Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

win32: malware-gen / alureon-B / Crypt-JKZ Trojan [Solved]

Started by blah12 , Sep 25 2012 06:38 PM

  • This topic is locked This topic is locked

#1
blah12
Posted 25 September 2012 - 06:38 PM

blah12

    Member

  • Member
  • PipPip
  • 32 posts
Avast detected the following:

win32: Malware-gen
MBR: Alureon-B [rtk]
Win32: Alureon-MJ@mbr [rtk]
Win64: Alureon-B@mbr [rtk]
win32: Malware-gen
win32: Malware-gen
win32: Crypt-JKZ [trj]

Also aswMBR detected:

aswMBR:

21:24:57.890 File: C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1\A0000215.exe **INFECTED** Win32:Hrupka-D [Cryp]

The symptoms include that Malwarebytes would not run properly; becoming completely unresponsive after clicking to scan.

I followed the directions, and ran the programs to fix here:
http://www.geekstogo...t-run-tutorial/

After running these programs a change was made to my boot up processes. Rendering the feature, included the Dell Inspiron e1505, of reinstalling windows from the hard drive partition, completely dysfunctional. I suspect it was aswMBR, and running "fix the MBR." Afterwards a change was made to the boot up processes. Originally the computer would boot one DOS screen, and then another, and then start loading windows. After running the fixes for Malwarebytes the second DOS boot up was replaced by a different DOS boot up screen. Where "ctrl" f11 did not work. I later, and in a panic, attempted a windows system restore due to internet connectivity issues. After performing the restore the second DOS screen at boot up was gone altogether making "ctrl" f11 completely dysfunctional.

The mouse pointer when moving "teleports on the screen," and the audio of the machine cackles and stutters when playing any sounds. It's as if there is a "tick" in the system process. Also playing video there is a predictable "tick" in the media.

I was advised to download and run TDSSKiller. As such I have and it placed the aforementioned threats into a quarantined folder.

Also I am not sure if it is malware related, but I am having abnormal internet connections issues which have a tendency to come and go. Where the connection will load a page in my browser saying "timed out/unable to connect." Or loading pages in HTML with dysfunction links. It will persist, and then go away after sometime. Both IE8 and Firefox are effected when this occurs.

Altogether the symptoms are not to atrocious, but the audio stutter is horrendous.





OTL:

OTL logfile created on: 9/25/2012 8:07:28 AM - Run 3
OTL by OldTimer - Version 3.2.68.0 Folder = C:\Documents and Settings\Chris\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.37 Mb Total Physical Memory | 162.42 Mb Available Physical Memory | 15.89% Memory free
2.40 Gb Paging File | 1.70 Gb Available in Paging File | 70.88% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 86.58 Gb Total Space | 67.18 Gb Free Space | 77.59% Space Free | Partition Type: NTFS

Computer Name: DDXXQ1B1 | User Name: Chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Chris\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Documents and Settings\Chris\Local Settings\Temp\clclean.0001 (Macrovision Europe Ltd.)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Documents and Settings\Chris\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
PRC - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\ico.exe (Primax Electronics Ltd.)
PRC - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe (Creative Labs)
PRC - C:\Program Files\SetPoint\SetPoint.exe (Logitech Inc.)
PRC - C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
PRC - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)
PRC - C:\Program Files\Creative\VoiceCenter\AndreaVC.exe (Andrea Electronics Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (Intel® Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe (Intel Corporation)
PRC - C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE (Logitech Inc.)
PRC - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe (ATI Technologies Inc.)
PRC - C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe (Creative Technology Ltd)
PRC - C:\Program Files\NetWaiting\netwaiting.exe ()


========== Modules (No Company Name) ==========

MOD - C:\Program Files\AVAST Software\Avast\defs\12092501\algo.dll ()
MOD - C:\Program Files\AVAST Software\Avast\defs\12092500\algo.dll ()
MOD - C:\Documents and Settings\Chris\Local Settings\Temp\clclean.0001.dir.0000\~df394b.tmp ()
MOD - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\WINDOWS\system32\quartz.dll ()
MOD - C:\WINDOWS\system32\sbe.dll ()
MOD - C:\WINDOWS\system32\qcap.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\system32\devenum.dll ()
MOD - C:\Program Files\Dell\QuickSet\dadkeyb.dll ()
MOD - C:\WINDOWS\system32\CTMBHA.DLL ()
MOD - C:\Program Files\Intel\Wireless\Bin\Libeay32.dll ()
MOD - C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll ()
MOD - C:\Program Files\Intel\Wireless\Bin\IntStngs.dll ()
MOD - C:\Program Files\Intel\Wireless\Bin\acAuth.dll ()
MOD - c:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll ()
MOD - c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll ()
MOD - c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll ()
MOD - c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll ()
MOD - c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll ()
MOD - c:\windows\assembly\gac\system.management\1.0.5000.0__b03f5f7f11d50a3a\system.management.dll ()
MOD - c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll ()
MOD - c:\windows\assembly\gac\accessibility\1.0.5000.0__b03f5f7f11d50a3a\accessibility.dll ()
MOD - C:\Program Files\NetWaiting\netwaiting.exe ()
MOD - C:\Program Files\Creative\VoiceCenter\AEWave.ax ()


========== Services (SafeList) ==========

SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (sprtsvc_DellSupportCenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (Creative Labs Licensing Service) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe (Creative Labs)
SRV - (NICCONFIGSVC) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)
SRV - (WLANKEEPER) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (Intel® Corporation)


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (wanatw) -- system32\DRIVERS\wanatw4.sys File not found
DRV - (UIUSys) -- system32\DRIVERS\UIUSYS.SYS File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (Changer) -- File not found
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)
DRV - (AswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC)
DRV - (rimsptsk) -- C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC)
DRV - (rismxdp) -- C:\WINDOWS\system32\drivers\rixdptsk.sys (REDC)
DRV - (NWADI) -- C:\WINDOWS\system32\drivers\NWADIenum.sys (Novatel Wireless Inc)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (monfilt) -- C:\WINDOWS\system32\drivers\monfilt.sys (Creative Technology Ltd.)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (LHidKe) -- C:\WINDOWS\system32\drivers\LHidKE.Sys (Logitech, Inc.)
DRV - (LMouKE) -- C:\WINDOWS\system32\drivers\LMouKE.Sys (Logitech, Inc.)
DRV - (LHidUsbK) -- C:\WINDOWS\system32\drivers\LHidUsbK.sys (Logitech, Inc.)
DRV - (w39n51) -- C:\WINDOWS\system32\drivers\w39n51.sys (Intel® Corporation)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (APPDRV) -- C:\WINDOWS\system32\drivers\APPDRV.SYS (Dell Inc)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (CTUSFSYN) -- C:\WINDOWS\system32\drivers\ctusfsyn.sys (Creative Technology Ltd.)
DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (omci) -- C:\WINDOWS\system32\drivers\omci.sys (Dell Inc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/09/21 14:36:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/23 09:31:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/09/23 09:32:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Chris\Application Data\Mozilla\Extensions
[2012/09/24 10:22:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\48ae0os3.default\extensions
[2012/09/23 09:31:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/09/05 21:27:05 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/09/05 21:26:22 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/09/05 21:26:22 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/09/23 00:38:06 | 000,000,021 | RHS- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BuildBU] c:\dell\bldbubg.exe ()
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [MBMon] C:\WINDOWS\System32\CTMBHA.DLL ()
O4 - HKLM..\Run: [PMX Daemon] C:\WINDOWS\System32\ico.exe (Primax Electronics Ltd.)
O4 - HKLM..\Run: [VoiceCenter] C:\Program Files\Creative\VoiceCenter\AndreaVC.exe (Andrea Electronics Corporation)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Documents and Settings\Chris\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netwaiting.exe ()
O4 - HKCU..\Run: [SetDefaultMIDI] C:\WINDOWS\MIDIDEF.EXE (Creative Technology Ltd)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SetPoint.lnk = C:\Program Files\SetPoint\SetPoint.exe (Logitech Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate...b?1348398193203 (WUWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{03C02C4E-EFB1-445B-8BBE-D35D513ECBB1}: DhcpNameServer = 209.18.47.61 209.18.47.62
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Chris\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Chris\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 05:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/25 03:22:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Desktop\New Folder (4)
[2012/09/24 02:21:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\iolo
[2012/09/24 02:21:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\iolo
[2012/09/24 02:02:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Local Settings\Application Data\SupportSoft
[2012/09/24 02:01:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2012/09/24 02:01:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Dell Support Center
[2012/09/24 02:01:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PCDr
[2012/09/24 02:01:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC-Doctor
[2012/09/24 02:00:44 | 000,000,000 | ---D | C] -- C:\Program Files\Dell Support Center
[2012/09/24 02:00:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\supportsoft
[2012/09/24 02:00:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Dell
[2012/09/24 01:56:42 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2012/09/24 01:53:25 | 000,000,000 | ---D | C] -- C:\Program Files\Digital Line Detect
[2012/09/24 01:46:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Dell Wireless
[2012/09/24 01:46:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Zeepe Framework 7
[2012/09/24 01:46:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Novatel Wireless
[2012/09/24 01:28:33 | 000,262,144 | ---- | C] (Primax Electronics Ltd.) -- C:\WINDOWS\System32\pmxutil.dll
[2012/09/24 01:28:33 | 000,131,072 | ---- | C] (Primax Electronics Ltd.) -- C:\WINDOWS\System32\pmxscrll.dll
[2012/09/24 01:28:33 | 000,126,976 | ---- | C] (Primax Electronics Ltd.) -- C:\WINDOWS\System32\pmxmiced.exe
[2012/09/24 01:28:33 | 000,065,536 | ---- | C] (Primax Electronics Ltd.) -- C:\WINDOWS\System32\pmxhooks.dll
[2012/09/24 01:28:32 | 002,277,376 | ---- | C] (Primax Electronics Ltd.) -- C:\WINDOWS\System32\DellPM.exe
[2012/09/24 01:28:32 | 000,143,360 | ---- | C] (Primax Electronics Ltd.) -- C:\WINDOWS\System32\ApSwitch.exe
[2012/09/24 01:28:32 | 000,094,208 | ---- | C] (Primax Electronics Ltd.) -- C:\WINDOWS\System32\Pelzoom.dll
[2012/09/24 01:28:32 | 000,049,152 | ---- | C] (Primax Electronics Ltd.) -- C:\WINDOWS\System32\pmxcomm.dll
[2012/09/24 01:28:32 | 000,049,152 | ---- | C] (Primax Electronics Ltd.) -- C:\WINDOWS\System32\iconspy.exe
[2012/09/24 01:28:32 | 000,049,152 | ---- | C] (Primax Electronics Ltd.) -- C:\WINDOWS\System32\ico.exe
[2012/09/24 01:28:32 | 000,040,960 | ---- | C] (Primax Electronics Ltd.) -- C:\WINDOWS\System32\LaunHelp.exe
[2012/09/24 01:28:32 | 000,028,672 | ---- | C] (Primax Electronics Ltd.) -- C:\WINDOWS\System32\UnInst.exe
[2012/09/24 01:28:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Mouse Suite
[2012/09/24 01:28:31 | 001,443,464 | R--- | C] (Macromedia, Inc.) -- C:\WINDOWS\System32\Flash8a.ocx
[2012/09/24 01:28:31 | 001,443,464 | R--- | C] (Macromedia, Inc.) -- C:\WINDOWS\Flash8a.ocx
[2012/09/24 01:27:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\Logitech
[2012/09/24 01:25:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SetPoint
[2012/09/24 01:25:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Logitech
[2012/09/24 01:25:15 | 000,000,000 | ---D | C] -- C:\Program Files\SetPoint
[2012/09/24 01:19:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Broadcom
[2012/09/24 01:16:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2012/09/24 00:56:18 | 000,000,000 | ---D | C] -- C:\temp
[2012/09/23 10:06:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Desktop\dell updates
[2012/09/23 09:56:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Local Settings\Application Data\Akamai
[2012/09/23 09:53:09 | 010,965,664 | ---- | C] (Akamai Technologies, Inc.) -- C:\Documents and Settings\Chris\Desktop\Dell_Download_Manager_Setup.exe
[2012/09/23 09:31:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\Mozilla
[2012/09/23 09:31:49 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/09/23 09:31:44 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/09/23 08:59:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Local Settings\Application Data\PCHealth
[2012/09/23 08:05:47 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2012/09/23 07:56:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2012/09/23 07:08:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2012/09/23 07:08:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2012/09/23 07:04:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2012/09/23 07:03:02 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Chris\IECompatCache
[2012/09/23 07:02:46 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Chris\PrivacIE
[2012/09/23 06:58:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2012/09/23 06:35:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2012/09/23 06:35:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2012/09/23 06:35:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2012/09/23 06:35:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2012/09/23 06:30:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2012/09/23 06:25:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2012/09/23 06:18:49 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2012/09/23 05:56:09 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Chris\IETldCache
[2012/09/23 05:49:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2012/09/23 05:47:41 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2012/09/23 05:47:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2012/09/23 00:46:19 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/09/23 00:45:15 | 002,322,184 | ---- | C] (ESET) -- C:\Documents and Settings\Chris\Desktop\esetsmartinstaller_enu.exe
[2012/09/23 00:42:15 | 000,307,789 | ---- | C] (Farbar) -- C:\Documents and Settings\Chris\Desktop\ListParts.exe
[2012/09/22 03:27:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Desktop\RK_Quarantine
[2012/09/21 14:36:51 | 000,355,632 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012/09/21 14:36:51 | 000,021,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012/09/21 14:36:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2012/09/21 14:36:49 | 000,054,232 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012/09/21 14:36:49 | 000,035,928 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012/09/21 14:36:48 | 000,729,752 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012/09/21 14:36:46 | 000,097,608 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012/09/21 14:36:46 | 000,089,624 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012/09/21 14:36:46 | 000,025,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012/09/21 14:36:23 | 000,041,224 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012/09/21 14:36:22 | 000,227,648 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2012/09/21 14:24:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/09/21 14:24:48 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/09/21 14:23:45 | 010,524,080 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Chris\Desktop\mbam-setup-1.65.0.1400.exe
[2012/09/21 14:14:38 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/09/21 14:04:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2012/09/21 08:59:10 | 000,204,496 | ---- | C] (Malwarebytes) -- C:\Documents and Settings\Chris\Desktop\startuplite-setup-1.07.exe
[2012/09/19 11:31:10 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Chris\Desktop\OTL.exe
[2012/09/18 19:31:41 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/09/18 19:27:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Desktop\New Folder (3)
[2012/09/18 19:26:53 | 000,693,235 | ---- | C] (Farbar) -- C:\Documents and Settings\Chris\Desktop\FSS.exe
[2012/09/18 19:24:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Desktop\9-18-2012
[2012/09/18 19:23:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2012/09/18 19:07:25 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Chris\Desktop\erunt-setup.exe
[2012/09/18 16:22:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\My Documents\My eBooks
[2012/09/18 02:19:02 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/09/17 22:23:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\UserData
[2012/09/17 19:19:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Desktop\New Folder (2)
[2012/09/17 15:44:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012/09/17 15:38:09 | 000,000,000 | ---D | C] -- C:\cmdcons
[2012/09/17 15:36:37 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/09/17 15:36:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2012/09/17 15:12:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Desktop\9-17-2012
[2012/09/17 15:11:38 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2012/09/17 15:08:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Desktop\New Folder
[2012/09/17 11:06:57 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Chris\My Documents\My Videos
[2012/09/16 12:12:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2012/09/14 02:52:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Local Settings\Application Data\Adobe
[2012/09/14 02:52:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\Adobe
[2012/09/14 02:52:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012/09/13 19:52:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\Malwarebytes
[2012/09/13 19:52:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/09/13 19:52:13 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/09/13 14:02:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Intel
[2012/09/13 14:02:04 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Chris\Application Data\Gtek
[2012/09/13 14:02:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\Macromedia
[2012/09/13 14:02:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\Intel
[2012/09/13 14:02:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\Identities
[2012/09/13 14:02:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\Corel
[2012/09/13 14:02:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\ATI
[2012/09/13 14:02:02 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Chris\Application Data\Microsoft
[2012/09/13 14:02:01 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Chris\Application Data
[2012/09/13 14:02:01 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Chris\Favorites
[2012/09/13 14:02:01 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Chris\Cookies
[2012/09/13 14:02:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\Sun
[2012/09/13 14:02:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Local Settings\Application Data\Musicmatch
[2012/09/13 14:02:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Local Settings\Application Data\Microsoft
[2012/09/13 14:02:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Desktop
[2012/09/13 14:02:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Local Settings\Application Data\BVRP Software
[2012/09/13 14:02:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Local Settings\Application Data\ATI
[2012/09/13 14:02:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Local Settings\Application Data\ApplicationHistory
[2012/09/13 14:02:00 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Chris\SendTo
[2012/09/13 14:02:00 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Chris\Recent
[2012/09/13 14:02:00 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Chris\Start Menu\Programs\Startup
[2012/09/13 14:02:00 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Chris\Start Menu
[2012/09/13 14:02:00 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Chris\My Documents\My Pictures
[2012/09/13 14:02:00 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Chris\My Documents\My Music
[2012/09/13 14:02:00 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Chris\My Documents
[2012/09/13 14:02:00 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Chris\Start Menu\Programs\Accessories
[2012/09/13 14:02:00 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Chris\Templates
[2012/09/13 14:02:00 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Chris\PrintHood
[2012/09/13 14:02:00 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Chris\NetHood
[2012/09/13 14:02:00 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Chris\Local Settings
[2012/09/13 14:02:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\My Documents\VoiceCenter
[2012/09/13 14:02:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Start Menu\Programs\Dell Accessories
[2012/09/13 14:02:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Start Menu\Programs\Dell
[2012/09/13 14:02:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142030}
[2012/09/13 13:33:40 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/09/13 13:33:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/09/13 13:25:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\My Documents\Downloads
[2012/09/13 13:20:01 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2012/09/13 13:11:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Local Settings\Application Data\Mozilla
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/09/25 08:06:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chris\Desktop\OTL.exe
[2012/09/25 02:58:54 | 000,000,314 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012/09/25 02:58:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/09/25 02:58:21 | 1072,103,424 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/24 02:21:56 | 000,074,703 | ---- | M] () -- C:\WINDOWS\System32\mfc45.dll
[2012/09/24 02:20:00 | 000,002,487 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Dell Support Center.lnk
[2012/09/24 01:58:55 | 000,000,424 | RH-- | M] () -- C:\WINDOWS\ctfile.rfc
[2012/09/24 01:53:25 | 000,000,493 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
[2012/09/24 01:47:58 | 000,382,260 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/09/24 01:47:58 | 000,053,838 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/09/24 01:25:31 | 000,001,383 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SetPoint.lnk
[2012/09/24 01:20:58 | 000,022,729 | ---- | M] () -- C:\newkey
[2012/09/24 01:20:58 | 000,022,729 | ---- | M] () -- C:\newfile.enc
[2012/09/23 09:53:30 | 010,965,664 | ---- | M] (Akamai Technologies, Inc.) -- C:\Documents and Settings\Chris\Desktop\Dell_Download_Manager_Setup.exe
[2012/09/23 09:31:51 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/09/23 09:31:51 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/09/23 09:26:20 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/09/23 09:12:50 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/09/23 08:54:26 | 000,235,168 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/09/23 07:02:13 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2012/09/23 06:38:57 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Chris\Application Data\wklnhst.dat
[2012/09/23 06:24:24 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2012/09/23 05:56:34 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/09/23 00:45:39 | 002,322,184 | ---- | M] (ESET) -- C:\Documents and Settings\Chris\Desktop\esetsmartinstaller_enu.exe
[2012/09/23 00:42:16 | 000,307,789 | ---- | M] (Farbar) -- C:\Documents and Settings\Chris\Desktop\ListParts.exe
[2012/09/23 00:38:18 | 000,004,254 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\all
[2012/09/23 00:38:06 | 000,000,021 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012/09/22 03:26:26 | 001,388,032 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\RogueKiller.exe
[2012/09/21 14:36:51 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2012/09/21 14:36:47 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/09/21 14:35:14 | 093,654,616 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\avast_free_antivirus_setup.exe
[2012/09/21 14:24:50 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/21 14:24:04 | 010,524,080 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Chris\Desktop\mbam-setup-1.65.0.1400.exe
[2012/09/21 08:59:10 | 000,204,496 | ---- | M] (Malwarebytes) -- C:\Documents and Settings\Chris\Desktop\startuplite-setup-1.07.exe
[2012/09/20 23:19:17 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/09/20 23:19:17 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\Windows Media Player.lnk
[2012/09/20 23:17:25 | 009,781,284 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\01 My Cure (Rough Mix).mp3
[2012/09/18 19:26:54 | 000,693,235 | ---- | M] (Farbar) -- C:\Documents and Settings\Chris\Desktop\FSS.exe
[2012/09/18 19:23:56 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\NTREGOPT.lnk
[2012/09/18 19:23:56 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\ERUNT.lnk
[2012/09/18 19:07:26 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Chris\Desktop\erunt-setup.exe
[2012/09/18 00:57:52 | 001,310,720 | -H-- | M] () -- C:\Documents and Settings\Chris\NTUSER.bak
[2012/09/17 23:10:58 | 000,058,493 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\483280_4692075105148_390495594_n.jpg
[2012/09/14 02:50:27 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2012/09/14 00:51:42 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2012/09/14 00:51:42 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2012/09/13 20:04:12 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\housecall.guid.cache
[2012/09/13 14:48:53 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\Avast Results.bmp
[2012/09/13 14:02:46 | 000,000,128 | ---- | M] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\fusioncache.dat
[2012/09/13 14:02:26 | 000,001,478 | ---- | M] () -- C:\Documents and Settings\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Media Center.lnk
[2012/09/13 14:01:11 | 000,000,448 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2012/09/13 14:01:06 | 000,000,209 | RHS- | M] () -- C:\boot.ini
[2012/09/13 14:01:06 | 000,000,209 | ---- | M] () -- C:\Boot.bak
[2012/09/13 13:59:22 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2012/09/13 13:18:53 | 000,000,002 | ---- | M] () -- C:\WINDOWS\msoffice.ini
[2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/09/24 02:21:56 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2012/09/24 02:01:55 | 000,002,487 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Dell Support Center.lnk
[2012/09/24 01:58:54 | 000,000,059 | ---- | C] () -- C:\WINDOWS\System32\default4.sfm
[2012/09/24 01:58:53 | 004,174,814 | ---- | C] () -- C:\WINDOWS\System32\ct4mgm.sf2
[2012/09/24 01:28:32 | 000,303,104 | ---- | C] () -- C:\WINDOWS\System32\FontZoom.exe
[2012/09/24 01:28:32 | 000,131,058 | ---- | C] () -- C:\WINDOWS\System32\DellPM.ini
[2012/09/24 01:25:31 | 000,001,383 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SetPoint.lnk
[2012/09/24 01:20:58 | 000,022,729 | ---- | C] () -- C:\newkey
[2012/09/24 01:20:58 | 000,022,729 | ---- | C] () -- C:\newfile.enc
[2012/09/24 00:58:51 | 000,397,312 | ---- | C] () -- C:\WINDOWS\System32\drivers\ETNADiag.exe
[2012/09/23 09:31:51 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/09/23 09:31:51 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2012/09/23 09:31:51 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/09/23 07:31:25 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/09/23 07:31:25 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2012/09/23 06:38:57 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Chris\Application Data\wklnhst.dat
[2012/09/23 06:25:10 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2012/09/23 06:25:09 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2012/09/23 06:25:05 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2012/09/23 00:38:18 | 000,004,254 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\all
[2012/09/22 03:26:23 | 001,388,032 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\RogueKiller.exe
[2012/09/21 14:36:51 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2012/09/21 14:36:47 | 000,000,314 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012/09/21 14:31:31 | 093,654,616 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\avast_free_antivirus_setup.exe
[2012/09/21 14:24:50 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/20 23:19:17 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/09/20 23:16:32 | 009,781,284 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\01 My Cure (Rough Mix).mp3
[2012/09/18 19:23:56 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\NTREGOPT.lnk
[2012/09/18 19:23:56 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\ERUNT.lnk
[2012/09/18 02:26:45 | 1072,103,424 | -HS- | C] () -- C:\hiberfil.sys
[2012/09/17 23:10:57 | 000,058,493 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\483280_4692075105148_390495594_n.jpg
[2012/09/17 15:38:12 | 000,000,209 | ---- | C] () -- C:\Boot.bak
[2012/09/17 15:38:10 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/09/14 02:50:27 | 000,004,128 | ---- | C] () -- C:\INFCACHE.1
[2012/09/14 00:51:42 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2012/09/14 00:51:42 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2012/09/13 20:04:12 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\housecall.guid.cache
[2012/09/13 14:48:52 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\Avast Results.bmp
[2012/09/13 14:02:28 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\Windows Media Player.lnk
[2012/09/13 14:02:08 | 000,001,824 | ---- | C] () -- C:\Documents and Settings\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Corel Paint Shop Pro X.lnk
[2012/09/13 14:02:08 | 000,001,769 | ---- | C] () -- C:\Documents and Settings\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Musicmatch Jukebox.lnk
[2012/09/13 14:02:08 | 000,001,478 | ---- | C] () -- C:\Documents and Settings\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Media Center.lnk
[2012/09/13 14:02:08 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/09/13 14:02:08 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk
[2012/09/13 14:02:07 | 000,001,298 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\Media Center.lnk
[2012/09/13 14:02:07 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2012/09/13 14:02:06 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\fusioncache.dat
[2012/09/13 14:02:05 | 000,001,503 | ---- | C] () -- C:\Documents and Settings\Chris\Start Menu\Programs\Remote Assistance.lnk
[2012/09/13 14:02:05 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Chris\Start Menu\Programs\Internet Explorer.lnk
[2012/09/13 14:02:05 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Chris\Start Menu\Programs\Windows Media Player.lnk
[2012/09/13 14:02:05 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\Chris\Start Menu\Programs\Outlook Express.lnk
[2012/09/13 14:01:59 | 001,310,720 | -H-- | C] () -- C:\Documents and Settings\Chris\NTUSER.bak
[2012/09/13 13:59:22 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2012/09/13 13:18:53 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/05/24 10:50:06 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare

========== ZeroAccess Check ==========

[2012/09/21 14:19:07 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 05:42:06 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 05:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/09/21 14:36:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2005/08/16 21:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream
[2012/09/24 02:21:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2012/09/24 01:46:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Novatel Wireless
[2012/09/24 02:01:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC-Doctor
[2012/09/24 02:01:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCDr
[2012/09/24 02:01:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2012/09/24 02:21:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\iolo

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#2
Gammo
Posted 29 September 2012 - 04:39 AM

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Hello and welcome to Geekstogo!

We apologize for the delay in responding to your request for help.
If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

If you haven't done so yet, please go to Malware and Spyware Cleaning Guide and follow the steps instructed there. If you have already done this, we still need a new log to see what has changed since you originally posted your problem.

We need to create an OTL Report
Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Check the box that says Scan All Users.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.
  • Note: the Extras.txt file only gets created on OTL's first run.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.
  • 0

#3
blah12
Posted 29 September 2012 - 01:11 PM

blah12

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Hi Gammo, and thanks for replying.

To describe the problem with the computer isn't so easy. It appears as if there is something wrong with the processing, as there is a predictable "tick" in the processes. When watching video, or moving the mouse pointer across the screen you can see it freeze for a split second. This is a huge problem because it also effects the audio, and the audio stutters, and cackles severally when playing music or listening to any audio.

I've had the problem long ago on this computer, but did a system restore, or reinstalled windows and it fixed the problem.

Recently when it resurfaced system restore, and reinstalling windows did not solve the problem.

Malwarebytes detected 2 rootkits. I used the program to remove them, and have performed no other fixes.

After running aswMBR I lost the ability to reinstall windows from the hard drive partition. I am really concerned about this because it is the only copy of windows xp that came with the computer.

Here is a list of some fixes that I went through with another member prior to this post:

http://www.geekstogo...32hrupka-d-and/

I just want the audio to work properly, and the windows reinstall if it's possible. I want to replace this computer ASAP, but the audio is a huge problem, and I don't know, but i don't think it's the soundcard. I think it's software because it has done this before.

OTL didn't create an extras txt :unsure:

The most recent OTL.txt

OTL logfile created on: 9/29/2012 2:27:04 PM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Chris\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.37 Mb Total Physical Memory | 243.51 Mb Available Physical Memory | 23.82% Memory free
2.40 Gb Paging File | 1.74 Gb Available in Paging File | 72.33% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 86.58 Gb Total Space | 64.93 Gb Free Space | 74.99% Space Free | Partition Type: NTFS

Computer Name: DDXXQ1B1 | User Name: Chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Chris\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Documents and Settings\Chris\Local Settings\Temp\clclean.0001 (Macrovision Europe Ltd.)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Documents and Settings\Chris\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
PRC - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\ico.exe (Primax Electronics Ltd.)
PRC - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe (Creative Labs)
PRC - C:\Program Files\SetPoint\SetPoint.exe (Logitech Inc.)
PRC - C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
PRC - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)
PRC - C:\Program Files\Creative\VoiceCenter\AndreaVC.exe (Andrea Electronics Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (Intel® Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe (Intel Corporation)
PRC - C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE (Logitech Inc.)
PRC - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe (ATI Technologies Inc.)
PRC - C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe (Creative Technology Ltd)
PRC - C:\Program Files\NetWaiting\netwaiting.exe ()


========== Modules (No Company Name) ==========

MOD - C:\Documents and Settings\Chris\Local Settings\Temp\clclean.0001.dir.0000\~df394b.tmp ()
MOD - C:\Program Files\AVAST Software\Avast\defs\12092900\algo.dll ()
MOD - C:\Program Files\AVAST Software\Avast\defs\12092801\algo.dll ()
MOD - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\WINDOWS\system32\quartz.dll ()
MOD - C:\WINDOWS\system32\sbe.dll ()
MOD - C:\WINDOWS\system32\qcap.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\system32\devenum.dll ()
MOD - C:\Program Files\Dell\QuickSet\dadkeyb.dll ()
MOD - C:\WINDOWS\system32\CTMBHA.DLL ()
MOD - C:\Program Files\Intel\Wireless\Bin\Libeay32.dll ()
MOD - C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll ()
MOD - C:\Program Files\Intel\Wireless\Bin\IntStngs.dll ()
MOD - C:\Program Files\Intel\Wireless\Bin\acAuth.dll ()
MOD - c:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll ()
MOD - c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll ()
MOD - c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll ()
MOD - c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll ()
MOD - c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll ()
MOD - c:\windows\assembly\gac\system.management\1.0.5000.0__b03f5f7f11d50a3a\system.management.dll ()
MOD - c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll ()
MOD - c:\windows\assembly\gac\accessibility\1.0.5000.0__b03f5f7f11d50a3a\accessibility.dll ()
MOD - C:\Program Files\NetWaiting\netwaiting.exe ()
MOD - C:\Program Files\Creative\VoiceCenter\AEWave.ax ()


========== Services (SafeList) ==========

SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (sprtsvc_DellSupportCenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (Creative Labs Licensing Service) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe (Creative Labs)
SRV - (NICCONFIGSVC) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)
SRV - (WLANKEEPER) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (Intel® Corporation)


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (wanatw) -- system32\DRIVERS\wanatw4.sys File not found
DRV - (UIUSys) -- system32\DRIVERS\UIUSYS.SYS File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (Changer) -- File not found
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)
DRV - (AswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC)
DRV - (rimsptsk) -- C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC)
DRV - (rismxdp) -- C:\WINDOWS\system32\drivers\rixdptsk.sys (REDC)
DRV - (NWADI) -- C:\WINDOWS\system32\drivers\NWADIenum.sys (Novatel Wireless Inc)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (monfilt) -- C:\WINDOWS\system32\drivers\monfilt.sys (Creative Technology Ltd.)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (LHidKe) -- C:\WINDOWS\system32\drivers\LHidKE.Sys (Logitech, Inc.)
DRV - (LMouKE) -- C:\WINDOWS\system32\drivers\LMouKE.Sys (Logitech, Inc.)
DRV - (LHidUsbK) -- C:\WINDOWS\system32\drivers\LHidUsbK.sys (Logitech, Inc.)
DRV - (w39n51) -- C:\WINDOWS\system32\drivers\w39n51.sys (Intel® Corporation)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (APPDRV) -- C:\WINDOWS\system32\drivers\APPDRV.SYS (Dell Inc)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (CTUSFSYN) -- C:\WINDOWS\system32\drivers\ctusfsyn.sys (Creative Technology Ltd.)
DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (omci) -- C:\WINDOWS\system32\drivers\omci.sys (Dell Inc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1089046729-4143719759-2789621759-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
IE - HKU\S-1-5-21-1089046729-4143719759-2789621759-1005\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1089046729-4143719759-2789621759-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-1089046729-4143719759-2789621759-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1089046729-4143719759-2789621759-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/09/21 14:36:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/23 09:31:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/09/23 09:32:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Chris\Application Data\Mozilla\Extensions
[2012/09/24 10:22:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\48ae0os3.default\extensions
[2012/09/23 09:31:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/09/05 21:27:05 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/09/05 21:26:22 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/09/05 21:26:22 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/09/23 00:38:06 | 000,000,021 | RHS- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BuildBU] c:\dell\bldbubg.exe ()
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [MBMon] C:\WINDOWS\System32\CTMBHA.DLL ()
O4 - HKLM..\Run: [PMX Daemon] C:\WINDOWS\System32\ico.exe (Primax Electronics Ltd.)
O4 - HKLM..\Run: [VoiceCenter] C:\Program Files\Creative\VoiceCenter\AndreaVC.exe (Andrea Electronics Corporation)
O4 - HKU\S-1-5-21-1089046729-4143719759-2789621759-1005..\Run: [Akamai NetSession Interface] C:\Documents and Settings\Chris\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-1089046729-4143719759-2789621759-1005..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-21-1089046729-4143719759-2789621759-1005..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netwaiting.exe ()
O4 - HKU\S-1-5-21-1089046729-4143719759-2789621759-1005..\Run: [SetDefaultMIDI] C:\WINDOWS\MIDIDEF.EXE (Creative Technology Ltd)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SetPoint.lnk = C:\Program Files\SetPoint\SetPoint.exe (Logitech Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1089046729-4143719759-2789621759-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate...b?1348398193203 (WUWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{03C02C4E-EFB1-445B-8BBE-D35D513ECBB1}: DhcpNameServer = 209.18.47.61 209.18.47.62
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Chris\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Chris\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 05:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/29 14:26:00 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Chris\Desktop\OTL.exe
[2012/09/28 22:51:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Desktop\Musical Prostitution WAV
[2012/09/28 22:50:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\My Documents\Daniusoft MP3 WAV Converter
[2012/09/28 22:50:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Daniusoft
[2012/09/28 22:50:15 | 000,000,000 | ---D | C] -- C:\Program Files\Daniusoft
[2012/09/28 22:49:49 | 005,009,469 | ---- | C] (Daniusoft Software ) -- C:\Documents and Settings\Chris\Desktop\daniu-mp3-wav-converter.exe
[2012/09/28 22:24:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Desktop\Musical Prostitution MP3
[2012/09/28 22:20:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Desktop\MP3 May 2009
[2012/09/24 02:21:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\iolo
[2012/09/24 02:21:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\iolo
[2012/09/24 02:02:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Local Settings\Application Data\SupportSoft
[2012/09/24 02:01:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2012/09/24 02:01:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Dell Support Center
[2012/09/24 02:01:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PCDr
[2012/09/24 02:01:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC-Doctor
[2012/09/24 02:00:44 | 000,000,000 | ---D | C] -- C:\Program Files\Dell Support Center
[2012/09/24 02:00:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\supportsoft
[2012/09/24 02:00:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Dell
[2012/09/24 01:56:42 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2012/09/24 01:53:25 | 000,000,000 | ---D | C] -- C:\Program Files\Digital Line Detect
[2012/09/24 01:46:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Dell Wireless
[2012/09/24 01:46:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Zeepe Framework 7
[2012/09/24 01:46:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Novatel Wireless
[2012/09/24 01:28:33 | 000,262,144 | ---- | C] (Primax Electronics Ltd.) -- C:\WINDOWS\System32\pmxutil.dll
[2012/09/24 01:28:33 | 000,131,072 | ---- | C] (Primax Electronics Ltd.) -- C:\WINDOWS\System32\pmxscrll.dll
[2012/09/24 01:28:33 | 000,126,976 | ---- | C] (Primax Electronics Ltd.) -- C:\WINDOWS\System32\pmxmiced.exe
[2012/09/24 01:28:33 | 000,065,536 | ---- | C] (Primax Electronics Ltd.) -- C:\WINDOWS\System32\pmxhooks.dll
[2012/09/24 01:28:32 | 002,277,376 | ---- | C] (Primax Electronics Ltd.) -- C:\WINDOWS\System32\DellPM.exe
[2012/09/24 01:28:32 | 000,143,360 | ---- | C] (Primax Electronics Ltd.) -- C:\WINDOWS\System32\ApSwitch.exe
[2012/09/24 01:28:32 | 000,094,208 | ---- | C] (Primax Electronics Ltd.) -- C:\WINDOWS\System32\Pelzoom.dll
[2012/09/24 01:28:32 | 000,049,152 | ---- | C] (Primax Electronics Ltd.) -- C:\WINDOWS\System32\pmxcomm.dll
[2012/09/24 01:28:32 | 000,049,152 | ---- | C] (Primax Electronics Ltd.) -- C:\WINDOWS\System32\iconspy.exe
[2012/09/24 01:28:32 | 000,049,152 | ---- | C] (Primax Electronics Ltd.) -- C:\WINDOWS\System32\ico.exe
[2012/09/24 01:28:32 | 000,040,960 | ---- | C] (Primax Electronics Ltd.) -- C:\WINDOWS\System32\LaunHelp.exe
[2012/09/24 01:28:32 | 000,028,672 | ---- | C] (Primax Electronics Ltd.) -- C:\WINDOWS\System32\UnInst.exe
[2012/09/24 01:28:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Mouse Suite
[2012/09/24 01:28:31 | 001,443,464 | R--- | C] (Macromedia, Inc.) -- C:\WINDOWS\System32\Flash8a.ocx
[2012/09/24 01:28:31 | 001,443,464 | R--- | C] (Macromedia, Inc.) -- C:\WINDOWS\Flash8a.ocx
[2012/09/24 01:27:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\Logitech
[2012/09/24 01:25:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SetPoint
[2012/09/24 01:25:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Logitech
[2012/09/24 01:25:15 | 000,000,000 | ---D | C] -- C:\Program Files\SetPoint
[2012/09/24 01:19:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Broadcom
[2012/09/24 01:16:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2012/09/24 00:56:18 | 000,000,000 | ---D | C] -- C:\temp
[2012/09/23 09:56:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Local Settings\Application Data\Akamai
[2012/09/23 09:31:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\Mozilla
[2012/09/23 09:31:49 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/09/23 09:31:44 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/09/23 08:59:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Local Settings\Application Data\PCHealth
[2012/09/23 08:05:47 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2012/09/23 07:56:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2012/09/23 07:08:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2012/09/23 07:08:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2012/09/23 07:04:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2012/09/23 07:03:02 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Chris\IECompatCache
[2012/09/23 07:02:46 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Chris\PrivacIE
[2012/09/23 06:58:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2012/09/23 06:35:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2012/09/23 06:35:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2012/09/23 06:35:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2012/09/23 06:35:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2012/09/23 06:30:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2012/09/23 06:25:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2012/09/23 06:18:49 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2012/09/23 05:56:09 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Chris\IETldCache
[2012/09/23 05:49:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2012/09/23 05:47:41 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2012/09/23 05:47:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2012/09/23 00:46:19 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/09/21 14:36:51 | 000,355,632 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012/09/21 14:36:51 | 000,021,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012/09/21 14:36:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2012/09/21 14:36:49 | 000,054,232 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012/09/21 14:36:49 | 000,035,928 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012/09/21 14:36:48 | 000,729,752 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012/09/21 14:36:46 | 000,097,608 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012/09/21 14:36:46 | 000,089,624 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012/09/21 14:36:46 | 000,025,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012/09/21 14:36:23 | 000,041,224 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012/09/21 14:36:22 | 000,227,648 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2012/09/21 14:24:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/09/21 14:24:48 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/09/21 14:14:38 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/09/21 14:04:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2012/09/18 19:31:41 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/09/18 19:23:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2012/09/18 16:22:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\My Documents\My eBooks
[2012/09/18 02:19:02 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/09/17 22:23:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\UserData
[2012/09/17 15:44:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012/09/17 15:38:09 | 000,000,000 | ---D | C] -- C:\cmdcons
[2012/09/17 15:36:37 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/09/17 15:36:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2012/09/17 15:11:38 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2012/09/17 11:06:57 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Chris\My Documents\My Videos
[2012/09/16 12:12:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2012/09/14 02:52:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Local Settings\Application Data\Adobe
[2012/09/14 02:52:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\Adobe
[2012/09/14 02:52:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012/09/13 19:52:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\Malwarebytes
[2012/09/13 19:52:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/09/13 19:52:13 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/09/13 14:02:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Intel
[2012/09/13 14:02:04 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Chris\Application Data\Gtek
[2012/09/13 14:02:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\Macromedia
[2012/09/13 14:02:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\Intel
[2012/09/13 14:02:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\Identities
[2012/09/13 14:02:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\Corel
[2012/09/13 14:02:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\ATI
[2012/09/13 14:02:02 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Chris\Application Data\Microsoft
[2012/09/13 14:02:01 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Chris\Application Data
[2012/09/13 14:02:01 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Chris\Favorites
[2012/09/13 14:02:01 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Chris\Cookies
[2012/09/13 14:02:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\Sun
[2012/09/13 14:02:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Local Settings\Application Data\Musicmatch
[2012/09/13 14:02:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Local Settings\Application Data\Microsoft
[2012/09/13 14:02:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Desktop
[2012/09/13 14:02:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Local Settings\Application Data\BVRP Software
[2012/09/13 14:02:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Local Settings\Application Data\ATI
[2012/09/13 14:02:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Local Settings\Application Data\ApplicationHistory
[2012/09/13 14:02:00 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Chris\SendTo
[2012/09/13 14:02:00 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Chris\Recent
[2012/09/13 14:02:00 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Chris\Start Menu\Programs\Startup
[2012/09/13 14:02:00 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Chris\Start Menu
[2012/09/13 14:02:00 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Chris\My Documents\My Pictures
[2012/09/13 14:02:00 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Chris\My Documents\My Music
[2012/09/13 14:02:00 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Chris\My Documents
[2012/09/13 14:02:00 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Chris\Start Menu\Programs\Accessories
[2012/09/13 14:02:00 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Chris\Templates
[2012/09/13 14:02:00 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Chris\PrintHood
[2012/09/13 14:02:00 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Chris\NetHood
[2012/09/13 14:02:00 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Chris\Local Settings
[2012/09/13 14:02:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\My Documents\VoiceCenter
[2012/09/13 14:02:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Start Menu\Programs\Dell Accessories
[2012/09/13 14:02:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Start Menu\Programs\Dell
[2012/09/13 14:02:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142030}
[2012/09/13 13:33:40 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/09/13 13:33:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/09/13 13:25:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\My Documents\Downloads
[2012/09/13 13:20:01 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2012/09/13 13:11:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Local Settings\Application Data\Mozilla
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/09/29 14:36:04 | 000,000,314 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012/09/29 14:26:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chris\Desktop\OTL.exe
[2012/09/29 13:38:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/09/29 13:38:54 | 1072,103,424 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/28 22:51:00 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2012/09/28 22:50:29 | 000,000,952 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\Daniusoft MP3 WAV Converter.lnk
[2012/09/28 21:24:39 | 005,273,025 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\How-to-Write-a-Song-Vol-1.zip
[2012/09/24 02:21:56 | 000,074,703 | ---- | M] () -- C:\WINDOWS\System32\mfc45.dll
[2012/09/24 02:20:00 | 000,002,487 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Dell Support Center.lnk
[2012/09/24 01:58:55 | 000,000,424 | RH-- | M] () -- C:\WINDOWS\ctfile.rfc
[2012/09/24 01:53:25 | 000,000,493 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
[2012/09/24 01:47:58 | 000,382,260 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/09/24 01:47:58 | 000,053,838 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/09/24 01:25:31 | 000,001,383 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SetPoint.lnk
[2012/09/24 01:20:58 | 000,022,729 | ---- | M] () -- C:\newkey
[2012/09/24 01:20:58 | 000,022,729 | ---- | M] () -- C:\newfile.enc
[2012/09/23 09:31:51 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/09/23 09:31:51 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/09/23 09:26:20 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/09/23 09:12:50 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/09/23 08:54:26 | 000,235,168 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/09/23 07:02:13 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2012/09/23 06:38:57 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Chris\Application Data\wklnhst.dat
[2012/09/23 06:24:24 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2012/09/23 05:56:34 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/09/23 05:40:01 | 000,086,062 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\Assignment-of-Copyright.swf
[2012/09/23 00:38:18 | 000,004,254 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\all
[2012/09/23 00:38:06 | 000,000,021 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012/09/21 14:36:51 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2012/09/21 14:36:47 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/09/21 14:35:14 | 093,654,616 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\avast_free_antivirus_setup.exe
[2012/09/21 14:24:50 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/20 23:19:17 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/09/20 23:19:17 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\Windows Media Player.lnk
[2012/09/20 23:17:25 | 009,781,284 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\01 My Cure (Rough Mix).mp3
[2012/09/18 19:23:56 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\NTREGOPT.lnk
[2012/09/18 00:57:52 | 001,310,720 | -H-- | M] () -- C:\Documents and Settings\Chris\NTUSER.bak
[2012/09/14 02:50:27 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2012/09/14 00:51:42 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2012/09/13 20:04:12 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\housecall.guid.cache
[2012/09/13 14:02:46 | 000,000,128 | ---- | M] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\fusioncache.dat
[2012/09/13 14:02:26 | 000,001,478 | ---- | M] () -- C:\Documents and Settings\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Media Center.lnk
[2012/09/13 14:01:11 | 000,000,448 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2012/09/13 14:01:06 | 000,000,209 | RHS- | M] () -- C:\boot.ini
[2012/09/13 14:01:06 | 000,000,209 | ---- | M] () -- C:\Boot.bak
[2012/09/13 13:59:22 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2012/09/13 13:18:53 | 000,000,002 | ---- | M] () -- C:\WINDOWS\msoffice.ini
[2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/09/28 22:50:29 | 000,000,952 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\Daniusoft MP3 WAV Converter.lnk
[2012/09/28 21:24:29 | 005,273,025 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\How-to-Write-a-Song-Vol-1.zip
[2012/09/24 02:21:56 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2012/09/24 02:01:55 | 000,002,487 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Dell Support Center.lnk
[2012/09/24 01:58:54 | 000,000,059 | ---- | C] () -- C:\WINDOWS\System32\default4.sfm
[2012/09/24 01:58:53 | 004,174,814 | ---- | C] () -- C:\WINDOWS\System32\ct4mgm.sf2
[2012/09/24 01:28:32 | 000,303,104 | ---- | C] () -- C:\WINDOWS\System32\FontZoom.exe
[2012/09/24 01:28:32 | 000,131,058 | ---- | C] () -- C:\WINDOWS\System32\DellPM.ini
[2012/09/24 01:25:31 | 000,001,383 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SetPoint.lnk
[2012/09/24 01:20:58 | 000,022,729 | ---- | C] () -- C:\newkey
[2012/09/24 01:20:58 | 000,022,729 | ---- | C] () -- C:\newfile.enc
[2012/09/24 00:58:51 | 000,397,312 | ---- | C] () -- C:\WINDOWS\System32\drivers\ETNADiag.exe
[2012/09/23 09:31:51 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/09/23 09:31:51 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2012/09/23 09:31:51 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/09/23 07:31:25 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/09/23 07:31:25 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2012/09/23 06:38:57 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Chris\Application Data\wklnhst.dat
[2012/09/23 06:25:10 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2012/09/23 06:25:09 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2012/09/23 06:25:05 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2012/09/23 05:40:01 | 000,086,062 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\Assignment-of-Copyright.swf
[2012/09/23 00:38:18 | 000,004,254 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\all
[2012/09/21 14:36:51 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2012/09/21 14:36:47 | 000,000,314 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012/09/21 14:31:31 | 093,654,616 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\avast_free_antivirus_setup.exe
[2012/09/21 14:24:50 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/20 23:19:17 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/09/20 23:16:32 | 009,781,284 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\01 My Cure (Rough Mix).mp3
[2012/09/18 19:23:56 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\NTREGOPT.lnk
[2012/09/18 02:26:45 | 1072,103,424 | -HS- | C] () -- C:\hiberfil.sys
[2012/09/17 15:38:12 | 000,000,209 | ---- | C] () -- C:\Boot.bak
[2012/09/17 15:38:10 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/09/14 02:50:27 | 000,004,128 | ---- | C] () -- C:\INFCACHE.1
[2012/09/14 00:51:42 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2012/09/14 00:51:42 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2012/09/13 20:04:12 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\housecall.guid.cache
[2012/09/13 14:02:28 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\Windows Media Player.lnk
[2012/09/13 14:02:08 | 000,001,824 | ---- | C] () -- C:\Documents and Settings\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Corel Paint Shop Pro X.lnk
[2012/09/13 14:02:08 | 000,001,769 | ---- | C] () -- C:\Documents and Settings\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Musicmatch Jukebox.lnk
[2012/09/13 14:02:08 | 000,001,478 | ---- | C] () -- C:\Documents and Settings\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Media Center.lnk
[2012/09/13 14:02:08 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/09/13 14:02:08 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk
[2012/09/13 14:02:07 | 000,001,298 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\Media Center.lnk
[2012/09/13 14:02:07 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2012/09/13 14:02:06 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\fusioncache.dat
[2012/09/13 14:02:05 | 000,001,503 | ---- | C] () -- C:\Documents and Settings\Chris\Start Menu\Programs\Remote Assistance.lnk
[2012/09/13 14:02:05 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Chris\Start Menu\Programs\Internet Explorer.lnk
[2012/09/13 14:02:05 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Chris\Start Menu\Programs\Windows Media Player.lnk
[2012/09/13 14:02:05 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\Chris\Start Menu\Programs\Outlook Express.lnk
[2012/09/13 14:01:59 | 001,310,720 | -H-- | C] () -- C:\Documents and Settings\Chris\NTUSER.bak
[2012/09/13 13:59:22 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2012/09/13 13:18:53 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/05/24 10:50:06 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare

========== ZeroAccess Check ==========

[2012/09/21 14:19:07 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 05:42:06 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 05:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/09/21 14:36:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2005/08/16 21:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream
[2012/09/24 02:21:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2012/09/24 01:46:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Novatel Wireless
[2012/09/24 02:01:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC-Doctor
[2012/09/24 02:01:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCDr
[2012/09/24 02:01:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2012/09/24 02:21:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\iolo

========== Purity Check ==========



< End of report >

Edited by blah12, 29 September 2012 - 01:15 PM.

  • 0

#4
Gammo
Posted 30 September 2012 - 05:49 AM

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, click the "Update" tab and click the "Check For updates" button.
  • Once the updates were downloaded, click the "Scanner" tab, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.





Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.



Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#5
blah12
Posted 01 October 2012 - 12:19 PM

blah12

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
hey man. i just got a new computer so I'm just gonna let that one bite the dust. thanks for your, and everyone's help though.
  • 0

#6
Gammo
Posted 02 October 2012 - 09:46 AM

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP