Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Malicious URL Blocked pop up on Avast [Solved]

Started by mwright1000 , Aug 05 2012 10:58 AM

  • This topic is locked This topic is locked

#1
mwright1000
Posted 05 August 2012 - 10:58 AM

mwright1000

    Member

  • Member
  • PipPip
  • 82 posts
How can I fix this? Also have all kinds of viruses that keep coming up, not sure if they are related. Any help will be greatly appreciated. Also bear with me when requesting info. Try to be clear as possible with instructions. Thank you
also tried to register on Avast forum but it is not posting the verification info. Any idea how to get that fixed? Thanks again!!


OTL logfile created on: 8/5/2012 1:04:05 PM - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Documents and Settings\Marty\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.16 Gb Available Physical Memory | 66.56% Memory free
5.09 Gb Paging File | 4.10 Gb Available in Paging File | 80.68% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 200.01 Gb Total Space | 53.87 Gb Free Space | 26.93% Space Free | Partition Type: NTFS

Computer Name: MARTYSLAPTOP | User Name: Marty | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/05 13:03:25 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Marty\My Documents\Downloads\OTL (1).exe
PRC - [2012/08/02 20:04:46 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
PRC - [2012/07/31 01:36:16 | 001,229,848 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/07/03 12:21:30 | 004,273,976 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/07/03 12:21:29 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/07/03 12:21:27 | 000,133,912 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\afwServ.exe
PRC - [2012/03/22 08:38:06 | 000,606,608 | ---- | M] (WinZip Computing, S.L. (WinZip Computing)) -- C:\Program Files\WinZip System Utilities Suite\WINZIPSSDefragSrv.exe
PRC - [2011/09/23 19:37:42 | 000,641,832 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe
PRC - [2011/02/03 02:46:26 | 000,284,016 | ---- | M] (Driver-Soft Inc.) -- C:\Program Files\Driver-Soft\DriverPerformer\TaskTray.exe
PRC - [2010/05/19 12:02:28 | 001,843,200 | ---- | M] () -- C:\Program Files\HeavyWeatherWV5\Backend.exe
PRC - [2009/06/18 16:19:30 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/09 03:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2006/05/01 10:34:00 | 000,262,217 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe


========== Modules (No Company Name) ==========

MOD - [2012/08/05 02:20:50 | 001,791,488 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12080500\algo.dll
MOD - [2012/07/31 01:36:14 | 000,442,392 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\21.0.1180.60\ppgooglenaclpluginchrome.dll
MOD - [2012/07/31 01:36:13 | 012,235,288 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\21.0.1180.60\PepperFlash\pepflashplayer.dll
MOD - [2012/07/31 01:36:12 | 003,997,720 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\21.0.1180.60\pdf.dll
MOD - [2012/07/31 01:34:45 | 000,144,424 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\21.0.1180.60\avutil-51.dll
MOD - [2012/07/31 01:34:43 | 000,266,792 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\21.0.1180.60\avformat-54.dll
MOD - [2012/07/31 01:34:42 | 002,480,680 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\21.0.1180.60\avcodec-54.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/11/05 09:39:40 | 000,087,552 | ---- | M] () -- C:\WINDOWS\system32\cpwmon2k.dll
MOD - [2008/04/14 06:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 06:41:52 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/10/09 20:17:36 | 000,753,664 | ---- | M] () -- C:\WINDOWS\system32\bcm1xsup.dll
MOD - [2006/05/01 10:38:06 | 000,876,544 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\Libeay32.dll
MOD - [2006/05/01 10:38:06 | 000,208,965 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2006/05/01 10:38:06 | 000,053,322 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\IntStngs.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2012/08/02 20:04:46 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/07/03 12:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/07/03 12:21:27 | 000,133,912 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV - [2012/03/22 08:38:06 | 000,606,608 | ---- | M] (WinZip Computing, S.L. (WinZip Computing)) [Auto | Running] -- C:\Program Files\WinZip System Utilities Suite\WINZIPSSDefragSrv.exe -- (WINZIPSSDiskOptimizer)
SRV - [2011/09/23 19:37:42 | 000,641,832 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010/11/12 15:24:12 | 000,241,648 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files\CyberLink\PowerDVD10\NavFilter\kmsvc.exe -- (CLKMSVC10_B91CB6D3)
SRV - [2010/05/19 12:02:28 | 001,843,200 | ---- | M] () [Auto | Running] -- C:\Program Files\HeavyWeatherWV5\Backend.exe -- (WV5Communication)
SRV - [2010/04/16 10:03:12 | 000,386,424 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\supportsoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2009/06/18 16:19:30 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2008/04/14 06:42:04 | 000,105,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\p2pgasvc.dll -- (p2pgasvc)
SRV - [2008/04/14 06:41:56 | 000,035,328 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\iprip.dll -- (Iprip)
SRV - [2007/08/09 03:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2006/05/01 10:34:00 | 000,262,217 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (SDDMI2)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NgWfp)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NgVpn)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NgLog)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NgFilter)
DRV - File not found [Kernel | Auto | Stopped] -- -- (MCSTRM)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/07/03 12:21:54 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/07/03 12:21:53 | 000,721,000 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/07/03 12:21:53 | 000,353,688 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/07/03 12:21:53 | 000,202,928 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswNdis2.sys -- (aswNdis2)
DRV - [2012/07/03 12:21:53 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/07/03 12:21:53 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2012/07/03 12:21:53 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/07/03 12:21:53 | 000,018,544 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswKbd.sys -- (aswKbd)
DRV - [2012/07/03 12:21:52 | 000,113,776 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswFW.sys -- (aswFW)
DRV - [2012/07/03 12:21:52 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2012/03/06 18:44:51 | 000,012,112 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\aswNdis.sys -- (aswNdis)
DRV - [2011/12/01 11:40:16 | 000,056,496 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NBVol.sys -- (NBVol)
DRV - [2011/12/01 11:40:16 | 000,012,464 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NBVolUp.sys -- (NBVolUp)
DRV - [2011/11/26 18:07:13 | 000,239,168 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011/02/16 18:52:46 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2010/02/11 08:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2010/01/07 13:08:13 | 000,016,608 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2008/10/20 18:23:22 | 000,154,368 | ---- | M] (CyberLink Corporation.) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\CLBUDFR.sys -- (CLBUDFR)
DRV - [2008/10/20 18:23:22 | 000,010,368 | ---- | M] (Cyberlink Co.,Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\CLBStor.sys -- (CLBStor)
DRV - [2007/12/04 18:10:30 | 000,016,640 | ---- | M] (PalmSource, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - [2007/10/09 20:17:42 | 001,123,328 | ---- | M] (Broadcom Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2007/05/10 11:24:34 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/03/31 14:02:42 | 000,876,384 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2007/03/31 14:02:40 | 000,055,352 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
DRV - [2007/03/23 11:50:42 | 000,067,960 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2007/03/23 11:50:36 | 000,037,280 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem)
DRV - [2007/03/23 11:50:24 | 000,149,123 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2007/03/23 11:50:08 | 000,037,424 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2007/03/23 11:49:54 | 000,539,072 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2006/11/21 05:25:44 | 000,045,568 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/11/15 01:16:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/11/14 20:42:46 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/14 18:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006/07/05 08:46:06 | 000,063,352 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfdrv01a.sys -- (sfdrv01a)
DRV - [2006/06/14 10:56:56 | 000,013,680 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfhlp02.sys -- (sfhlp02)
DRV - [2006/05/01 10:52:02 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2006/04/27 08:13:04 | 001,429,632 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51)
DRV - [2005/07/22 12:02:12 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/07/22 12:01:08 | 000,201,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/07/22 12:01:00 | 000,717,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {2558d83c-097c-4cf1-9163-ce5ecc36ace2} - SOFTWARE\Classes\CLSID\{2558d83c-097c-4cf1-9163-ce5ecc36ace2}\InprocServer32 File not found
IE - HKLM\..\SearchScopes,DefaultScope = {443789B7-F39C-4b5c-9287-DA72D38F4FE6}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://slirsredirect...mrud=26-11-2011
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}: "URL" = http://search.imesh....q={searchTerms}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}: "URL" = http://search.bearsh...q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKCU\..\URLSearchHook: {2558d83c-097c-4cf1-9163-ce5ecc36ace2} - SOFTWARE\Classes\CLSID\{2558d83c-097c-4cf1-9163-ce5ecc36ace2}\InprocServer32 File not found
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\InprocServer32 File not found
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask...s}&locale=en_US
IE - HKCU\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://slirsredirect...mrud=26-11-2011
IE - HKCU\..\SearchScopes\{6785D267-BFCC-4651-893F-7E12CDCECA5F}: "URL" = http://search.yahoo....1145,6901,0,8,0
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...sa&d=2012-05-26 22:25:40&v=11.1.0.7&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}: "URL" = http://search.imesh....q={searchTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}: "URL" = http://search.bearsh...q={searchTerms}
IE - HKCU\..\SearchScopes\{A531D99C-5A22-449b-83DA-872725C6D0ED}: "URL" = http://search.alot.c...on=1.1.1000.4(B)
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo....&fr=chr-offrhap
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF - HKLM\Software\MozillaPlugins\@palmsource.com/installer,version=1.0: C:\PROGRA~1\Palm\PACKAG~1\NPInstal.dll ()
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.609: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@skyhookwireless.com/LokiPlugin: C:\Program Files\Skyhook Wireless\Loki Browser Plugin\versions\3.4.2.20\nploki.dll (Skyhook Wireless)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/01/01 15:03:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Documents and Settings\Marty\Local Settings\Application Data\RewardsArcade\498\Firefox

[2010/01/08 12:07:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Marty\Application Data\Mozilla\Extensions
[2010/01/08 12:07:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Marty\Application Data\Mozilla\Extensions\[email protected]

