TechSpot

Results of testing: locked self-protect mode of Avast Antivirus Pro

Solved
By systemmistress
Aug 27, 2010
  1. systemmistress

    systemmistress TS Rookie Topic Starter Posts: 75

    I am back..Thanx for your patience.
    s
     
  2. Broni

    Broni Malware Annihilator Posts: 47,704   +268

    We're good :)

    We just need to remove 3 dead Avast services and you should be good to go.
    This time, to save you some time, you can attach both resulting logs.

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
      SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
      SRV - File not found [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
      
      :Services
      
      :Reg
      
      :Files
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.
    • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
     
  3. systemmistress

    systemmistress TS Rookie Topic Starter Posts: 75

    All processes killed
    ========== OTL ==========
    Service avast! Web Scanner stopped successfully!
    Service avast! Web Scanner deleted successfully!
    File C:\Program Files\Alwil Software\Avast4\ashWebSv.exe not found.
    Service avast! Mail Scanner stopped successfully!
    Service avast! Mail Scanner deleted successfully!
    File C:\Program Files\Alwil Software\Avast5\AvastSvc.exe not found.
    Service avast! Antivirus stopped successfully!
    Service avast! Antivirus deleted successfully!
    File C:\Program Files\Alwil Software\Avast4\ashServ.exe not found.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Compaq_Owner
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 460560 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 41322604 bytes
    ->Flash cache emptied: 615 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 65536 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 306912 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 40.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Compaq_Owner
    ->Flash cache emptied: 0 bytes

    User: Default User

    User: LocalService

    User: NetworkService

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.11.0 log created on 09012010_000300

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...
     
  4. Broni

    Broni Malware Annihilator Posts: 47,704   +268

    Attach fresh OTL "Quick scan" log.
    Avast should be gone by now, but I want to doublecheck.
     
  5. systemmistress

    systemmistress TS Rookie Topic Starter Posts: 75

    part 1 OTL log

    OTL logfile created on: 9/1/2010 12:22:40 AM - Run 4
    OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\Compaq_Owner\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    446.00 Mb Total Physical Memory | 288.00 Mb Available Physical Memory | 65.00% Memory free
    2.00 Gb Paging File | 1.00 Gb Available in Paging File | 82.00% Paging File free
    Paging file location(s): C:\pagefile.sys 1344 1800 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 178.99 Gb Total Space | 162.89 Gb Free Space | 91.00% Space Free | Partition Type: NTFS
    Drive D: | 7.29 Gb Total Space | 0.34 Gb Free Space | 4.73% Space Free | Partition Type: FAT32
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: YOUR-D0F670B45A
    Current User Name: Compaq_Owner
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: On
    Skip Microsoft Files: On
    File Age = 90 Days
    Output = Standard
    Quick Scan

    ========== Processes (SafeList) ==========

    PRC - [2010/08/30 10:33:53 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe
    PRC - [2009/04/06 00:28:13 | 000,176,472 | ---- | M] (PeoplePC) -- C:\Program Files\PeoplePC\ISP7000\Browser\BartShel.exe
    PRC - [2009/03/27 22:10:56 | 000,014,336 | ---- | M] (LSI Corporation) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe
    PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2008/02/25 16:36:44 | 000,086,360 | ---- | M] (PeoplePC) -- C:\Program Files\PeoplePC\ISP7000\Browser\PPShared.exe
    PRC - [2006/12/23 15:29:08 | 000,901,120 | ---- | M] (Filseclab) -- C:\Program Files\Filseclab\xfilter\xfilter.exe
    PRC - [2004/07/28 02:50:18 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/08/30 10:33:53 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe
    MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
     
  6. systemmistress

    systemmistress TS Rookie Topic Starter Posts: 75

    Part 2 OTL Log

    ========== Win32 Services (SafeList) ==========

    SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
    SRV - [2009/03/27 22:10:56 | 000,014,336 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
    SRV - [2009/03/23 23:43:32 | 000,120,168 | ---- | M] (stumbleupon.com) [On_Demand | Stopped] -- C:\Program Files\StumbleUpon\StumbleUponUpdateService.exe -- (StumbleUponUpdateService)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Internet Explorer\SABProcEnum.sys -- (SABProcEnum)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\14F.tmp -- (MEMSWEEP2)
    DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\DRIVERS\ftsata2.sys -- (ftsata2)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\catchme.sys -- (catchme)
    DRV - [2010/08/05 16:59:47 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2010/02/23 05:35:22 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
    DRV - [2010/02/23 05:35:22 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
    DRV - [2009/08/13 15:07:12 | 001,163,328 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
    DRV - [2009/06/17 08:20:34 | 000,012,648 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
    DRV - [2009/02/11 12:40:40 | 005,028,352 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
    DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
    DRV - [2006/12/23 14:01:06 | 000,126,224 | ---- | M] (Filseclab Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\xpacket.sys -- (XPacket)
    DRV - [2006/05/09 15:50:00 | 003,535,680 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
    DRV - [2006/03/03 17:31:04 | 000,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
    DRV - [2006/03/03 17:31:02 | 000,034,176 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
    DRV - [2005/06/17 09:33:40 | 000,872,064 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)
    DRV - [2005/03/09 17:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
    DRV - [2004/08/03 17:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========


    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.peoplepc.com/websearch
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Scroogle.com"
    FF - prefs.js..browser.search.openintab: true
    FF - prefs.js..browser.search.selectedEngine: "Scroogle SSL"
    FF - prefs.js..browser.search.suggest.enabled: false
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
    FF - prefs.js..extensions.enabledItems: {152455DE-7B40-4bcf-B5B4-C68A1BE85A91}:2.6
    FF - prefs.js..extensions.enabledItems: anticontainer@downthemall.net:0.7.3
    FF - prefs.js..extensions.enabledItems: gmailthis@lazyrussian.com:2.2.8
    FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe41}:1.0.9
    FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:3.3.20
    FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20091209.4
    FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2c}:0.6.4
    FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.1
    FF - prefs.js..extensions.enabledItems: {4aebcd37-f454-4928-9233-174a026ed367}:2.0
    FF - prefs.js..extensions.enabledItems: {3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d}:0.8.19
    FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.63
    FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.2
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..keyword.URL: "http://search.imgag.com/?c=GNAMO38011&sbs=&sc=0&f=web&vernum=1.0&uid=&did={3472e18a-c2a3-495e-837a-4b2b787596fd}&appid=agtb&q="

    FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/27 12:23:55 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/26 22:52:12 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/03/18 12:30:28 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010/08/17 03:08:33 | 000,000,000 | ---D | M]
     
  7. systemmistress

    systemmistress TS Rookie Topic Starter Posts: 75

    Part 3 OTL Log

    [2009/03/30 09:27:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Extensions
    [2010/08/27 12:25:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions
    [2010/02/17 15:29:10 | 000,000,000 | ---D | M] (Toolbar Buttons) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\{03B08592-E5B4-45ff-A0BE-C1D975458688}
    [2010/07/27 08:18:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
    [2010/08/19 18:08:07 | 000,000,000 | ---D | M] (Flagfox) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
    [2010/02/17 16:51:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe41}
    [2010/04/27 12:23:50 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2010/02/17 17:59:16 | 000,000,000 | ---D | M] (Organize Status Bar) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2c}
    [2010/02/17 20:35:53 | 000,000,000 | ---D | M] (PDF Download) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
    [2010/02/17 20:35:55 | 000,000,000 | ---D | M] (Send Tab URLs) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\{4aebcd37-f454-4928-9233-174a026ed367}
    [2010/08/22 06:49:57 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
    [2010/08/27 12:24:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
    [2010/08/19 18:08:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\{ca0849e8-2c76-42ae-9abe-34e14d337acf}
    [2010/08/19 18:08:04 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    [2010/08/10 10:45:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
    [2010/06/18 05:54:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\{dc572301-7619-498c-a57d-39143191b318}
    [2010/04/13 00:48:53 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
    [2010/08/27 12:24:48 | 000,000,000 | ---D | M] (Plain Text Links) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\{ec268e28-22c6-4a6c-ac22-635cabee283c}
    [2010/08/27 12:24:48 | 000,000,000 | ---D | M] (Print) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\{f199da35-0a9a-4ce9-8f59-c68524deba93}
    [2010/05/26 17:41:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\bartap@philikon.de
    [2010/05/22 10:25:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\bettergmail2@ginatrapani.org
    [2010/08/27 12:24:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\cbell-owner@mozdev.org
    [2010/05/29 14:26:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\custombuttons@xsms.org
    [2010/08/27 12:24:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\elemhidehelper@adblockplus.org
    [2010/08/27 12:24:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\Extended@spanglerco.com
    [2010/08/27 12:24:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\gmail_sigs@blankcanvasweb.com
    [2010/03/27 16:15:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\gmailthis@lazyrussian.com
    [2010/02/23 01:21:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\historyTree@norman.solomon
    [2010/02/17 12:46:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\nosquint@urandom.ca
    [2010/08/27 05:12:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\printit@GMPOWER.com
    [2010/03/30 08:01:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\realfox@extensions.moz
    [2010/08/27 12:24:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\staged-xpis
    [2010/02/17 17:59:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\statusbuttons@clav.mozdev.org
    [2010/08/27 12:24:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\viewabout@rumblingedge.com
    [2010/03/30 08:01:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\realfox@extensions.moz\chrome
    [2010/03/30 08:01:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\realfox@extensions.moz\defaults
    [2010/08/26 08:24:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions
    [2010/02/14 11:59:12 | 000,000,000 | ---D | M] (Toolbar Buttons) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\{03B08592-E5B4-45ff-A0BE-C1D975458688}
    [2010/01/31 15:51:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
    [2010/01/16 06:32:15 | 000,000,000 | ---D | M] (Flagfox) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
    [2009/11/07 12:50:56 | 000,000,000 | ---D | M] (Session Manager) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}(2)
    [2009/05/18 15:07:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe41}
    [2009/11/27 18:47:18 | 000,000,000 | ---D | M] (Domain Details) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\{152455DE-7B40-4bcf-B5B4-C68A1BE85A91}
    [2009/11/07 12:50:55 | 000,000,000 | ---D | M] (TV-Fox) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\{2f17f610-5e97-4fed-828f-9940b7b577a4}(2)
    [2009/11/19 08:47:11 | 000,000,000 | ---D | M] (Organize Status Bar) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2c}
    [2010/02/10 04:52:13 | 000,000,000 | ---D | M] (Stay-Open Menu) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\{3541c267-2580-4144-854e-2e05c8670121}
    [2009/12/14 15:44:39 | 000,000,000 | ---D | M] (PDF Download) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
    [2009/12/12 14:08:00 | 000,000,000 | ---D | M] (ShowIP) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\{3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d}
    [2009/04/08 07:32:32 | 000,000,000 | ---D | M] (Send Tab URLs) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\{4aebcd37-f454-4928-9233-174a026ed367}
    [2009/11/07 12:50:34 | 000,000,000 | ---D | M] (LiveTV_ Toolbar) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\{59385f95-c52f-4a84-b674-4a4206b17218}(2)
    [2010/01/31 15:51:05 | 000,000,000 | ---D | M] (History Submenus) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\{7102aba3-045c-4ec2-b921-46d87636d84b}
    [2010/02/14 13:07:33 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
    [2009/04/09 16:16:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\{A8208118-F761-47E2-A01F-4FB22AE08B5E}
    [2010/02/14 13:07:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
    [2009/08/18 09:56:51 | 000,000,000 | ---D | M] (Reload Tab On Double-Click) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\{aede9b05-c23c-479b-a90e-9146ed62d377}
    [2009/10/20 20:18:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\{ca0849e8-2c76-42ae-9abe-34e14d337acf}
    [2010/01/07 19:40:02 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    [2010/02/14 11:00:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\{D9A7CBEC-DE1A-444f-A092-844461596C4D}
    [2009/12/23 10:23:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
    [2009/12/09 17:32:10 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
    [2009/12/09 17:32:13 | 000,000,000 | ---D | M] (Open link in...) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\{ff81e780-5cc0-11d9-9669-0800200c9a66}
    [2010/02/14 11:39:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\99b796593689dde381ea87a085341ec2@button.codefisher.org
    [2010/02/14 13:05:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\anticontainer@downthemall.net
    [2009/07/09 06:26:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\elemhidehelper@adblockplus.org
    [2010/02/13 00:18:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\gmail_sigs@blankcanvasweb.com
    [2009/12/03 10:10:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\gmailthis@lazyrussian.com
    [2010/02/10 04:52:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\guiconfig@slosd.net
    [2009/11/07 12:50:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\knowmoreextension@knowmore.org
    [2009/11/07 12:50:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\lazarus@interclue(2).com
    [2009/04/09 16:16:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\speedtest@gotomyhelp.com
    [2010/02/14 11:00:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\statusbuttons@clav.mozdev.org
    [2009/07/14 14:34:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\whatsmyip@adrian
    [2010/08/26 08:34:19 | 000,002,343 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\searchplugins\amazon-jp.xml
    [2010/08/26 08:34:19 | 000,002,345 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\searchplugins\amazon-us---books.xml
    [2010/08/26 08:34:17 | 000,001,529 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\searchplugins\amazoncom---healthpersonal-care.xml
    [2010/08/26 08:34:18 | 000,004,121 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\searchplugins\baidu-.xml
    [2010/08/26 08:34:18 | 000,002,098 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\searchplugins\bing---shopping.xml
    [2009/03/25 09:11:04 | 000,000,876 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\searchplugins\conduit.xml
    [2010/08/26 08:34:18 | 000,001,137 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\searchplugins\dictionarycom.xml
    [2010/02/09 23:48:51 | 000,005,511 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\searchplugins\food-network---recipes.xml
    [2010/08/26 08:34:18 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\searchplugins\geotool.xml
    [2010/08/26 08:34:18 | 000,001,941 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\searchplugins\goodsearch.xml
    [2010/08/26 08:34:19 | 000,001,901 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\searchplugins\grouprecipes.xml
    [2010/08/26 08:34:19 | 000,002,322 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\searchplugins\joyo-amazon.xml
    [2009/07/12 12:21:41 | 000,001,961 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\searchplugins\myiptest---blacklist-ip-check.xml
    [2009/07/12 12:15:40 | 000,001,938 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\searchplugins\myiptest---ip-lookup.xml
    [2009/07/12 12:21:51 | 000,001,945 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\searchplugins\myiptest---reverse-dns-lookup.xml
    [2010/08/26 08:34:19 | 000,001,241 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\searchplugins\scroogle-ssl-english.xml
    [2010/08/26 08:34:19 | 000,001,223 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\searchplugins\scroogle-ssl.xml
    [2010/08/26 08:34:18 | 000,001,189 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\searchplugins\scroogle.xml
    [2010/08/26 08:34:19 | 000,001,084 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\searchplugins\thesauruscom.xml
    [2010/08/26 08:34:19 | 000,002,328 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\searchplugins\urban-dictionary.xml
    [2009/10/29 05:04:57 | 000,001,846 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\searchplugins\web---nibbo.xml
    [2010/08/26 08:34:19 | 000,001,326 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\searchplugins\wikipedia-en---go.xml
    [2010/08/26 08:34:19 | 000,002,087 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\searchplugins\youtube.xml
    [2010/08/27 12:25:35 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
    [2010/08/14 18:27:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    [2008/06/18 02:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
    [2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
    [1999/12/31 17:00:00 | 000,166,168 | ---- | M] (Tracker Software Products Ltd.) -- C:\Program Files\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll
     
