 00000000 ____D C:\Users\April\AppData\Local\{A03409DA-ADFC-42EE-B598-22B07F66B47B}
2012-07-13 08:39 - 2012-07-13 08:39 - 00000000 ____D C:\Users\April\AppData\Local\{57B538D5-4E29-4645-AD27-18BCEB333B33}
2012-07-12 09:39 - 2012-07-12 09:39 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\April\Downloads\mbam-setup-1.62.0.1300.exe
2012-07-12 06:13 - 2012-07-12 06:13 - 00000000 ____D C:\Users\April\AppData\Local\{82AB4950-E14B-4300-8B12-46CA965EFD75}
2012-07-12 06:12 - 2012-07-12 06:12 - 00000000 ____D C:\Windows\en
2012-07-12 06:05 - 2012-07-12 06:05 - 00000000 ____D C:\Program Files\Windows Live
2012-07-12 06:03 - 2012-07-12 06:03 - 00000380 ____A C:\Windows\DirectX.log
2012-07-12 05:57 - 2012-07-12 05:57 - 00000000 ____D C:\Users\April\AppData\Local\{A670C229-344C-46FC-AB78-4CD574814F0A}
2012-07-12 05:57 - 2012-07-12 05:57 - 00000000 ____D C:\Users\April\AppData\Local\{7D2FFDD7-1B00-4939-BCBA-100ED254873C}
2012-07-12 00:02 - 2012-06-02 04:12 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-07-12 00:02 - 2012-06-02 04:05 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-07-12 00:02 - 2012-06-02 04:05 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-07-12 00:02 - 2012-06-02 04:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-07-12 00:02 - 2012-06-02 04:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-07-12 00:02 - 2012-06-02 04:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-07-12 00:02 - 2012-06-02 04:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-07-12 00:02 - 2012-06-02 04:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-07-12 00:02 - 2012-06-02 03:59 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-07-12 00:02 - 2012-06-02 03:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-07-12 00:02 - 2012-06-02 03:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-07-12 00:02 - 2012-06-02 03:54 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-07-12 00:02 - 2012-06-02 01:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-07-12 00:02 - 2012-06-02 00:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-07-12 00:02 - 2012-06-02 00:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-07-12 00:02 - 2012-06-02 00:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-07-12 00:02 - 2012-06-02 00:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-07-12 00:02 - 2012-06-02 00:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-07-12 00:02 - 2012-06-02 00:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-07-12 00:02 - 2012-06-02 00:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-07-12 00:02 - 2012-06-02 00:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-07-12 00:02 - 2012-06-02 00:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-07-12 00:02 - 2012-06-02 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-07-12 00:02 - 2012-06-02 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-07-12 00:02 - 2012-06-02 00:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-07-12 00:01 - 2012-06-13 05:58 - 02769408 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-12 00:01 - 2012-06-02 04:49 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-07-12 00:01 - 2012-06-02 04:17 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-07-12 00:01 - 2012-06-02 00:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-07-11 10:11 - 2012-07-13 10:56 - 00000000 ____A C:\Windows\SysWOW64\config.nt
2012-07-11 10:11 - 2012-07-11 10:11 - 00001787 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2012-07-11 10:11 - 2012-07-03 08:21 - 00958400 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2012-07-11 10:11 - 2012-07-03 08:21 - 00355856 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2012-07-11 10:11 - 2012-07-03 08:21 - 00285328 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2012-07-11 10:11 - 2012-07-03 08:21 - 00071064 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2012-07-11 10:11 - 2012-07-03 08:21 - 00059728 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2012-07-11 10:11 - 2012-07-03 08:21 - 00044272 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr.sys
2012-07-11 10:11 - 2012-07-03 08:21 - 00025232 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
2012-07-11 10:10 - 2012-07-11 10:11 - 00416194 ____A C:\Users\April\AppData\Local\dd_vcredistMSI3C3D.txt
2012-07-11 10:10 - 2012-07-11 10:11 - 00011630 ____A C:\Users\April\AppData\Local\dd_vcredistUI3C3D.txt
2012-07-11 10:10 - 2012-07-03 08:21 - 00227648 ____A (AVAST Software) C:\Windows\SysWOW64\aswBoot.exe
2012-07-11 10:10 - 2012-07-03 08:21 - 00041224 ____A (AVAST Software) C:\Windows\avastSS.scr
2012-07-11 10:09 - 2012-07-11 10:09 - 00000000 ____D C:\Users\All Users\AVAST Software
2012-07-11 10:09 - 2012-07-11 10:09 - 00000000 ____D C:\Program Files\AVAST Software
2012-07-11 10:04 - 2012-07-11 10:07 - 89340632 ____A C:\Users\April\Downloads\avast_free_antivirus_setup.exe
2012-07-11 08:25 - 2012-07-11 08:25 - 00000000 ____D C:\Users\April\AppData\Local\{A8107BD0-95B8-48FE-A7CE-EBEEDA30F024}
2012-07-11 08:25 - 2012-07-11 08:25 - 00000000 ____D C:\Users\April\AppData\Local\{0FCF35CF-B09B-44C7-B5F0-5B26ED0320C2}
2012-07-11 07:57 - 2012-06-08 09:59 - 12899840 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-07-11 07:57 - 2012-06-08 09:47 - 11586048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-07-11 07:51 - 2012-07-11 07:51 - 00000000 ____D C:\Users\April\AppData\Local\{1CA03D1B-8541-4799-969B-137A1DCBFEA6}
2012-07-11 07:50 - 2012-07-11 07:51 - 00000000 ____D C:\Users\April\AppData\Local\{7361FABF-AD25-4F84-9076-AB2099CD725F}
2012-07-11 07:50 - 2012-07-11 07:50 - 00000000 ____D C:\Users\April\AppData\Local\{40BE345E-5512-4EE2-B7E3-F969B9607DB2}
2012-07-11 07:50 - 2012-07-11 07:50 - 00000000 ____D C:\Users\April\AppData\Local\{32D2FC9B-B5D6-4A43-9726-16C454FFEB3E}
2012-07-11 07:46 - 2012-06-05 08:47 - 01401856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-07-11 07:46 - 2012-06-05 08:47 - 01248768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-07-11 07:46 - 2012-06-05 08:22 - 01869824 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-07-11 07:46 - 2012-06-05 08:22 - 01797120 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-07-11 07:46 - 2012-06-04 07:29 - 00516480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-07-11 07:46 - 2012-06-01 16:22 - 00347136 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-07-11 07:46 - 2012-06-01 16:22 - 00254464 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-07-11 07:46 - 2012-06-01 16:05 - 00077312 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-07-11 07:46 - 2012-06-01 16:04 - 00278528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-07-11 07:46 - 2012-06-01 16:03 - 00204288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-07-11 07:44 - 2012-07-11 07:45 - 03058968 ____A C:\Users\April\Downloads\R301502.exe
2012-07-11 07:27 - 2012-07-11 07:27 - 00000000 ____D C:\Users\April\AppData\Local\{A67C42B1-A08D-42FC-B836-02575101AD07}
2012-07-11 07:26 - 2012-07-11 07:27 - 00000000 ____D C:\Users\April\AppData\Local\{6ADA0642-86F6-4676-B567-AD5AB4DA6138}
2012-07-11 07:16 - 2012-07-11 07:16 - 00000000 ____D C:\Users\April\AppData\Local\{8C1550C9-3E4A-49ED-8C58-D1E8249A778F}
2012-07-10 10:52 - 2012-07-10 10:55 - 89340632 ____A C:\Users\Mark\Downloads\avast_free_antivirus_setup(1).exe
2012-07-10 09:20 - 2012-07-10 09:20 - 03058968 ____A C:\Users\Mark\Downloads\R301502(1).exe
2012-07-10 09:19 - 2012-07-10 09:19 - 03058968 ____A C:\Users\Mark\Downloads\R301502.exe
2012-07-10 09:14 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-07-10 09:14 - 2012-06-02 14:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-07-10 09:14 - 2012-06-02 14:19 - 00577048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2012-07-10 09:14 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-07-10 09:14 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-07-10 09:14 - 2012-06-02 14:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-07-10 09:14 - 2012-06-02 14:19 - 00035864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2012-07-10 09:14 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-07-10 09:14 - 2012-06-02 14:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-07-10 09:14 - 2012-06-02 14:12 - 00088576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2012-07-10 09:13 - 2012-06-02 12:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-07-10 09:13 - 2012-06-02 12:19 - 00171904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2012-07-10 09:13 - 2012-06-02 12:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-07-10 09:13 - 2012-06-02 12:12 - 00033792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2012-07-10 09:02 - 2012-07-11 07:16 - 00000000 ____D C:\Users\April\AppData\Local\{476892E1-9ABC-4956-82F5-35117B6B00E7}