========== Chrome ==========

CHR - homepage: http://isearch.avg.c...sa&d=2012-05-26 22:25:40&v=11.1.0.7&sap=hp
CHR - default_search_provider: AVG Secure Search (Enabled)
CHR - default_search_provider: search_url = http://isearch.avg.c...sa&d=2012-05-26 22:25:40&v=11.1.0.7&sap=dsp&q={searchTerms}
CHR - default_search_provider: suggest_url = http://clients5.goog...outputEncoding}
CHR - homepage: http://isearch.avg.c...sa&d=2012-05-26 22:25:40&v=11.1.0.7&sap=hp
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.60\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.60\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.60\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: PalmSource Package Installer (Enabled) = C:\PROGRA~1\Palm\PACKAG~1\NPInstal.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.51204.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprjplug.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpjplug.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Documents and Settings\Marty\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\Marty\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: avast! WebRep = C:\Documents and Settings\Marty\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\Marty\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.3_0\
CHR - Extension: Gmail = C:\Documents and Settings\Marty\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2011/10/26 18:17:24 | 000,430,979 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 192.168.1.105 HP000D9D2A1EEC
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14860 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll File not found
O2 - BHO: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\PROGRA~1\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll File not found
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (ShopAtHome.com Toolbar) - {66516A07-F617-488A-90CF-4E690CFB3C5F} - C:\Program Files\ShopAtHome\tbcore3U.dll File not found
O2 - BHO: (WindowShopper) - {74F475FA-6C75-43BD-AAB9-ECDA6184F600} - C:\Program Files\SuperFish\Superfish.dll (Superfish)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (MapQuest Toolbar Loader) - {bd3fd433-147a-482e-a192-614f26e2310c} - C:\Program Files\MapQuest Toolbar\mapquesttb.dll File not found
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Runtime\YontooIEClient.dll (Yontoo LLC)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll File not found
O3 - HKLM\..\Toolbar: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\PROGRA~1\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll File not found
O3 - HKLM\..\Toolbar: (ShopAtHome.com Toolbar) - {311B58DC-A4DC-4B04-B1B5-60299AD3D803} - C:\Program Files\ShopAtHome\tbcore3U.dll File not found
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (MapQuest Toolbar) - {9302e698-7e00-43ab-b867-c6e759bc2ada} - C:\Program Files\MapQuest Toolbar\mapquesttb.dll File not found
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (ShopAtHome.com Toolbar) - {311B58DC-A4DC-4B04-B1B5-60299AD3D803} - C:\Program Files\ShopAtHome\tbcore3U.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (MapQuest Toolbar) - {9302E698-7E00-43AB-B867-C6E759BC2ADA} - C:\Program Files\MapQuest Toolbar\mapquesttb.dll File not found
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [TaskTray] C:\Program Files\Driver-Soft\DriverPerformer\TaskTray.exe (Driver-Soft Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: WindowShopper - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - C:\Program Files\SuperFish\Superfish.dll (Superfish)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} http://intel-drv-cdn...reqlab_srlx.cab (System Requirements Lab Class)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.5.0.cab (DLM Control)
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell...r/SysProExe.CAB (WMI Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1262838412234 (WUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=100 (Performance Viewer Activex Control)
O16 - DPF: Garmin Communicator Plug-In https://static.garmi...inAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AEC91795-4E81-4FBD-B1E8-3A51E0162CE8}: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DDA73690-36FC-4A78-B01A-64889AC20C95}: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/01/06 21:50:54 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{72035e56-0108-11df-bfe1-0015c54cb5fd}\Shell\AutoRun\command - "" = F:\LinksysConnectPC.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (aswBoot.exe /M:946ac8ee9b)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/02 13:51:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marty\Application Data\Malwarebytes
[2012/08/02 13:51:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/02 13:51:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/08/02 13:51:27 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/08/02 13:51:27 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/08/02 13:50:51 | 010,652,120 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Marty\Desktop\mbam-setup-1.62.0.1300.exe
[2012/07/27 21:25:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2012/07/25 19:39:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2012/07/25 19:39:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2012/07/22 22:14:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2012/07/22 22:14:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2012/07/22 12:33:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Internet Security
[2012/07/22 12:33:23 | 000,021,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012/07/22 12:33:22 | 000,353,688 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012/07/22 12:33:18 | 000,113,776 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFW.sys
[2012/07/22 12:32:48 | 000,202,928 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswNdis2.sys
[2012/07/22 12:32:47 | 000,054,232 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012/07/22 12:32:47 | 000,035,928 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012/07/22 12:32:46 | 000,721,000 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012/07/22 12:32:46 | 000,018,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswKbd.sys
[2012/07/22 12:32:45 | 000,097,608 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012/07/22 12:32:45 | 000,089,624 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012/07/22 12:32:44 | 000,025,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012/07/22 12:32:10 | 000,012,112 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswNdis.sys
[2012/07/22 12:32:09 | 000,227,648 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2012/07/22 12:32:09 | 000,041,224 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/10/21 18:32:30 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Marty\Application Data\pcouffin.sys
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/05 13:27:00 | 000,000,564 | ---- | M] () -- C:\WINDOWS\tasks\PCDoctorBackgroundMonitorTask.job
[2012/08/05 13:25:00 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{E3EF2B52-C932-40AA-8281-83873EAA673C}.job
[2012/08/05 13:21:00 | 000,000,432 | ---- | M] () -- C:\WINDOWS\tasks\SystemToolsDailyTest.job
[2012/08/05 13:04:16 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/08/05 12:48:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/05 12:34:37 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1202660629-343818398-725345543-1003.job
[2012/08/05 12:34:37 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1202660629-343818398-725345543-1003.job
[2012/08/05 12:27:31 | 000,000,316 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012/08/05 12:26:30 | 000,001,749 | ---- | M] () -- C:\Documents and Settings\Marty\Desktop\SafeZone Browser.lnk
[2012/08/05 12:26:10 | 000,202,011 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012/08/05 12:26:09 | 000,060,275 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2012/08/05 12:26:00 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/08/05 12:25:34 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/05 12:25:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/08/05 12:08:31 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/08/04 23:20:18 | 000,060,275 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2012/08/04 10:05:44 | 000,000,408 | ---- | M] () -- C:\WINDOWS\tasks\PCFix.job
[2012/08/03 19:40:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/08/03 06:45:23 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/08/02 20:58:29 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\WINZIPSS-WINZIPSSAutoCheckUpdate7Days.job
[2012/08/02 15:04:48 | 000,506,198 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/08/02 15:04:48 | 000,088,056 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/08/02 13:51:30 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\Marty\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/08/02 13:51:30 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/02 11:11:32 | 010,652,120 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Marty\Desktop\mbam-setup-1.62.0.1300.exe
[2012/08/02 01:08:41 | 000,001,100 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2012/07/22 12:33:24 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Internet Security.lnk
[2012/07/13 21:11:19 | 000,000,448 | ---- | M] () -- C:\WINDOWS\tasks\WINZIPSS-WINZIPSSOneClickCare.job
[2012/07/11 03:16:39 | 000,278,152 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/07/10 21:23:55 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/05 12:11:40 | 000,001,749 | ---- | C] () -- C:\Documents and Settings\Marty\Desktop\SafeZone Browser.lnk
[2012/08/03 16:13:01 | 000,000,408 | ---- | C] () -- C:\WINDOWS\tasks\PCFix.job
[2012/08/02 13:51:30 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\Marty\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/08/02 13:51:30 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/22 12:49:25 | 000,000,316 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012/07/22 12:33:24 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Internet Security.lnk
[2012/02/14 15:58:24 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/12/18 05:56:22 | 000,016,882 | -HS- | C] () -- C:\Documents and Settings\Marty\Local Settings\Application Data\0k70uw8h77s060
[2011/12/18 05:56:22 | 000,016,882 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\0k70uw8h77s060
[2011/12/12 00:01:39 | 000,014,866 | -HS- | C] () -- C:\Documents and Settings\Marty\Local Settings\Application Data\2y30ou3s74e850
[2011/12/12 00:01:39 | 000,014,866 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\2y30ou3s74e850
[2011/12/03 19:42:04 | 000,000,196 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2011/11/16 20:24:50 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2011/11/16 20:24:48 | 000,753,664 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2011/11/16 20:24:48 | 000,024,064 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2011/11/16 19:43:16 | 000,002,217 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\repository.xml
[2011/11/16 19:24:54 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2011/10/28 06:03:12 | 000,550,584 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1202660629-343818398-725345543-1003-0.dat
[2011/10/28 06:03:12 | 000,277,102 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/10/21 18:32:30 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Marty\Application Data\inst.exe
[2011/10/21 18:32:30 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Marty\Application Data\pcouffin.cat
[2011/10/21 18:32:30 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Marty\Application Data\pcouffin.inf
[2011/05/16 14:31:44 | 000,008,592 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2011/04/01 20:54:16 | 000,001,100 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011/03/29 22:33:28 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Marty\Application Data\4555.ini
[2011/02/19 11:10:15 | 000,000,612 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2011/02/19 11:06:31 | 000,068,577 | ---- | C] () -- C:\WINDOWS\hpoins05.dat.temp
[2011/02/19 11:06:31 | 000,019,696 | ---- | C] () -- C:\WINDOWS\hpomdl05.dat.temp
[2011/02/13 14:05:50 | 000,000,294 | ---- | C] () -- C:\Documents and Settings\Marty\WinSCP Key1
[2011/02/12 20:07:13 | 000,294,977 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM21.dll
[2011/02/12 20:07:13 | 000,065,604 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes21.dll
[2011/02/12 19:05:44 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Marty\Application Data\winscp.rnd
[2011/01/29 21:15:46 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Marty\Application Data\$_hpcst$.hpc
[2010/12/31 17:40:43 | 000,001,042 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\currdat.lst
[2010/12/30 13:24:28 | 010,485,760 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\WV5DataStore
[2010/11/20 17:24:20 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Marty\Application Data\A04D32
[2010/11/20 17:24:19 | 000,870,128 | ---- | C] () -- C:\Documents and Settings\Marty\Application Data\mcs.rma
[2010/05/24 23:00:52 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Marty\Local Settings\Application Data\fusioncache.dat
[2010/04/23 08:57:08 | 000,060,744 | ---- | C] () -- C:\Documents and Settings\Marty\g2mdlhlpx.exe
[2010/02/18 20:34:40 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Marty\CUSTOM.DICCUSTOM.DIC
[2010/01/27 19:24:19 | 000,000,200 | ---- | C] () -- C:\Documents and Settings\Marty\Application Data\default.rss
[2010/01/07 22:28:57 | 000,013,824 | ---- | C] () -- C:\Documents and Settings\Marty\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== LOP Check ==========

[2012/07/22 12:31:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/04/02 16:21:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Aventail
[2011/11/11 12:54:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco Systems
[2012/05/26 22:24:36 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/11/26 18:06:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010/01/07 18:06:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DataViz
[2011/01/29 18:29:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driver Whiz
[2010/01/07 18:05:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
[2012/08/02 01:11:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IBUpdaterService
[2011/11/16 19:24:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2010/01/08 17:04:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2011/11/23 17:14:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2011/11/26 18:12:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MapQuest Toolbar
[2011/01/01 13:48:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\National Instruments
[2011/01/29 18:11:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2011/11/17 20:54:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC-Doctor
[2011/11/18 21:41:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCDr
[2012/05/26 22:38:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCFix
[2011/11/17 19:38:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2011/10/20 20:57:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp
[2012/02/27 18:26:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Western Digital
[2010/04/03 05:15:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/01/07 18:29:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2011/04/02 16:21:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marty\Application Data\Aventail
[2012/08/04 10:11:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marty\Application Data\BitTorrent
[2010/11/06 12:35:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marty\Application Data\com.w3i.musicoasis
[2011/11/26 18:11:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marty\Application Data\DAEMON Tools Lite
[2012/05/17 07:57:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marty\Application Data\Dropbox
[2012/05/26 22:25:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marty\Application Data\FixCleaner
[2010/11/06 11:22:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marty\Application Data\FrostWire
[2010/01/16 23:29:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marty\Application Data\GARMIN
[2010/01/07 18:04:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marty\Application Data\HotSync
[2011/11/25 20:34:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marty\Application Data\ImgBurn
[2011/10/31 21:18:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marty\Application Data\ImTOO
[2011/11/16 19:24:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marty\Application Data\iolo
[2010/01/07 18:08:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marty\Application Data\Leadertech
[2011/11/26 18:07:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marty\Application Data\OpenCandy
[2011/11/18 21:25:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marty\Application Data\PCDr
[2012/08/02 15:25:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marty\Application Data\PCFix
[2011/10/21 18:40:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marty\Application Data\Vso
[2011/11/26 20:04:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marty\Application Data\WinBatch
[2011/02/01 22:26:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marty\Application Data\Windows Desktop Search
[2011/02/01 23:06:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marty\Application Data\Windows Search
[2012/05/03 20:54:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marty\Application Data\WinZip
[2012/08/05 12:27:31 | 000,000,316 | -H-- | M] () -- C:\WINDOWS\Tasks\avast! Emergency Update.job
[2012/08/05 13:27:00 | 000,000,564 | ---- | M] () -- C:\WINDOWS\Tasks\PCDoctorBackgroundMonitorTask.job
[2012/08/04 10:05:44 | 000,000,408 | ---- | M] () -- C:\WINDOWS\Tasks\PCFix.job
[2012/08/05 13:21:00 | 000,000,432 | ---- | M] () -- C:\WINDOWS\Tasks\SystemToolsDailyTest.job
[2012/08/05 13:25:00 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{E3EF2B52-C932-40AA-8281-83873EAA673C}.job
[2012/08/02 20:58:29 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\WINZIPSS-WINZIPSSAutoCheckUpdate7Days.job
[2012/07/13 21:11:19 | 000,000,448 | ---- | M] () -- C:\WINDOWS\Tasks\WINZIPSS-WINZIPSSOneClickCare.job

========== Purity Check ==========



========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS\$NtUninstallKB20547$] -> Error: Cannot create file handle -> Unknown point type

< End of report >

Edited by mwright1000, 05 August 2012 - 11:30 AM.

  • 0

Advertisements

#2
Essexboy
Posted 05 August 2012 - 12:13 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there could you attach a screenshot of the Avast alert popup please

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image

    :OTL
    IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}: "URL" = http://search.imesh....q={searchTerms}
    IE - HKCU\..\URLSearchHook: {2558d83c-097c-4cf1-9163-ce5ecc36ace2} - SOFTWARE\Classes\CLSID\{2558d83c-097c-4cf1-9163-ce5ecc36ace2}\InprocServer32 File not found
    IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\InprocServer32 File not found
    IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}: "URL" = http://search.imesh....q={searchTerms}
    O2 - BHO: (ShopAtHome.com Toolbar) - {66516A07-F617-488A-90CF-4E690CFB3C5F} - C:\Program Files\ShopAtHome\tbcore3U.dll File not found
    O2 - BHO: (WindowShopper) - {74F475FA-6C75-43BD-AAB9-ECDA6184F600} - C:\Program Files\SuperFish\Superfish.dll (Superfish)
    O3 - HKLM\..\Toolbar: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\PROGRA~1\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll File not found
    O3 - HKLM\..\Toolbar: (ShopAtHome.com Toolbar) - {311B58DC-A4DC-4B04-B1B5-60299AD3D803} - C:\Program Files\ShopAtHome\tbcore3U.dll File not found
    O3 - HKCU\..\Toolbar\WebBrowser: (ShopAtHome.com Toolbar) - {311B58DC-A4DC-4B04-B1B5-60299AD3D803} - C:\Program Files\ShopAtHome\tbcore3U.dll File not found
    [2011/12/18 05:56:22 | 000,016,882 | -HS- | C] () -- C:\Documents and Settings\Marty\Local Settings\Application Data\0k70uw8h77s060
    [2011/12/18 05:56:22 | 000,016,882 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\0k70uw8h77s060
    [2011/12/12 00:01:39 | 000,014,866 | -HS- | C] () -- C:\Documents and Settings\Marty\Local Settings\Application Data\2y30ou3s74e850
    [2011/12/12 00:01:39 | 000,014,866 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\2y30ou3s74e850

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#3
mwright1000
Posted 05 August 2012 - 12:27 PM

mwright1000

    Member

  • Topic Starter
  • Member
  • PipPip
  • 82 posts
Good thing avast! had your back.


Don't forget to protect your passwords
avast! EasyPass stores and encrypts your passwords and basic personal info. Then all it takes is one click to log in and complete entire forms.
Learn more about avast! EasyPass
avast! Rescue Disc
Helps you recover crashed PCs and provides back-up copies of your avast! files.
Get avast! Rescue Disc for $9.99 Infection Details
URL: http://85.195.92.10/x/
Process: C:\WINDOWS\System32\svchost.exe
Infection: URL:Mal
Latest virus update information
Version:12080500
Date:2012-08-05

Edited by mwright1000, 05 August 2012 - 12:27 PM.

  • 0

#4
Essexboy
Posted 05 August 2012 - 12:33 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Thank you that told me exactly where to go

Once you have run the OTL fix then please do the following

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application
    Posted Image
  • Then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
  • Click the Start Scan button.

  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
  • Get the report by selecting Reports

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

Please copy and paste its contents on your next reply.

THEN

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#5
mwright1000
Posted 05 August 2012 - 02:05 PM

mwright1000

    Member

  • Topic Starter
  • Member
  • PipPip
  • 82 posts
How long should the fix scan take? Laptop is acting like it is locked up. Has been half hour. Also do I copy and paste everything in the quote window. Want to make sure doin it right. Thanks again
  • 0

#6
Essexboy
Posted 05 August 2012 - 02:15 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
If you have Malwarebytes installed then it has blocked it so stop OTL and continue with the rest please
  • 0

#7
mwright1000
Posted 05 August 2012 - 02:49 PM

mwright1000

    Member

  • Topic Starter
  • Member
  • PipPip
  • 82 posts
I do have malware bytes. So skip that part and go on with the rest? Can I turnoff malware?
  • 0

#8
Essexboy
Posted 05 August 2012 - 03:10 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Yes you can or you can proceed to the next step
  • 0

#9
mwright1000
Posted 05 August 2012 - 03:56 PM

mwright1000

    Member

  • Topic Starter
  • Member
  • PipPip
  • 82 posts
Ok
Not home at the moment. Will do it as soon as I get back. Thanks for all the help!!
  • 0

#10
mwright1000
Posted 05 August 2012 - 05:32 PM

mwright1000

    Member

  • Topic Starter
  • Member
  • PipPip
  • 82 posts
ok i did the TDSS Killer and it gives me the report but wont let me copy it. Do i restart then get report or get the report before i restart?
  • 0

Advertisements

#11
mwright1000
Posted 05 August 2012 - 06:44 PM

mwright1000

    Member

  • Topic Starter
  • Member
  • PipPip
  • 82 posts
ComboFix 12-08-05.02 - Marty 08/05/2012 20:09:21.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2793 [GMT -4:00]
Running from: c:\documents and settings\Marty\Desktop\ComboFix.exe
AV: avast! Internet Security *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Internet Security *Enabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\DFx1E.tmp
c:\documents and settings\All Users\Application Data\currdat.lst.tmp
c:\documents and settings\All Users\Application Data\PCFix
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\PostBuild.exe
c:\documents and settings\All Users\Application Data\TEMP\{40BF1E83-20EB-11D8-97C5-0009C5020658}\PostBuild.exe
c:\documents and settings\All Users\Application Data\TEMP\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe
c:\documents and settings\All Users\Application Data\TEMP\{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41}\PostBuild.exe
c:\documents and settings\All Users\Application Data\TEMP\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\PostBuild.exe
c:\documents and settings\All Users\Application Data\TEMP\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\PostBuild.exe
c:\documents and settings\All Users\Application Data\TEMP\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\PostBuild.exe
c:\documents and settings\All Users\Application Data\TEMP\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}\PostBuild.exe
c:\documents and settings\All Users\Application Data\TEMP\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}\Setup.exe
c:\documents and settings\Marty\Application Data\4555.ini
c:\documents and settings\Marty\Application Data\A04D32
c:\documents and settings\Marty\Application Data\inst.exe
c:\documents and settings\Marty\Application Data\PCFix
c:\documents and settings\Marty\Application Data\PCFix\log.dat
c:\documents and settings\Marty\Application Data\PCFix\unresolvederrors.dat
c:\documents and settings\Marty\g2mdlhlpx.exe
c:\documents and settings\Marty\WINDOWS
c:\program files\GuffinsEI
c:\program files\GuffinsEI\Installr\1.bin\NPu4EISb.dll
c:\program files\GuffinsEI\Installr\1.bin\u4EIPlug.dll
c:\program files\PCFix
c:\program files\PCFix\AssistPCFix.exe
c:\program files\PCFix\backup\20120526_2254.dat
c:\program files\PCFix\backup\20120529_1142.dat
c:\program files\PCFix\EmailDeactivate.exe
c:\program files\PCFix\EmailRegistration.exe
c:\program files\PCFix\Loading.gif
c:\program files\PCFix\PCFix.exe
c:\program files\PCFix\rebooter.exe
c:\program files\PCFix\unins000.dat
c:\program files\PCFix\unins000.exe
c:\windows\$NtUninstallKB20547$
c:\windows\$NtUninstallKB20547$\1020313233
c:\windows\ava1F8.tmp
c:\windows\EventSystem.log
c:\windows\system32\asw1F7.tmp
c:\windows\system32\dllcache\dlimport.exe
c:\windows\system32\roboot.exe
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-06 to 2012-08-06 )))))))))))))))))))))))))))))))
.
.
2012-08-05 23:27 . 2012-08-05 23:27 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-05 18:28 . 2012-08-05 18:28 -------- d-----w- C:\_OTL
2012-08-02 17:51 . 2012-08-02 17:51 -------- d-----w- c:\documents and settings\Marty\Application Data\Malwarebytes
2012-08-02 17:51 . 2012-08-02 17:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-08-02 17:51 . 2012-08-02 17:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-08-02 17:51 . 2012-07-03 17:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-22 16:33 . 2012-07-03 16:21 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-07-22 16:33 . 2012-07-03 16:21 353688 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-07-22 16:33 . 2012-07-03 16:21 113776 ----a-w- c:\windows\system32\drivers\aswFW.sys
2012-07-22 16:32 . 2012-07-03 16:21 202928 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2012-07-22 16:32 . 2012-07-03 16:21 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-07-22 16:32 . 2012-07-03 16:21 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-07-22 16:32 . 2012-07-03 16:21 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-07-22 16:32 . 2012-07-03 16:21 18544 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2012-07-22 16:32 . 2012-07-03 16:21 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-07-22 16:32 . 2012-07-03 16:21 89624 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-07-22 16:32 . 2012-07-03 16:21 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-07-22 16:32 . 2012-03-06 22:44 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys
2012-07-22 16:32 . 2012-07-03 16:21 41224 ----a-w- c:\windows\avastSS.scr
2012-07-22 16:32 . 2012-07-03 16:21 227648 ----a-w- c:\windows\system32\aswBoot.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-03 00:04 . 2012-04-11 09:07 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-03 00:04 . 2011-10-26 21:26 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-13 13:19 . 2004-08-04 12:00 1866112 ------w- c:\windows\system32\win32k.sys
2012-06-05 15:50 . 2010-01-07 02:20 1372672 ------w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2004-08-04 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2004-08-04 12:00 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 19:19 . 2010-01-07 04:28 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 19:19 . 2010-01-07 04:28 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 19:19 . 2010-01-07 01:48 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 19:19 . 2010-01-07 01:48 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 19:19 . 2010-01-07 01:48 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 19:19 . 2010-01-07 04:28 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 19:19 . 2010-01-07 04:28 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 19:19 . 2010-01-07 01:48 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 19:19 . 2010-01-07 01:48 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 19:19 . 2004-08-04 12:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 19:19 . 2010-01-07 04:28 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 19:19 . 2010-01-07 01:48 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 19:19 . 2010-01-07 01:48 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 19:18 . 2010-01-14 03:37 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 19:18 . 2010-01-14 03:37 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 19:18 . 2010-01-14 03:37 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22 . 2004-08-04 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-27 02:11 . 2012-05-27 02:11 3584 -c--a-r- c:\documents and settings\Marty\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2012-05-16 15:08 . 2004-08-04 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-11 14:42 . 2004-08-04 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2004-08-04 12:00 385024 ------w- c:\windows\system32\html.iec
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TaskTray"="c:\program files\Driver-Soft\DriverPerformer\TaskTray.exe" [2011-02-03 284016]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-30 13594624]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /M:946ac8ee9b
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WD Quick View.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WD Quick View.lnk
backup=c:\windows\pss\WD Quick View.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Marty^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\Marty\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress]
NA [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-10-06 05:52 59240 -c--a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-02-21 01:28 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
2010-11-12 07:24 75048 -c----w- c:\program files\CyberLink\Shared files\brs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
2009-11-02 18:21 103720 -c--a-w- c:\program files\CyberLink\Power2Go\CLMLSvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 10:42 15360 ------w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 23:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2006-11-13 18:39 1289000 ----a-w- c:\program files\Microsoft ActiveSync\wcescomm.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-12-08 06:36 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBAgent]
2011-09-20 19:53 1493288 ----a-w- c:\program files\Nero\Nero 11\Nero BackItUp\NBAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2009-01-30 14:12 1657376 -c----w- c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-19 00:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl10]
2010-02-03 04:08 87336 -c----w- c:\program files\CyberLink\PowerDVD10\PDVD10Serv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 20:07 2260480 -c----w- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2011-01-01 19:03 274608 -c--a-w- c:\program files\real\realplayer\Update\realsched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office Communicator\\communicator.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Documents and Settings\\Marty\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"c:\\Program Files\\Palm\\Hotsync.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\BitTorrent\\BitTorrent.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD10\\PowerDVD10.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [7/22/2012 12:32 PM 12112]
R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [7/22/2012 12:32 PM 202928]
R0 CLBStor;CyberLink InstantBurn UDF Reader Help Driver;c:\windows\system32\drivers\CLBStor.sys [10/20/2011 8:41 PM 10368]
R0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\drivers\NBVol.sys [10/25/2011 9:36 PM 56496]
R0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\drivers\NBVolUp.sys [10/25/2011 9:36 PM 12464]
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [7/5/2006 8:46 AM 63352]
R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [7/22/2012 12:33 PM 113776]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [7/22/2012 12:32 PM 18544]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [7/22/2012 12:32 PM 721000]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [7/22/2012 12:33 PM 353688]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [11/26/2011 6:07 PM 239168]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [7/22/2012 12:33 PM 21256]
R2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [7/22/2012 12:32 PM 133912]
R2 CLBUDFR;CyberLink UDF Filesystem;c:\windows\system32\drivers\CLBUDFR.sys [10/20/2011 8:41 PM 154368]
R2 Iprip;RIP Listener;c:\windows\System32\svchost.exe -k netsvcs [8/4/2004 8:00 AM 14336]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [8/2/2012 1:51 PM 655944]
R2 NAUpdate;@c:\program files\Nero\Update\NASvc.exe,-200;c:\program files\Nero\Update\NASvc.exe [9/23/2011 7:37 PM 641832]
R2 WINZIPSSDiskOptimizer;WINZIPSSDiskOptimizer;c:\program files\WinZip System Utilities Suite\WINZIPSSDefragSrv.exe [5/3/2012 8:53 PM 606608]
R2 WV5Communication;WV5Communication;c:\program files\HeavyWeatherWV5\Backend.exe [1/2/2011 5:25 PM 1843200]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [8/2/2012 1:51 PM 22344]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [10/21/2011 6:32 PM 47360]
S2 CLKMSVC10_B91CB6D3;CyberLink Product - 2011/10/20 20:53;c:\program files\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [11/12/2010 3:24 PM 241648]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/31/2010 2:15 PM 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/11/2012 5:07 AM 250056]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [10/31/2010 2:15 PM 136176]
S3 NgFilter;Aventail VPN Filter; [x]
S3 NgLog;Aventail VPN Logging; [x]
S3 NgVpn;Aventail VPN Adapter; [x]
S3 NgWfp;Aventail VPN Callout; [x]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [12/25/2011 6:59 PM 11520]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - CLKMDRV10_B91CB6D3
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-03-04 16:29 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 00:04]
.
2012-08-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2012-08-06 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-07-22 16:21]
.
2012-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-31 18:15]
.
2012-08-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-31 18:15]
.
2012-08-05 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-12-14 04:09]
.
2012-08-04 c:\windows\Tasks\PCFix.job
- c:\documents and settings\Marty\My Documents\Downloads\PC Fix Cleaner 2011 v3.0.6 [h33t.com] Full\Crack-LAXiTY\PCFix.exe [2012-05-27 02:32 . 2012-05-27 02:33]
.
2012-08-06 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1202660629-343818398-725345543-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33]
.
2012-08-05 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1202660629-343818398-725345543-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33]
.
2012-08-06 c:\windows\Tasks\User_Feed_Synchronization-{E3EF2B52-C932-40AA-8281-83873EAA673C}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
.
2012-08-03 c:\windows\Tasks\WINZIPSS-WINZIPSSAutoCheckUpdate7Days.job
- c:\program files\WinZip System Utilities Suite\WINZIPSSCheckUpdate.exe [2012-05-04 12:38]
.
2012-07-14 c:\windows\Tasks\WINZIPSS-WINZIPSSOneClickCare.job
- c:\program files\WinZip System Utilities Suite\WINZIPSS.exe [2012-05-04 12:38]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: {{A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - c:\program files\SuperFish\Superfish.dll
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{2558d83c-097c-4cf1-9163-ce5ecc36ace2} - c:\program files\MapQuest Toolbar\mapquesttb.dll
BHO-{0974BA1E-64EC-11DE-B2A5-E43756D89593} - c:\progra~1\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll
BHO-{66516A07-F617-488A-90CF-4E690CFB3C5F} - c:\program files\ShopAtHome\tbcore3U.dll
BHO-{bd3fd433-147a-482e-a192-614f26e2310c} - c:\program files\MapQuest Toolbar\mapquesttb.dll
Toolbar-{0974BA1E-64EC-11DE-B2A5-E43756D89593} - c:\progra~1\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll
Toolbar-{311B58DC-A4DC-4B04-B1B5-60299AD3D803} - c:\program files\ShopAtHome\tbcore3U.dll
Toolbar-{9302e698-7e00-43ab-b867-c6e759bc2ada} - c:\program files\MapQuest Toolbar\mapquesttb.dll
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{311B58DC-A4DC-4B04-B1B5-60299AD3D803} - c:\program files\ShopAtHome\tbcore3U.dll
WebBrowser-{9302E698-7E00-43AB-B867-C6E759BC2ADA} - c:\program files\MapQuest Toolbar\mapquesttb.dll
MSConfigStartUp-SelectRebates - c:\program files\SelectRebates\SelectRebates.exe
AddRemove-PC Fix Cleaner_is1 - c:\program files\PCFix\unins000.exe
AddRemove-Updater Service - c:\documents and settings\All Users\Application Data\IBUpdaterService\ibsvc.exe
AddRemove-RewardsArcade - c:\program files\RewardsArcade\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-05 20:34
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(712)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\hnetcfg.dll
c:\program files\WinSCP\DragExt.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKeeper.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\windows\system32\tcpsvcs.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\SearchIndexer.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2012-08-05 20:40:36 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-06 00:40
.
Pre-Run: 57,763,438,592 bytes free
Post-Run: 59,885,604,864 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 56587321D98D0AED43236B6888DDFF82
  • 0

