also @ TechSpot: Gamers spend more money on iOS than dedicated handhelds

TechSpot

TechSpot News Products Downloads Forums

About
Sign in

Welcome to TechSpot

Why should I register?

Sign up for a new account or log in here:

Forgot your password?

Couldn't sign you in, please try again.

Results of testing: locked self-protect mode of Avast Antivirus Pro

Discussion in 'Virus and Malware Removal' started by systemmistress, Aug 27, 2010.

Page 3 of 6

Broni Malware Annihilator Posts: 39,288 +175

Let me know, how it goes with Avira.

Broni, Aug 30, 2010

#41
systemmistress Newcomer, in training Posts: 75

there are 6 *.sys Avast drivers in the WINDOWS\system32/drivers folder
are they OK to be left there? Or should I delete before installing other program? , since I am going to use Avira...

Thanx..I will let you know what happens when I download and re-install Avira..now..

systemmistress, Aug 30, 2010

#42
Broni Malware Annihilator Posts: 39,288 +175

there are 6 *.sys Avast drivers in the WINDOWS\system32/drivers folder

Where do you see them?

Broni, Aug 30, 2010

#43
systemmistress Newcomer, in training Posts: 75

I went into Windows Explorer and looked at the folders under
C:\Windows\system32\drivers

they are:
aavmker4.sys avast! Base Kernel-Mode Device for Windows NT/2000/XP
aswFsBlk.sys avast! File System Access Blocking Driver
aswmon2.sys avast!File System Filter Driver for Windows XP
aswmon.sys avast! File System Filter Driver For Windows NT/2000
aswRdr.sys avast! TDI RDR Driver
aswSP.sys avast! Self-Protection Mode Driver
aswTdi.sys avast! TDI Filter Driver

These are the ones I could never delete because of the self-protection blocking.

systemmistress, Aug 30, 2010

#44
Broni Malware Annihilator Posts: 39,288 +175
They shouldn't be active anymore, but...
Let's get rid of them...

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

Code:

:OTL :Services :Reg :Files C:\Windows\system32\drivers\aavmker4.sys C:\Windows\system32\drivers\aswFsBlk.sys C:\Windows\system32\drivers\aswmon2.sys C:\Windows\system32\drivers\aswmon.sys C:\Windows\system32\drivers\aswRdr.sys C:\Windows\system32\drivers\aswSP.sys C:\Windows\system32\drivers\aswTdi.sys :Commands [purity] [emptytemp] [emptyflash] [Reboot]

Then click the Run Fix button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.
Broni, Aug 30, 2010

#45

systemmistress Newcomer, in training Posts: 75

All processes killed
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
File move failed. C:\Windows\system32\drivers\aavmker4.sys scheduled to be moved on reboot.
File move failed. C:\Windows\system32\drivers\aswFsBlk.sys scheduled to be moved on reboot.
File move failed. C:\Windows\system32\drivers\aswmon2.sys scheduled to be moved on reboot.
File move failed. C:\Windows\system32\drivers\aswmon.sys scheduled to be moved on reboot.
File move failed. C:\Windows\system32\drivers\aswRdr.sys scheduled to be moved on reboot.
File move failed. C:\Windows\system32\drivers\aswSP.sys scheduled to be moved on reboot.
File move failed. C:\Windows\system32\drivers\aswTdi.sys scheduled to be moved on reboot.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Compaq_Owner
->Temp folder emptied: 642122 bytes
->Temporary Internet Files folder emptied: 497829 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 456 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 16786 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1.00 mb

[EMPTYFLASH]

User: All Users

User: Compaq_Owner
->Flash cache emptied: 0 bytes

User: Default User

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.11.0 log created on 08302010_181109

Files\Folders moved on Reboot...
File move failed. C:\Windows\system32\drivers\aavmker4.sys scheduled to be moved on reboot.
File move failed. C:\Windows\system32\drivers\aswFsBlk.sys scheduled to be moved on reboot.
File move failed. C:\Windows\system32\drivers\aswmon2.sys scheduled to be moved on reboot.
File move failed. C:\Windows\system32\drivers\aswmon.sys scheduled to be moved on reboot.
File move failed. C:\Windows\system32\drivers\aswRdr.sys scheduled to be moved on reboot.
File move failed. C:\Windows\system32\drivers\aswSP.sys scheduled to be moved on reboot.
File move failed. C:\Windows\system32\drivers\aswTdi.sys scheduled to be moved on reboot.

Registry entries deleted on Reboot...

systemmistress, Aug 30, 2010

#46

systemmistress Newcomer, in training Posts: 75

they are still in there...same place

systemmistress, Aug 30, 2010

#47
systemmistress Newcomer, in training Posts: 75

maybe this is my fault-
C:WINDOWS\system32\drivers

would the spelling of 'windows' matter?

systemmistress, Aug 30, 2010

#48
Broni Malware Annihilator Posts: 39,288 +175
No.

Let's try Combofix to move them...

1. Please open Notepad

Click Start , then Run

Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code:

File:: C:\Windows\system32\drivers\aavmker4.sys C:\Windows\system32\drivers\aswFsBlk.sys C:\Windows\system32\drivers\aswmon2.sys C:\Windows\system32\drivers\aswmon.sys C:\Windows\system32\drivers\aswRdr.sys C:\Windows\system32\drivers\aswSP.sys C:\Windows\system32\drivers\aswTdi.sys

3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt
Broni, Aug 30, 2010

#49
systemmistress Newcomer, in training Posts: 75

ComboFix 10-08-28.02 - Compaq_Owner 08/30/2010 19:52:42.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.446.241 [GMT -4:00]
Running from: c:\documents and settings\Compaq_Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Compaq_Owner\Desktop\CFScript.txt
AV: avast! antivirus 4.8.0 [VPS 000000-0] *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Filseclab Personal Firewall *disabled* {EB4DA513-3B0A-4FCB-86A7-F1243757EFF2}

FILE ::
"c:\windows\system32\drivers\aavmker4.sys"
"c:\windows\system32\drivers\aswFsBlk.sys"
"c:\windows\system32\drivers\aswmon.sys"
"c:\windows\system32\drivers\aswmon2.sys"
"c:\windows\system32\drivers\aswRdr.sys"
"c:\windows\system32\drivers\aswSP.sys"
"c:\windows\system32\drivers\aswTdi.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\aavmker4.sys
c:\windows\system32\drivers\aswFsBlk.sys
c:\windows\system32\drivers\aswmon.sys
c:\windows\system32\drivers\aswmon2.sys
c:\windows\system32\drivers\aswRdr.sys
c:\windows\system32\drivers\aswSP.sys
c:\windows\system32\drivers\aswTdi.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_aswFsBlk
-------\Legacy_aswSP
-------\Service_aswFsBlk
-------\Service_aswSP

((((((((((((((((((((((((( Files Created from 2010-07-28 to 2010-08-30 )))))))))))))))))))))))))))))))
.

2010-08-30 16:59 . 2010-08-30 16:59 -------- d-----w- C:\_OTL
2010-08-28 04:28 . 2010-08-28 04:28 -------- d-----w- c:\program files\7-Zip
2010-08-27 19:14 . 2010-08-27 19:14 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Malwarebytes
2010-08-27 19:13 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-27 19:13 . 2010-08-27 19:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-27 19:13 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-27 16:24 . 2006-09-02 02:45 222 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\Extended@spanglerco.com\open.cmd
2010-08-27 10:41 . 2010-08-27 10:42 -------- d-----w- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Temp
2010-08-27 10:40 . 2010-08-27 10:42 -------- d-----w- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Google
2010-08-23 19:29 . 2008-04-14 00:12 11325 ----a-w- c:\windows\system32\dllcache\vchnt5.dll
2010-08-22 17:35 . 2010-08-22 17:35 -------- d-----w- c:\program files\MSECache
2010-08-21 08:01 . 2010-08-21 08:01 -------- d-----w- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Help
2010-08-20 18:39 . 2010-08-20 18:39 388096 ------r- c:\documents and settings\Compaq_Owner\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-08-20 18:39 . 2010-08-20 18:39 -------- d-----w- c:\program files\Trend Micro
2010-08-16 17:37 . 2010-08-16 17:37 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\VSRevoGroup
2010-08-16 04:20 . 2010-08-16 04:20 -------- d-----w- c:\program files\Sophos
2010-08-16 02:16 . 2010-08-16 02:17 -------- d-----w- c:\program files\Speccy
2010-08-14 22:28 . 2010-08-14 22:28 -------- d-----w- c:\program files\Common Files\Java
2010-08-14 22:28 . 2010-08-14 22:28 503808 ------w- c:\documents and settings\Compaq_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1a4b79aa-n\msvcp71.dll
2010-08-14 22:28 . 2010-08-14 22:28 499712 ------w- c:\documents and settings\Compaq_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1a4b79aa-n\jmc.dll
2010-08-14 22:28 . 2010-08-14 22:28 348160 ------w- c:\documents and settings\Compaq_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1a4b79aa-n\msvcr71.dll
2010-08-14 22:27 . 2010-08-14 22:27 61440 ------w- c:\documents and settings\Compaq_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-5157a20a-n\decora-sse.dll
2010-08-14 22:27 . 2010-08-14 22:27 12800 ------w- c:\documents and settings\Compaq_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-5157a20a-n\decora-d3d.dll
2010-08-14 21:00 . 2010-08-14 21:00 -------- d-----w- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Chromium
2010-08-14 21:00 . 2010-08-14 21:00 -------- d-----w- c:\program files\SRWare Iron
2010-08-13 17:28 . 2010-08-16 03:54 -------- d-----w- C:\AV-CLS
2010-08-13 00:25 . 2010-08-13 03:48 -------- d-----w- c:\windows\BDOSCAN8
2010-08-10 07:21 . 2010-08-10 07:48 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\DiskSpaceFan
2010-08-10 07:20 . 2010-08-10 07:20 -------- d-----w- c:\program files\DiskSpaceFan
2010-08-10 07:05 . 2010-08-10 07:05 -------- d-----w- c:\program files\ZPaint 1.4
2010-08-07 07:50 . 2010-08-16 03:59 63488 ------w- c:\documents and settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-08-05 20:43 . 2010-08-05 20:43 52224 ------w- c:\documents and settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-30 23:58 . 2010-06-28 21:45 243840 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-08-30 19:56 . 2010-01-28 18:15 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\StumbleUpon
2010-08-30 14:34 . 2009-04-07 14:46 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-08-30 02:21 . 2009-03-30 11:33 50880 ----a-w- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-26 21:40 . 2010-01-16 14:42 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\PeoplePal
2010-08-26 21:22 . 2009-04-20 05:14 -------- d-----w- c:\documents and settings\All Users\Application Data\VistaCodecs
2010-08-25 17:38 . 2010-03-03 04:40 -------- d-----w- c:\program files\Common Files\Filseclab
2010-08-22 17:08 . 2010-02-16 20:16 -------- d-----w- c:\program files\Recuva
2010-08-21 10:01 . 2001-06-27 22:29 1134592 ----a-w- c:\windows\system32\ntbackup.exe
2010-08-20 19:36 . 2009-03-30 12:23 -------- d-----w- c:\program files\Alwil Software
2010-08-17 06:46 . 2009-03-30 15:31 -------- d-----w- c:\program files\VS Revo Group
2010-08-16 03:58 . 2009-04-05 19:18 117760 ------w- c:\documents and settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-08-16 02:13 . 2009-04-01 04:49 -------- d-----w- c:\program files\CCleaner
2010-08-14 22:27 . 2005-05-11 00:28 -------- d-----w- c:\program files\Java
2010-08-05 20:59 . 2009-04-05 19:17 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-07-27 11:56 . 2009-12-09 21:53 -------- d-----w- c:\program files\HeyDoc
2010-07-17 09:00 . 2010-04-16 22:34 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-30 12:31 . 2004-08-04 11:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22 . 2004-08-04 11:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2004-08-04 11:00 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2004-08-04 11:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2004-08-04 11:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2004-08-04 11:00 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41 . 2004-08-04 11:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-11 20:51 . 2010-06-11 20:51 3055600 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
2010-06-11 20:36 . 2010-06-11 20:36 275952 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\Mozilla\plugins\npgoogletalk.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-08-30_02.31.52 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-08-30 23:59 . 2010-08-30 23:59 16384 c:\windows\Temp\Perflib_Perfdata_fc.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-08-27 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-09 7311360]
"nwiz"="nwiz.exe" [2006-05-09 1519616]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-16 249856]
"Bart Station"="c:\program files\PeoplePC\ISP7000\BIN\PPCOLink.exe" [2008-02-25 25944]
"RTHDCPL"="RTHDCPL.EXE" [2009-02-03 18085888]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-05-09 86016]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-28 221184]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"XFILTER"="c:\program files\Filseclab\xfilter\xfilter.exe" [2006-12-23 901120]

c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2005-5-10 27136]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-10-26 04:37 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\AV-CLS\\WGET.EXE"=

R0 XPacket;Filseclab Packet Filter;c:\windows\system32\xpacket.sys [3/3/2010 12:40 AM 126224]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [3/23/2009 2:07 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [3/23/2009 2:07 PM 67656]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\14F.tmp --> c:\windows\system32\14F.tmp [?]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [6/17/2009 8:20 AM 12648]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [3/23/2009 2:07 PM 12872]
S3 StumbleUponUpdateService;StumbleUponUpdateService;c:\program files\StumbleUpon\StumbleUponUpdateService.exe [3/23/2009 11:43 PM 120168]
.
Contents of the 'Scheduled Tasks' folder

2010-08-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2204943530-153763967-1977393198-1009Core.job
- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-27 10:40]

2010-08-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2204943530-153763967-1977393198-1009UA.job
- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-27 10:40]

2010-08-24 c:\windows\Tasks\HPCeeSchedule.job
- c:\program files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2005-09-09 02:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://home.peoplepc.com/websearch
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
uInternet Settings,ProxyOverride = local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: StumbleUpon PhotoBlog It! - StumbleUponIEBar.dll/blogimage
IE: ZoomInto - c:\documents and settings\Compaq_Owner\Application Data\Zoominto\zoominto.htm
LSP: c:\program files\Filseclab\xfilter\XFILTER.DLL
TCP: {523E608B-4D4B-41B8-908D-FEA1131E7ED1} = 207.69.188.185,207.69.188.186
FF - ProfilePath - c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\
FF - prefs.js: browser.search.selectedEngine - Scroogle SSL
FF - plugin: c:\documents and settings\Compaq_Owner\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\Compaq_Owner\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll
FF - plugin: c:\program files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-30 20:00
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\14F.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2204943530-153763967-1977393198-1009\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(664)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll

- - - - - - - > 'lsass.exe'(720)
c:\program files\Filseclab\xfilter\XFILTER.DLL

- - - - - - - > 'explorer.exe'(2816)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\LSI SoftModem\agrsmsvc.exe
c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\RTHDCPL.EXE
c:\program files\PeoplePC\ISP7000\Browser\Bartshel.exe
c:\progra~1\PeoplePC\ISP7000\Browser\PPShared.exe
.
**************************************************************************
.
Completion time: 2010-08-30 20:02:56 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-31 00:02
ComboFix2.txt 2010-08-30 02:33

Pre-Run: 175,231,852,544 bytes free
Post-Run: 175,137,210,368 bytes free

- - End Of File - - 36B16C09A451C2ACDE3A66F8007AB526

systemmistress, Aug 30, 2010

#50
systemmistress Newcomer, in training Posts: 75

they are gone!
hooray!

systemmistress, Aug 30, 2010

#51
Broni Malware Annihilator Posts: 39,288 +175

Cool

Try Avira now.

Broni, Aug 30, 2010

#52
systemmistress Newcomer, in training Posts: 75

OMG!!

Alwil'sb Avast! is still in Programs folder!!
I should have checked, but I could swear it was gone before.
I am so ticked off..I tried to install Avira and it was a mess..nothing worked..firewall was a mess, and everything got real slow.

For the rest of my life I will never use Avast ! it is horrid.
What do I do now?

I could swear it was gone...
Sandra

I just uninstalled Avira and am writing this...

systemmistress, Aug 30, 2010

#53
systemmistress Newcomer, in training Posts: 75

Broni,

Avira did a quick scan and found a TrashCan trojan in System Volumn Information.

Also my Firewall "encountered some errors and had to close".

Could that trijan in the sys vil be the cause of all this mess?
S

systemmistress, Aug 31, 2010

#54
Broni Malware Annihilator Posts: 39,288 +175

Alwil'sb Avast! is still in Programs folder!!

Probably empty folder, which you can remove.

TrashCan trojan in System Volumn Information

Not a big deal, since we're not done with cleaning yet. That finding is not important because, it's in restore point. We'll reset restore points soon.

What are the current issues, if any?

Re-run OTL "Quick scan" and post new log.

Broni, Aug 31, 2010

#55
systemmistress Newcomer, in training Posts: 75

Part 1 OTL Log

OTL logfile created on: 8/31/2010 10:19:50 AM - Run 2
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\Compaq_Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

446.00 Mb Total Physical Memory | 208.00 Mb Available Physical Memory | 47.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 1344 1800 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 178.99 Gb Total Space | 163.00 Gb Free Space | 91.07% Space Free | Partition Type: NTFS
Drive D: | 7.29 Gb Total Space | 0.34 Gb Free Space | 4.73% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-D0F670B45A
Current User Name: Compaq_Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/08/30 10:33:53 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe
PRC - [2009/04/06 00:28:13 | 000,176,472 | ---- | M] (PeoplePC) -- C:\Program Files\PeoplePC\ISP7000\Browser\BartShel.exe
PRC - [2009/03/27 22:10:56 | 000,014,336 | ---- | M] (LSI Corporation) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe
PRC - [2008/04/13 20:12:36 | 000,538,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spider.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/25 16:36:44 | 000,086,360 | ---- | M] (PeoplePC) -- C:\Program Files\PeoplePC\ISP7000\Browser\PPShared.exe
PRC - [2006/12/23 15:29:08 | 000,901,120 | ---- | M] (Filseclab) -- C:\Program Files\Filseclab\xfilter\xfilter.exe
PRC - [2004/07/28 02:50:18 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

========== Modules (SafeList) ==========

MOD - [2010/08/30 10:33:53 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2009/11/24 19:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/03/27 22:10:56 | 000,014,336 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2009/03/23 23:43:32 | 000,120,168 | ---- | M] (stumbleupon.com) [On_Demand | Stopped] -- C:\Program Files\StumbleUpon\StumbleUponUpdateService.exe -- (StumbleUponUpdateService)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Internet Explorer\SABProcEnum.sys -- (SABProcEnum)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\14F.tmp -- (MEMSWEEP2)
DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\DRIVERS\ftsata2.sys -- (ftsata2)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2010/08/05 16:59:47 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/23 05:35:22 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/02/23 05:35:22 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/08/13 15:07:12 | 001,163,328 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/06/17 08:20:34 | 000,012,648 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2009/02/11 12:40:40 | 005,028,352 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2006/12/23 14:01:06 | 000,126,224 | ---- | M] (Filseclab Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\xpacket.sys -- (XPacket)
DRV - [2006/05/09 15:50:00 | 003,535,680 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2006/03/03 17:31:04 | 000,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/03/03 17:31:02 | 000,034,176 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005/06/17 09:33:40 | 000,872,064 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2005/03/09 17:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/08/03 17:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)

========== Standard Registry (SafeList) ==========

systemmistress, Aug 31, 2010

#56
systemmistress Newcomer, in training Posts: 75

Part 2 OTL Log

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.peoplepc.com/websearch
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Scroogle.com"
FF - prefs.js..browser.search.openintab: true
FF - prefs.js..browser.search.selectedEngine: "Scroogle SSL"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {152455DE-7B40-4bcf-B5B4-C68A1BE85A91}:2.6
FF - prefs.js..extensions.enabledItems: anticontainer@downthemall.net:0.7.3
FF - prefs.js..extensions.enabledItems: gmailthis@lazyrussian.com:2.2.8
FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe41}:1.0.9
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:3.3.20
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20091209.4
FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2c}:0.6.4
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.1
FF - prefs.js..extensions.enabledItems: {4aebcd37-f454-4928-9233-174a026ed367}:2.0
FF - prefs.js..extensions.enabledItems: {3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d}:0.8.19
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.63
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..keyword.URL: "http://search.imgag.com/?c=GNAMO38011&sbs=&sc=0&f=web&vernum=1.0&uid=&did={3472e18a-c2a3-495e-837a-4b2b787596fd}&appid=agtb&q="

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/27 12:23:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/26 22:52:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/03/18 12:30:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010/08/17 03:08:33 | 000,000,000 | ---D | M]

systemmistress, Aug 31, 2010

#57
systemmistress Newcomer, in training Posts: 75

Part 3 OTL Log

[2009/03/30 09:27:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Extensions
[2010/08/27 12:25:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions
[2010/02/17 15:29:10 | 000,000,000 | ---D | M] (Toolbar Buttons) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\{03B08592-E5B4-45ff-A0BE-C1D975458688}
[2010/07/27 08:18:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2010/08/19 18:08:07 | 000,000,000 | ---D | M] (Flagfox) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2010/02/17 16:51:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe41}
[2010/04/27 12:23:50 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/02/17 17:59:16 | 000,000,000 | ---D | M] (Organize Status Bar) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2c}
[2010/02/17 20:35:53 | 000,000,000 | ---D | M] (PDF Download) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2010/02/17 20:35:55 | 000,000,000 | ---D | M] (Send Tab URLs) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\{4aebcd37-f454-4928-9233-174a026ed367}
[2010/08/22 06:49:57 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/08/27 12:24:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2010/08/19 18:08:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\{ca0849e8-2c76-42ae-9abe-34e14d337acf}
[2010/08/19 18:08:04 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/08/10 10:45:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2010/06/18 05:54:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2010/04/13 00:48:53 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/08/27 12:24:48 | 000,000,000 | ---D | M] (Plain Text Links) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\{ec268e28-22c6-4a6c-ac22-635cabee283c}
[2010/08/27 12:24:48 | 000,000,000 | ---D | M] (Print) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\{f199da35-0a9a-4ce9-8f59-c68524deba93}
[2010/05/26 17:41:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\bartap@philikon.de
[2010/05/22 10:25:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\bettergmail2@ginatrapani.org
[2010/08/27 12:24:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\cbell-owner@mozdev.org
[2010/05/29 14:26:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\custombuttons@xsms.org
[2010/08/27 12:24:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\elemhidehelper@adblockplus.org
[2010/08/27 12:24:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\Extended@spanglerco.com
[2010/08/27 12:24:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\gmail_sigs@blankcanvasweb.com
[2010/03/27 16:15:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\gmailthis@lazyrussian.com
[2010/02/23 01:21:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\historyTree@norman.solomon
[2010/02/17 12:46:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\nosquint@urandom.ca
[2010/08/27 05:12:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\printit@GMPOWER.com
[2010/03/30 08:01:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\realfox@extensions.moz
[2010/08/27 12:24:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\staged-xpis
[2010/02/17 17:59:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\statusbuttons@clav.mozdev.org
[2010/08/27 12:24:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\viewabout@rumblingedge.com
[2010/03/30 08:01:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\realfox@extensions.moz\chrome
[2010/03/30 08:01:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\realfox@extensions.moz\defaults
[2010/08/26 08:24:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions
[2010/02/14 11:59:12 | 000,000,000 | ---D | M] (Toolbar Buttons) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\{03B08592-E5B4-45ff-A0BE-C1D975458688}
[2010/01/31 15:51:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2010/01/16 06:32:15 | 000,000,000 | ---D | M] (Flagfox) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2009/11/07 12:50:56 | 000,000,000 | ---D | M] (Session Manager) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}(2)
[2009/05/18 15:07:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe41}
[2009/11/27 18:47:18 | 000,000,000 | ---D | M] (Domain Details) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\{152455DE-7B40-4bcf-B5B4-C68A1BE85A91}
[2009/11/07 12:50:55 | 000,000,000 | ---D | M] (TV-Fox) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\{2f17f610-5e97-4fed-828f-9940b7b577a4}(2)
[2009/11/19 08:47:11 | 000,000,000 | ---D | M] (Organize Status Bar) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2c}
[2010/02/10 04:52:13 | 000,000,000 | ---D | M] (Stay-Open Menu) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\{3541c267-2580-4144-854e-2e05c8670121}
[2009/12/14 15:44:39 | 000,000,000 | ---D | M] (PDF Download) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2009/12/12 14:08:00 | 000,000,000 | ---D | M] (ShowIP) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\{3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d}
[2009/04/08 07:32:32 | 000,000,000 | ---D | M] (Send Tab URLs) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\{4aebcd37-f454-4928-9233-174a026ed367}
[2009/11/07 12:50:34 | 000,000,000 | ---D | M] (LiveTV_ Toolbar) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\{59385f95-c52f-4a84-b674-4a4206b17218}(2)
[2010/01/31 15:51:05 | 000,000,000 | ---D | M] (History Submenus) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\{7102aba3-045c-4ec2-b921-46d87636d84b}
[2010/02/14 13:07:33 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009/04/09 16:16:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\{A8208118-F761-47E2-A01F-4FB22AE08B5E}
[2010/02/14 13:07:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2009/08/18 09:56:51 | 000,000,000 | ---D | M] (Reload Tab On Double-Click) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\{aede9b05-c23c-479b-a90e-9146ed62d377}
[2009/10/20 20:18:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\{ca0849e8-2c76-42ae-9abe-34e14d337acf}
[2010/01/07 19:40:02 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/02/14 11:00:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\{D9A7CBEC-DE1A-444f-A092-844461596C4D}
[2009/12/23 10:23:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2009/12/09 17:32:10 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/12/09 17:32:13 | 000,000,000 | ---D | M] (Open link in...) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\{ff81e780-5cc0-11d9-9669-0800200c9a66}
[2010/02/14 11:39:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\99b796593689dde381ea87a085341ec2@button.codefisher.org
[2010/02/14 13:05:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\anticontainer@downthemall.net
[2009/07/09 06:26:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\elemhidehelper@adblockplus.org
[2010/02/13 00:18:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\gmail_sigs@blankcanvasweb.com
[2009/12/03 10:10:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\gmailthis@lazyrussian.com
[2010/02/10 04:52:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\guiconfig@slosd.net
[2009/11/07 12:50:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\knowmoreextension@knowmore.org
[2009/11/07 12:50:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\lazarus@interclue(2).com
[2009/04/09 16:16:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\speedtest@gotomyhelp.com
[2010/02/14 11:00:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\statusbuttons@clav.mozdev.org
[2009/07/14 14:34:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\whatsmyip@adrian
[2010/08/26 08:34:19 | 000,002,343 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\searchplugins\amazon-jp.xml
[2010/08/26 08:34:19 | 000,002,345 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\searchplugins\amazon-us---books.xml
[2010/08/26 08:34:17 | 000,001,529 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\searchplugins\amazoncom---healthpersonal-care.xml
[2010/08/26 08:34:18 | 000,004,121 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\searchplugins\baidu-.xml
[2010/08/26 08:34:18 | 000,002,098 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\searchplugins\bing---shopping.xml
[2009/03/25 09:11:04 | 000,000,876 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\searchplugins\conduit.xml
[2010/08/26 08:34:18 | 000,001,137 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\searchplugins\dictionarycom.xml
[2010/02/09 23:48:51 | 000,005,511 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\searchplugins\food-network---recipes.xml
[2010/08/26 08:34:18 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\searchplugins\geotool.xml
[2010/08/26 08:34:18 | 000,001,941 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\searchplugins\goodsearch.xml
[2010/08/26 08:34:19 | 000,001,901 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\searchplugins\grouprecipes.xml
[2010/08/26 08:34:19 | 000,002,322 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\searchplugins\joyo-amazon.xml
[2009/07/12 12:21:41 | 000,001,961 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\searchplugins\myiptest---blacklist-ip-check.xml
[2009/07/12 12:15:40 | 000,001,938 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\searchplugins\myiptest---ip-lookup.xml
[2009/07/12 12:21:51 | 000,001,945 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\searchplugins\myiptest---reverse-dns-lookup.xml
[2010/08/26 08:34:19 | 000,001,241 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\searchplugins\scroogle-ssl-english.xml
[2010/08/26 08:34:19 | 000,001,223 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\searchplugins\scroogle-ssl.xml
[2010/08/26 08:34:18 | 000,001,189 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\searchplugins\scroogle.xml
[2010/08/26 08:34:19 | 000,001,084 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\searchplugins\thesauruscom.xml
[2010/08/26 08:34:19 | 000,002,328 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\searchplugins\urban-dictionary.xml
[2009/10/29 05:04:57 | 000,001,846 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\searchplugins\web---nibbo.xml
[2010/08/26 08:34:19 | 000,001,326 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\searchplugins\wikipedia-en---go.xml
[2010/08/26 08:34:19 | 000,002,087 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\searchplugins\youtube.xml
[2010/08/27 12:25:35 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/14 18:27:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2008/06/18 02:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[1999/12/31 17:00:00 | 000,166,168 | ---- | M] (Tracker Software Products Ltd.) -- C:\Program Files\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll

systemmistress, Aug 31, 2010

#58
systemmistress Newcomer, in training Posts: 75

Part 4 OTL Log

O1 HOSTS File: ([2010/08/30 19:59:22 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (StumbleUpon Launcher) - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll (stumbleupon.com)
O2 - BHO: (ZoomInto) - {2F3D6D62-FAB0-401A-90B6-1B20C2D4448D} - C:\Program Files\Zoominto Solutions\ZoomInto 13.1.1\ZoomInto.dll (ZoomInto Solutions)
O2 - BHO: (Accelerator Plugin) - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\Program Files\PeoplePC Accelerated\prpl_IePopupBlocker.dll (Propel Software Corporation)
O3 - HKLM\..\Toolbar: (StumbleUpon Toolbar) - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll (stumbleupon.com)
O4 - HKLM..\Run: [Bart Station] C:\Program Files\PeoplePC\ISP7000\BIN\PPCOLink.exe (PeoplePC)
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [XFILTER] C:\Program Files\Filseclab\xfilter\xfilter.exe (Filseclab)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: ZoomInto - C:\Documents and Settings\Compaq_Owner\Application Data\Zoominto\zoominto.htm ()
O9 - Extra Button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Filseclab\xfilter\XFILTER.DLL (Filseclab Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Filseclab\xfilter\XFILTER.DLL (Filseclab Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Filseclab\xfilter\XFILTER.DLL (Filseclab Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Filseclab\xfilter\XFILTER.DLL (Filseclab Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Filseclab\xfilter\XFILTER.DLL (Filseclab Corporation)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1238518495328 (MUWebControl Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadblocker.com/activex/sabspx.cab (SABScanProcesses Class)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/12/05 02:50:26 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 15:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

systemmistress, Aug 31, 2010

#59
systemmistress Newcomer, in training Posts: 75

Part 5 OTL Log

========== Files/Folders - Created Within 90 Days ==========

[2010/08/30 23:38:52 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/08/30 21:34:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2010/08/30 13:34:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Desktop\TOOLS
[2010/08/30 12:59:29 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/08/30 10:33:50 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe
[2010/08/29 22:25:40 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/08/29 22:23:15 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/08/29 22:23:15 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/08/29 22:23:15 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/08/29 22:23:15 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/08/29 22:23:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/08/29 22:21:15 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/08/28 00:28:47 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2010/08/27 15:14:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\Malwarebytes
[2010/08/27 15:13:57 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/08/27 15:13:55 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/08/27 15:13:55 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/08/27 06:41:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Temp
[2010/08/27 06:40:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google
[2010/08/26 18:07:48 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Compaq_Owner\Recent
[2010/08/26 16:52:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\My Documents\info ff
[2010/08/26 16:39:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\My Documents\bios
[2010/08/26 09:09:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\My Documents\MSDN
[2010/08/22 13:35:58 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2010/08/21 04:01:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Help
[2010/08/21 04:01:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\Help
[2010/08/20 14:53:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Desktop\backups
[2010/08/20 14:39:04 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/08/20 14:35:48 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Compaq_Owner\Desktop\HijackThis.exe
[2010/08/20 08:53:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\My Documents\MY PAPER ON HEALTH
[2010/08/16 13:37:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\VSRevoGroup
[2010/08/16 00:20:45 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2010/08/15 22:16:58 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy
[2010/08/14 18:28:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/08/14 17:00:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Chromium
[2010/08/14 17:00:40 | 000,000,000 | ---D | C] -- C:\Program Files\SRWare Iron
[2010/08/14 05:55:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\My Documents\MERCOLA
[2010/08/13 13:28:18 | 000,000,000 | ---D | C] -- C:\AV-CLS
[2010/08/12 20:25:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\BDOSCAN8
[2010/08/11 13:48:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\My Documents\NormL
[2010/08/10 03:21:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\DiskSpaceFan
[2010/08/10 03:20:49 | 000,000,000 | ---D | C] -- C:\Program Files\DiskSpaceFan
[2010/08/10 03:05:07 | 000,000,000 | ---D | C] -- C:\Program Files\ZPaint 1.4
[2010/07/29 10:13:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Citrix
[2010/07/03 11:20:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\My Documents\CHS 50
[2010/06/20 15:27:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Tracker Software
[2010/06/20 15:23:56 | 000,000,000 | ---D | C] -- C:\Program Files\Tracker Software
[2010/06/19 07:48:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\My Documents\CHS PHOTOS

systemmistress, Aug 31, 2010

#60

Page 3 of 6

Topic Status:: Not open for further replies.

Add New Comment

	Social Login & Guest Posting			TechSpot Members Login here or sign up for free, it takes about a minute.
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.