============ 3 Months Modified Files ========================

2012-07-28 10:49 - 2012-07-19 07:59 - 268435456 __ASH C:\Windows\System32\temppf.sys
2012-07-28 10:44 - 2006-11-02 07:42 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-25 08:51 - 2011-02-07 18:55 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-07-25 08:38 - 2010-01-13 18:51 - 00001356 ____A C:\Users\April\AppData\Local\d3d9caps.dat
2012-07-25 08:32 - 2012-07-25 08:32 - 00010822 ____A C:\ComboFix.txt
2012-07-25 08:30 - 2006-11-02 04:34 - 00000215 ____A C:\Windows\system.ini
2012-07-25 08:19 - 2006-11-02 04:46 - 00768726 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-25 08:16 - 2012-07-25 08:19 - 04585817 ____R (Swearware) C:\Users\April\Desktop\ComboFix.exe
2012-07-25 06:54 - 2009-06-01 08:57 - 02048352 ____A C:\Windows\WindowsUpdate.log
2012-07-24 07:38 - 2012-07-24 07:38 - 04147200 ____A C:\Users\April\Desktop\MyDownnloadList1.ISO
2012-07-22 19:49 - 2012-07-22 19:49 - 12603960 ____A (Eastman Kodak Company) C:\Users\April\Downloads\aio_install(1).exe
2012-07-22 19:40 - 2012-07-22 19:40 - 12603960 ____A (Eastman Kodak Company) C:\Users\April\Downloads\aio_install.exe
2012-07-22 19:14 - 2009-06-12 16:27 - 00001460 ____A C:\Users\April\AppData\Local\d3d9caps64.dat
2012-07-19 11:06 - 2012-07-19 11:06 - 00000527 ____A C:\Users\April\Desktop\OTL.Txt - Shortcut.lnk
2012-07-19 11:03 - 2012-07-15 09:31 - 00084126 ____A C:\Users\April\Downloads\OTL.Txt
2012-07-19 07:38 - 2006-11-02 07:42 - 00032550 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-07-19 07:38 - 2006-11-02 07:22 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-19 07:38 - 2006-11-02 07:22 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-17 19:39 - 2011-02-07 18:55 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-07-16 19:54 - 2012-07-16 19:54 - 00088880 ____A C:\Users\April\Downloads\716OLT,txt.txt
2012-07-16 19:21 - 2008-01-20 19:26 - 02389138 ____A C:\Windows\PFRO.log
2012-07-16 18:50 - 2012-07-16 18:50 - 01558528 ____A C:\Users\April\Downloads\RogueKiller.exe
2012-07-15 11:37 - 2012-07-15 09:33 - 00045422 ____A C:\Users\April\Downloads\Extras.Txt
2012-07-15 10:23 - 2012-07-15 10:23 - 04731392 ____A (AVAST Software) C:\Users\April\Downloads\aswMBR(1).exe
2012-07-15 09:23 - 2012-07-15 09:23 - 00596480 ____A (OldTimer Tools) C:\Users\April\Downloads\OTL.exe
2012-07-15 08:56 - 2012-07-15 08:56 - 00000035 ____A C:\Users\April\AppData\Roaming\mbam.context.scan
2012-07-15 07:41 - 2012-07-15 07:41 - 02135640 ____A (Kaspersky Lab ZAO) C:\Users\April\Downloads\tdsskiller.exe
2012-07-15 06:41 - 2012-07-15 06:41 - 04731392 ____A (AVAST Software) C:\Users\April\Downloads\aswMBR.exe
2012-07-14 22:10 - 2012-07-14 22:10 - 02115791 ____A C:\Users\April\Downloads\tdsskiller.zip
2012-07-13 18:40 - 2012-07-13 18:35 - 72349728 ____A (Microsoft Corporation) C:\Users\April\Downloads\msert.exe
2012-07-13 12:40 - 2012-07-13 12:40 - 00803584 ____A (Microsoft Corporation) C:\Users\April\Downloads\mssstool64.exe
2012-07-13 10:56 - 2012-07-11 10:11 - 00000000 ____A C:\Windows\SysWOW64\config.nt
2012-07-13 10:54 - 2012-07-13 10:54 - 00000099 ____A C:\Users\April\Documents\antivirus.txt
2012-07-13 10:48 - 2012-07-13 10:48 - 00002052 ____A C:\Windows\epplauncher.mif
2012-07-13 10:45 - 2012-07-13 10:45 - 12621696 ____A (Microsoft Corporation) C:\Users\April\Downloads\mseinstall.exe
2012-07-12 09:39 - 2012-07-12 09:39 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\April\Downloads\mbam-setup-1.62.0.1300.exe
2012-07-12 06:03 - 2012-07-12 06:03 - 00000380 ____A C:\Windows\DirectX.log
2012-07-12 05:53 - 2006-11-02 07:21 - 00282240 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-12 00:04 - 2006-11-02 04:35 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2012-07-11 10:11 - 2012-07-11 10:11 - 00001787 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2012-07-11 10:11 - 2012-07-11 10:10 - 00416194 ____A C:\Users\April\AppData\Local\dd_vcredistMSI3C3D.txt
2012-07-11 10:11 - 2012-07-11 10:10 - 00011630 ____A C:\Users\April\AppData\Local\dd_vcredistUI3C3D.txt
2012-07-11 10:07 - 2012-07-11 10:04 - 89340632 ____A C:\Users\April\Downloads\avast_free_antivirus_setup.exe
2012-07-11 07:45 - 2012-07-11 07:44 - 03058968 ____A C:\Users\April\Downloads\R301502.exe
2012-07-10 10:55 - 2012-07-10 10:52 - 89340632 ____A C:\Users\Mark\Downloads\avast_free_antivirus_setup(1).exe
2012-07-10 09:20 - 2012-07-10 09:20 - 03058968 ____A C:\Users\Mark\Downloads\R301502(1).exe
2012-07-10 09:19 - 2012-07-10 09:19 - 03058968 ____A C:\Users\Mark\Downloads\R301502.exe
2012-07-03 10:46 - 2010-03-13 17:24 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-07-03 08:21 - 2012-07-11 10:11 - 00958400 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2012-07-03 08:21 - 2012-07-11 10:11 - 00355856 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2012-07-03 08:21 - 2012-07-11 10:11 - 00285328 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2012-07-03 08:21 - 2012-07-11 10:11 - 00071064 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2012-07-03 08:21 - 2012-07-11 10:11 - 00059728 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2012-07-03 08:21 - 2012-07-11 10:11 - 00044272 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr.sys
2012-07-03 08:21 - 2012-07-11 10:11 - 00025232 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