#12
Essexboy
Posted 06 August 2012 - 07:16 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
The TDSSKiller log should be at E.g. C:\TDSSKiller.2.4.7_23.07.2010_15.31.43_log.txt
Where the date and time is when you ran it

Have the alerts ceased ?

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
  • 0

#13
mwright1000
Posted 06 August 2012 - 07:34 AM

mwright1000

    Member

  • Topic Starter
  • Member
  • PipPip
  • 82 posts
As far as I can tell they have stopped. Will have a better idea after work when I get home. Let it know then. Thanks!!
  • 0

#14
mwright1000
Posted 06 August 2012 - 02:42 PM

mwright1000

    Member

  • Topic Starter
  • Member
  • PipPip
  • 82 posts
Everything seems to be running good. Nomore popups and a lot faster.
  • 0

#15
Essexboy
Posted 06 August 2012 - 03:00 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK could you check windows updates please

Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [emptyjava]
    [CLEARALLRESTOREPOINTS]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Remove ComboFix
  • Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
  • In the Run box, type in ComboFix /Uninstall
    (Notice the space between the "x" and "/")
    then click OK

    Posted Image
  • Follow the prompts on the screen
  • A message should appear confirming that ComboFix was uninstalled

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

Posted Image Your Java is out of date.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click Do I have Java
  • It will check your current version and then offer to update to the latest version


Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Posted Image Malwarebytes.

Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?Keep safe :wave:
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP