also @ TechSpot: Jolla unveils first Sailfish OS smartphone, set to ship this year

TechSpot

TechSpot News Products Downloads Forums

About
Sign in

Welcome to TechSpot

Why should I register?

Sign up for a new account or log in here:

Forgot your password?

Couldn't sign you in, please try again.

Results of testing: locked self-protect mode of Avast Antivirus Pro

Discussion in 'Virus and Malware Removal' started by systemmistress, Aug 27, 2010.

Page 2 of 6

Broni Malware Annihilator Posts: 39,313 +175

Do nothing else, but what I tell you.
Make sure, Windows firewall is ON and you're safe.

Broni, Aug 29, 2010

#21
systemmistress Newcomer, in training Posts: 75

ComboFix 10-08-28.02 - Compaq_Owner 08/29/2010 22:26:44.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.446.220 [GMT -4:00]
Running from: c:\documents and settings\Compaq_Owner\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.0 [VPS 000000-0] *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Filseclab Personal Firewall *disabled* {EB4DA513-3B0A-4FCB-86A7-F1243757EFF2}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Compaq_Owner\GoToAssistDownloadHelper.exe
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2010-07-28 to 2010-08-30 )))))))))))))))))))))))))))))))
.

2010-08-28 04:28 . 2010-08-28 04:28 -------- d-----w- c:\program files\7-Zip
2010-08-27 19:14 . 2010-08-27 19:14 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Malwarebytes
2010-08-27 19:13 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-27 19:13 . 2010-08-27 19:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-27 19:13 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-27 16:24 . 2006-09-02 02:45 222 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\Extended@spanglerco.com\open.cmd
2010-08-27 10:41 . 2010-08-27 10:42 -------- d-----w- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Temp
2010-08-27 10:40 . 2010-08-27 10:42 -------- d-----w- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Google
2010-08-23 19:29 . 2008-04-14 00:12 11325 ----a-w- c:\windows\system32\dllcache\vchnt5.dll
2010-08-22 17:35 . 2010-08-22 17:35 -------- d-----w- c:\program files\MSECache
2010-08-21 08:01 . 2010-08-21 08:01 -------- d-----w- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Help
2010-08-20 18:39 . 2010-08-20 18:39 388096 ------r- c:\documents and settings\Compaq_Owner\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-08-20 18:39 . 2010-08-20 18:39 -------- d-----w- c:\program files\Trend Micro
2010-08-16 17:37 . 2010-08-16 17:37 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\VSRevoGroup
2010-08-16 04:20 . 2010-08-16 04:20 -------- d-----w- c:\program files\Sophos
2010-08-16 02:16 . 2010-08-16 02:17 -------- d-----w- c:\program files\Speccy
2010-08-14 22:28 . 2010-08-14 22:28 -------- d-----w- c:\program files\Common Files\Java
2010-08-14 22:28 . 2010-08-14 22:28 503808 ------w- c:\documents and settings\Compaq_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1a4b79aa-n\msvcp71.dll
2010-08-14 22:28 . 2010-08-14 22:28 499712 ------w- c:\documents and settings\Compaq_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1a4b79aa-n\jmc.dll
2010-08-14 22:28 . 2010-08-14 22:28 348160 ------w- c:\documents and settings\Compaq_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1a4b79aa-n\msvcr71.dll
2010-08-14 22:27 . 2010-08-14 22:27 61440 ------w- c:\documents and settings\Compaq_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-5157a20a-n\decora-sse.dll
2010-08-14 22:27 . 2010-08-14 22:27 12800 ------w- c:\documents and settings\Compaq_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-5157a20a-n\decora-d3d.dll
2010-08-14 21:00 . 2010-08-14 21:00 -------- d-----w- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Chromium
2010-08-14 21:00 . 2010-08-14 21:00 -------- d-----w- c:\program files\SRWare Iron
2010-08-13 17:28 . 2010-08-16 03:54 -------- d-----w- C:\AV-CLS
2010-08-13 00:25 . 2010-08-13 03:48 -------- d-----w- c:\windows\BDOSCAN8
2010-08-10 07:21 . 2010-08-10 07:48 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\DiskSpaceFan
2010-08-10 07:20 . 2010-08-10 07:20 -------- d-----w- c:\program files\DiskSpaceFan
2010-08-10 07:05 . 2010-08-10 07:05 -------- d-----w- c:\program files\ZPaint 1.4
2010-08-07 07:50 . 2010-08-16 03:59 63488 ------w- c:\documents and settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-08-05 20:43 . 2010-08-05 20:43 52224 ------w- c:\documents and settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-30 02:21 . 2009-03-30 11:33 50880 ----a-w- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-30 02:00 . 2009-04-07 14:46 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-08-30 01:42 . 2010-01-28 18:15 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\StumbleUpon
2010-08-30 01:32 . 2010-06-28 21:45 243840 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-08-26 21:40 . 2010-01-16 14:42 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\PeoplePal
2010-08-26 21:22 . 2009-04-20 05:14 -------- d-----w- c:\documents and settings\All Users\Application Data\VistaCodecs
2010-08-25 17:38 . 2010-03-03 04:40 -------- d-----w- c:\program files\Common Files\Filseclab
2010-08-22 17:08 . 2010-02-16 20:16 -------- d-----w- c:\program files\Recuva
2010-08-21 10:01 . 2001-06-27 22:29 1134592 ----a-w- c:\windows\system32\ntbackup.exe
2010-08-20 19:36 . 2009-03-30 12:23 -------- d-----w- c:\program files\Alwil Software
2010-08-17 06:46 . 2009-03-30 15:31 -------- d-----w- c:\program files\VS Revo Group
2010-08-16 03:58 . 2009-04-05 19:18 117760 ------w- c:\documents and settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-08-16 02:13 . 2009-04-01 04:49 -------- d-----w- c:\program files\CCleaner
2010-08-14 22:27 . 2005-05-11 00:28 -------- d-----w- c:\program files\Java
2010-08-05 20:59 . 2009-04-05 19:17 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-07-29 14:13 . 2010-07-29 14:13 -------- d-----w- c:\program files\Citrix
2010-07-27 11:56 . 2009-12-09 21:53 -------- d-----w- c:\program files\HeyDoc
2010-07-17 09:00 . 2010-04-16 22:34 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-30 12:31 . 2004-08-04 11:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22 . 2004-08-04 11:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2004-08-04 11:00 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2004-08-04 11:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2004-08-04 11:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2004-08-04 11:00 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41 . 2004-08-04 11:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-11 20:51 . 2010-06-11 20:51 3055600 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
2010-06-11 20:36 . 2010-06-11 20:36 275952 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\Mozilla\plugins\npgoogletalk.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-08-27 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-09 7311360]
"nwiz"="nwiz.exe" [2006-05-09 1519616]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-16 249856]
"Bart Station"="c:\program files\PeoplePC\ISP7000\BIN\PPCOLink.exe" [2008-02-25 25944]
"RTHDCPL"="RTHDCPL.EXE" [2009-02-03 18085888]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-05-09 86016]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-28 221184]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"XFILTER"="c:\program files\Filseclab\xfilter\xfilter.exe" [2006-12-23 901120]

c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2005-5-10 27136]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-10-26 04:37 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\AV-CLS\\WGET.EXE"=

R0 XPacket;Filseclab Packet Filter;c:\windows\system32\xpacket.sys [3/3/2010 12:40 AM 126224]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [5/17/2009 12:11 AM 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [3/23/2009 2:07 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [3/23/2009 2:07 PM 67656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/17/2009 12:11 AM 20560]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\14F.tmp --> c:\windows\system32\14F.tmp [?]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [6/17/2009 8:20 AM 12648]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [3/23/2009 2:07 PM 12872]
S3 StumbleUponUpdateService;StumbleUponUpdateService;c:\program files\StumbleUpon\StumbleUponUpdateService.exe [3/23/2009 11:43 PM 120168]
.
Contents of the 'Scheduled Tasks' folder

2010-08-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2204943530-153763967-1977393198-1009Core.job
- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-27 10:40]

2010-08-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2204943530-153763967-1977393198-1009UA.job
- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-27 10:40]

2010-08-24 c:\windows\Tasks\HPCeeSchedule.job
- c:\program files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2005-09-09 02:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://home.peoplepc.com/websearch
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
uInternet Settings,ProxyOverride = local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: StumbleUpon PhotoBlog It! - StumbleUponIEBar.dll/blogimage
IE: ZoomInto - c:\documents and settings\Compaq_Owner\Application Data\Zoominto\zoominto.htm
LSP: c:\program files\Filseclab\xfilter\XFILTER.DLL
TCP: {523E608B-4D4B-41B8-908D-FEA1131E7ED1} = 207.69.188.185,207.69.188.186
FF - ProfilePath - c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\
FF - prefs.js: browser.search.selectedEngine - Scroogle SSL
FF - plugin: c:\documents and settings\Compaq_Owner\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\Compaq_Owner\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll
FF - plugin: c:\program files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.
- - - - ORPHANS REMOVED - - - -

AddRemove-Agere Systems Soft Modem - c:\windows\agrsmdel
AddRemove-LSI Soft Modem - c:\windows\agrsmdel

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-29 22:31
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\14F.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2204943530-153763967-1977393198-1009\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(696)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll

- - - - - - - > 'lsass.exe'(752)
c:\program files\Filseclab\xfilter\XFILTER.DLL
.
Completion time: 2010-08-29 22:33:48
ComboFix-quarantined-files.txt 2010-08-30 02:33

Pre-Run: 175,249,088,512 bytes free
Post-Run: 175,208,292,352 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

- - End Of File - - F445B8A5A44FAA501928C7C52F50B01B

systemmistress, Aug 29, 2010

#22
Broni Malware Annihilator Posts: 39,313 +175
It looks good

Now, we'll try to remove Avast.

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:

netsvcs
drivers32 /all
%SYSTEMDRIVE%\*.*
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
%systemroot%\system32\*.wt
%systemroot%\system32\*.ruy
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\system32\spool\prtprocs\w32x86\*.tmp
%systemroot%\*. /mp /s
/md5start
/md5stop
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
%systemroot%\system32\ws2help.dll /md5
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
Broni, Aug 29, 2010

#23
systemmistress Newcomer, in training Posts: 75

I tried to post log files from OTL and got a message that the file is too long (780000 and max is (20000)

How do you want this split?

systemmistress, Aug 30, 2010

#24
Broni Malware Annihilator Posts: 39,313 +175

Yes, please.

Broni, Aug 30, 2010

#25

systemmistress Newcomer, in training Posts: 75

OTL Extras logfile created on: 8/30/2010 10:43:57 AM - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\Compaq_Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

446.00 Mb Total Physical Memory | 225.00 Mb Available Physical Memory | 50.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): C:\pagefile.sys 1344 1800 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 178.99 Gb Total Space | 163.20 Gb Free Space | 91.18% Space Free | Partition Type: NTFS
Drive D: | 7.29 Gb Total Space | 0.34 Gb Free Space | 4.73% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-D0F670B45A
Current User Name: Compaq_Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- %1
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DoNotAllowExceptions" = 0
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNetisabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNetisabledxpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\AV-CLS\WGET.EXE" = C:\AV-CLS\WGET.EXE:*:Enabled:WGET.EXE -- ()

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{1341D838-719C-4A05-B50F-49420CA1B4BB}" = HP Boot Optimizer
"{15C0AF59-4877-49B6-B8C6-A61CE54515F5}" = cp_OnlineProjectsConfig
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update
"{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 21
"{26B878A8-5704-3B64-BDBC-4F0EACA38121}" = Google Talk Plugin
"{2F58D60D-2BFD-4467-9B4D-64E7355C329D}" = Sonic_PrimoSDK
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}" = SkinsHP1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{352F5013-07DC-446D-8DB6-38F339086C60}" = LightScribe 1.4.84.1
"{36D620AD-EEBA-4973-BA86-0C9AE6396620}" = OptionalContentQFolder
"{3819891A-030B-4a4e-98ED-B28A649E48AB}" = HP Deskjet 3900 series
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{41E776A5-9B12-416D-9A12-B4F7B044EBED}" = CP_Package_Basic1
"{42F6BED9-41DD-40F1-85A8-8E0350493626}" = HPDeskjet3900Series
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 2.1
"{48A4D5B9-0439-4731-9C2C-292AB9CDC54A}" = Filseclab Personal Firewall
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E475FD4-4513-4B1D-8DDA-43912B068C99}" = HTML Slideshow Powertoy for Windows XP
"{51515654-2EDB-4DF9-B120-90DEFE039BD5}" = ZoomInto 13.1.1
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}" = RandMap
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{7523F68F-3DA4-452A-A17F-4AF55A8A25BB}" = ChristmasTheme
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"{82081779-4175-4666-A457-AB711CD37EF0}" = cp_LightScribeConfig
"{829DAAD6-BB11-4BB7-921B-07FFB703F944}" = CP_Package_Variety3
"{82E55892-6FFD-403F-AA97-D726846768AA}" = CP_AtenaShokunin1Config
"{8A534F71-3202-4464-A422-B767295E67B9}" = CP_Package_Variety2
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{8D273DE5-ABFA-4BD0-A9D7-EE9C971438C4}_is1" = PDF-Viewer
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90840409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Excel Viewer 2003
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{93E5A317-24EC-4744-812C-16FECFE86E6A}" = CP_Package_Variety1
"{95120000-003F-0409-0000-0000000FF1CE}" = Microsoft Office Excel Viewer
"{95140000-00AF-0409-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F6208C3-8DED-4D72-812A-BA5B50EAF00A}" = San Fermín
"{A29800BA-0BF1-4E63-9F31-DF05A87F4104}" = InstantShareDevices
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}" = cp_PosterPrintConfig
"{B6286A44-7505-471A-A72B-04EC2DB2F442}" = CueTour
"{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}" = CP_Panorama1Config
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1C6767D-B395-43CB-BF99-051B58B86DA6}" = PhotoGallery
"{C3FAA091-B278-44A7-BF48-190811C5F9F7}" = cp_UpdateProjectsConfig
"{C59CF2CE-B302-4833-AA35-E0E07D8EBC52}_is1" = SRWare Iron 5.0.381
"{C9E4932C-8417-4E4C-A0E3-EE534810AB4D}" = ClearType Tuning Control Panel Applet
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Professional
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1E44702-21F5-4918-B8A3-6D126D5BD33C}" = Windows Messenger 5.1
"{D7DBA21A-CDE5-42EC-BB1C-AE4B3E616B9A}_is1" = HP Support Overview
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{E5B72007-07C9-4E67-B29E-696073F45704}" = DropMyRights
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}" = CP_CalendarTemplates1
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 4.65
"AbiWord2" = AbiWord 2.8.1
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"Disk Space Fan_is1" = Disk Space Fan 2.2.7.821
"HeyDoc!™" = HeyDoc!™ 1.7.1
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"ISPSimpleSwitch" = PeoplePC Simple Switch
"Kukuxumusu ANTfermin Screensaver" = Kukuxumusu ANTfermin Screensaver
"Kukuxumusu Kosmos Screensaver" = Kukuxumusu Kosmos Screensaver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MozBackup" = MozBackup 1.4.10
"Mozilla Firefox (3.5.11)" = Mozilla Firefox (3.5.11)
"Mozilla Thunderbird (2.0.0.24)" = Mozilla Thunderbird (2.0.0.24)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"PC-Doctor 5 for Windows" = PC-Doctor 5 for Windows
"PeoplePC Online" = PeoplePC Online
"Python 2.2.3" = Python 2.2.3
"pywin32-py2.2" = Python 2.2 pywin32 extensions (build 203)
"Q828026" = Windows Media Player Hotfix [See Q828026 for more information]
"QuicktimeAlt_is1" = QuickTime Alternative 2.9.0
"RealAlt_is1" = Real Alternative 1.9.0 Lite
"Recuva" = Recuva
"Revo Uninstaller" = Revo Uninstaller 1.89
"Secunia PSI" = Secunia PSI
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.0
"Speccy" = Speccy
"StumbleUponIEToolbar" = StumbleUpon IE Toolbar
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"ZPaint 1.4" = ZPaint 1.4

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/29/2010 1:15:51 PM | Computer Name = YOUR-D0F670B45A | Source = Google Update | ID = 20
Description =

Error - 8/29/2010 1:46:14 PM | Computer Name = YOUR-D0F670B45A | Source = Google Update | ID = 20
Description =

Error - 8/29/2010 2:46:18 PM | Computer Name = YOUR-D0F670B45A | Source = Google Update | ID = 20
Description =

Error - 8/29/2010 3:46:17 PM | Computer Name = YOUR-D0F670B45A | Source = Google Update | ID = 20
Description =

Error - 8/29/2010 4:46:15 PM | Computer Name = YOUR-D0F670B45A | Source = Google Update | ID = 20
Description =

Error - 8/29/2010 5:46:17 PM | Computer Name = YOUR-D0F670B45A | Source = Google Update | ID = 20
Description =

Error - 8/29/2010 6:46:18 PM | Computer Name = YOUR-D0F670B45A | Source = Google Update | ID = 20
Description =

Error - 8/29/2010 7:46:14 PM | Computer Name = YOUR-D0F670B45A | Source = Google Update | ID = 20
Description =

Error - 8/29/2010 8:46:16 PM | Computer Name = YOUR-D0F670B45A | Source = Google Update | ID = 20
Description =

Error - 8/29/2010 9:46:14 PM | Computer Name = YOUR-D0F670B45A | Source = Google Update | ID = 20
Description =

[ System Events ]
Error - 8/28/2010 12:14:26 AM | Computer Name = YOUR-D0F670B45A | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
ftsata2

Error - 8/28/2010 10:24:45 PM | Computer Name = YOUR-D0F670B45A | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the avast! Antivirus service
to connect.

Error - 8/28/2010 10:24:45 PM | Computer Name = YOUR-D0F670B45A | Source = Service Control Manager | ID = 7000
Description = The avast! Antivirus service failed to start due to the following
error: %%1053

Error - 8/28/2010 10:24:45 PM | Computer Name = YOUR-D0F670B45A | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
ftsata2

Error - 8/28/2010 11:12:42 PM | Computer Name = YOUR-D0F670B45A | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
period.

Error - 8/29/2010 1:02:33 PM | Computer Name = YOUR-D0F670B45A | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the avast! Antivirus service
to connect.

Error - 8/29/2010 1:02:33 PM | Computer Name = YOUR-D0F670B45A | Source = Service Control Manager | ID = 7000
Description = The avast! Antivirus service failed to start due to the following
error: %%1053

Error - 8/29/2010 9:40:28 PM | Computer Name = YOUR-D0F670B45A | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the avast! Antivirus service
to connect.

Error - 8/29/2010 9:40:28 PM | Computer Name = YOUR-D0F670B45A | Source = Service Control Manager | ID = 7000
Description = The avast! Antivirus service failed to start due to the following
error: %%1053

Error - 8/29/2010 9:40:28 PM | Computer Name = YOUR-D0F670B45A | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
ftsata2

< End of report >

systemmistress, Aug 30, 2010

#26

systemmistress Newcomer, in training Posts: 75

part 1 OTL.txt

OTL logfile created on: 8/30/2010 10:43:57 AM - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\Compaq_Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

446.00 Mb Total Physical Memory | 225.00 Mb Available Physical Memory | 50.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): C:\pagefile.sys 1344 1800 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 178.99 Gb Total Space | 163.20 Gb Free Space | 91.18% Space Free | Partition Type: NTFS
Drive D: | 7.29 Gb Total Space | 0.34 Gb Free Space | 4.73% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-D0F670B45A
Current User Name: Compaq_Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/08/30 10:33:53 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe
PRC - [2009/04/06 00:28:13 | 000,176,472 | ---- | M] (PeoplePC) -- C:\Program Files\PeoplePC\ISP7000\Browser\BartShel.exe
PRC - [2009/03/27 22:10:56 | 000,014,336 | ---- | M] (LSI Corporation) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/25 16:36:44 | 000,086,360 | ---- | M] (PeoplePC) -- C:\Program Files\PeoplePC\ISP7000\Browser\PPShared.exe
PRC - [2006/12/23 15:29:08 | 000,901,120 | ---- | M] (Filseclab) -- C:\Program Files\Filseclab\xfilter\xfilter.exe
PRC - [2004/07/28 02:50:18 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

========== Modules (SafeList) ==========

MOD - [2010/08/30 10:33:53 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2009/11/24 19:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/03/27 22:10:56 | 000,014,336 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2009/03/23 23:43:32 | 000,120,168 | ---- | M] (stumbleupon.com) [On_Demand | Stopped] -- C:\Program Files\StumbleUpon\StumbleUponUpdateService.exe -- (StumbleUponUpdateService)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Internet Explorer\SABProcEnum.sys -- (SABProcEnum)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\14F.tmp -- (MEMSWEEP2)
DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\DRIVERS\ftsata2.sys -- (ftsata2)
DRV - [2010/08/05 16:59:47 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/23 05:35:22 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/02/23 05:35:22 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/01/19 07:43:12 | 000,100,304 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/01/19 07:42:40 | 000,028,240 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/11/24 19:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009/11/24 19:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009/09/15 06:55:30 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2009/09/15 06:55:19 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/08/13 15:07:12 | 001,163,328 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/06/17 08:20:34 | 000,012,648 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2009/02/11 12:40:40 | 005,028,352 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2006/12/23 14:01:06 | 000,126,224 | ---- | M] (Filseclab Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\xpacket.sys -- (XPacket)
DRV - [2006/05/09 15:50:00 | 003,535,680 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2006/03/03 17:31:04 | 000,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/03/03 17:31:02 | 000,034,176 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005/06/17 09:33:40 | 000,872,064 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2005/03/09 17:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/08/03 17:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.peoplepc.com/websearch
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local

systemmistress, Aug 30, 2010

#27
systemmistress Newcomer, in training Posts: 75

part 2 OTL.txt

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Scroogle.com"
FF - prefs.js..browser.search.openintab: true
FF - prefs.js..browser.search.selectedEngine: "Scroogle SSL"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {152455DE-7B40-4bcf-B5B4-C68A1BE85A91}:2.6
FF - prefs.js..extensions.enabledItems: anticontainer@downthemall.net:0.7.3
FF - prefs.js..extensions.enabledItems: gmailthis@lazyrussian.com:2.2.8
FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe41}:1.0.9
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:3.3.20
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20091209.4
FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2c}:0.6.4
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.1
FF - prefs.js..extensions.enabledItems: {4aebcd37-f454-4928-9233-174a026ed367}:2.0
FF - prefs.js..extensions.enabledItems: {3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d}:0.8.19
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.63
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..keyword.URL: "http://search.imgag.com/?c=GNAMO38011&sbs=&sc=0&f=web&vernum=1.0&uid=&did={3472e18a-c2a3-495e-837a-4b2b787596fd}&appid=agtb&q="

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/27 12:23:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/26 22:52:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/03/18 12:30:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010/08/17 03:08:33 | 000,000,000 | ---D | M]

systemmistress, Aug 30, 2010

#28
systemmistress Newcomer, in training Posts: 75

part 3 OTL.txt

[2009/03/30 09:27:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Extensions
[2010/08/27 12:25:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions
[2010/02/17 15:29:10 | 000,000,000 | ---D | M] (Toolbar Buttons) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\{03B08592-E5B4-45ff-A0BE-C1D975458688}
[2010/07/27 08:18:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2010/08/19 18:08:07 | 000,000,000 | ---D | M] (Flagfox) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2010/02/17 16:51:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe41}
[2010/04/27 12:23:50 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/02/17 17:59:16 | 000,000,000 | ---D | M] (Organize Status Bar) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2c}
[2010/02/17 20:35:53 | 000,000,000 | ---D | M] (PDF Download) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2010/02/17 20:35:55 | 000,000,000 | ---D | M] (Send Tab URLs) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\{4aebcd37-f454-4928-9233-174a026ed367}
[2010/08/22 06:49:57 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/08/27 12:24:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2010/08/19 18:08:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\{ca0849e8-2c76-42ae-9abe-34e14d337acf}
[2010/08/19 18:08:04 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/08/10 10:45:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2010/06/18 05:54:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2010/04/13 00:48:53 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/08/27 12:24:48 | 000,000,000 | ---D | M] (Plain Text Links) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\{ec268e28-22c6-4a6c-ac22-635cabee283c}
[2010/08/27 12:24:48 | 000,000,000 | ---D | M] (Print) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\{f199da35-0a9a-4ce9-8f59-c68524deba93}
[2010/05/26 17:41:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\bartap@philikon.de
[2010/05/22 10:25:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\bettergmail2@ginatrapani.org
[2010/08/27 12:24:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\cbell-owner@mozdev.org
[2010/05/29 14:26:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\custombuttons@xsms.org
[2010/08/27 12:24:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\elemhidehelper@adblockplus.org
[2010/08/27 12:24:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\Extended@spanglerco.com
[2010/08/27 12:24:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\gmail_sigs@blankcanvasweb.com
[2010/03/27 16:15:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\gmailthis@lazyrussian.com
[2010/02/23 01:21:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\historyTree@norman.solomon
[2010/02/17 12:46:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\nosquint@urandom.ca
[2010/08/27 05:12:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\printit@GMPOWER.com
[2010/03/30 08:01:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\realfox@extensions.moz
[2010/08/27 12:24:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\staged-xpis
[2010/02/17 17:59:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\statusbuttons@clav.mozdev.org
[2010/08/27 12:24:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\viewabout@rumblingedge.com
[2010/03/30 08:01:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\realfox@extensions.moz\chrome
[2010/03/30 08:01:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\realfox@extensions.moz\defaults
[2010/08/26 08:24:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions
[2010/02/14 11:59:12 | 000,000,000 | ---D | M] (Toolbar Buttons) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\{03B08592-E5B4-45ff-A0BE-C1D975458688}
[2010/01/31 15:51:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2010/01/16 06:32:15 | 000,000,000 | ---D | M] (Flagfox) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2009/11/07 12:50:56 | 000,000,000 | ---D | M] (Session Manager) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}(2)
[2009/05/18 15:07:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe41}
[2009/11/27 18:47:18 | 000,000,000 | ---D | M] (Domain Details) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\{152455DE-7B40-4bcf-B5B4-C68A1BE85A91}
[2009/11/07 12:50:55 | 000,000,000 | ---D | M] (TV-Fox) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\{2f17f610-5e97-4fed-828f-9940b7b577a4}(2)
[2009/11/19 08:47:11 | 000,000,000 | ---D | M] (Organize Status Bar) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2c}
[2010/02/10 04:52:13 | 000,000,000 | ---D | M] (Stay-Open Menu) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\{3541c267-2580-4144-854e-2e05c8670121}
[2009/12/14 15:44:39 | 000,000,000 | ---D | M] (PDF Download) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2009/12/12 14:08:00 | 000,000,000 | ---D | M] (ShowIP) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\{3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d}
[2009/04/08 07:32:32 | 000,000,000 | ---D | M] (Send Tab URLs) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\{4aebcd37-f454-4928-9233-174a026ed367}
[2009/11/07 12:50:34 | 000,000,000 | ---D | M] (LiveTV_ Toolbar) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\{59385f95-c52f-4a84-b674-4a4206b17218}(2)
[2010/01/31 15:51:05 | 000,000,000 | ---D | M] (History Submenus) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\{7102aba3-045c-4ec2-b921-46d87636d84b}
[2010/02/14 13:07:33 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009/04/09 16:16:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\{A8208118-F761-47E2-A01F-4FB22AE08B5E}
[2010/02/14 13:07:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2009/08/18 09:56:51 | 000,000,000 | ---D | M] (Reload Tab On Double-Click) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\{aede9b05-c23c-479b-a90e-9146ed62d377}
[2009/10/20 20:18:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\{ca0849e8-2c76-42ae-9abe-34e14d337acf}
[2010/01/07 19:40:02 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/02/14 11:00:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\{D9A7CBEC-DE1A-444f-A092-844461596C4D}
[2009/12/23 10:23:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2009/12/09 17:32:10 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/12/09 17:32:13 | 000,000,000 | ---D | M] (Open link in...) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\{ff81e780-5cc0-11d9-9669-0800200c9a66}
[2010/02/14 11:39:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\99b796593689dde381ea87a085341ec2@button.codefisher.org
[2010/02/14 13:05:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\anticontainer@downthemall.net
[2009/07/09 06:26:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\elemhidehelper@adblockplus.org
[2010/02/13 00:18:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\gmail_sigs@blankcanvasweb.com
[2009/12/03 10:10:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\gmailthis@lazyrussian.com
[2010/02/10 04:52:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\guiconfig@slosd.net
[2009/11/07 12:50:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\knowmoreextension@knowmore.org
[2009/11/07 12:50:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\lazarus@interclue(2).com
[2009/04/09 16:16:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\speedtest@gotomyhelp.com
[2010/02/14 11:00:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\statusbuttons@clav.mozdev.org
[2009/07/14 14:34:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\whatsmyip@adrian
[2010/08/26 08:34:19 | 000,002,343 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\searchplugins\amazon-jp.xml
[2010/08/26 08:34:19 | 000,002,345 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\searchplugins\amazon-us---books.xml
[2010/08/26 08:34:17 | 000,001,529 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\searchplugins\amazoncom---healthpersonal-care.xml
[2010/08/26 08:34:18 | 000,004,121 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\searchplugins\baidu-.xml
[2010/08/26 08:34:18 | 000,002,098 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\searchplugins\bing---shopping.xml
[2009/03/25 09:11:04 | 000,000,876 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\searchplugins\conduit.xml
[2010/08/26 08:34:18 | 000,001,137 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\searchplugins\dictionarycom.xml
[2010/02/09 23:48:51 | 000,005,511 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\searchplugins\food-network---recipes.xml
[2010/08/26 08:34:18 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\searchplugins\geotool.xml
[2010/08/26 08:34:18 | 000,001,941 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\searchplugins\goodsearch.xml
[2010/08/26 08:34:19 | 000,001,901 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\searchplugins\grouprecipes.xml
[2010/08/26 08:34:19 | 000,002,322 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\searchplugins\joyo-amazon.xml
[2009/07/12 12:21:41 | 000,001,961 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\searchplugins\myiptest---blacklist-ip-check.xml
[2009/07/12 12:15:40 | 000,001,938 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\searchplugins\myiptest---ip-lookup.xml
[2009/07/12 12:21:51 | 000,001,945 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\searchplugins\myiptest---reverse-dns-lookup.xml
[2010/08/26 08:34:19 | 000,001,241 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\searchplugins\scroogle-ssl-english.xml
[2010/08/26 08:34:19 | 000,001,223 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\searchplugins\scroogle-ssl.xml
[2010/08/26 08:34:18 | 000,001,189 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\searchplugins\scroogle.xml
[2010/08/26 08:34:19 | 000,001,084 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\searchplugins\thesauruscom.xml
[2010/08/26 08:34:19 | 000,002,328 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\searchplugins\urban-dictionary.xml
[2009/10/29 05:04:57 | 000,001,846 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\searchplugins\web---nibbo.xml
[2010/08/26 08:34:19 | 000,001,326 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\searchplugins\wikipedia-en---go.xml
[2010/08/26 08:34:19 | 000,002,087 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\searchplugins\youtube.xml
[2010/08/27 12:25:35 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/14 18:27:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2008/06/18 02:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[1999/12/31 17:00:00 | 000,166,168 | ---- | M] (Tracker Software Products Ltd.) -- C:\Program Files\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll

systemmistress, Aug 30, 2010

#29
systemmistress Newcomer, in training Posts: 75

Part 4 OTL.txt

O1 HOSTS File: ([2010/08/29 22:31:40 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (StumbleUpon Launcher) - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll (stumbleupon.com)
O2 - BHO: (ZoomInto) - {2F3D6D62-FAB0-401A-90B6-1B20C2D4448D} - C:\Program Files\Zoominto Solutions\ZoomInto 13.1.1\ZoomInto.dll (ZoomInto Solutions)
O2 - BHO: (Accelerator Plugin) - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\Program Files\PeoplePC Accelerated\prpl_IePopupBlocker.dll (Propel Software Corporation)
O3 - HKLM\..\Toolbar: (StumbleUpon Toolbar) - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll (stumbleupon.com)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [Bart Station] C:\Program Files\PeoplePC\ISP7000\BIN\PPCOLink.exe (PeoplePC)
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [XFILTER] C:\Program Files\Filseclab\xfilter\xfilter.exe (Filseclab)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: ZoomInto - C:\Documents and Settings\Compaq_Owner\Application Data\Zoominto\zoominto.htm ()
O9 - Extra Button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Filseclab\xfilter\XFILTER.DLL (Filseclab Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Filseclab\xfilter\XFILTER.DLL (Filseclab Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Filseclab\xfilter\XFILTER.DLL (Filseclab Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Filseclab\xfilter\XFILTER.DLL (Filseclab Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Filseclab\xfilter\XFILTER.DLL (Filseclab Corporation)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1238518495328 (MUWebControl Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadblocker.com/activex/sabspx.cab (SABScanProcesses Class)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/12/05 02:50:26 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 15:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

systemmistress, Aug 30, 2010

#30
systemmistress Newcomer, in training Posts: 75

Part 5 OTL.txt

Drivers32: aux - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.divxa32 - C:\WINDOWS\System32\divxa32.acm (Kristal StudioDFileDescription)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.iyuv - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.LEAD - LCODCCMP.DLL File not found
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yuy2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 90 Days ==========

[2010/08/30 10:33:50 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe
[2010/08/29 22:55:44 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/08/29 22:25:40 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/08/29 22:23:15 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/08/29 22:23:15 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/08/29 22:23:15 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/08/29 22:23:15 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/08/29 22:23:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/08/29 22:21:15 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/08/28 23:01:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Desktop\NTBR_CD
[2010/08/28 00:28:47 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2010/08/27 21:04:01 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\TFC.exe
[2010/08/27 15:14:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\Malwarebytes
[2010/08/27 15:13:57 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/08/27 15:13:55 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/08/27 15:13:55 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/08/27 06:41:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Temp
[2010/08/27 06:40:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google
[2010/08/26 18:07:48 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Compaq_Owner\Recent
[2010/08/26 16:52:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\My Documents\info ff
[2010/08/26 16:39:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\My Documents\bios
[2010/08/26 09:09:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\My Documents\MSDN
[2010/08/22 13:35:58 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2010/08/21 04:01:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Help
[2010/08/21 04:01:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\Help
[2010/08/20 14:53:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Desktop\backups
[2010/08/20 14:39:04 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/08/20 14:35:48 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Compaq_Owner\Desktop\HijackThis.exe
[2010/08/20 08:53:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\My Documents\MY PAPER ON HEALTH
[2010/08/16 13:37:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\VSRevoGroup
[2010/08/16 00:20:45 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2010/08/15 22:16:58 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy
[2010/08/14 18:28:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/08/14 17:00:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Chromium
[2010/08/14 17:00:40 | 000,000,000 | ---D | C] -- C:\Program Files\SRWare Iron
[2010/08/14 05:55:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\My Documents\MERCOLA
[2010/08/13 13:28:18 | 000,000,000 | ---D | C] -- C:\AV-CLS
[2010/08/12 20:25:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\BDOSCAN8
[2010/08/11 13:48:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\My Documents\NormL
[2010/08/10 03:21:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\DiskSpaceFan
[2010/08/10 03:20:49 | 000,000,000 | ---D | C] -- C:\Program Files\DiskSpaceFan
[2010/08/10 03:05:07 | 000,000,000 | ---D | C] -- C:\Program Files\ZPaint 1.4
[2010/07/29 10:13:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Citrix
[2010/07/03 11:20:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\My Documents\CHS 50
[2010/06/20 15:27:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Tracker Software
[2010/06/20 15:23:56 | 000,000,000 | ---D | C] -- C:\Program Files\Tracker Software
[2010/06/19 07:48:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\My Documents\CHS PHOTOS

systemmistress, Aug 30, 2010

#31
systemmistress Newcomer, in training Posts: 75

Part 6 OTL.txt

========== Files - Modified Within 90 Days ==========

[2010/08/30 10:33:53 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe
[2010/08/30 09:46:00 | 000,001,006 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2204943530-153763967-1977393198-1009UA.job
[2010/08/30 06:46:00 | 000,000,954 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2204943530-153763967-1977393198-1009Core.job
[2010/08/29 22:33:49 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/29 22:31:53 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/08/29 22:31:40 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/08/29 22:25:45 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/08/29 22:21:56 | 000,050,880 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/08/29 22:04:00 | 003,830,790 | R--- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\ComboFix.exe
[2010/08/29 21:43:06 | 007,077,888 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\ntuser.dat
[2010/08/29 21:40:50 | 000,000,249 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2010/08/29 21:40:10 | 000,043,531 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/08/29 21:39:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/29 21:32:33 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Compaq_Owner\ntuser.ini
[2010/08/29 11:43:45 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\MBRCheck.exe
[2010/08/28 22:56:47 | 002,565,432 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\NTBR_CD.exe
[2010/08/28 22:16:44 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\MBRCheck_MBR_Backup_08-28-10_22-16-44.bak
[2010/08/28 01:00:18 | 000,000,533 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\SUPERAntiSpyware Scan Log - 08-27-2010 - 23-43-27.zip
[2010/08/28 00:52:15 | 000,000,533 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Found an old virus that Avira had removed..SAS found the old log file
[2010/08/28 00:51:14 | 000,000,511 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\mbam-log-2010-08-27 (21-27-31).zip
[2010/08/28 00:50:44 | 000,005,577 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\DDS.zip
[2010/08/28 00:50:26 | 000,004,483 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Attach.zip
[2010/08/28 00:49:53 | 000,004,172 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Attach.7z
[2010/08/28 00:48:33 | 000,001,179 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\gmernew.zip
[2010/08/28 00:35:02 | 000,000,504 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Shortcut to 7-Zip.lnk
[2010/08/28 00:28:28 | 000,939,956 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\7z465.exe
[2010/08/27 21:38:56 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\dds.scr
[2010/08/27 21:04:03 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\TFC.exe
[2010/08/27 16:29:31 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\9ed60cflGMER.exe
[2010/08/27 15:14:00 | 000,000,704 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/26 22:52:16 | 000,001,628 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/08/26 22:52:16 | 000,001,610 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/08/26 09:09:46 | 000,000,811 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Shortcut to DropMyRights.exe.lnk
[2010/08/26 08:17:19 | 017,868,108 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Firefox 3.6.8 (en-US) - 2010-08-26.pcv
[2010/08/26 08:15:42 | 016,461,798 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Thunderbird 2.0.0.24 (en-US) - 2010-08-26.pcv
[2010/08/25 16:11:52 | 000,000,937 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Revo Uninstaller.lnk
[2010/08/24 23:17:54 | 000,209,696 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/24 22:00:05 | 000,002,624 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\leukemia.rtf
[2010/08/24 00:07:14 | 000,000,320 | ---- | M] () -- C:\WINDOWS\tasks\HPCeeSchedule.job
[2010/08/22 13:09:00 | 000,001,520 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Recuva.lnk
[2010/08/21 12:10:31 | 000,000,646 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Shortcut to ntbackup.exe.lnk
[2010/08/21 06:07:39 | 2740,777,984 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Backup8-20.bkf
[2010/08/20 17:07:26 | 000,008,553 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\HiJackThis2.msi
[2010/08/20 14:35:50 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Compaq_Owner\Desktop\HijackThis.exe
[2010/08/20 14:35:29 | 001,402,880 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\HiJackThis.msi
[2010/08/20 14:16:02 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\housecall.guid.cache
[2010/08/17 07:10:36 | 000,000,694 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Shortcut to aswclear5.exe.lnk
[2010/08/17 03:08:29 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\PDF-Viewer.lnk
[2010/08/17 02:23:41 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/08/16 11:39:10 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.new
[2010/08/16 00:35:07 | 000,000,759 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Shortcut to sar_15_sfx.exe.lnk
[2010/08/15 23:40:46 | 000,000,720 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Filseclab Personal Firewall.lnk
[2010/08/15 22:17:02 | 000,000,662 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Speccy.lnk
[2010/08/15 22:13:40 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\CCleaner.lnk
[2010/08/14 17:37:24 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2010/08/14 17:01:03 | 000,000,647 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\SRWare Iron.lnk
[2010/08/14 17:01:02 | 000,000,669 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SRWare Iron.lnk
[2010/08/12 19:30:12 | 000,503,854 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/12 19:30:12 | 000,442,796 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/12 19:30:12 | 000,071,936 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/12 18:17:33 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\config.bak
[2010/08/11 21:59:47 | 000,002,568 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\victorFrankl.abw
[2010/08/11 09:28:33 | 000,000,281 | ---- | M] () -- C:\Boot.bak
[2010/08/10 15:11:32 | 000,000,905 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Shortcut to filavut.exe.lnk
[2010/08/10 03:20:49 | 000,000,627 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Disk Space Fan.lnk
[2010/08/08 21:49:52 | 000,040,989 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\cancer cure-budwig.rtf
[2010/08/07 21:48:55 | 000,006,026 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Statins Damage.rtf
[2010/08/07 18:10:22 | 000,030,753 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\glass housecholesterolMeds.rtf
[2010/08/07 17:54:05 | 000,017,606 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\lowerCholesterol.rtf
[2010/08/07 17:52:05 | 000,008,942 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\RainbowBridge.rtf
[2010/08/07 17:12:17 | 000,024,395 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\adr fatiguet.rtf
[2010/08/07 17:02:05 | 000,023,880 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\ADRENAL FATIGUE.rtf
[2010/08/07 16:59:08 | 000,023,865 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\.gsf-save-PI5YGV
[2010/08/07 15:03:04 | 000,030,512 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\pravastatin.abw
[2010/08/07 13:29:28 | 000,022,864 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\pravastatin.rtf
[2010/08/05 07:36:11 | 000,000,958 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\hypotension.rtf
[2010/07/29 15:01:07 | 000,000,307 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\jeffersonQuote.rtf
[2010/07/13 15:24:14 | 000,010,733 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\stone symbology.rtf
[2010/07/13 15:23:00 | 000,018,713 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\colorSymbology.rtf
[2010/07/13 15:18:46 | 000,023,054 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\IncaSymbols.rtf
[2010/07/13 15:09:42 | 000,034,237 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\animalTotems.rtf
[2010/07/12 06:41:49 | 000,037,932 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\symbols&totems.rtf
[2010/07/09 09:47:08 | 000,277,041 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Carolyn364.pdf
[2010/07/04 14:50:18 | 000,276,687 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\zales_ringsizer.pdf
[2010/07/03 11:13:30 | 000,034,825 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\susans photo_n.jpg
[2010/06/28 12:42:43 | 000,017,591 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\rings.jpeg
[2010/06/23 12:26:42 | 000,002,356 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\jaxson quite.rtf
[2010/06/21 22:55:58 | 000,058,115 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Tibetan Dzi Bead.rtf
[2010/06/21 07:04:30 | 000,105,804 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Dzi Bead Meanings.rtf
[2010/06/19 07:45:42 | 000,054,717 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\chs 1.jpg
[2010/06/17 15:17:02 | 000,002,604 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\dharma..rtf
[2010/06/17 00:19:23 | 000,003,234 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\georgie4.jpg
[2010/06/17 00:02:09 | 000,069,894 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\wow3.jpg
[2010/06/16 23:26:33 | 000,069,894 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\wow.jpg
[2010/06/16 23:09:40 | 000,103,136 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\the-gray-parrot-84.jpg
[2010/06/16 22:44:50 | 000,120,847 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\georgie2.jpg
[2010/06/05 10:46:23 | 000,006,493 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Georoutine.rtf

systemmistress, Aug 30, 2010

#32
systemmistress Newcomer, in training Posts: 75

Part 7 OTL.txt

========== Files Created - No Company Name ==========

[2010/08/29 22:23:15 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/08/29 22:23:15 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/08/29 22:23:15 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/08/29 22:23:15 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/08/29 22:23:15 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/08/29 22:04:00 | 003,830,790 | R--- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\ComboFix.exe
[2010/08/28 22:56:47 | 002,565,432 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\NTBR_CD.exe
[2010/08/28 22:16:44 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\MBRCheck_MBR_Backup_08-28-10_22-16-44.bak
[2010/08/28 01:00:18 | 000,000,533 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\SUPERAntiSpyware Scan Log - 08-27-2010 - 23-43-27.zip
[2010/08/28 00:52:15 | 000,000,533 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Found an old virus that Avira had removed..SAS found the old log file
[2010/08/28 00:51:14 | 000,000,511 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\mbam-log-2010-08-27 (21-27-31).zip
[2010/08/28 00:50:44 | 000,005,577 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\DDS.zip
[2010/08/28 00:50:26 | 000,004,483 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Attach.zip
[2010/08/28 00:49:53 | 000,004,172 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Attach.7z
[2010/08/28 00:48:33 | 000,001,179 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\gmernew.zip
[2010/08/28 00:35:02 | 000,000,504 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Shortcut to 7-Zip.lnk
[2010/08/28 00:28:21 | 000,939,956 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\7z465.exe
[2010/08/27 21:38:54 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\dds.scr
[2010/08/27 16:37:55 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\MBRCheck.exe
[2010/08/27 16:29:27 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\9ed60cflGMER.exe
[2010/08/27 15:14:00 | 000,000,704 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/27 06:41:47 | 000,001,006 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2204943530-153763967-1977393198-1009UA.job
[2010/08/27 06:41:45 | 000,000,954 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2204943530-153763967-1977393198-1009Core.job
[2010/08/26 22:52:16 | 000,001,628 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/08/26 22:52:16 | 000,001,610 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/08/26 09:09:46 | 000,000,811 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Shortcut to DropMyRights.exe.lnk
[2010/08/26 08:17:01 | 017,868,108 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Firefox 3.6.8 (en-US) - 2010-08-26.pcv
[2010/08/26 08:15:27 | 016,461,798 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Thunderbird 2.0.0.24 (en-US) - 2010-08-26.pcv
[2010/08/25 16:11:52 | 000,000,937 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Revo Uninstaller.lnk
[2010/08/24 22:00:05 | 000,002,624 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\leukemia.rtf
[2010/08/22 13:08:59 | 000,001,520 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Recuva.lnk
[2010/08/21 12:10:31 | 000,000,646 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Shortcut to ntbackup.exe.lnk
[2010/08/21 06:02:17 | 2740,777,984 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Backup8-20.bkf
[2010/08/20 17:07:26 | 000,008,553 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\HiJackThis2.msi
[2010/08/20 14:35:20 | 001,402,880 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\HiJackThis.msi
[2010/08/20 14:16:02 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\housecall.guid.cache
[2010/08/17 07:10:36 | 000,000,694 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Shortcut to aswclear5.exe.lnk
[2010/08/16 00:35:07 | 000,000,759 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Shortcut to sar_15_sfx.exe.lnk
[2010/08/15 23:43:09 | 000,002,626 | ---- | C] () -- C:\WINDOWS\System32\config.bak
[2010/08/15 23:43:09 | 000,002,577 | ---- | C] () -- C:\WINDOWS\config.nt
[2010/08/15 23:43:09 | 000,001,688 | ---- | C] () -- C:\WINDOWS\autoexec.nt
[2010/08/15 23:43:09 | 000,001,688 | ---- | C] () -- C:\WINDOWS\System32\autoexec.bak
[2010/08/15 22:17:02 | 000,000,662 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Speccy.lnk
[2010/08/14 17:01:03 | 000,000,647 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\SRWare Iron.lnk
[2010/08/14 17:01:02 | 000,000,669 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SRWare Iron.lnk
[2010/08/11 21:59:46 | 000,002,568 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\victorFrankl.abw
[2010/08/10 15:11:32 | 000,000,905 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Shortcut to filavut.exe.lnk
[2010/08/10 03:20:49 | 000,000,627 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Disk Space Fan.lnk
[2010/08/08 21:49:45 | 000,040,989 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\cancer cure-budwig.rtf
[2010/08/07 20:36:48 | 000,006,026 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Statins Damage.rtf
[2010/08/07 18:10:22 | 000,030,753 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\glass housecholesterolMeds.rtf
[2010/08/07 17:54:05 | 000,017,606 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\lowerCholesterol.rtf
[2010/08/07 17:52:04 | 000,008,942 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\RainbowBridge.rtf
[2010/08/07 17:09:05 | 000,024,395 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\adr fatiguet.rtf
[2010/08/07 17:02:05 | 000,023,880 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\ADRENAL FATIGUE.rtf
[2010/08/07 16:59:08 | 000,023,865 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\.gsf-save-PI5YGV
[2010/08/07 15:03:04 | 000,030,512 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\pravastatin.abw
[2010/08/07 13:29:28 | 000,022,864 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\pravastatin.rtf
[2010/08/05 07:36:11 | 000,000,958 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\hypotension.rtf
[2010/07/29 15:01:06 | 000,000,307 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\jeffersonQuote.rtf
[2010/07/13 15:24:14 | 000,010,733 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\stone symbology.rtf
[2010/07/13 15:23:00 | 000,018,713 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\colorSymbology.rtf
[2010/07/13 15:18:46 | 000,023,054 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\IncaSymbols.rtf
[2010/07/13 15:09:41 | 000,034,237 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\animalTotems.rtf
[2010/07/12 06:41:49 | 000,037,932 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\symbols&totems.rtf
[2010/07/09 09:47:08 | 000,277,041 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Carolyn364.pdf
[2010/07/04 14:50:18 | 000,276,687 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\zales_ringsizer.pdf
[2010/07/03 11:13:24 | 000,034,825 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\susans photo_n.jpg
[2010/06/28 17:45:34 | 000,243,840 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/06/28 12:42:32 | 000,017,591 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\rings.jpeg
[2010/06/23 12:26:41 | 000,002,356 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\jaxson quite.rtf
[2010/06/21 22:55:56 | 000,058,115 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Tibetan Dzi Bead.rtf
[2010/06/21 07:04:30 | 000,105,804 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Dzi Bead Meanings.rtf
[2010/06/20 15:24:09 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\PDF-Viewer.lnk
[2010/06/19 07:45:37 | 000,054,717 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\chs 1.jpg
[2010/06/17 15:17:02 | 000,002,604 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\dharma..rtf
[2010/06/17 00:19:18 | 000,003,234 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\georgie4.jpg
[2010/06/17 00:02:08 | 000,069,894 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\wow3.jpg
[2010/06/16 23:26:32 | 000,069,894 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\wow.jpg
[2010/06/16 23:09:39 | 000,103,136 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\the-gray-parrot-84.jpg
[2010/06/16 22:44:47 | 000,120,847 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\georgie2.jpg
[2010/06/05 10:46:23 | 000,006,493 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Georoutine.rtf
[2009/04/30 05:56:12 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/12 21:37:27 | 000,372,736 | ---- | C] () -- C:\WINDOWS\System32\hpzidi01.dll
[2009/04/12 21:37:26 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2009/04/06 03:18:46 | 000,084,480 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/04/05 20:37:12 | 000,000,395 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\settings.ini
[2009/03/30 07:16:40 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\fusioncache.dat
[2009/01/05 15:44:10 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2008/12/07 14:08:06 | 000,795,648 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/12/07 14:08:04 | 000,130,048 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/09/12 16:21:02 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2007/09/04 12:56:10 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2007/02/28 15:02:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2007/02/05 21:05:26 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2005/05/10 21:29:00 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/05/10 21:06:59 | 000,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2005/05/10 21:01:53 | 000,012,993 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2005/05/10 21:01:48 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2005/05/10 20:59:47 | 000,000,031 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2005/05/10 20:58:39 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/05/10 20:48:04 | 000,000,151 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2005/05/10 20:46:40 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2005/05/10 20:42:24 | 000,002,248 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2005/05/10 20:41:21 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/05/10 20:38:35 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2005/05/10 20:38:35 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2005/05/10 20:38:35 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2005/05/10 20:38:34 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2005/05/10 20:38:34 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2005/05/10 20:38:34 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2005/05/10 20:38:33 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2005/05/10 20:25:05 | 000,000,045 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/05/10 20:22:16 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2005/05/10 20:22:16 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2005/05/10 20:21:57 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2004/06/15 17:38:00 | 000,000,592 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

systemmistress, Aug 30, 2010

#33
systemmistress Newcomer, in training Posts: 75

Part 8 OTL.txt

========== LOP Check ==========

[2010/01/13 13:36:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AGI
[2010/06/20 15:27:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tracker Software
[2010/08/26 17:22:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VistaCodecs
[2010/08/10 03:48:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\DiskSpaceFan
[2010/01/28 05:47:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\enchant
[2009/07/15 08:55:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Netscape
[2010/08/26 17:40:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\PeoplePal
[2010/08/29 21:42:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\StumbleUpon
[2009/04/07 10:47:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Thunderbird
[2010/08/16 13:37:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\VSRevoGroup
[2009/03/30 19:25:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\WinBatch
[2010/01/28 14:14:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Zoominto

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2005/12/05 02:50:26 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/08/11 09:28:33 | 000,000,281 | ---- | M] () -- C:\Boot.bak
[2010/08/29 22:25:45 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2004/08/04 00:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2010/08/29 22:33:49 | 000,017,078 | ---- | M] () -- C:\ComboFix.txt
[2005/12/05 02:50:26 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007/11/07 09:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007/11/07 09:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2007/11/07 09:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2009/04/06 00:43:41 | 000,071,307 | ---- | M] () -- C:\hpWebHelper.log
[2007/11/07 09:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2009/08/23 13:51:44 | 000,000,000 | ---- | M] () -- C:\install.rdf
[2007/11/07 09:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 09:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 09:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 09:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 09:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/07 09:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/07 09:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007/11/07 09:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/07 09:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2005/12/05 02:50:26 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2005/12/05 02:50:26 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 00:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/03/31 14:56:42 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/08/29 21:39:53 | 1409,286,144 | -HS- | M] () -- C:\pagefile.sys
[2009/03/30 19:30:19 | 000,000,510 | ---- | M] () -- C:\updatedatfix.log
[2007/11/07 09:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2010/08/14 17:37:24 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007/11/07 09:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2005/04/08 19:43:36 | 000,067,072 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp3xu.dll
[2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >
[2006/02/19 13:28:56 | 000,012,288 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\Fonts\RandFont.dll

< %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2005/12/04 18:42:42 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2005/12/04 18:42:42 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav

< %systemroot%\system32\user32.dll /md5 >
[2008/04/13 20:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2008/04/13 20:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll

< %systemroot%\system32\ws2help.dll /md5 >
[2008/04/13 20:12:10 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=9789E95E1D88EEB4B922BF3EA7779C28 -- C:\WINDOWS\system32\ws2help.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\ntbackup.exe:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System\setup.inf:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\VC_RED.cab:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Compaq_Owner\Desktop\setup.exe:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Compaq_Owner\Desktop\MBRCheck.exe:SummaryInformation
< End of report >

systemmistress, Aug 30, 2010

#34

Broni Malware Annihilator Posts: 39,313 +175

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

Code:

:OTL
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2009/11/24 19:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
DRV - [2010/01/19 07:43:12 | 000,100,304 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/01/19 07:42:40 | 000,028,240 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/11/24 19:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009/11/24 19:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009/09/15 06:55:30 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2009/09/15 06:55:19 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\ntbackup.exe:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System\setup.inf:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\VC_RED.cab:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Compaq_Owner\Desktop\setup.exe:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Compaq_Owner\Desktop\MBRCheck.exe:SummaryInformation

:Services

:Reg

:Files
C:\Program Files\Alwil Software

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
You will get a log that shows the results of the fix. Please post it.

Broni, Aug 30, 2010

#35

systemmistress Newcomer, in training Posts: 75

IE was so slow to start this time..I wondered if it was going to start at all.

All processes killed
========== OTL ==========
Service avast! Web Scanner stopped successfully!
Service avast! Web Scanner deleted successfully!
File C:\Program Files\Alwil Software\Avast4\ashWebSv.exe not found.
Service avast! Mail Scanner stopped successfully!
Service avast! Mail Scanner deleted successfully!
File C:\Program Files\Alwil Software\Avast5\AvastSvc.exe not found.
Service avast! Antivirus stopped successfully!
Service avast! Antivirus deleted successfully!
File move failed. C:\Program Files\Alwil Software\Avast4\ashServ.exe scheduled to be moved on reboot.
Error: Unable to stop service aswMon2!
Unable to delete service\driver key aswMon2.
File move failed. C:\WINDOWS\system32\drivers\aswmon2.sys scheduled to be moved on reboot.
Error: Unable to stop service Aavmker4!
Unable to delete service\driver key Aavmker4.
File move failed. C:\WINDOWS\system32\drivers\aavmker4.sys scheduled to be moved on reboot.
Error: Unable to stop service aswTdi!
Unable to delete service\driver key aswTdi.
File move failed. C:\WINDOWS\system32\drivers\aswTdi.sys scheduled to be moved on reboot.
Service aswRdr stopped successfully!
Service aswRdr deleted successfully!
File move failed. C:\WINDOWS\system32\drivers\aswRdr.sys scheduled to be moved on reboot.
Error: Unable to stop service aswSP!
Unable to delete service\driver key aswSP.
File move failed. C:\WINDOWS\system32\drivers\aswSP.sys scheduled to be moved on reboot.
Error: Unable to stop service aswFsBlk!
Unable to delete service\driver key aswFsBlk.
File move failed. C:\WINDOWS\system32\drivers\aswFsBlk.sys scheduled to be moved on reboot.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
ADS C:\WINDOWS\System32\ntbackup.exe:SummaryInformation deleted successfully.
ADS C:\WINDOWS\System\setup.inf:SummaryInformation deleted successfully.
ADS C:\VC_RED.cab:SummaryInformation deleted successfully.
ADS C:\Documents and Settings\Compaq_Owner\Desktop\setup.exe:SummaryInformation deleted successfully.
ADS C:\Documents and Settings\Compaq_Owner\Desktop\MBRCheck.exe:SummaryInformation deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
Folder move failed. C:\Program Files\Alwil Software\Avast4\Setup\Sfx scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\Setup scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\ENGLISH scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\skin scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\report scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\moved scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\log scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\journal scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\integ scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\chest scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\backup scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4 scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software scheduled to be moved on reboot.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Compaq_Owner
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1534540 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 42447265 bytes
->Flash cache emptied: 1751 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 65536 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 306912 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 42.00 mb

[EMPTYFLASH]

User: All Users

User: Compaq_Owner
->Flash cache emptied: 0 bytes

User: Default User

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.11.0 log created on 08302010_125929

Files\Folders moved on Reboot...
File move failed. C:\Program Files\Alwil Software\Avast4\ashServ.exe scheduled to be moved on reboot.
File move failed. C:\WINDOWS\system32\drivers\aswmon2.sys scheduled to be moved on reboot.
File move failed. C:\WINDOWS\system32\drivers\aavmker4.sys scheduled to be moved on reboot.
File move failed. C:\WINDOWS\system32\drivers\aswTdi.sys scheduled to be moved on reboot.
File move failed. C:\WINDOWS\system32\drivers\aswRdr.sys scheduled to be moved on reboot.
File move failed. C:\WINDOWS\system32\drivers\aswSP.sys scheduled to be moved on reboot.
File move failed. C:\WINDOWS\system32\drivers\aswFsBlk.sys scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\Setup\Sfx scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\Setup\Sfx scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\Setup scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\ENGLISH scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\skin scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\report scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\moved scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\log scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\journal scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\integ scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\chest scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\backup scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\skin scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\report scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\moved scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\log scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\journal scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\integ scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\chest scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\backup scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\Setup\Sfx scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\Setup scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\ENGLISH scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\skin scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\report scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\moved scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\log scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\journal scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\integ scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\chest scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\backup scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4 scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\Setup\Sfx scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\Setup scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\ENGLISH scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\skin scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\report scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\moved scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\log scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\journal scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\integ scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\chest scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\backup scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4 scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software scheduled to be moved on reboot.

Registry entries deleted on Reboot...

systemmistress, Aug 30, 2010

#36
Broni Malware Annihilator Posts: 39,313 +175
Let's see, if we have any other Avast leftovers.
This scan may take a while. Be patient.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

Double-click SystemLook.exe to run it.

Vista users:: Right click on SystemLook.exe, click Run As Administrator

Copy the content of the following box into the main textfield:

Code:

:filefind *Alwil* *avast* :folderfind *Alwil* *avast* :regfind *Alwil* *avast*

Click the Look button to start the scan.

When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt
Broni, Aug 30, 2010

#37
systemmistress Newcomer, in training Posts: 75

results of SystemLook Scan

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 14:31 on 30/08/2010 by Compaq_Owner (Administrator - Elevation successful)

========== filefind ==========

Searching for "*Alwil*"
No files found.

Searching for "*avast*"
C:\Documents and Settings\Compaq_Owner\Application Data\Thunderbird\Profiles\qeyfuzdp.default\Mail\mail.peoplepc-5.com\Save.sbd\Avast! --a--- 15275 bytes [23:42 14/03/2010] [18:27 21/08/2010] ED4D1A398013E5F2DD298880EBC790F6
C:\Documents and Settings\Compaq_Owner\Application Data\Thunderbird\Profiles\qeyfuzdp.default\Mail\mail.peoplepc-5.com\Save.sbd\Avast!.msf --a--- 5737 bytes [23:42 14/03/2010] [00:31 30/08/2010] 5421BC4328980AA8C3745A7EE6180A83
C:\Documents and Settings\Compaq_Owner\Favorites\instructions virus removal\[Active] Results of testing locked Self-Protect mode of Avast Antivirus Pro - TechSpot OpenBoards.url --a--- 255 bytes [02:04 28/08/2010] [06:03 30/08/2010] AB3A5FCBC24171283A4173656CAFC229
C:\Documents and Settings\Compaq_Owner\Favorites\TECH Spot\[Active] Results of testing locked Self-Protect mode of Avast Antivirus Pro - TechSpot OpenBoards.url --a--- 255 bytes [01:06 28/08/2010] [17:09 30/08/2010] AB3A5FCBC24171283A4173656CAFC229
C:\Documents and Settings\Compaq_Owner\My Documents\pravastatin.abw ------ 30512 bytes [19:03 07/08/2010] [19:03 07/08/2010] 0507B5035A6DA38237954AE73ABA3130
C:\Documents and Settings\Compaq_Owner\My Documents\pravastatin.rtf ------ 22864 bytes [17:29 07/08/2010] [17:29 07/08/2010] 673D460C8729649BC136195CF63371DF
C:\Documents and Settings\Compaq_Owner\Recent\avastGMER.log.lnk --a--- 517 bytes [20:34 27/08/2010] [00:29 29/08/2010] E90AC50B2EA72ABFB76810191B1C48CA
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db --a--- 52224 bytes [04:44 17/05/2009] [04:40 16/01/2010] C43E7FE2D73165CC530759962C3BFBCC
C:\Program Files\Alwil Software\Avast4\Setup\Sfx\avast.setup --a--- 1735728 bytes [18:57 23/01/2010] [18:57 23/01/2010] C3F79DBDD0611D72E5A5C8229F8DC321
C:\WINDOWS\system32\avastSS.scr ------ 38848 bytes [04:11 17/05/2009] [11:57 19/01/2010] D06EB8ED28D8808F65E2EF4806FF6A6F

========== folderfind ==========

Searching for "*Alwil*"
C:\Program Files\Alwil Software d----- [12:23 30/03/2009]
C:\_OTL\MovedFiles\08302010_125929\C_Program Files\Alwil Software d----- [16:59 30/08/2010]

Searching for "*avast*"
C:\Program Files\Alwil Software\Avast4 d----- [12:23 30/03/2009]
C:\_OTL\MovedFiles\08302010_125929\C_Program Files\Alwil Software\Avast4 d----- [16:59 30/08/2010]

========== regfind ==========

Searching for "*Alwil*"
No data found.

Searching for "*avast*"
No data found.

-=End Of File=-

systemmistress, Aug 30, 2010

#38

Broni Malware Annihilator Posts: 39,313 +175

After running the below and restarting computer, you should be good to install Avira.

Run OTL
Under the Custom Scans/Fixes box at the bottom, paste in the following
Code:
:OTL

:Services

:Reg

:Files
C:\Documents and Settings\Compaq_Owner\Application Data\Thunderbird\Profiles\qeyfuzdp.default\Mail\mail.peoplepc-5.com\Save.sbd\Avast!
C:\Documents and Settings\Compaq_Owner\Application Data\Thunderbird\Profiles\qeyfuzdp.default\Mail\mail.peoplepc-5.com\Save.sbd\Avast!.msf 
C:\Program Files\Alwil Software
C:\WINDOWS\system32\avastSS.scr

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
Then click the Run Fix button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.

Broni, Aug 30, 2010

#39

systemmistress Newcomer, in training Posts: 75

log file OTL

All processes killed
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\Documents and Settings\Compaq_Owner\Application Data\Thunderbird\Profiles\qeyfuzdp.default\Mail\mail.peoplepc-5.com\Save.sbd\Avast! moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Thunderbird\Profiles\qeyfuzdp.default\Mail\mail.peoplepc-5.com\Save.sbd\Avast!.msf moved successfully.
Folder move failed. C:\Program Files\Alwil Software\Avast4\Setup\Sfx scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\Setup scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\ENGLISH scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\skin scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\report scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\moved scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\log scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\journal scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\integ scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\chest scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\backup scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4 scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software scheduled to be moved on reboot.
File move failed. C:\WINDOWS\system32\avastSS.scr scheduled to be moved on reboot.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Compaq_Owner
->Temp folder emptied: 642122 bytes
->Temporary Internet Files folder emptied: 132880 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 456 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 16786 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1.00 mb

[EMPTYFLASH]

User: All Users

User: Compaq_Owner
->Flash cache emptied: 0 bytes

User: Default User

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.11.0 log created on 08302010_150615

Files\Folders moved on Reboot...
Folder move failed. C:\Program Files\Alwil Software\Avast4\Setup\Sfx scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\Setup\Sfx scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\Setup scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\ENGLISH scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\skin scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\report scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\moved scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\log scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\journal scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\integ scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\chest scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\backup scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\skin scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\report scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\moved scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\log scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\journal scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\integ scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\chest scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\backup scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\Setup\Sfx scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\Setup scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\ENGLISH scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\skin scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\report scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\moved scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\log scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\journal scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\integ scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\chest scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\backup scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4 scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\Setup\Sfx scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\Setup scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\ENGLISH scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\skin scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\report scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\moved scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\log scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\journal scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\integ scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\chest scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\backup scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4 scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software scheduled to be moved on reboot.
File move failed. C:\WINDOWS\system32\avastSS.scr scheduled to be moved on reboot.

Registry entries deleted on Reboot...

systemmistress, Aug 30, 2010

#40

Page 2 of 6

Topic Status:: Not open for further replies.

Add New Comment

	Social Login & Guest Posting			TechSpot Members Login here or sign up for free, it takes about a minute.
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.