2012-07-03 08:21 - 2012-07-11 10:10 - 00227648 ____A (AVAST Software) C:\Windows\SysWOW64\aswBoot.exe
2012-07-03 08:21 - 2012-07-11 10:10 - 00041224 ____A (AVAST Software) C:\Windows\avastSS.scr
2012-06-15 20:19 - 2009-06-01 14:30 - 00074703 ____A C:\Windows\SysWOW64\mfc45.dll
2012-06-15 20:06 - 2009-06-09 12:30 - 01526516 ____A C:\Windows\SysWOW64\inst_rr.log
2012-06-15 18:24 - 2012-06-15 18:23 - 74761776 ____A C:\Users\Mark\Downloads\avast_free_antivirus_setup.exe
2012-06-13 05:58 - 2012-07-12 00:01 - 02769408 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-08 09:59 - 2012-07-11 07:57 - 12899840 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-08 09:47 - 2012-07-11 07:57 - 11586048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-06-05 08:47 - 2012-07-11 07:46 - 01401856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-06-05 08:47 - 2012-07-11 07:46 - 01248768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-06-05 08:22 - 2012-07-11 07:46 - 01869824 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-05 08:22 - 2012-07-11 07:46 - 01797120 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-04 07:29 - 2012-07-11 07:46 - 00516480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-02 14:19 - 2012-07-10 09:14 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-07-10 09:14 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-07-10 09:14 - 00577048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2012-06-02 14:19 - 2012-07-10 09:14 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-07-10 09:14 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-07-10 09:14 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:19 - 2012-07-10 09:14 - 00035864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2012-06-02 14:15 - 2012-07-10 09:14 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-07-10 09:14 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 14:12 - 2012-07-10 09:14 - 00088576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2012-06-02 12:19 - 2012-07-10 09:13 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 12:19 - 2012-07-10 09:13 - 00171904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2012-06-02 12:15 - 2012-07-10 09:13 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 12:12 - 2012-07-10 09:13 - 00033792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2012-06-02 04:49 - 2012-07-12 00:01 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-02 04:17 - 2012-07-12 00:01 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-02 04:12 - 2012-07-12 00:02 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-02 04:05 - 2012-07-12 00:02 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-02 04:05 - 2012-07-12 00:02 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-02 04:04 - 2012-07-12 00:02 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-02 04:04 - 2012-07-12 00:02 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-02 04:03 - 2012-07-12 00:02 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-02 04:01 - 2012-07-12 00:02 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-02 04:00 - 2012-07-12 00:02 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-02 03:59 - 2012-07-12 00:02 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-02 03:57 - 2012-07-12 00:02 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-02 03:57 - 2012-07-12 00:02 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-02 03:54 - 2012-07-12 00:02 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-02 01:07 - 2012-07-12 00:02 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-02 00:43 - 2012-07-12 00:01 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-02 00:33 - 2012-07-12 00:02 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-02 00:26 - 2012-07-12 00:02 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-02 00:25 - 2012-07-12 00:02 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-02 00:25 - 2012-07-12 00:02 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-02 00:23 - 2012-07-12 00:02 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-02 00:21 - 2012-07-12 00:02 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-02 00:20 - 2012-07-12 00:02 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-02 00:19 - 2012-07-12 00:02 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-02 00:19 - 2012-07-12 00:02 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-02 00:17 - 2012-07-12 00:02 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-02 00:16 - 2012-07-12 00:02 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-02 00:14 - 2012-07-12 00:02 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-01 16:22 - 2012-07-11 07:46 - 00347136 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 16:22 - 2012-07-11 07:46 - 00254464 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-06-01 16:05 - 2012-07-11 07:46 - 00077312 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-06-01 16:04 - 2012-07-11 07:46 - 00278528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-06-01 16:03 - 2012-07-11 07:46 - 00204288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-05-31 09:25 - 2009-10-02 17:18 - 00279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-05-01 06:29 - 2012-06-15 17:44 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys


========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 10%
Total physical RAM: 4027.94 MB
Available physical RAM: 3599.16 MB
Total Pagefile: 3903.58 MB
Available Pagefile: 3585.68 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:283.01 GB) (Free:215.83 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
3 Drive e: () (Removable) (Total:3.74 GB) (Free:3.69 GB) NTFS
4 Drive f: (U3 System) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
5 Drive x: (RECOVERY) (Fixed) (Total:15 GB) (Free:8.02 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 Online 3836 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 78 MB 32 KB
Partition 2 Primary 15 GB 79 MB
Partition 3 Primary 283 GB 15 GB

==================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 FAT Partition 78 MB Healthy Hidden

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 X RECOVERY NTFS Partition 15 GB Healthy Boot

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 C OS NTFS Partition 283 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3828 MB 19 KB

==================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 E NTFS Removable 3828 MB Healthy

==================================================================================
==========================================================
TDL4: custom:26000022 <===== ATTENTION!


==========================================================

Last Boot: 2012-07-19 07:33

======================= End Of Log ==========================

Hope this helps. Thanks Again
  • 0

#21
Nedklaw

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hi. :)

Download and save the following file to your flash drive: Attached File  fixlist.txt   80bytes   46 downloads

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

Now please enter System Recovery Options.

Run FRST and press the Fix button just once and wait. The tool will make a log on the flashdrive (Fixlog.txt). Please post it in your next reply.

Can you now boot into the computer normally?


Things I want to see in your next reply

  • Fixlog.txt
  • Answer to my question

  • 0

#22
The Wardog

The Wardog

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Computer did boot normally, here is the fixtxt.log

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 25-07-2012 01
Ran by SYSTEM at 2012-07-29 18:35:22 Run:1
Running from E:\

==============================================


The operation completed successfully.
The operation completed successfully.

==== End of Fixlog ====

At end of the boot/ Avast updater ran twice. It said Avast database has been updated/ twice. Could be an Avast glitch.
  • 0

#23
Nedklaw

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hi. :)
Yes, this is a glitch. Other users are experiencing this problem and Avast should find a solution soon.

  • Open OTL and select the "Scan All Users" box.
  • Click the Quick Scan button. Post the log it produces in your next reply.

Things I want to see in your next reply

  • OTL.txt

  • 0

#24
The Wardog

The Wardog

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Scan ran quickly.

OTL logfile created on: 7/31/2012 12:53:12 PM - Run 3
OTL by OldTimer - Version 3.2.54.0 Folder = c:\users\april\downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.93 Gb Total Physical Memory | 1.99 Gb Available Physical Memory | 50.54% Memory free
8.09 Gb Paging File | 6.05 Gb Available in Paging File | 74.80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.01 Gb Total Space | 210.06 Gb Free Space | 74.22% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 8.02 Gb Free Space | 53.48% Space Free | Partition Type: NTFS

Computer Name: APRIL-PC | User Name: April | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/15 12:23:27 | 000,596,480 | ---- | M] (OldTimer Tools) -- c:\Users\April\Downloads\OTL.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/07/03 11:21:30 | 004,273,976 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/07/03 11:21:29 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2009/06/23 18:23:48 | 000,600,944 | ---- | M] () -- C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
PRC - [2009/01/05 17:19:10 | 000,824,560 | ---- | M] (Dell Inc.) -- c:\Program Files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
PRC - [2009/01/05 17:19:10 | 000,480,496 | ---- | M] (Dell Inc.) -- C:\Program Files (x86)\Dell Remote Access\ezi_ra.exe
PRC - [2008/12/18 13:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/11/11 11:07:00 | 000,442,536 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe
PRC - [2008/05/23 14:06:08 | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/07/03 11:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2009/03/20 03:26:10 | 000,268,288 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe -- (STacSV)
SRV:64bit: - [2009/03/20 03:25:42 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008/12/22 05:35:16 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2008/12/18 13:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/07/13 12:33:16 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/11/16 11:23:44 | 000,377,344 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/23 18:23:48 | 000,600,944 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService)
SRV - [2009/06/23 18:23:48 | 000,600,944 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe -- (ioloFileInfoList)
SRV - [2009/03/29 23:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/01/05 17:19:10 | 000,824,560 | ---- | M] (Dell Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe -- (hnmsvc)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/07/03 11:21:52 | 000,958,400 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012/07/03 11:21:52 | 000,355,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012/07/03 11:21:52 | 000,071,064 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/07/03 11:21:52 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012/07/03 11:21:52 | 000,044,272 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (AswRdr)
DRV:64bit: - [2012/07/03 11:21:51 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/02/29 08:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2010/08/25 20:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/09/30 19:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/04/11 00:03:32 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/03/20 03:26:24 | 000,477,696 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/02/10 04:40:28 | 000,158,592 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA008Ufd.sys -- (OA008Ufd)
DRV:64bit: - [2009/02/10 04:40:26 | 000,310,784 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA008Vid.sys -- (OA008Vid)
DRV:64bit: - [2008/12/22 05:34:48 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCM42RLY.sys -- (BCM42RLY)
DRV:64bit: - [2008/12/17 04:22:04 | 001,526,776 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XX)
DRV:64bit: - [2008/12/09 14:26:50 | 000,023,464 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\elrawdsk.sys -- (ElRawDisk)
DRV:64bit: - [2008/11/26 02:08:48 | 000,126,464 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV:64bit: - [2008/11/26 01:56:58 | 000,261,680 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2008/10/28 10:48:20 | 000,160,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2008/10/08 04:49:52 | 000,252,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\k57nd60a.sys -- (k57nd60a) Broadcom NetLink ™
DRV:64bit: - [2008/09/16 04:11:04 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2008/09/16 04:11:00 | 000,062,976 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2008/09/16 04:10:58 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2008/06/18 16:48:54 | 000,029,184 | ---- | M] (SingleClick Systems) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\packet.sys -- (Packet)
DRV:64bit: - [2008/01/20 21:46:55 | 000,317,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express) Intel®
DRV:64bit: - [2007/11/14 03:00:00 | 000,053,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2006/11/02 02:48:50 | 002,488,320 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-266757346-149079058-799995861-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.att.net/
IE - HKU\S-1-5-21-266757346-149079058-799995861-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-266757346-149079058-799995861-1000\..\SearchScopes,DefaultScope = {2828E3BB-31BC-4E2B-B8E3-C8C64D068CE4}
IE - HKU\S-1-5-21-266757346-149079058-799995861-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\S-1-5-21-266757346-149079058-799995861-1000\..\SearchScopes\{2828E3BB-31BC-4E2B-B8E3-C8C64D068CE4}: "URL" = http://www.bing.com/...ferrer:source?}
IE - HKU\S-1-5-21-266757346-149079058-799995861-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKU\S-1-5-21-266757346-149079058-799995861-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/...?FORM=IEFM1&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.att.net/"
FF - prefs.js..keyword.URL: "http://www.bing.com/...?FORM=IEFM1&q="
FF - prefs.js..network.proxy.type: 4
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/07/11 13:10:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/13 12:33:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/29 21:44:55 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/13 12:33:17 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/29 21:44:55 | 000,000,000 | ---D | M]

[2009/12/14 21:34:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\April\AppData\Roaming\Mozilla\Extensions
[2009/12/14 21:34:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\April\AppData\Roaming\Mozilla\Extensions\[email protected]
[2012/05/02 11:54:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\April\AppData\Roaming\Mozilla\Firefox\Profiles\ysqkp2be.default\extensions
[2010/08/18 12:08:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\April\AppData\Roaming\Mozilla\Firefox\Profiles\ysqkp2be.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/13 14:02:32 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\April\AppData\Roaming\Mozilla\Firefox\Profiles\ysqkp2be.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}(17)
[2010/03/09 16:36:48 | 000,001,827 | ---- | M] () -- C:\Users\April\AppData\Roaming\Mozilla\Firefox\Profiles\ysqkp2be.default\searchplugins\bing.xml
[2012/06/11 21:05:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/02/07 21:55:30 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2012/07/11 13:10:15 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012/07/13 12:33:17 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/04/25 23:26:54 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/06/11 21:05:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/11 21:05:00 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/07/25 11:30:40 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg64.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKU\S-1-5-21-266757346-149079058-799995861-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-266757346-149079058-799995861-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Windows\SysNative\WLTRAY.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [Dell PC TuneUp Startup] C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe (iolo technologies, LLC)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - Startup: C:\Users\April\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-266757346-149079058-799995861-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-266757346-149079058-799995861-1000\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-266757346-149079058-799995861-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-266757346-149079058-799995861-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-266757346-149079058-799995861-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-266757346-149079058-799995861-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000022 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000023 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {682C59F5-478C-4421-9070-AD170D143B77} http://www.dell.com/...t/Ode/pcd86.cab (Launcher Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C81BE7CB-CFB2-4F93-A990-E564930CD795}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\April\Pictures\Story\Me\My Castles and Isle\Tiger Demon.jpg
O24 - Desktop BackupWallPaper: C:\Users\April\Pictures\Story\Me\My Castles and Isle\Tiger Demon.jpg
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/29 18:38:46 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/07/28 17:05:58 | 000,000,000 | ---D | C] -- C:\FRST
[2012/07/25 11:32:44 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/07/25 11:32:44 | 000,000,000 | ---D | C] -- C:\Users\April\AppData\Local\temp
[2012/07/25 11:20:27 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/07/25 11:20:27 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/07/25 11:20:27 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/07/25 11:20:23 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/07/25 11:20:04 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/07/25 11:19:16 | 004,585,817 | R--- | C] (Swearware) -- C:\Users\April\Desktop\ComboFix.exe
[2012/07/24 10:36:26 | 000,000,000 | ---D | C] -- C:\Users\April\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell Inc
[2012/07/24 10:35:30 | 000,000,000 | ---D | C] -- C:\Users\April\AppData\Local\Apps
[2012/07/24 10:35:29 | 000,000,000 | ---D | C] -- C:\Users\April\AppData\Local\Deployment
[2012/07/22 22:41:18 | 000,000,000 | ---D | C] -- C:\Users\April\AppData\Roaming\Temp
[2012/07/22 22:41:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Kodak
[2012/07/19 11:32:44 | 000,000,000 | ---D | C] -- C:\found.000
[2012/07/17 14:25:45 | 000,000,000 | ---D | C] -- C:\Users\April\Desktop\Scans716
[2012/07/16 22:13:04 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/07/16 21:56:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012/07/16 21:56:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LimeWire
[2012/07/16 21:56:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell PC TuneUp
[2012/07/13 19:04:28 | 000,000,000 | ---D | C] -- C:\Windows\Microsoft Antimalware
[2012/07/13 13:48:49 | 000,000,000 | ---D | C] -- C:\Users\April\Documents\Virus Program
[2012/07/13 11:39:12 | 000,000,000 | ---D | C] -- C:\Users\April\AppData\Local\{57B538D5-4E29-4645-AD27-18BCEB333B33}
[2012/07/13 11:39:00 | 000,000,000 | ---D | C] -- C:\Users\April\AppData\Local\{A03409DA-ADFC-42EE-B598-22B07F66B47B}
[2012/07/12 12:41:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/07/12 09:13:42 | 000,000,000 | ---D | C] -- C:\Users\April\AppData\Local\{82AB4950-E14B-4300-8B12-46CA965EFD75}
[2012/07/12 09:12:12 | 000,000,000 | ---D | C] -- C:\Windows\en
[2012/07/12 09:05:33 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2012/07/12 08:57:24 | 000,000,000 | ---D | C] -- C:\Users\April\AppData\Local\{A670C229-344C-46FC-AB78-4CD574814F0A}
[2012/07/12 08:57:08 | 000,000,000 | ---D | C] -- C:\Users\April\AppData\Local\{7D2FFDD7-1B00-4939-BCBA-100ED254873C}
[2012/07/11 13:11:34 | 000,025,232 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/07/11 13:11:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/07/11 13:11:33 | 000,355,856 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/07/11 13:11:24 | 000,044,272 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2012/07/11 13:11:23 | 000,059,728 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/07/11 13:11:19 | 000,958,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/07/11 13:11:16 | 000,285,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/07/11 13:11:16 | 000,071,064 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/07/11 13:10:02 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/07/11 13:10:01 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/07/11 13:09:26 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/07/11 13:09:26 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/07/11 11:25:37 | 000,000,000 | ---D | C] -- C:\Users\April\AppData\Local\{0FCF35CF-B09B-44C7-B5F0-5B26ED0320C2}
[2012/07/11 11:25:22 | 000,000,000 | ---D | C] -- C:\Users\April\AppData\Local\{A8107BD0-95B8-48FE-A7CE-EBEEDA30F024}
[2012/07/11 10:51:07 | 000,000,000 | ---D | C] -- C:\Users\April\AppData\Local\{1CA03D1B-8541-4799-969B-137A1DCBFEA6}
[2012/07/11 10:50:57 | 000,000,000 | ---D | C] -- C:\Users\April\AppData\Local\{7361FABF-AD25-4F84-9076-AB2099CD725F}
[2012/07/11 10:50:24 | 000,000,000 | ---D | C] -- C:\Users\April\AppData\Local\{40BE345E-5512-4EE2-B7E3-F969B9607DB2}
[2012/07/11 10:50:12 | 000,000,000 | ---D | C] -- C:\Users\April\AppData\Local\{32D2FC9B-B5D6-4A43-9726-16C454FFEB3E}
[2012/07/11 10:27:14 | 000,000,000 | ---D | C] -- C:\Users\April\AppData\Local\{A67C42B1-A08D-42FC-B836-02575101AD07}
[2012/07/11 10:26:54 | 000,000,000 | ---D | C] -- C:\Users\April\AppData\Local\{6ADA0642-86F6-4676-B567-AD5AB4DA6138}
[2012/07/11 10:16:39 | 000,000,000 | ---D | C] -- C:\Users\April\AppData\Local\{8C1550C9-3E4A-49ED-8C58-D1E8249A778F}
[2012/07/10 12:02:27 | 000,000,000 | ---D | C] -- C:\Users\April\AppData\Local\{476892E1-9ABC-4956-82F5-35117B6B00E7}
[2009/07/23 16:35:24 | 008,653,312 | ---- | C] (Dell, Inc. ) -- C:\Users\April\AppData\Roaming\DataSafeDotNet.exe

========== Files - Modified Within 30 Days ==========

[2012/07/31 12:49:03 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/31 12:49:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/31 12:42:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/29 20:37:21 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/29 20:37:21 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/29 18:37:19 | 4224,561,152 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/25 11:38:11 | 000,001,356 | ---- | M] () -- C:\Users\April\AppData\Local\d3d9caps.dat
[2012/07/25 11:30:40 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/07/25 11:19:46 | 000,768,726 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/25 11:19:46 | 000,648,140 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/25 11:19:46 | 000,122,366 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/07/25 11:16:49 | 004,585,817 | R--- | M] (Swearware) -- C:\Users\April\Desktop\ComboFix.exe
[2012/07/24 10:38:02 | 004,147,200 | ---- | M] () -- C:\Users\April\Desktop\MyDownnloadList1.ISO
[2012/07/22 22:14:31 | 000,001,460 | ---- | M] () -- C:\Users\April\AppData\Local\d3d9caps64.dat
[2012/07/15 11:56:24 | 000,000,035 | ---- | M] () -- C:\Users\April\AppData\Roaming\mbam.context.scan
[2012/07/13 13:56:28 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/07/13 13:48:03 | 000,002,052 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/07/12 08:53:33 | 000,282,240 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/07/11 13:11:34 | 000,001,787 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/07/03 11:21:52 | 000,958,400 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/07/03 11:21:52 | 000,355,856 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/07/03 11:21:52 | 000,071,064 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/07/03 11:21:52 | 000,059,728 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/07/03 11:21:52 | 000,044,272 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2012/07/03 11:21:51 | 000,025,232 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/07/03 11:21:32 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/07/03 11:21:28 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/07/03 11:21:18 | 000,285,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe

========== Files Created - No Company Name ==========

[2012/07/29 18:13:13 | 4224,561,152 | -HS- | C] () -- C:\hiberfil.sys
[2012/07/25 11:20:27 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/07/25 11:20:27 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/07/25 11:20:27 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/07/25 11:20:27 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/07/25 11:20:27 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/07/24 10:38:01 | 004,147,200 | ---- | C] () -- C:\Users\April\Desktop\MyDownnloadList1.ISO
[2012/07/16 21:57:00 | 000,000,903 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012/07/16 21:56:59 | 000,002,073 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 3 World Adventures.lnk
[2012/07/16 21:56:59 | 000,002,047 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 3 Generations.lnk
[2012/07/16 21:56:59 | 000,002,037 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 3 Late Night.lnk
[2012/07/16 21:56:59 | 000,002,029 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 3 Ambitions.lnk
[2012/07/16 21:56:59 | 000,001,983 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 3 Pets.lnk
[2012/07/16 21:56:59 | 000,001,913 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 3.lnk
[2012/07/16 21:56:59 | 000,001,780 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/07/16 21:56:59 | 000,001,758 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/07/16 21:56:59 | 000,000,850 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2012/07/15 11:56:24 | 000,000,035 | ---- | C] () -- C:\Users\April\AppData\Roaming\mbam.context.scan
[2012/07/13 13:48:03 | 000,002,052 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/07/11 13:11:34 | 000,001,787 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/07/11 13:11:16 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2011/06/21 14:24:31 | 000,005,120 | ---- | C] () -- C:\Users\April\AppData\Local\Databases.db
[2011/05/03 15:07:39 | 000,022,060 | ---- | C] () -- C:\Users\April\AppData\Roaming\UserTile.png
[2011/04/06 13:30:52 | 000,764,132 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/02/07 21:56:34 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/08/25 20:34:30 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2010/08/25 20:34:30 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2010/08/25 20:34:30 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2010/08/25 19:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/08/25 19:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010/06/24 16:51:37 | 000,000,632 | R-S- | C] () -- C:\Users\April\ntuser.pol
[2010/03/05 19:47:40 | 000,009,102 | --S- | C] () -- C:\Users\April\AppData\Local\nO4L
[2010/01/16 12:13:21 | 000,000,212 | ---- | C] () -- C:\Users\April\AppData\Roaming\wklnhst.dat
[2010/01/13 21:51:41 | 000,001,356 | ---- | C] () -- C:\Users\April\AppData\Local\d3d9caps.dat
[2009/06/12 19:27:23 | 000,001,460 | ---- | C] () -- C:\Users\April\AppData\Local\d3d9caps64.dat
[2009/06/08 21:42:11 | 000,005,120 | ---- | C] () -- C:\Users\April\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== LOP Check ==========

[2012/05/09 21:08:03 | 000,000,000 | ---D | M] -- C:\Users\April\AppData\Roaming\.minecraft
[2012/01/09 19:50:49 | 000,000,000 | ---D | M] -- C:\Users\April\AppData\Roaming\FrostWire
[2011/03/14 22:59:45 | 000,000,000 | ---D | M] -- C:\Users\April\AppData\Roaming\iolo
[2011/11/25 11:51:02 | 000,000,000 | ---D | M] -- C:\Users\April\AppData\Roaming\LimeWire
[2012/07/11 10:55:48 | 000,000,000 | ---D | M] -- C:\Users\April\AppData\Roaming\PCDr
[2011/05/03 15:07:38 | 000,000,000 | ---D | M] -- C:\Users\April\AppData\Roaming\PeerNetworking
[2011/07/09 09:46:38 | 000,000,000 | ---D | M] -- C:\Users\April\AppData\Roaming\SecondLife
[2012/07/22 22:41:18 | 000,000,000 | ---D | M] -- C:\Users\April\AppData\Roaming\Temp
[2010/01/16 12:13:25 | 000,000,000 | ---D | M] -- C:\Users\April\AppData\Roaming\Template
[2009/08/16 09:51:20 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\iolo
[2012/06/16 01:10:45 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\PCDr
[2012/01/21 22:00:21 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\SecondLife
[2012/07/19 10:38:11 | 000,032,550 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:5D432CE3
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8

< End of report >
  • 0

#25
Nedklaw

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hi. :)
How is your system running? Are you experiencing any problems?


Step 1

If you have the paid version of Malwarebytes 1.6 or later installed, please disable it for the duration of this run.

To disable MBAM

Open the scanner and select the Protection tab.
Remove the tick from Start protection module with Windows.
Reboot and then run OTL.

Posted Image


Run OTL.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    :Commands 
    [CREATERESTOREPOINT] 
    
    :OTL 
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-266757346-149079058-799995861-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top.
  • Let the program run unhindered, reboot the PC when it is done.
  • Post the log that appears upon reboot in your next reply.
  • If no log appears upon reboot, the OTL Fix log should be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date and the time of the tool run.

Step 2

  • Quit all programs.
  • Start RogueKiller.exe.
  • Note: If RogueKiller has been blocked, do not hesitate to try several times. If it really won't run, rename it to winlogon.exe (or winlogon.com) and try again.
  • Wait until the Prescan has finished.
  • Click on Scan.

    Posted Image
  • Wait for the end of the scan.
  • The report has been created on the desktop.

Step 3

Posted Image
  • Run Malwarebytes' Anti-Malware.
  • Update Malwarebytes' Anti-Malware.
  • Once the program has updated, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to restart. (See Extra Note).
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


Step 4

Please run a free online scan with the ESET Online Scanner.
Note: You will need to use Internet Explorer or Mozilla Firefox for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start.
  • When asked, allow the ActiveX control to install.
  • Click Start.
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked.
  • Click Scan. (This scan can take several hours, so please be patient).
  • Once the scan is completed, you may close the window.
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Things I want to see in your next reply

  • Answers to my questions
  • OTL Fix Log
  • RKreport.txt
  • MBAM Log
  • log.txt

  • 0

Advertisements


#26
The Wardog

The Wardog

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
System seems to be running well. Here are the logs
OTL LOG

All processes killed
========== COMMANDS ==========
System Restore Service not available.
========== OTL ==========
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-21-266757346-149079058-799995861-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
c:\users\april\downloads\cmd.bat deleted successfully.
c:\users\april\downloads\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: April
->Temp folder emptied: 41203 bytes
->Temporary Internet Files folder emptied: 1556991 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 134572951 bytes
->Flash cache emptied: 977 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Mark
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1549454 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 131.00 mb


OTL by OldTimer - Version 3.2.54.0 log created on 08032012_085640

Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\fb_2328.lck not found!

PendingFileRenameOperations files...
File C:\Windows\temp\fb_2328.lck not found!

Registry entries deleted on Reboot...

RKreport

RogueKiller V7.6.4 [07/17/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Started in : Normal mode
User: April [Admin rights]
Mode: Scan -- Date: 08/03/2012 09:07:24

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS543232L9A300 ATA Device +++++
--- User ---
[MBR] d2f041275e4d8a15eff7d1378ced7c3b
[BSP] 1443d842b4cab0996f235e857ef3b6bd : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 78 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 161792 | Size: 15360 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 31619072 | Size: 289805 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt



MBAM log

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.03.05

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
April :: APRIL-PC [administrator]

8/3/2012 9:09:25 AM
mbam-log-2012-08-03 (09-09-25).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 215849
Time elapsed: 3 minute(s), 37 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
Log Txt

[email protected] as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=fc22383743b06941b599bc0a445c3003
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-08-03 03:42:42
# local_time=2012-08-03 10:42:42 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=5892 16776573 100 56 0 180602674 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=176883
# found=0
# cleaned=0
# scan_time=4594


System is running smoothly, Haven't been using system much to limit any further damage or contamination with network.

Thank you, Again.
  • 0

#27
Nedklaw

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hello! :wave:
Congratulations your logs look clean! :thumbsup: :yeah: :woot:
Please follow the steps below to make your computer more secure.


First, re-enable any anti-virus/anti-malware programs we have disabled during the removal process!


Combofix Uninstall

Click START.
Now type Combofix /Uninstall into the Search box and click OK. Note the space between the X and the U, it needs to be there.

Posted Image


Cleanup

Run OTL.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    :Commands
    [emptytemp]
    [CLEARALLRESTOREPOINTS] 
    [Reboot]
  • Then click the Run Fix button at the top.
  • Let the program run unhindered, reboot the PC when it is done.

  • Open OTL to run it. (Vista/7 users, right click on OTL and "Run as administrator").
  • Close all other programs apart from OTL as this step will require a reboot.
  • On the OTL main screen, press the CLEANUP button.
  • Say Yes to the prompt and then allow the program to reboot your computer.
Note: If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.


Updates

Windows Update - This site is a Microsoft site that will scan your computer for any patches or updates that are missing from your computer. You should check this website regularly to keep windows up to date. This will ensure your computer has all of the latest security updates installed on your computer and is secure from any known security holes. Windows Updates are constantly being revised to combat the newest hacks and threats.
It is best if you have these set to download automatically.

How to turn on Automatic Updates:

  • Open Windows Update.
  • In the left pane, click Change settings.
  • Under Important updates, select Install updates automatically.

Posted Image
Adobe Reader - Make sure you have the latest version of Adobe Reader. It's important to keep Adobe Reader updated because many security problems are fixed with updates.

How to check for Adobe Reader updates:

  • Open Adobe Reader.
  • On the menu bar click on Help then Check For Updates.
  • The program will then tell you if updates are available.

Make sure you have the latest Adobe Flash Player (11.3.300.265) and Adobe Shockwave Player (11.6.5.635) so you can view all of the latest content on websites.


Make Internet Explorer more secure

  • Click Start.
  • Type Inetcpl.cpl into the Search box & click OK.
  • Click on the Security tab.
  • Click Reset all zones to default level.
  • Make sure the Internet Zone is selected & Click Custom level.
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

Recommended Programs

Make sure you update your security programs regularly so they know about new infections so they can protect your computer against them.
Here are a list of programs/tools that I like to recommend to users to reduce the risk of infection in the future:



Anti-Spyware Programs

MBAM - MalwareBytes Anti Malware is an excellent tool program to detect and get rid of malware. This program should be updated and run often.

SpywareBlaster - Prevents spyware from installing on your system and stops you from getting infected. It protects against bad ActiveX and immunizes your PC against them.

SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place. It offers realtime protection from spyware installation attempts.
Note: Make sure you are only running one real-time anti-spyware protection program (eg: TeaTimer, Windows Defender) or there will be a conflict.


Alternate Browsers

Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up blocker (as an added benefit!) that I have ever seen. Hijackers like to attack Internet Explorer more than FireFox. If you are interested, Firefox may be downloaded from here.

Add-ons

NoScript - Blocks ads and other potential website attacks.

AdBlockPlus - Adblock Plus gets rid of ads and banners on the internet.

DrWeb Anti-Virus Link Checker - Allows you to check any file you are about to download, any page you are about to visit with online version of Dr.Web anti-virus.

Other browsers include:

Google Chrome
Safari
Opera


Other Programs

WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
Green to go.
Yellow for caution.
Red to stop.
WOT has an addon available for both Firefox and IE.


ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.


IE-SpyAd - Puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all. It prevents Cookies etc from downloading, from these websites, onto your computer.


MVPS Hosts File replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.


FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.


Google Toolbar - Get the free google toolbar to help stop pop ups.


Finally...

Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

To learn more about how to protect yourself while on the internet read this article by Tony Klein: So how did I get infected in the first place?

Please respond one last time so we can consider the thread resolved and close it, thank-you.
Good luck and stay safe!!! :thumbsup:
  • 0

#28
The Wardog

The Wardog

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Thanks Again, Nedklaw. It appears to be running fine, just finished a complete backup. Scans don't show any faults and loads quickly. Last couple days all seems well.
  • 0

#29
Nedklaw

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP