Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Ransomware for illegal internet activity [Solved]

Started by DVCnerfherder , Sep 03 2012 05:54 PM

This topic is locked

#1
DVCnerfherder

Posted 03 September 2012 - 05:54 PM

Member

Member
58 posts

I returned home today after a four day absence to my wife telling me that she had started receiving pop-up windows on her computer account that she had been caught by the UK police downloading pornography and sending emails of a terrorist nature. The popups provided several options by which she could pay her fine. Makes me wonder what else happens when I'm away. :-) When I logged into her account both Malwarebytes and Avast tried to quarantine something but I was unable to get the names of the files. When I log in to my account on the same computer I get none of this activity so it appears to be isolated to her. I have the only administrator account on the system so whether or not this may have mitigated the damage I don't know.

I've done a quick OTL scan of the system from her account and attached it here. Thanks in advance for your assistance.

OTL logfile created on: 03/09/2012 6:42:08 PM - Run 1
OTL by OldTimer - Version 3.2.60.0 Folder = C:\Documents and Settings\Diane\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.17 Gb Available Physical Memory | 58.54% Memory free
3.85 Gb Paging File | 2.99 Gb Available in Paging File | 77.76% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 31.25 Gb Total Space | 9.71 Gb Free Space | 31.07% Space Free | Partition Type: NTFS
Drive D: | 266.83 Gb Total Space | 6.97 Gb Free Space | 2.61% Space Free | Partition Type: NTFS
Drive F: | 298.09 Gb Total Space | 17.65 Gb Free Space | 5.92% Space Free | Partition Type: NTFS

Computer Name: BASEMENT-XP | User Name: Diane | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/03 18:40:18 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Diane\Desktop\OTL.exe
PRC - [2012/09/03 15:46:18 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2012/08/29 20:33:38 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/08/27 00:21:12 | 026,924,984 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\Mike\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2012/06/04 09:31:40 | 001,466,760 | ---- | M] (Garmin) -- C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe
PRC - [2012/03/06 19:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/03/06 19:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/12/24 18:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/12/24 18:50:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/03/21 14:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/07/13 01:34:46 | 000,906,648 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
PRC - [2010/03/04 22:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2010/02/11 16:48:50 | 001,266,944 | ---- | M] (Matrox Graphics Inc.) -- c:\Program Files\Matrox Graphics Inc\PowerDesk\Services\Matrox.PowerDesk.Services.exe
PRC - [2010/02/11 16:48:24 | 004,246,784 | ---- | M] (Matrox Graphics Inc.) -- C:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDesk SE.exe
PRC - [2010/02/11 16:48:22 | 000,344,832 | ---- | M] (Matrox Graphics Inc) -- c:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.Pdesk.ServicesHost.exe
PRC - [2009/09/12 23:09:10 | 000,103,768 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\concentr.exe
PRC - [2009/09/12 23:09:04 | 000,550,232 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\wfcrun32.exe
PRC - [2009/09/08 17:25:52 | 000,096,334 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2009/06/15 17:05:56 | 000,611,624 | ---- | M] (Juniper Networks) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/04/04 08:48:42 | 000,087,560 | ---- | M] (Matrox Graphics Inc.) -- C:\WINDOWS\system32\mgabg.exe
PRC - [2002/07/15 16:36:54 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
PRC - [2002/06/26 17:36:58 | 000,090,112 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMTray.exe

========== Modules (No Company Name) ==========

MOD - [2012/09/03 16:32:25 | 001,806,336 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12090301\algo.dll
MOD - [2012/09/03 12:45:53 | 001,211,904 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.WorkflowServ#\eed3da66d4b3306d756d3115df0f6bb1\System.WorkflowServices.ni.dll
MOD - [2012/09/03 12:43:56 | 000,365,056 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\c59256d906eb8bf251fdcade8d3e8db8\System.ServiceModel.Routing.ni.dll
MOD - [2012/09/03 12:43:53 | 001,128,960 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\cac970090ee40f6eb194fcc66391d99f\System.ServiceModel.Discovery.ni.dll
MOD - [2012/09/03 12:43:49 | 000,082,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\76ba7b2f5232c390b8db9dfcd935af93\System.ServiceModel.Channels.ni.dll
MOD - [2012/09/03 12:42:54 | 001,387,520 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\49d13cef799a2cbb948f3292a87995fe\System.ServiceModel.Activities.ni.dll
MOD - [2012/09/03 12:42:41 | 001,072,128 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\9c5381e06b81e9859210d9164288cd8b\System.IdentityModel.ni.dll
MOD - [2012/09/03 12:42:36 | 017,996,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\8be0d48c6312a96e2ff0fd5bafb70469\System.ServiceModel.ni.dll
MOD - [2012/09/03 12:41:38 | 001,051,648 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\fb1dafd33ea1f8f4c8ced2c9299bd366\System.ServiceModel.Web.ni.dll
MOD - [2012/09/03 12:19:33 | 009,813,704 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll
MOD - [2012/09/03 11:52:47 | 001,020,928 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\3434c23fcc8dfcf056d06f0328d2225d\System.Runtime.DurableInstancing.ni.dll
MOD - [2012/09/03 11:52:45 | 000,142,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\13a7f21e234d2c7587f7a0b58a17d591\SMDiagnostics.ni.dll
MOD - [2012/09/03 11:52:43 | 002,637,312 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\d0b065445b421ccf5e2beb5eecc45a48\System.Runtime.Serialization.ni.dll
MOD - [2012/09/03 11:52:37 | 000,391,680 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\738d3077763a0ce3ddf9228b5854e26d\System.Xml.Linq.ni.dll
MOD - [2012/09/03 11:51:29 | 001,781,760 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\adf79290d55b53d72aaedf49dc0ab05c\System.Xaml.ni.dll
MOD - [2012/09/03 02:45:22 | 001,806,336 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12090300\algo.dll
MOD - [2012/08/31 00:39:42 | 013,197,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\31649acbb300c306f8359f26e94572a9\System.Windows.Forms.ni.dll
MOD - [2012/08/31 00:23:33 | 000,755,712 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\e28fd0201f1e3003f2f6043b491c69b3\PresentationFramework.Luna.ni.dll
MOD - [2012/08/31 00:22:42 | 017,998,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\2be5c267837bce48c2588db1cb45a218\PresentationFramework.ni.dll
MOD - [2012/08/31 00:21:52 | 011,451,904 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationCore\2dc4170e59c6defec194ce1d3b7e9b6e\PresentationCore.ni.dll
MOD - [2012/08/31 00:21:02 | 003,856,896 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsBase\874de73de0aefaefe4d1226396d1b0c3\WindowsBase.ni.dll
MOD - [2012/08/31 00:05:47 | 001,666,048 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\3d0c73f63305fa092666e6488634d025\System.Drawing.ni.dll
MOD - [2012/08/30 23:39:40 | 000,729,088 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Security\3a852d2bd1860c7e917dd7ae2676c97c\System.Security.ni.dll
MOD - [2012/08/30 23:39:27 | 005,618,176 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\6e70ff4b74bed30aa8751253ed8aee56\System.Xml.ni.dll
MOD - [2012/08/30 23:39:13 | 000,980,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\4b1f1878bf47391d09f9e256fde70e4b\System.Configuration.ni.dll
MOD - [2012/08/30 23:38:14 | 007,052,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\0ad566912479454ed9ce37fb09de2715\System.Core.ni.dll
MOD - [2012/08/30 23:36:45 | 009,090,560 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\5339ecdda252537e37def11dc77c77aa\System.ni.dll
MOD - [2012/08/30 23:36:23 | 014,413,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\1bdf7de454340e0ea9fc455aeaec49d9\mscorlib.ni.dll
MOD - [2012/08/29 20:33:36 | 002,242,528 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/09/27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/05/28 23:04:56 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2011/03/21 14:57:34 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/03/21 14:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2010/07/13 01:29:42 | 000,143,360 | ---- | M] () -- C:\Program Files\Sony\Reader\Data\bin\launcher\connectionDetector.dll
MOD - [2010/07/13 01:28:42 | 000,856,064 | ---- | M] () -- C:\Program Files\Sony\Reader\Data\bin\launcher\fsk.dll
MOD - [2010/07/13 01:26:12 | 000,018,432 | ---- | M] () -- C:\Program Files\Sony\Reader\Data\bin\launcher\FskNetInterface.dll
MOD - [2010/07/13 01:25:56 | 000,008,704 | ---- | M] () -- C:\Program Files\Sony\Reader\Data\bin\launcher\FskTimeHardware.dll
MOD - [2010/07/13 01:25:50 | 000,028,160 | ---- | M] () -- C:\Program Files\Sony\Reader\Data\bin\launcher\ticket.dll
MOD - [2010/07/13 01:25:42 | 000,011,776 | ---- | M] () -- C:\Program Files\Sony\Reader\Data\bin\launcher\ebookDeviceNotifier.dll
MOD - [2010/07/13 01:22:36 | 000,020,480 | ---- | M] () -- C:\Program Files\Sony\Reader\Data\bin\FskinLocalize.dll
MOD - [2010/07/13 01:22:02 | 000,009,728 | ---- | M] () -- C:\Program Files\Sony\Reader\Data\bin\FskPower.dll
MOD - [2010/07/13 01:16:16 | 000,118,784 | ---- | M] () -- C:\Program Files\Sony\Reader\Data\bin\FskDocumentViewer.dll
MOD - [2010/07/13 01:15:58 | 000,010,240 | ---- | M] () -- C:\Program Files\Sony\Reader\Data\bin\FskMobileMediaDevice.dll
MOD - [2010/07/13 01:15:52 | 000,233,472 | ---- | M] () -- C:\Program Files\Sony\Reader\Data\bin\Fskin.dll
MOD - [2010/07/13 01:13:42 | 000,033,792 | ---- | M] () -- C:\Program Files\Sony\Reader\Data\bin\FskMediaPlayers.dll
MOD - [2010/07/13 01:10:56 | 000,172,032 | ---- | M] () -- C:\Program Files\Sony\Reader\Data\bin\launcher\USBDetector.dll
MOD - [2010/04/02 21:23:36 | 000,815,104 | ---- | M] () -- C:\Program Files\Sony\Reader\Data\bin\FskSecurity.dll
MOD - [2010/04/02 20:44:16 | 000,086,016 | ---- | M] () -- C:\Program Files\Sony\Reader\Data\bin\launcher\ebookUsb.dll
MOD - [2010/03/04 22:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe

========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012/09/03 15:46:18 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/08/29 20:33:36 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/03/06 19:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/12/24 18:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/04/02 21:34:12 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe -- (Sony SCSI Helper Service)
SRV - [2010/03/04 22:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2010/02/11 16:48:50 | 001,266,944 | ---- | M] (Matrox Graphics Inc.) [Auto | Running] -- c:\Program Files\Matrox Graphics Inc\PowerDesk\Services\Matrox.PowerDesk.Services.exe -- (Matrox Centering Service)
SRV - [2010/02/11 16:48:22 | 000,344,832 | ---- | M] (Matrox Graphics Inc) [Auto | Running] -- c:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.Pdesk.ServicesHost.exe -- (Matrox.Pdesk.ServicesHost)
SRV - [2009/09/08 17:25:52 | 000,096,334 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2009/06/15 17:05:56 | 000,611,624 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)
SRV - [2007/04/04 08:48:42 | 000,087,560 | ---- | M] (Matrox Graphics Inc.) [Auto | Running] -- C:\WINDOWS\system32\mgabg.exe -- (MGABGEXE)
SRV - [2002/07/15 16:36:54 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/08/21 05:13:15 | 000,729,752 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/08/21 05:13:15 | 000,355,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/08/21 05:13:15 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/08/21 05:13:14 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/08/21 05:13:14 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2012/08/21 05:13:13 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2012/08/21 05:13:13 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/12/10 16:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2009/11/12 14:48:56 | 000,005,504 | ---- | M] () [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/09/08 18:13:16 | 000,065,584 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ctxusbm.sys -- (ctxusbm)
DRV - [2009/06/15 16:36:30 | 000,023,552 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dsNcAdpt.sys -- (dsNcAdpt)
DRV - [2009/02/06 13:19:52 | 000,350,592 | ---- | M] (Matrox Graphics Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\g400dhm.sys -- (G400DH)
DRV - [2007/08/29 03:04:04 | 000,116,264 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SI3112r.sys -- (SI3112r)
DRV - [2007/08/29 03:04:04 | 000,019,240 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SiWinAcc.sys -- (SiFilter)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ca.msn.com/?lang=en-ca
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.bing.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.bing.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ca.msn.com/?lang=en-ca
IE - HKCU\..\SearchScopes,DefaultScope = {83E97F5A-B33F-4850-87BE-8E03A4C6C27F}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\..\SearchScopes\{83E97F5A-B33F-4850-87BE-8E03A4C6C27F}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Musicnotes.com/Musicnotes Viewer: C:\Program Files\Musicnotes\npmusicn.dll (Musicnotes, Inc.)
FF - HKLM\Software\MozillaPlugins\@Sibelius.com/Scorch Plugin: C:\Program Files\Musicnotes\npsibelius.dll ()
FF - HKLM\Software\MozillaPlugins\@sony.com/eBookLibrary: C:\Program Files\Sony\Reader\Data\bin\npebldetectmoz.dll (Sony Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/09/03 18:32:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/08/29 20:33:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/08/30 21:30:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012/06/23 11:34:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012/08/30 21:30:08 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{2621FDDA-F217-11E1-8270-B8AC6F996F26}: C:\Documents and Settings\Diane\Local Settings\Application Data\{2621FDDA-F217-11E1-8270-B8AC6F996F26}\ [2012/08/29 16:19:50 | 000,000,000 | ---D | M]

[2011/06/03 20:38:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Diane\Application Data\Mozilla\Extensions
[2011/06/03 20:38:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Diane\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012/08/29 15:54:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Diane\Application Data\Mozilla\Firefox\Profiles\p251zftc.default\extensions
[2011/11/24 00:17:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/08/29 16:19:50 | 000,000,000 | ---D | M] (Mozilla Safe Browsing) -- C:\DOCUMENTS AND SETTINGS\DIANE\LOCAL SETTINGS\APPLICATION DATA\{2621FDDA-F217-11E1-8270-B8AC6F996F26}
[2012/09/03 18:32:15 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2011/05/13 03:00:29 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2012/08/29 20:33:39 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009/09/12 23:05:42 | 000,124,240 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CCMSDK.dll
[2009/09/12 23:06:22 | 000,070,488 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll
[2009/09/12 23:06:32 | 000,091,480 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\confmgr.dll
[2009/09/12 23:06:28 | 000,022,360 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll
[2011/06/24 23:20:44 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/09/12 23:08:36 | 000,406,864 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npicaN.dll
[2009/09/12 23:06:24 | 000,023,896 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll
[2012/04/28 19:49:30 | 000,001,525 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/08/29 20:33:32 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/04/28 19:49:30 | 000,000,935 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/04/28 19:49:30 | 000,001,166 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/08/29 20:33:32 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2012/04/28 19:49:30 | 000,001,121 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/06/24 23:24:35 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [dpysvi] C:\Documents and Settings\Diane\Application Data\dpysvi.dll (C-Media Electronics Inc.)
O4 - HKLM..\Run: [Garmin Lifetime Updater] C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe (Garmin)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Matrox PowerDesk SE] c:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDesk SE.exe (Matrox Graphics Inc.)
O4 - HKLM..\Run: [Reader Library Launcher] C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe (Sony Corporation)
O4 - HKLM..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [winrd] C:\Documents and Settings\Diane\Application Data\winrd.dll ()
O4 - HKLM..\RunOnce: [aswAhAScr.dll] C:\Program Files\AVAST Software\Avast\aswRegSvr.exe (AVAST Software)
O4 - HKLM..\RunOnce: [aswasOutExt.dll] C:\Program Files\AVAST Software\Avast\aswRegSvr.exe (AVAST Software)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://lh01.lhsc.on...SetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 216.240.0.1 216.240.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6C474622-5450-47B5-9515-67433C2DFF55}: DhcpNameServer = 216.240.0.1 216.240.1.1 192.168.1.1
O18 - Protocol\Handler\intu-tt2010 {97A0575E-2309-4e75-8509-B1F9390C4DE7} - C:\Program Files\TurboTax 2010\ic2010pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\intu-tt2011 {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} - C:\Program Files\TurboTax 2011\ic2011pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (-s) - File not found
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/05/04 20:50:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/03 18:40:37 | 000,599,040 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Diane\Desktop\OTL.exe
[2012/09/03 18:40:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Diane\My Documents\Downloads
[2012/09/03 18:25:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Diane\Application Data\Malwarebytes
[2012/09/03 15:47:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/09/03 12:16:03 | 000,000,000 | ---D | C] -- C:\Program Files\Dropbox
[2012/09/03 12:04:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2012/08/30 23:27:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2012/08/30 21:21:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Diane\Application Data\Garmin
[2012/08/29 16:19:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Diane\Local Settings\Application Data\{2621FDDA-F217-11E1-8270-B8AC6F996F26}
[2012/08/29 16:19:43 | 000,677,376 | ---- | C] (C-Media Electronics Inc.) -- C:\Documents and Settings\Diane\Application Data\dpysvi.dll
[2012/08/29 16:15:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Diane\Application Data\xsecva
[2012/08/29 06:58:03 | 000,000,000 | ---D | C] -- C:\Program Files\MetroGold
[2012/08/29 05:12:58 | 000,000,000 | ---D | C] -- C:\Program Files\Garmin GPS Plugin
[2012/08/28 18:13:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\GARMIN
[2012/08/28 18:13:11 | 000,018,304 | ---- | C] (GARMIN Corp.) -- C:\WINDOWS\System32\drivers\grmngen.sys
[2012/08/28 18:13:10 | 000,000,000 | ---D | C] -- C:\Program Files\Garmin
[2012/08/27 20:02:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Garmin
[2012/08/27 20:02:09 | 000,000,000 | ---D | C] -- C:\Garmin
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/09/03 18:40:18 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Diane\Desktop\OTL.exe
[2012/09/03 18:32:32 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/09/03 18:32:31 | 000,000,316 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012/09/03 18:25:31 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/09/03 18:24:38 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/09/03 11:38:03 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/09/03 11:37:55 | 000,296,456 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/08/31 01:01:17 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Diane\Local Settings\Application Data\¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ
[2012/08/31 00:56:37 | 000,492,944 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/08/31 00:56:37 | 000,083,466 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/08/30 21:28:13 | 000,001,743 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2012/08/29 16:19:47 | 000,677,376 | ---- | M] (C-Media Electronics Inc.) -- C:\Documents and Settings\Diane\Application Data\dpysvi.dll
[2012/08/29 16:15:29 | 000,154,112 | ---- | M] () -- C:\Documents and Settings\Diane\Application Data\winrd.dll
[2012/08/29 05:12:50 | 000,001,718 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Garmin Lifetime Updater.lnk
[2012/08/28 18:28:23 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf
[2012/08/24 08:52:07 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/08/21 05:13:15 | 000,729,752 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012/08/21 05:13:15 | 000,355,632 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012/08/21 05:13:15 | 000,054,232 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012/08/21 05:13:14 | 000,097,608 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012/08/21 05:13:14 | 000,089,624 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012/08/21 05:13:14 | 000,035,928 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012/08/21 05:13:13 | 000,025,256 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012/08/21 05:13:13 | 000,021,256 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012/08/21 05:12:33 | 000,041,224 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012/08/21 05:12:23 | 000,227,648 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/09/03 18:32:31 | 000,000,316 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012/08/31 01:01:56 | 000,216,546 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1202660629-484763869-725345543-1003-0.dat
[2012/08/31 01:01:53 | 000,216,546 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/08/30 21:28:13 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2012/08/30 21:28:13 | 000,001,743 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2012/08/29 16:19:51 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Diane\Local Settings\Application Data\¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ
[2012/08/29 16:15:31 | 000,154,112 | ---- | C] () -- C:\Documents and Settings\Diane\Application Data\winrd.dll
[2012/08/29 05:12:50 | 000,001,718 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Garmin Lifetime Updater.lnk
[2012/02/27 20:39:54 | 004,414,976 | ---- | C] () -- C:\WINDOWS\System32\ffmpeg.dll
[2012/02/26 12:47:02 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2012/02/26 12:46:18 | 000,260,608 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2012/02/26 12:46:00 | 000,158,720 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2012/02/26 12:46:00 | 000,099,840 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2012/02/26 12:45:58 | 001,525,248 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2012/02/26 12:45:58 | 000,146,944 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2012/02/26 12:45:56 | 000,212,480 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2012/02/26 12:45:56 | 000,115,200 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2012/02/26 12:45:54 | 000,328,704 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2012/02/26 12:45:54 | 000,137,728 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2012/02/24 10:51:06 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\libbluray.dll
[2012/02/24 10:51:00 | 006,426,793 | ---- | C] () -- C:\WINDOWS\System32\avcodec-lav-54.dll
[2012/02/24 10:51:00 | 001,136,653 | ---- | C] () -- C:\WINDOWS\System32\avformat-lav-54.dll
[2012/02/24 10:51:00 | 000,369,109 | ---- | C] () -- C:\WINDOWS\System32\swscale-lav-2.dll
[2012/02/24 10:51:00 | 000,208,659 | ---- | C] () -- C:\WINDOWS\System32\avutil-lav-51.dll
[2012/02/24 10:51:00 | 000,142,647 | ---- | C] () -- C:\WINDOWS\System32\avfilter-lav-2.dll
[2011/12/07 15:32:24 | 000,216,064 | ---- | C] ( ) -- C:\WINDOWS\System32\Lagarith.dll
[2011/11/17 19:14:24 | 000,067,192 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/10/26 17:58:11 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/10/26 17:36:27 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[2011/09/08 10:00:52 | 000,150,528 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll
[2011/09/08 10:00:48 | 000,142,336 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll
[2011/09/08 10:00:42 | 000,123,392 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll
[2011/09/08 10:00:38 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll
[2011/09/08 10:00:34 | 000,113,152 | ---- | C] () -- C:\WINDOWS\System32\dsmux.exe
[2011/09/08 10:00:24 | 000,154,624 | ---- | C] () -- C:\WINDOWS\System32\ts.dll
[2011/09/08 10:00:10 | 000,137,728 | ---- | C] () -- C:\WINDOWS\System32\mkv2vfr.exe
[2011/09/08 10:00:06 | 000,358,400 | ---- | C] () -- C:\WINDOWS\System32\gdsmux.exe
[2011/09/08 09:59:54 | 000,080,384 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll
[2011/09/08 09:59:52 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll
[2011/08/27 10:41:51 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2011/08/27 10:41:50 | 000,040,129 | ---- | C] () -- C:\WINDOWS\iccsigs.dat
[2011/08/27 10:41:50 | 000,000,149 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2011/05/30 09:42:50 | 000,240,640 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011/05/23 03:46:30 | 000,645,632 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/05/11 20:05:53 | 000,030,722 | ---- | C] () -- C:\WINDOWS\System32\nolodit.dll
[2011/05/11 20:05:53 | 000,028,674 | ---- | C] () -- C:\WINDOWS\System32\revew2k.dll
[2011/05/11 20:05:02 | 000,397,312 | R--- | C] () -- C:\WINDOWS\System32\ZSHP1020.EXE
[2011/05/11 20:05:02 | 000,106,496 | R--- | C] () -- C:\WINDOWS\System32\VSHP1020.DLL
[2011/05/10 19:11:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\prestopm.INI
[2011/05/10 18:12:21 | 000,004,159 | ---- | C] () -- C:\WINDOWS\estwn323.ini
[2011/05/10 18:12:19 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2011/05/10 18:09:33 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll
[2011/05/10 18:09:33 | 000,000,410 | ---- | C] () -- C:\WINDOWS\umxaddin.ini
[2011/05/10 17:54:37 | 000,000,018 | ---- | C] () -- C:\WINDOWS\Epson636.ini
[2011/05/08 08:30:00 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2011/05/05 22:29:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/05/04 21:32:31 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2011/05/04 20:53:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/05/04 20:47:27 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/05/04 16:37:56 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/05/04 16:36:28 | 000,296,456 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/03/03 07:39:56 | 000,109,568 | ---- | C] () -- C:\WINDOWS\System32\avi.dll
[2011/03/03 07:38:10 | 000,097,792 | ---- | C] () -- C:\WINDOWS\System32\avs.dll
[2011/03/03 07:37:50 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\avss.dll

========== LOP Check ==========

[2011/05/06 05:33:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/05/08 08:41:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
[2011/08/24 22:18:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco Systems
[2011/06/24 23:16:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2012/08/28 18:13:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN
[2011/06/24 23:22:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
[2011/05/27 22:11:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kinoma
[2011/05/27 21:59:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Matrox
[2011/05/27 21:59:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Matrox Graphics Inc
[2011/07/13 22:09:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Musicnotes
[2011/06/10 23:25:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/08/30 21:21:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Diane\Application Data\Garmin
[2011/07/10 20:15:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Diane\Application Data\ICAClient
[2011/06/03 20:38:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Diane\Application Data\Thunderbird
[2012/08/30 21:19:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Diane\Application Data\xsecva
[2012/09/03 18:32:31 | 000,000,316 | -H-- | M] () -- C:\WINDOWS\Tasks\avast! Emergency Update.job

========== Purity Check ==========

< End of report >

#2
DVCnerfherder

Posted 03 September 2012 - 06:00 PM

Member

Topic Starter
Member
58 posts

Here's the output of extras.txt:

OTL Extras logfile created on: 03/09/2012 6:42:08 PM - Run 1
OTL by OldTimer - Version 3.2.60.0 Folder = C:\Documents and Settings\Diane\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.17 Gb Available Physical Memory | 58.54% Memory free
3.85 Gb Paging File | 2.99 Gb Available in Paging File | 77.76% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 31.25 Gb Total Space | 9.71 Gb Free Space | 31.07% Space Free | Partition Type: NTFS
Drive D: | 266.83 Gb Total Space | 6.97 Gb Free Space | 2.61% Space Free | Partition Type: NTFS
Drive F: | 298.09 Gb Total Space | 17.65 Gb Free Space | 5.92% Space Free | Partition Type: NTFS

Computer Name: BASEMENT-XP | User Name: Diane | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\WINDOWS\system32\MediaServerDump\LiveUpdate\OLUpdate.exe" = C:\WINDOWS\system32\MediaServerDump\LiveUpdate\OLUpdate.exe:*:Enabled:LiveUpdate -- ()
"C:\Program Files\D-Link Media Server\MediaServer.exe" = C:\Program Files\D-Link Media Server\MediaServer.exe:*:Enabled:Media Server -- ()
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files\AirVideoServer\AirVideoServer.exe" = C:\Program Files\AirVideoServer\AirVideoServer.exe:*:Enabled:Air Video Server -- ()
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Documents and Settings\Mike\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\Mike\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0BCA9EFD-F2D6-4638-B053-8693BA0404BE}" = Citrix online plug-in (Web)
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{12CAA28E-56CA-4C3D-B3F2-7311540DD410}" = TurboTax 2011
"{13F054F3-0B07-4D15-9E80-C55B496AB557}" = Garmin Communicator Plugin
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{24AE6B5B-3D5A-488C-9224-1BEE11F75DD9}" = TurboTax 2010
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java™ 6 Update 26
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{272C8DEE-F54F-406C-9AA6-B4DE2985A47C}" = Flash Drive Tester v1.14
"{2E295B5B-1AD4-4d36-97C2-A316084722CF}" = Python 2.7.2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{422EB670-90F6-4332-AEAE-5128AFF84FDD}" = Python 2.7 pycrypto-2.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5414086B-AE06-4332-8A59-26FF0F630D1B}" = Garmin Trip and Waypoint Manager v3
"{55392E52-1AAD-44C4-BE49-258FFE72434F}" = Citrix online plug-in (USB)
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{80F19EAA-44C4-47C2-AE87-1C7628E858D6}" = Logitech Harmony Remote Software 7
"{812424AC-A8B5-44E6-8D48-07E939D1AD9A}" = Citrix online plug-in (HDX)
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_STANDARD_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_STANDARD_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_STANDARD_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_STANDARD_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_STANDARD_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_STANDARD_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_STANDARD_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_STANDARD_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_STANDARD_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9AAD03E8-4F65-4DE2-8F6C-1B079C0C8521}" = Garmin Lifetime Updater
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A212E6C2-20F7-4A8E-BD8E-DC3EE7483FA2}" = PRS-500 USB driver
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{AFBAB9A0-DDE8-49AE-8C17-A01B61BEE64B}" = Garmin MapSource
"{B70E5793-F912-4C62-AFE2-C4F0B078FD31}" = Reader Library by Sony
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BB3E446F-A88E-4D91-9905-9138965561E3}" = Matrox PowerDesk-SE
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF53CF7C-D996-43EB-9904-DBED57C25625}" = Citrix online plug-in (DV)
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"75070B1806113224B16C70296B90DD1AD8A53479" = Windows Driver Package - Sony Corporation (PRSUSB) USB (08/08/2006 1.0.03.08080)
"AC3Filter" = AC3Filter (remove only)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop 5.0 Limited Edition" = Adobe Photoshop 5.0 Limited Edition
"Air Video Server" = Air Video Server 2.4.3
"Any Video Converter_is1" = Any Video Converter 3.2.3
"avast" = avast! Free Antivirus
"CAL" = Canon Camera Access Library
"CameraWindowDC8" = Canon Utilities CameraWindow DC 8
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Cisco Connect" = Cisco Connect
"CitrixOnlinePluginPackWeb" = Citrix online plug-in - web
"CodInstl" = Intel A/V Codecs V2.0
"Digital Editions" = Adobe Digital Editions
"DivX Setup.divx.com" = DivX Setup
"D-Link Media Server_is1" = D-Link Media Server 1.05WW
"HP-LaserJet 1020 series" = LaserJet 1020 series
"ie8" = Windows Internet Explorer 8
"Juniper Network Connect 6.4.0" = Juniper Networks Network Connect 6.4.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"Matrox Graphics Uninstaller" = Matrox Graphics Software (remove only)
"Media Player - Codec Pack" = Media Player Codec Pack 4.1.8
"MetroGold" = MetroGold
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MovieUploaderForYouTube" = Canon Utilities Movie Uploader for YouTube
"Mozilla Firefox 15.0 (x86 en-GB)" = Mozilla Firefox 15.0 (x86 en-GB)
"Mozilla Thunderbird 15.0 (x86 en-GB)" = Mozilla Thunderbird 15.0 (x86 en-GB)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Musicnotes Combined Installer_is1" = Musicnotes Software Suite 1.5.5
"MVApplication1" = SureThing CD Labeler CD Stomper Edition
"MyCamera" = Canon Utilities MyCamera
"PageManager" = Presto! PageManager for EPSON
"PhotoStitch" = Canon Utilities PhotoStitch
"PROSet" = Intel® PRO Ethernet Adapter and Software
"STANDARD" = Microsoft Office Standard 2007
"uTorrent" = µTorrent
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR 4.01 (32-bit)
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 09/04/2012 11:16:53 AM | Computer Name = BASEMENT-XP | Source = Bonjour Service | ID = 100
Description = 248: Client unresponsive; aborting connection

Error - 09/04/2012 11:16:53 AM | Computer Name = BASEMENT-XP | Source = Bonjour Service | ID = 100
Description = 248: DNSServiceResolve 04:54:53:5e:4f:9b@fe80::654:53ff:fe5e:4f9b._apple-mobdev._tcp.local.

Error - 09/04/2012 10:54:23 PM | Computer Name = BASEMENT-XP | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 1

Error - 09/04/2012 10:54:23 PM | Computer Name = BASEMENT-XP | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 3

Error - 09/04/2012 10:54:23 PM | Computer Name = BASEMENT-XP | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 4

Error - 09/04/2012 10:54:23 PM | Computer Name = BASEMENT-XP | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 5

Error - 09/04/2012 10:54:23 PM | Computer Name = BASEMENT-XP | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 6

Error - 09/04/2012 10:54:23 PM | Computer Name = BASEMENT-XP | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 7

Error - 09/04/2012 10:54:23 PM | Computer Name = BASEMENT-XP | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 8

Error - 09/04/2012 10:54:23 PM | Computer Name = BASEMENT-XP | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 9

[ System Events ]
Error - 25/03/2012 10:39:22 PM | Computer Name = BASEMENT-XP | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the avast! Antivirus service.

Error - 07/04/2012 9:40:54 AM | Computer Name = BASEMENT-XP | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 26/04/2012 5:02:43 AM | Computer Name = BASEMENT-XP | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.114 for the Network Card with network
address 0007E9DA807A has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 12/06/2012 10:20:39 PM | Computer Name = BASEMENT-XP | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 12/06/2012 10:21:08 PM | Computer Name = BASEMENT-XP | Source = Service Control Manager | ID = 7034
Description = The MBAMService service terminated unexpectedly. It has done this
1 time(s).

Error - 19/06/2012 8:47:09 PM | Computer Name = BASEMENT-XP | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.125 for the Network Card with network
address 0007E9DA807A has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 28/07/2012 9:06:02 AM | Computer Name = BASEMENT-XP | Source = Print | ID = 6161
Description = The document Kojak.std owned by Mike failed to print on printer HP
DeskJet 812C. Data type: NT EMF 1.008. Size of the spool file in bytes: 393216.
Number of bytes printed: 346176. Total number of pages in the document: 1. Number
of pages printed: 1. Client machine: \\BASEMENT-XP. Win32 error code returned by
the print processor: 0 (0x0).

Error - 29/08/2012 4:18:41 PM | Computer Name = BASEMENT-XP | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 30/08/2012 9:22:35 PM | Computer Name = BASEMENT-XP | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Application Layer Gateway
Service service to connect.

Error - 30/08/2012 9:22:36 PM | Computer Name = BASEMENT-XP | Source = Service Control Manager | ID = 7000
Description = The Application Layer Gateway Service service failed to start due
to the following error: %%1053

< End of report >

#3
emeraldnzl

Posted 03 September 2012 - 07:17 PM

GeekU Instructor

GeekU Moderator
20,051 posts

Hello DVCnerfherder,

Full blown Ransomware will encrypt your files and lock you out of your computer. Often the only solution then is to reformat the machine. Good reason to have everything backed up regularly. Maybe in this case Avast is holding it at bay.

We will try to remove it but please be aware that there are no quarantees and we may end up having to reformat the computer. Make sure you have backed up your data before you proceed. Also, if we do need to reformat you will need your Installation disk.

Makes me wonder what else happens when I'm away.

Quote from Microsoft Answers:

"They usually come from an infected web site, and usually through an advertisement. You get a pop-up from the infection and you click it to close the pop-up - which allows the infection to install. They can also be delivered in a "drive-by" fashion with no action needed by the user due to the system being unpatched, no matter what security software is running."

-------------------------------------------

Let's see what we can do about it.

Now

Please run OTL.exe

Under the Custom Scans/Fixes box at the bottom, paste in the following

:Commands
[CreateRestorePoint]

:OTL
[2012/08/29 16:19:51 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Diane\Local Settings\Application Data\¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ

:Files
ipconfig /flushdns /c
netsh int ip reset c:\resetlog.txt  /c
ipconfig /release /c
ipconfig /renew /c

:Commands
[ResetHosts]
[emptyflash]
[emptyjava]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
It will produce a log for you on reboot, please post that log in your next reply.

After that

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Double click on ComboFix.exe & follow the prompts.
ComboFix will alert you that your Anti-virus program is running. In this particular case just click to continue. If it won't continue then you may have to disable your AV but if you do don't touch your browser or any other programs before running ComboFix.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

So when you return please post
OTL.txt
ComboFix.txt

#4
DVCnerfherder

Posted 03 September 2012 - 09:12 PM

Member

Topic Starter
Member
58 posts

Thank you for your very prompt reply, emeraldnzl.

After the reboot when performing the Run Fix with OTL no log file was produced. Attached is the ComboFix log:

ComboFix 12-09-03.07 - Diane 03/09/2012 22:48:24.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1345 [GMT -4:00]
Running from: c:\documents and settings\Diane\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Diane\Application Data\dpysvi.dll
c:\documents and settings\Diane\Application Data\winrd.dll
c:\documents and settings\Mike\WINDOWS
c:\windows\system32\SET43.tmp
c:\windows\system32\SET47.tmp
c:\windows\system32\SET48.tmp
c:\windows\system32\SET4F.tmp
c:\windows\system32\SET96.tmp
c:\windows\system32\SET97.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-08-04 to 2012-09-04 )))))))))))))))))))))))))))))))
.
.
2012-09-04 02:06 . 2012-09-04 02:06 -------- d-----w- c:\documents and settings\Diane\Local Settings\Application Data\Sun
2012-09-04 01:38 . 2012-09-04 01:38 -------- d-----w- C:\_OTL
2012-09-03 22:25 . 2012-09-03 22:25 -------- d-----w- c:\documents and settings\Diane\Application Data\Malwarebytes
2012-09-03 19:47 . 2012-09-03 19:47 -------- d-----w- c:\program files\Common Files\Java
2012-09-03 19:46 . 2012-09-03 19:46 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-03 19:46 . 2012-09-03 19:46 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-03 16:19 . 2012-09-03 16:19 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-03 16:16 . 2012-09-03 16:16 -------- d-----w- c:\program files\Dropbox
2012-08-31 03:27 . 2012-08-31 03:27 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2012-08-31 01:21 . 2012-08-31 01:21 -------- d-----w- c:\documents and settings\Diane\Application Data\Garmin
2012-08-30 00:33 . 2012-08-30 00:33 73696 ----a-w- c:\program files\Mozilla Firefox\breakpadinjector.dll
2012-08-29 20:19 . 2012-08-29 20:19 -------- d-----w- c:\documents and settings\Diane\Local Settings\Application Data\{2621FDDA-F217-11E1-8270-B8AC6F996F26}
2012-08-29 20:15 . 2012-08-31 01:19 -------- d-----w- c:\documents and settings\Diane\Application Data\xsecva
2012-08-29 10:58 . 2012-08-29 10:58 -------- d-----w- c:\program files\MetroGold
2012-08-29 09:12 . 2012-08-29 09:13 -------- d-----w- c:\program files\Garmin GPS Plugin
2012-08-28 22:13 . 2012-08-28 22:13 -------- d-----w- c:\documents and settings\All Users\Application Data\GARMIN
2012-08-28 22:13 . 2009-04-17 19:48 9344 ----a-w- c:\windows\system32\drivers\grmnusb.sys
2012-08-28 22:13 . 2009-04-17 19:48 18304 ----a-w- c:\windows\system32\drivers\grmngen.sys
2012-08-28 22:13 . 2012-08-29 09:12 -------- d-----w- c:\program files\Garmin
2012-08-28 00:02 . 2012-08-28 22:13 -------- d-----w- C:\Garmin
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-03 19:46 . 2011-06-25 03:21 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-09-03 19:46 . 2011-06-25 03:21 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-03 16:19 . 2011-06-21 21:31 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-21 09:13 . 2012-01-26 00:15 355632 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-08-21 09:13 . 2012-01-26 00:15 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-21 09:13 . 2012-01-26 00:15 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-08-21 09:13 . 2012-01-26 00:15 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-08-21 09:13 . 2012-01-26 00:15 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-08-21 09:13 . 2012-01-26 00:15 89624 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-08-21 09:13 . 2012-01-26 00:15 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-08-21 09:13 . 2012-01-26 00:15 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-08-21 09:12 . 2011-05-06 09:33 41224 ----a-w- c:\windows\avastSS.scr
2012-08-21 09:12 . 2012-01-26 00:15 227648 ----a-w- c:\windows\system32\aswBoot.exe
2009-09-13 03:05 . 2009-09-13 03:05 124240 ----a-w- c:\program files\mozilla firefox\plugins\CCMSDK.dll
2009-09-13 03:06 . 2009-09-13 03:06 13136 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2009-09-13 03:06 . 2009-09-13 03:06 70488 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2009-09-13 03:06 . 2009-09-13 03:06 91480 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2009-09-13 03:06 . 2009-09-13 03:06 22360 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2009-09-13 03:07 . 2009-09-13 03:07 255312 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2009-09-13 03:06 . 2009-09-13 03:06 31064 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2009-09-13 03:06 . 2009-09-13 03:06 40280 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2009-08-14 17:33 . 2009-08-14 17:33 652640 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2009-09-13 03:06 . 2009-09-13 03:06 23896 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
2012-08-30 00:33 . 2012-01-08 04:28 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:12 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="c:\program files\Analog Devices\SoundMAX\Smtray.exe" [2002-06-26 90112]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"Matrox PowerDesk SE"="c:\program files\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDesk SE.exe" [2010-02-11 4246784]
"Reader Library Launcher"="c:\program files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe" [2010-07-13 906648]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2009-09-13 103768]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"Garmin Lifetime Updater"="c:\program files\Garmin\Lifetime Updater\GarminLifetime.exe" [2012-06-04 1466760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\MediaServerDump\\LiveUpdate\\OLUpdate.exe"=
"c:\\Program Files\\D-Link Media Server\\MediaServer.exe"=
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"c:\\Program Files\\AirVideoServer\\AirVideoServer.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\Mike\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
.
R0 SI3112r;Silicon Image SiI 3512 SATARaid Controller;c:\windows\system32\drivers\SI3112r.sys [29/08/2007 3:04 AM 116264]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [25/01/2012 8:15 PM 729752]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [25/01/2012 8:15 PM 355632]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [08/09/2009 6:13 PM 65584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [25/01/2012 8:15 PM 21256]
R2 Matrox Centering Service;Matrox Centering Service;c:\program files\Matrox Graphics Inc\PowerDesk\Services\Matrox.PowerDesk.Services.exe [11/02/2010 4:48 PM 1266944]
R2 Matrox.Pdesk.ServicesHost;Matrox.Pdesk.ServicesHost;c:\program files\Matrox Graphics Inc\PowerDesk SE\Matrox.Pdesk.ServicesHost.exe [11/02/2010 4:48 PM 344832]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [25/01/2012 7:39 PM 652872]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [25/01/2012 7:39 PM 20464]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [28/04/2012 7:49 PM 114144]
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 22:57]
.
2012-09-04 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-09-03 09:12]
.
.
------- Supplementary Scan -------
.
TCP: DhcpNameServer = 216.240.0.1 216.240.1.1 192.168.1.1
Handler: intu-tt2011 - {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} - c:\program files\TurboTax 2011\ic2011pp.dll
FF - ProfilePath - c:\documents and settings\Diane\Application Data\Mozilla\Firefox\Profiles\p251zftc.default\
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
HKLM-Run-winrd - c:\documents and settings\Diane\Application Data\winrd.dll
HKLM-Run-dpysvi - c:\documents and settings\Diane\Application Data\dpysvi.dll
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-03 23:01
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2012-09-03 23:06:19
ComboFix-quarantined-files.txt 2012-09-04 03:06
.
Pre-Run: 10,351,878,144 bytes free
Post-Run: 10,538,090,496 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=signature(ef2d6133)disk(1)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
signature(ef2d6133)disk(1)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 428E160FC896D75E9086E18F2DC2B0FC

#5
emeraldnzl

Posted 03 September 2012 - 09:41 PM

GeekU Instructor

GeekU Moderator
20,051 posts

Hello DVCnerfherder,

Moving along.

After the reboot when performing the Run Fix with OTL no log file was produced.

A copy of an OTL fix log is saved in a text file at

:\_OTL\MovedFiles
in most cases this will be C:\_OTL\MovedFiles

Now

Download aswMBR.exe ( 4.5mb ) to your desktop.

Double click the aswMBR.exe to run it.

Posted Image

Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Next

Please download Farbar Service Scanner and run.

Make sure the following options are checked:
Internet Services
Windows Firewall
System Restore
Security Center
Windows Update

[*]Press Scan
[*]A log (FSS.txt) will be created in the same directory the tool is run.
[*]Copy and paste the log back here.
[/list]When you return please post
OTL.txt
aswMBR.txt
FSS.txt

#6
DVCnerfherder

Posted 04 September 2012 - 03:53 AM

Member

Topic Starter
Member
58 posts

Thank you again.

Output from previous OTL run:

========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
C:\Documents and Settings\Diane\Local Settings\Application Data\¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Diane\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Diane\Desktop\cmd.txt deleted successfully.
< netsh int ip reset c:\resetlog.txt /c >
C:\Documents and Settings\Diane\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Diane\Desktop\cmd.txt deleted successfully.
< ipconfig /release /c >
Windows IP Configuration
No operation can be performed on Network Connect Adapter while it has its media disconnected.
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : 0.0.0.0
Subnet Mask . . . . . . . . . . . : 0.0.0.0
Default Gateway . . . . . . . . . :
Ethernet adapter Network Connect Adapter:
Media State . . . . . . . . . . . : Media disconnected
C:\Documents and Settings\Diane\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Diane\Desktop\cmd.txt deleted successfully.
< ipconfig /renew /c >
Windows IP Configuration
No operation can be performed on Network Connect Adapter while it has its media disconnected.
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : 192.168.1.109
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
Ethernet adapter Network Connect Adapter:
Media State . . . . . . . . . . . : Media disconnected
C:\Documents and Settings\Diane\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Diane\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYFLASH]

User: All Users

User: Dan
->Flash cache emptied: 1271 bytes

User: Default User

User: Diane
->Flash cache emptied: 2452 bytes

User: LocalService

User: Mike
->Flash cache emptied: 3295160 bytes

User: NetworkService

Total Flash Files Cleaned = 3.00 mb

[EMPTYJAVA]

User: All Users

User: Dan
->Java cache emptied: 0 bytes

User: Default User

User: Diane
->Java cache emptied: 14917 bytes

User: LocalService

User: Mike
->Java cache emptied: 1775705 bytes

User: NetworkService

Total Java Files Cleaned = 2.00 mb

OTL by OldTimer - Version 3.2.60.0 log created on 09032012_213815

Log file from aswMBR:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-04 05:42:00
-----------------------------
05:42:00.406 OS Version: Windows 5.1.2600 Service Pack 3
05:42:00.406 Number of processors: 1 586 0x204
05:42:00.406 ComputerName: BASEMENT-XP UserName: Diane
05:42:01.906 Initialize success
05:42:03.500 AVAST engine defs: 12090301
05:42:19.000 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-3
05:42:19.000 Disk 0 Vendor: WDC_WD3200AAJB-00J3A0 01.03E01 Size: 305245MB BusType: 3
05:42:19.000 Disk 1 \Device\Harddisk1\DR1 -> \Device\Scsi\SI3112r1Port2Path1Target0Lun0
05:42:19.000 Disk 1 Vendor: ST332062 3.AF Size: 305245MB BusType: 1
05:42:19.015 Disk 0 MBR read successfully
05:42:19.015 Disk 0 MBR scan
05:42:19.015 Disk 0 Windows XP default MBR code
05:42:19.015 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 31996 MB offset 63
05:42:19.015 Disk 0 Partition - 00 0F Extended LBA 273238 MB offset 65529135
05:42:19.031 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 273238 MB offset 65529198
05:42:19.031 Disk 0 scanning sectors +625121280
05:42:19.109 Disk 0 scanning C:\WINDOWS\system32\drivers
05:42:32.234 Service scanning
05:42:45.812 Modules scanning
05:42:53.890 Disk 0 trace - called modules:
05:42:53.906 ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
05:42:53.906 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89bbbab8]
05:42:53.906 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\0000005c[0x89be11d0]
05:42:53.921 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T1L0-3[0x89b8cd98]
05:42:54.546 AVAST engine scan C:\WINDOWS
05:43:15.328 AVAST engine scan C:\WINDOWS\system32
05:46:28.375 AVAST engine scan C:\WINDOWS\system32\drivers
05:46:47.890 AVAST engine scan C:\Documents and Settings\Diane
05:47:06.078 AVAST engine scan C:\Documents and Settings\All Users
05:48:05.718 Scan finished successfully
05:48:22.671 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Diane\Desktop\MBR.dat"
05:48:22.671 The log file has been saved successfully to "C:\Documents and Settings\Diane\Desktop\aswMBR.txt"

And lastly, the log file from Farbar Service Scanner:

Farbar Service Scanner Version: 06-08-2012
Ran by Diane (administrator) on 04-09-2012 at 05:49:18
Running from "C:\Documents and Settings\Diane\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
aswTdi(8) Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
0x080000000500000001000000020000000300000004000000080000000600000007000000
IpSec Tag value is correct.

**** End of log ****

#7
emeraldnzl

Posted 04 September 2012 - 01:15 PM

GeekU Instructor

GeekU Moderator
20,051 posts

Hello again DVCnerfherder,

Almost there now.

Please run Malwarebytes and post the log back here.

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab.

Next

Please run a free online scan with the ESET Online Scanner

Vista / Win7 users: Right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator.

Note: This scan works with Internet Explorer or Mozilla FireFox.

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

Click the green ESET Online Scanner box
Tick the box next to YES, I accept the Terms of Use
then click on: Start
You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.
Make sure that the option Scan archives is checked.
Now click on Advanced Settings and select the following:
- Scan for potentially unwanted applications
- Scan for potentially unsafe applications
- Enable Anti-Stealth Technology
Click on Start
The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
When completed the Online Scan will begin automatically. The scan may take several hours.
Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
When completed select Uninstall application on close, make sure you copy the logfile first!
Then click on: Finish
Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
Copy and paste that log as a reply to this topic.

When you return please post
MBAM report
ESET online scan log
and tell me how the computer is now

#8
DVCnerfherder

Posted 05 September 2012 - 02:20 AM

Member

Topic Starter
Member
58 posts

You were right about ESET taking several hours. Also, you didn't specify a Quick or Full scan for MBAM so I opted for the full scan.

I am no longer getting the popup warnings from MBAM or Avast that there is a threat, although the computer did freeze up tight on me when I closed the ESET window and I had to power it down and back up again. Here are the logs:

------

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.09.04.10

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Diane :: BASEMENT-XP [administrator]

Protection: Enabled

04/09/2012 4:57:04 PM
mbam-log-2012-09-04 (16-57-04).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 291907
Time elapsed: 1 hour(s), 8 minute(s), 56 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\Qoobox\Quarantine\C\Documents and Settings\Diane\Application Data\winrd.dll.vir (Spyware.Password) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-1202660629-484763869-725345543-1004\$f9644ec2a9e70ca659008f32e778b3ae\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0525FE60-3518-41C0-91B7-761AC1B3849E}\RP496\A0057515.dll (Spyware.Password) -> Quarantined and deleted successfully.

(end)

... and from ESET ...

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=3aaf84e4b7615546a84210ddef908f1a
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-09-05 05:07:25
# local_time=2012-09-05 01:07:25 (-0500, Eastern Daylight Time)
# country="Canada"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=141366
# found=0
# cleaned=0
# scan_time=9761

#9
emeraldnzl

Posted 05 September 2012 - 02:46 AM

GeekU Instructor

GeekU Moderator
20,051 posts

Hello DVCnerfherder,

I think your machine is clean. :thumbsup:

We have a couple of last steps to perform and then you're all set. Posted Image

Follow these steps to uninstall Combofix and tools used in the removal of malware. This will also clean out and reset your Restore Points.

Click START then RUN
Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

Step 2

Double-click OTL.exe to run it. (Vista users, please right click on OTL.exe and select "Run as an Administrator")
Click on the CleanUp! button
Click Yes to begin the Cleanup process and remove these components, including this application.
You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

-------------------------------------------------------------------------------------------------------------------

A reminder: Remember to turn back on any anti-malware programs you may have turned off during the cleaning process.

-------------------------------------------------------------------------------------------------------------------

Now that your machine is clean here are some things that I think are worth having a look at if you don't already know about them:

---------------------------------------------------------------------------------------------------------------------

Regularly check that your Java is up to date. Older versions are vunerable to malicious attack.

Download Java for Windows

Reboot your computer.
You also need to unininstall older versions of Java.
Click Start > Control Panel > Add or Remove Programs
Remove all Java updates except the latest one you have just installed.

---------------------------------------------------------------------------------------------------------------------

Make Internet Explorer more secure

Click Start > Run
Type Inetcpl.cpl & click OK
Click on the Security tab
Click Reset all zones to default level
Make sure the Internet Zone is selected & Click Custom level
In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
Next Click OK, then Apply button and then OK to exit the Internet Properties page.

* Consider using an alternate browser.

Opera may be downloaded from here. It is one of the least targeted of all browers.

Avant may be downloaded from here. Another one that is less well known.

Firefox may be downloaded from Here. I use Firefox because I like it. Used to be one of the safest but now targeted probably as much as IE.

Adblock Plus is a good Add-on for Firefox that helps prevent those annoying pop ups.

-----------------------------------------------------------------------------------------------------------------------

To help protect your computer in the future:

If you do not already have automatic updates set then it is recommended that you do set Windows to check, download and install your updates automatically.

* Click Start > Control Panel > System and Security > Windows Update
* Under Windows Update click on Turn automatic updating on or off
* Check items shown to ensure you receive updates automatically. Click OK.

Be aware of what emails you open and websites you visit.

Go here for some good advice about how to prevent infection.

Have a safe and happy computing day!

#10
DVCnerfherder

Posted 05 September 2012 - 06:28 PM

Member

Topic Starter
Member
58 posts

Thank you very much for your help. I had already implemented most of your suggestions but I did have old versions of Java installed which I have since removed.

One final question: is there a firewall product you might recommend? I see several of them in other posts in this forum but don't know if one has advantages over the others.

Thanks again for your assistance.

#11
emeraldnzl

Posted 05 September 2012 - 10:54 PM

GeekU Instructor

GeekU Moderator
20,051 posts

Hello DVCnerfherder,

One final question: is there a firewall product you might recommend?

I have just become active again after about 18months away so the views expressed below are a little dated although I have made a quick check to see that the links still work. :lol:

I include AVs because I am often questioned about them too. Just skip any bits you are not interested in.

Here are my thoughts on anti-virus/internet security programs for what they are worth.

Most of the well known anti-virus products are good. Some perform better in some aspects than others but if you were to look at the overall picture they are mostly good.

Sometimes one will be on top of the pops one month and another on another month. Of course there are some rogue programs out there too that you must steer clear of because they bring infection with them.

Some of the free ones are good but you do not get the full service. The sound "pay for products" out there have packages which include anti-spyware, firewalls and adware blocking so you get the whole lot in one go.

This link will take you to an independant site showing comparatives for Anti-virus products. Look at comparatives with caution because one month a program may do well and in another not so well.

http://www.av-comparatives.org/

All of the ones shown there are good products. Sometimes it comes down to your personal taste. In other words you like a particular product because to you it is user friendly or looks good.

Ones I personally like at the moment are Avast, Avira and Kaspersky but that is only a personal preference and my preferences do change as products undergo improvement.

Of the free ones, I recommend Avast, Avira and MSE. All are good.

If you are looking at free products Avast or Avira I would look at combining the anti-virus, with a free firewall and also look at and anti-spyware product (say the free versions Malwarebytes or SuperAntiSpyware) and update and run it once a week.

Microsoft Security Essentials together with Windows Firewall (which comes with Windows) is probably a good choice for the run of the mill user. This because it is light on resources, it is unobtrusive (it works away in the background without interrupting) and you don't have to be an expert. Firewalls have a habit of flagging suspicious files and asking the user to decide whether to accept the file or not. Often the run of the mill user has no idea about what a particular file does and just says no to everything... down the track they wonder why programs they use regularly suddenly stop working or maybe they try and download something they frequently downloaded in the past but now find they can't.

Here are three good free for personal use antivirus :

Avast
Microsoft Security Essentials
AVIRA Note: AVIRA free comes with adware that promotes their paid for version each time it updates. A small price to pay for an excellant anti-virus program

Here are two good firewalls free for personal use:

Note: Do not use more than one anti-virus or firewall. Running two or more real-time anti-virus, anti-spyware and firewall monitors at the same time can cause a conflict. That conflict can result in slow computer performance, error messages, crashes of the programs or other types of failure. You will very likely end up with little or no protection.

#12
emeraldnzl

Posted 14 September 2012 - 07:38 PM

GeekU Instructor

GeekU Moderator
20,051 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.