  8. systemmistress

    systemmistress TS Rookie Topic Starter Posts: 75

    Part 4 OTL Log

    O1 HOSTS File: ([2010/08/31 21:44:15 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (StumbleUpon Launcher) - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll (stumbleupon.com)
    O2 - BHO: (ZoomInto) - {2F3D6D62-FAB0-401A-90B6-1B20C2D4448D} - C:\Program Files\Zoominto Solutions\ZoomInto 13.1.1\ZoomInto.dll (ZoomInto Solutions)
    O2 - BHO: (Accelerator Plugin) - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\Program Files\PeoplePC Accelerated\prpl_IePopupBlocker.dll (Propel Software Corporation)
    O3 - HKLM\..\Toolbar: (StumbleUpon Toolbar) - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll (stumbleupon.com)
    O4 - HKLM..\Run: [Bart Station] C:\Program Files\PeoplePC\ISP7000\BIN\PPCOLink.exe (PeoplePC)
    O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
    O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
    O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
    O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
    O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
    O4 - HKLM..\Run: [XFILTER] C:\Program Files\Filseclab\xfilter\xfilter.exe (Filseclab)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: ZoomInto - C:\Documents and Settings\Compaq_Owner\Application Data\Zoominto\zoominto.htm ()
    O9 - Extra Button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
    O9 - Extra 'Tools' menuitem : Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Filseclab\xfilter\XFILTER.DLL (Filseclab Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Filseclab\xfilter\XFILTER.DLL (Filseclab Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Filseclab\xfilter\XFILTER.DLL (Filseclab Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Filseclab\xfilter\XFILTER.DLL (Filseclab Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Filseclab\xfilter\XFILTER.DLL (Filseclab Corporation)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1238518495328 (MUWebControl Class)
    O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
    O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadblocker.com/activex/sabspx.cab (SABScanProcesses Class)
    O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
    O24 - Desktop WallPaper: C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2005/12/05 02:50:26 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2001/07/27 15:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 90 Days ==========
     
  9. systemmistress

    systemmistress TS Rookie Topic Starter Posts: 75

    Part 5 OTL Log

    ========== Files/Folders - Created Within 90 Days ==========

    [2010/09/01 00:03:03 | 000,000,000 | -HSD | C] -- C:\RECYCLER
    [2010/08/31 21:38:00 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2010/08/31 17:47:43 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Compaq_Owner\Recent
    [2010/08/30 21:34:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
    [2010/08/30 13:34:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Desktop\TOOLS
    [2010/08/30 12:59:29 | 000,000,000 | ---D | C] -- C:\_OTL
    [2010/08/30 10:33:50 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe
    [2010/08/29 22:25:40 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2010/08/29 22:23:15 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2010/08/29 22:23:15 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2010/08/29 22:23:15 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2010/08/29 22:23:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2010/08/29 22:21:15 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2010/08/28 00:28:47 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
    [2010/08/27 15:14:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\Malwarebytes
    [2010/08/27 15:13:57 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010/08/27 15:13:55 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2010/08/27 15:13:55 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2010/08/27 06:41:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Temp
    [2010/08/27 06:40:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google
    [2010/08/26 16:52:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\My Documents\info ff
    [2010/08/26 16:39:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\My Documents\bios
    [2010/08/26 09:09:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\My Documents\MSDN
    [2010/08/22 13:35:58 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
    [2010/08/21 04:01:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Help
    [2010/08/21 04:01:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\Help
    [2010/08/20 14:53:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Desktop\backups
    [2010/08/20 14:39:04 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
    [2010/08/20 14:35:48 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Compaq_Owner\Desktop\HijackThis.exe
    [2010/08/20 08:53:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\My Documents\MY PAPER ON HEALTH
    [2010/08/16 13:37:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\VSRevoGroup
    [2010/08/16 00:20:45 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
    [2010/08/15 22:16:58 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy
    [2010/08/14 18:28:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
    [2010/08/14 17:00:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Chromium
    [2010/08/14 17:00:40 | 000,000,000 | ---D | C] -- C:\Program Files\SRWare Iron
    [2010/08/14 05:55:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\My Documents\MERCOLA
    [2010/08/13 13:28:18 | 000,000,000 | ---D | C] -- C:\AV-CLS
    [2010/08/12 20:25:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\BDOSCAN8
    [2010/08/11 13:48:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\My Documents\NormL
    [2010/08/10 03:21:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\DiskSpaceFan
    [2010/08/10 03:20:49 | 000,000,000 | ---D | C] -- C:\Program Files\DiskSpaceFan
    [2010/08/10 03:05:07 | 000,000,000 | ---D | C] -- C:\Program Files\ZPaint 1.4
    [2010/07/29 10:13:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Citrix
    [2010/07/03 11:20:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\My Documents\CHS 50
    [2010/06/20 15:27:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Tracker Software
    [2010/06/20 15:23:56 | 000,000,000 | ---D | C] -- C:\Program Files\Tracker Software
    [2010/06/19 07:48:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\My Documents\CHS PHOTOS

    ========== Files - Modified Within 90 Days ==========

    [2010/09/01 00:16:37 | 000,000,249 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
    [2010/09/01 00:06:15 | 000,043,531 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
    [2010/09/01 00:04:21 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
    [2010/09/01 00:04:17 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010/09/01 00:03:13 | 007,340,032 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\ntuser.dat
    [2010/09/01 00:03:13 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Compaq_Owner\ntuser.ini
    [2010/08/31 23:46:14 | 000,001,006 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2204943530-153763967-1977393198-1009UA.job
    [2010/08/31 21:44:26 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
    [2010/08/31 21:44:15 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2010/08/31 21:34:24 | 003,829,857 | R--- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\ComboFix.exe
    [2010/08/31 06:46:00 | 000,000,954 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2204943530-153763967-1977393198-1009Core.job
    [2010/08/30 13:42:10 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\dds.scr
    [2010/08/30 10:33:53 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe
    [2010/08/29 22:25:45 | 000,000,281 | RHS- | M] () -- C:\boot.ini
    [2010/08/29 22:21:56 | 000,050,880 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    [2010/08/27 15:14:00 | 000,000,704 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/08/26 22:52:16 | 000,001,628 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2010/08/26 22:52:16 | 000,001,610 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
    [2010/08/26 09:09:46 | 000,000,811 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Shortcut to DropMyRights.exe.lnk
    [2010/08/26 08:17:19 | 017,868,108 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Firefox 3.6.8 (en-US) - 2010-08-26.pcv
    [2010/08/26 08:15:42 | 016,461,798 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Thunderbird 2.0.0.24 (en-US) - 2010-08-26.pcv
    [2010/08/25 16:11:52 | 000,000,937 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Revo Uninstaller.lnk
    [2010/08/24 23:17:54 | 000,209,696 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2010/08/24 22:00:05 | 000,002,624 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\leukemia.rtf
    [2010/08/24 00:07:14 | 000,000,320 | ---- | M] () -- C:\WINDOWS\tasks\HPCeeSchedule.job
    [2010/08/22 13:09:00 | 000,001,520 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Recuva.lnk
    [2010/08/21 12:10:31 | 000,000,646 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Shortcut to ntbackup.exe.lnk
    [2010/08/21 06:07:39 | 2740,777,984 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Backup8-20.bkf
    [2010/08/20 14:35:50 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Compaq_Owner\Desktop\HijackThis.exe
    [2010/08/20 14:16:02 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\housecall.guid.cache
    [2010/08/17 03:08:29 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\PDF-Viewer.lnk
    [2010/08/17 02:23:41 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
    [2010/08/16 11:39:10 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.new
    [2010/08/16 00:35:07 | 000,000,759 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Shortcut to sar_15_sfx.exe.lnk
    [2010/08/15 23:40:46 | 000,000,720 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Filseclab Personal Firewall.lnk
    [2010/08/15 22:17:02 | 000,000,662 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Speccy.lnk
    [2010/08/15 22:13:40 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\CCleaner.lnk
    [2010/08/14 17:37:24 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
    [2010/08/14 17:01:03 | 000,000,647 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\SRWare Iron.lnk
    [2010/08/14 17:01:02 | 000,000,669 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SRWare Iron.lnk
    [2010/08/12 19:30:12 | 000,503,854 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
    [2010/08/12 19:30:12 | 000,442,796 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2010/08/12 19:30:12 | 000,071,936 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2010/08/12 18:17:33 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\config.bak
    [2010/08/11 21:59:47 | 000,002,568 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\victorFrankl.abw
    [2010/08/11 09:28:33 | 000,000,281 | ---- | M] () -- C:\Boot.bak
    [2010/08/10 15:11:32 | 000,000,905 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Shortcut to filavut.exe.lnk
    [2010/08/10 03:20:49 | 000,000,627 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Disk Space Fan.lnk
    [2010/08/08 21:49:52 | 000,040,989 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\cancer cure-budwig.rtf
    [2010/08/07 21:48:55 | 000,006,026 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Statins Damage.rtf
    [2010/08/07 18:10:22 | 000,030,753 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\glass housecholesterolMeds.rtf
    [2010/08/07 17:54:05 | 000,017,606 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\lowerCholesterol.rtf
    [2010/08/07 17:52:05 | 000,008,942 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\RainbowBridge.rtf
    [2010/08/07 17:12:17 | 000,024,395 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\adr fatiguet.rtf
    [2010/08/07 17:02:05 | 000,023,880 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\ADRENAL FATIGUE.rtf
    [2010/08/07 16:59:08 | 000,023,865 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\.gsf-save-PI5YGV
    [2010/08/07 15:03:04 | 000,030,512 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\pravastatin.abw
    [2010/08/07 13:29:28 | 000,022,864 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\pravastatin.rtf
    [2010/08/05 07:36:11 | 000,000,958 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\hypotension.rtf
    [2010/07/29 15:01:07 | 000,000,307 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\jeffersonQuote.rtf
    [2010/07/13 15:24:14 | 000,010,733 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\stone symbology.rtf
    [2010/07/13 15:23:00 | 000,018,713 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\colorSymbology.rtf
    [2010/07/13 15:18:46 | 000,023,054 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\IncaSymbols.rtf
    [2010/07/13 15:09:42 | 000,034,237 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\animalTotems.rtf
    [2010/07/12 06:41:49 | 000,037,932 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\symbols&totems.rtf
    [2010/07/09 09:47:08 | 000,277,041 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Carolyn364.pdf
    [2010/07/04 14:50:18 | 000,276,687 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\zales_ringsizer.pdf
    [2010/07/03 11:13:30 | 000,034,825 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\susans photo_n.jpg
    [2010/06/28 12:42:43 | 000,017,591 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\rings.jpeg
    [2010/06/23 12:26:42 | 000,002,356 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\jaxson quite.rtf
    [2010/06/21 22:55:58 | 000,058,115 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Tibetan Dzi Bead.rtf
    [2010/06/21 07:04:30 | 000,105,804 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Dzi Bead Meanings.rtf
    [2010/06/19 07:45:42 | 000,054,717 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\chs 1.jpg
    [2010/06/17 15:17:02 | 000,002,604 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\dharma..rtf
    [2010/06/17 00:19:23 | 000,003,234 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\georgie4.jpg
    [2010/06/17 00:02:09 | 000,069,894 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\wow3.jpg
    [2010/06/16 23:26:33 | 000,069,894 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\wow.jpg
    [2010/06/16 23:09:40 | 000,103,136 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\the-gray-parrot-84.jpg
    [2010/06/16 22:44:50 | 000,120,847 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\georgie2.jpg
    [2010/06/05 10:46:23 | 000,006,493 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Georoutine.rtf
     
  10. systemmistress

    systemmistress TS Rookie Topic Starter Posts: 75

    Part 6 OTL Log

    ========== Files Created - No Company Name ==========

    [2010/08/29 22:23:15 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2010/08/29 22:23:15 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2010/08/29 22:23:15 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2010/08/29 22:23:15 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2010/08/29 22:23:15 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2010/08/29 22:04:00 | 003,829,857 | R--- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\ComboFix.exe
    [2010/08/27 21:38:54 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\dds.scr
    [2010/08/27 15:14:00 | 000,000,704 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/08/27 06:41:47 | 000,001,006 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2204943530-153763967-1977393198-1009UA.job
    [2010/08/27 06:41:45 | 000,000,954 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2204943530-153763967-1977393198-1009Core.job
    [2010/08/26 22:52:16 | 000,001,628 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2010/08/26 22:52:16 | 000,001,610 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
    [2010/08/26 09:09:46 | 000,000,811 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Shortcut to DropMyRights.exe.lnk
    [2010/08/26 08:17:01 | 017,868,108 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Firefox 3.6.8 (en-US) - 2010-08-26.pcv
    [2010/08/26 08:15:27 | 016,461,798 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Thunderbird 2.0.0.24 (en-US) - 2010-08-26.pcv
    [2010/08/25 16:11:52 | 000,000,937 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Revo Uninstaller.lnk
    [2010/08/24 22:00:05 | 000,002,624 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\leukemia.rtf
    [2010/08/22 13:08:59 | 000,001,520 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Recuva.lnk
    [2010/08/21 12:10:31 | 000,000,646 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Shortcut to ntbackup.exe.lnk
    [2010/08/21 06:02:17 | 2740,777,984 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Backup8-20.bkf
    [2010/08/20 14:16:02 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\housecall.guid.cache
    [2010/08/16 00:35:07 | 000,000,759 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Shortcut to sar_15_sfx.exe.lnk
    [2010/08/15 23:43:09 | 000,002,626 | ---- | C] () -- C:\WINDOWS\System32\config.bak
    [2010/08/15 23:43:09 | 000,002,577 | ---- | C] () -- C:\WINDOWS\config.nt
    [2010/08/15 23:43:09 | 000,001,688 | ---- | C] () -- C:\WINDOWS\autoexec.nt
    [2010/08/15 23:43:09 | 000,001,688 | ---- | C] () -- C:\WINDOWS\System32\autoexec.bak
    [2010/08/15 22:17:02 | 000,000,662 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Speccy.lnk
    [2010/08/14 17:01:03 | 000,000,647 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\SRWare Iron.lnk
    [2010/08/14 17:01:02 | 000,000,669 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SRWare Iron.lnk
    [2010/08/11 21:59:46 | 000,002,568 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\victorFrankl.abw
    [2010/08/10 15:11:32 | 000,000,905 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Shortcut to filavut.exe.lnk
    [2010/08/10 03:20:49 | 000,000,627 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Disk Space Fan.lnk
    [2010/08/08 21:49:45 | 000,040,989 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\cancer cure-budwig.rtf
    [2010/08/07 20:36:48 | 000,006,026 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Statins Damage.rtf
    [2010/08/07 18:10:22 | 000,030,753 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\glass housecholesterolMeds.rtf
    [2010/08/07 17:54:05 | 000,017,606 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\lowerCholesterol.rtf
    [2010/08/07 17:52:04 | 000,008,942 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\RainbowBridge.rtf
    [2010/08/07 17:09:05 | 000,024,395 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\adr fatiguet.rtf
    [2010/08/07 17:02:05 | 000,023,880 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\ADRENAL FATIGUE.rtf
    [2010/08/07 16:59:08 | 000,023,865 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\.gsf-save-PI5YGV
    [2010/08/07 15:03:04 | 000,030,512 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\pravastatin.abw
    [2010/08/07 13:29:28 | 000,022,864 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\pravastatin.rtf
    [2010/08/05 07:36:11 | 000,000,958 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\hypotension.rtf
    [2010/07/29 15:01:06 | 000,000,307 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\jeffersonQuote.rtf
    [2010/07/13 15:24:14 | 000,010,733 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\stone symbology.rtf
    [2010/07/13 15:23:00 | 000,018,713 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\colorSymbology.rtf
    [2010/07/13 15:18:46 | 000,023,054 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\IncaSymbols.rtf
    [2010/07/13 15:09:41 | 000,034,237 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\animalTotems.rtf
    [2010/07/12 06:41:49 | 000,037,932 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\symbols&totems.rtf
    [2010/07/09 09:47:08 | 000,277,041 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Carolyn364.pdf
    [2010/07/04 14:50:18 | 000,276,687 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\zales_ringsizer.pdf
    [2010/07/03 11:13:24 | 000,034,825 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\susans photo_n.jpg
    [2010/06/28 17:45:34 | 000,243,840 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    [2010/06/28 12:42:32 | 000,017,591 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\rings.jpeg
    [2010/06/23 12:26:41 | 000,002,356 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\jaxson quite.rtf
    [2010/06/21 22:55:56 | 000,058,115 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Tibetan Dzi Bead.rtf
    [2010/06/21 07:04:30 | 000,105,804 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Dzi Bead Meanings.rtf
    [2010/06/20 15:24:09 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\PDF-Viewer.lnk
    [2010/06/19 07:45:37 | 000,054,717 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\chs 1.jpg
    [2010/06/17 15:17:02 | 000,002,604 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\dharma..rtf
    [2010/06/17 00:19:18 | 000,003,234 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\georgie4.jpg
    [2010/06/17 00:02:08 | 000,069,894 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\wow3.jpg
    [2010/06/16 23:26:32 | 000,069,894 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\wow.jpg
    [2010/06/16 23:09:39 | 000,103,136 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\the-gray-parrot-84.jpg
    [2010/06/16 22:44:47 | 000,120,847 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\georgie2.jpg
    [2010/06/05 10:46:23 | 000,006,493 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Georoutine.rtf
    [2009/04/30 05:56:12 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009/04/12 21:37:27 | 000,372,736 | ---- | C] () -- C:\WINDOWS\System32\hpzidi01.dll
    [2009/04/12 21:37:26 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
    [2009/04/06 03:18:46 | 000,084,480 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
    [2009/04/05 20:37:12 | 000,000,395 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\settings.ini
    [2009/03/30 07:16:40 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\fusioncache.dat
    [2009/01/05 15:44:10 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
    [2008/12/07 14:08:06 | 000,795,648 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
    [2008/12/07 14:08:04 | 000,130,048 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
    [2008/09/12 16:21:02 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
    [2007/09/04 12:56:10 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
    [2007/02/28 15:02:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
    [2007/02/05 21:05:26 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
    [2005/05/10 21:29:00 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2005/05/10 21:06:59 | 000,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
    [2005/05/10 21:01:53 | 000,012,993 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
    [2005/05/10 21:01:48 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
    [2005/05/10 20:59:47 | 000,000,031 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
    [2005/05/10 20:58:39 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2005/05/10 20:48:04 | 000,000,151 | ---- | C] () -- C:\WINDOWS\WININIT.INI
    [2005/05/10 20:46:40 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
    [2005/05/10 20:42:24 | 000,002,248 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
    [2005/05/10 20:41:21 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
    [2005/05/10 20:38:35 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
    [2005/05/10 20:38:35 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
    [2005/05/10 20:38:35 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
    [2005/05/10 20:38:34 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
    [2005/05/10 20:38:34 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
    [2005/05/10 20:38:34 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
    [2005/05/10 20:38:33 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
    [2005/05/10 20:25:05 | 000,000,045 | ---- | C] () -- C:\WINDOWS\orun32.ini
    [2005/05/10 20:22:16 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
    [2005/05/10 20:22:16 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
    [2005/05/10 20:21:57 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
    [2004/06/15 17:38:00 | 000,000,592 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
     
  11. systemmistress

    systemmistress TS Rookie Topic Starter Posts: 75

    Part 7 OTL Log

    ========== LOP Check ==========

    [2010/01/13 13:36:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AGI
    [2010/06/20 15:27:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tracker Software
    [2010/08/26 17:22:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VistaCodecs
    [2010/08/10 03:48:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\DiskSpaceFan
    [2010/01/28 05:47:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\enchant
    [2009/07/15 08:55:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Netscape
    [2010/08/26 17:40:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\PeoplePal
    [2010/08/30 21:46:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\StumbleUpon
    [2009/04/07 10:47:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Thunderbird
    [2010/08/16 13:37:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\VSRevoGroup
    [2009/03/30 19:25:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\WinBatch
    [2010/01/28 14:14:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Zoominto

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Compaq_Owner\Desktop\dds.scr:SummaryInformation
    < End of report >
     
     
  12. Broni

    Broni Malware Annihilator Posts: 47,704   +268

    You're good to go to install Avira.
    Let me know, how it goes.
     
  13. systemmistress

    systemmistress TS Rookie Topic Starter Posts: 75

    {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
    Status: Damaged
    Date 12/6/2005
    Last Access 9/1/2010
    Size: None

    Properties:
    ActiveXControl
    Code Base: http://plarform...blah,blah

    This is in:

    C:\Windows\DownloadedProgramFiles

    No Avast! anywhere...thank you
     
  14. systemmistress

    systemmistress TS Rookie Topic Starter Posts: 75

    Avira scan log

    1st scan by Avira-have to change the settings now.

    It installed perfectly, no delays, interruptions, hangs at all. Last time was brutal. This time fine.
    Should I set it on the highest protection?
    I had to change my firewall to 'medium' - on Highest it was driving me nuts with the pop-ups. That is nice when you want to see what is going on tho.


    Avira AntiVir Premium
    Report file date: Wednesday, September 01, 2010 08:36

    Scanning for 2770474 virus strains and unwanted programs.

    The program is running as an unrestricted full version.
    Online services are available:

    Licensee : Sandra E Gresham
    Serial number : 2206043170-PEPWE-0001
    Platform : Windows XP
    Windows version : (Service Pack 3) [5.1.2600]
    Boot mode : Normally booted
    Username : Compaq_Owner
    Computer name : YOUR-D0F670B45A

    Version information:
    BUILD.DAT : 10.0.0.603 36207 Bytes 4/19/2010 15:03:00
    AVSCAN.EXE : 10.0.3.0 433832 Bytes 9/1/2010 12:26:28
    AVSCAN.DLL : 10.0.3.0 46440 Bytes 9/1/2010 12:26:27
    LUKE.DLL : 10.0.2.3 104296 Bytes 9/1/2010 12:27:40
    LUKERES.DLL : 10.0.0.1 12648 Bytes 9/1/2010 12:27:41
    VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 12:22:51
    VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 12:23:03
    VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 12:23:26
    VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 12:23:33
    VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 12:23:46
    VBASE005.VDF : 7.10.6.82 2494464 Bytes 4/15/2010 12:24:06
    VBASE006.VDF : 7.10.7.218 2294784 Bytes 6/2/2010 12:24:24
    VBASE007.VDF : 7.10.9.165 4840960 Bytes 7/23/2010 12:25:00
    VBASE008.VDF : 7.10.9.166 2048 Bytes 7/23/2010 12:25:00
    VBASE009.VDF : 7.10.9.167 2048 Bytes 7/23/2010 12:25:01
    VBASE010.VDF : 7.10.9.168 2048 Bytes 7/23/2010 12:25:01
    VBASE011.VDF : 7.10.9.169 2048 Bytes 7/23/2010 12:25:01
    VBASE012.VDF : 7.10.9.170 2048 Bytes 7/23/2010 12:25:01
    VBASE013.VDF : 7.10.9.198 157696 Bytes 7/26/2010 12:25:02
    VBASE014.VDF : 7.10.9.255 997888 Bytes 7/29/2010 12:25:11
    VBASE015.VDF : 7.10.10.28 139264 Bytes 8/2/2010 12:25:12
    VBASE016.VDF : 7.10.10.52 127488 Bytes 8/3/2010 12:25:15
    VBASE017.VDF : 7.10.10.84 137728 Bytes 8/6/2010 12:25:16
    VBASE018.VDF : 7.10.10.107 176640 Bytes 8/9/2010 12:25:18
    VBASE019.VDF : 7.10.10.130 132608 Bytes 8/10/2010 12:25:19
    VBASE020.VDF : 7.10.10.158 131072 Bytes 8/12/2010 12:25:20
    VBASE021.VDF : 7.10.10.190 136704 Bytes 8/16/2010 12:25:22
    VBASE022.VDF : 7.10.10.217 118272 Bytes 8/19/2010 12:25:23
    VBASE023.VDF : 7.10.10.246 130048 Bytes 8/23/2010 12:25:24
    VBASE024.VDF : 7.10.11.11 144896 Bytes 8/25/2010 12:25:25
    VBASE025.VDF : 7.10.11.33 135168 Bytes 8/27/2010 12:25:26
    VBASE026.VDF : 7.10.11.52 148992 Bytes 8/31/2010 12:25:28
    VBASE027.VDF : 7.10.11.53 2048 Bytes 8/31/2010 12:25:28
    VBASE028.VDF : 7.10.11.54 2048 Bytes 8/31/2010 12:25:28
    VBASE029.VDF : 7.10.11.55 2048 Bytes 8/31/2010 12:25:28
    VBASE030.VDF : 7.10.11.56 2048 Bytes 8/31/2010 12:25:28
    VBASE031.VDF : 7.10.11.66 75264 Bytes 9/1/2010 12:25:29
    Engineversion : 8.2.4.46
    AEVDF.DLL : 8.1.2.1 106868 Bytes 9/1/2010 12:25:59
    AESCRIPT.DLL : 8.1.3.44 1364346 Bytes 9/1/2010 12:25:59
    AESCN.DLL : 8.1.6.1 127347 Bytes 9/1/2010 12:25:54
    AESBX.DLL : 8.1.3.1 254324 Bytes 9/1/2010 12:26:00
    AERDL.DLL : 8.1.8.2 614772 Bytes 9/1/2010 12:25:53
    AEPACK.DLL : 8.2.3.5 471412 Bytes 9/1/2010 12:25:51
    AEOFFICE.DLL : 8.1.1.8 201081 Bytes 9/1/2010 12:25:49
    AEHEUR.DLL : 8.1.2.19 2867574 Bytes 9/1/2010 12:25:48
    AEHELP.DLL : 8.1.13.3 242038 Bytes 9/1/2010 12:25:39
    AEGEN.DLL : 8.1.3.20 397684 Bytes 9/1/2010 12:25:38
    AEEMU.DLL : 8.1.2.0 393588 Bytes 9/1/2010 12:25:36
    AECORE.DLL : 8.1.16.2 192887 Bytes 9/1/2010 12:25:35
    AEBB.DLL : 8.1.1.0 53618 Bytes 9/1/2010 12:25:32
    AVWINLL.DLL : 10.0.0.0 19304 Bytes 9/1/2010 12:19:53
    AVPREF.DLL : 10.0.0.0 44904 Bytes 9/1/2010 12:26:26
    AVREP.DLL : 10.0.0.8 62209 Bytes 9/1/2010 12:28:53
    AVREG.DLL : 10.0.3.0 53096 Bytes 9/1/2010 12:28:53
    AVSCPLR.DLL : 10.0.3.0 83816 Bytes 9/1/2010 12:28:54
    AVARKT.DLL : 10.0.0.14 227176 Bytes 9/1/2010 12:26:05
    AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 9/1/2010 12:26:12
    SQLITE3.DLL : 3.6.19.0 355688 Bytes 9/1/2010 12:27:56
    AVSMTP.DLL : 10.0.0.17 63848 Bytes 9/1/2010 12:26:33
    NETNT.DLL : 10.0.0.0 11624 Bytes 9/1/2010 12:27:42
    RCIMAGE.DLL : 10.0.0.32 2631528 Bytes 9/1/2010 12:20:02
    RCTEXT.DLL : 10.0.53.0 97128 Bytes 9/1/2010 12:20:03

    Configuration settings for the scan:
    Jobname.............................: Short system scan after installation
    Configuration file..................: c:\program files\avira\antivir desktop\setupprf.dat
    Logging.............................: low
    Primary action......................: interactive
    Secondary action....................: ignore
    Scan master boot sector.............: on
    Scan boot sector....................: on
    Process scan........................: on
    Scan registry.......................: on
    Search for rootkits.................: off
    Integrity checking of system files..: off
    Scan all files......................: Intelligent file selection
    Scan archives.......................: on
    Recursion depth.....................: 20
    Smart extensions....................: on
    Macro heuristic.....................: on
    File heuristic......................: medium

    Start of the scan: Wednesday, September 01, 2010 08:36

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'avconfig.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'avmailc.exe' - '1' Module(s) have been scanned
    Scan process 'AVWEBGRD.EXE' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'avshadow.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'setup.exe' - '1' Module(s) have been scanned
    Scan process 'presetup.exe' - '1' Module(s) have been scanned
    Scan process 'avwebloader.exe' - '1' Module(s) have been scanned
    Scan process 'avira_antivir_premium(2).exe' - '1' Module(s) have been scanned
    Scan process 'firefox.exe' - '1' Module(s) have been scanned
    Scan process 'issch.exe' - '1' Module(s) have been scanned
    Scan process 'hpsysdrv.exe' - '1' Module(s) have been scanned
    Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
    Scan process 'PPShared.exe' - '1' Module(s) have been scanned
    Scan process 'Bartshel.exe' - '1' Module(s) have been scanned
    Scan process 'xfilter.exe' - '1' Module(s) have been scanned
    Scan process 'jusched.exe' - '1' Module(s) have been scanned
    Scan process 'RTHDCPL.EXE' - '1' Module(s) have been scanned
    Scan process 'alg.exe' - '1' Module(s) have been scanned
    Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
    Scan process 'MDM.EXE' - '1' Module(s) have been scanned
    Scan process 'jqs.exe' - '1' Module(s) have been scanned
    Scan process 'PresentationFontCache.exe' - '1' Module(s) have been scanned
    Scan process 'aspnet_state.exe' - '1' Module(s) have been scanned
    Scan process 'agrsmsvc.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned

    Starting master boot sector scan:
    Master boot sector HD0
    [INFO] No virus was found!
    Master boot sector HD1
    [INFO] No virus was found!
    Master boot sector HD2
    [INFO] No virus was found!
    Master boot sector HD3
    [INFO] No virus was found!
    Master boot sector HD4
    [INFO] No virus was found!

    Start scanning boot sectors:

    Starting to scan executable files (registry).
    The registry was scanned ( '417' files ).



    End of the scan: Wednesday, September 01, 2010 08:37
    Used time: 00:43 Minute(s)

    The scan has been done completely.

    0 Scanned directories
    480 Files were scanned
    0 Viruses and/or unwanted programs were found
    0 Files were classified as suspicious
    0 files were deleted
    0 Viruses and unwanted programs were repaired
    0 Files were moved to quarantine
    0 Files were renamed
    0 Files cannot be scanned
    480 Files not concerned
    1 Archives were scanned
    0 Warnings
    0 Notes
     
  15. systemmistress

    systemmistress TS Rookie Topic Starter Posts: 75

    Broni,
    I ran a complete scan w/reports, of both drives.

    Avira found 8 warnings, 1 vir detection, & 1 hidden object, and wants to move some files to Quarantine for deletion.

    Warnings:
    [WARNING] Unknown parameter!
    [WARNING] System error [0]: The operation completed successfully.
    [WARNING] Unknown parameter!
    C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\parent.lock
    [WARNING] The file could not be opened!
    C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\CardSpace\CardSpaceSP2.db
    [WARNING] The file could not be opened!
    C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\CardSpace\CardSpaceSP2.db.shadow
    [WARNING] The file could not be opened!
    C:\WINDOWS\system32\CatRoot2\edb.log
    [WARNING] The file could not be opened!
    C:\WINDOWS\system32\CatRoot2\tmp.edb
    [WARNING] The file could not be opened!
    C:\WINDOWS\Temp\Perflib_Perfdata_778.dat
    [WARNING] The file could not be opened!

    Detections:

    system Vol Info - restore - TR Trash Gen

    system Vol Info - restore RKIT

    system Vol Info -restore - TR Trash Gen

    C:\Qoobox\Quarantine\C:|WINDOWS\System32\Drivers RKIT

    " " " " " " TR Trash Gen

    " " " RKIT

    " TR Trash Gen

    Are these not already quarantined?

    Do I do anything with Avira?

    Please advise.

    Thank you,
    S
     
  16. Broni

    Broni Malware Annihilator Posts: 47,704   +268

    Good news :)

    No.
    "Medium" is perfectly fine.

    Yes. We'll empty everything in our last step.

    Last scans.....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Go to Kaspersky website and perform an online antivirus scan.

    • Disable your active antivirus program.
    • Read through the requirements and privacy statement and click on Accept button.
    • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
    • When the downloads have finished, click on Settings.
    • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      • Spyware, Adware, Dialers, and other potentially dangerous programs
      • Archives
      • Mail databases
    • Click on My Computer under Scan.
    • Once the scan is complete, it will display the results. Click on View Scan Report.
    • You will see a list of infected items there. Click on Save Report As....
    • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.
     
  17. systemmistress

    systemmistress TS Rookie Topic Starter Posts: 75

    Security Check Log

    Results of screen317's Security Check version 0.99.5
    Windows XP Service Pack 3
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Disabled!
    Avira AntiVir Premium
    Filseclab Personal Firewall
    Avira successfully updated!
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    CCleaner
    Java(TM) 6 Update 21
    Adobe Flash Player 10.1.82.76
    Mozilla Firefox (3.5.11) Firefox Out of Date!
    Mozilla Thunderbird (2.0.0) Thunderbird Out of Date!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Avira Antivir avgnt.exe
    Avira Antivir avguard.exe
    ````````````````````````````````
    DNS Vulnerability Check:

    GREAT! (Not vulnerable to DNS cache poisoning)

    ``````````End of Log````````````
     
  18. Broni

    Broni Malware Annihilator Posts: 47,704   +268

    Firefox and Thunderbird need to be updated :)
     
  19. systemmistress

    systemmistress TS Rookie Topic Starter Posts: 75

    Firefox 3.5.11 is intentionally out of date due to "Plug-in-doc container" problem.
    Maybe problem was malware-related..will try newest ver later.
    s
     
  20. Broni

    Broni Malware Annihilator Posts: 47,704   +268

  21. systemmistress

    systemmistress TS Rookie Topic Starter Posts: 75

    Kapersky came up clean, but took notice of Avira [installed but not running] and would not scan for viruses.

    I had to disable my firewall, or it kept pausing the download...I had to start over 4 times until I got it right.
     
  22. Broni

    Broni Malware Annihilator Posts: 47,704   +268

    I'm not familiar with Filseclab Personal Firewall, so I can't help you here.
    It may be some setting, or some conflict between it and Avira.
    If you won't find correct setting, you may want to uninstall it and turn Windows firewall on.

    In any case.....


    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point.

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. Run defrag at your convenience.

    11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    12. Please, let me know, how is your computer doing.
     
  23. systemmistress

    systemmistress TS Rookie Topic Starter Posts: 75

    All processes killed
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Compaq_Owner
    ->Temp folder emptied: 108782120 bytes
    ->Temporary Internet Files folder emptied: 2847121 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 456 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 66016 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 306912 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 107.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Compaq_Owner
    ->Flash cache emptied: 0 bytes

    User: Default User

    User: LocalService

    User: NetworkService

    Total Flash Files Cleaned = 0.00 mb

    Restore points cleared and new OTL Restore Point set!

    OTL by OldTimer - Version 3.2.11.0 log created on 09012010_232317

    Files\Folders moved on Reboot...
    File\Folder C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\~DF9B45.tmp not found!
    File\Folder C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\~DF9B5F.tmp not found!
    File\Folder C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\~DF9C60.tmp not found!
    File\Folder C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\~DF9C9E.tmp not found!
    File\Folder C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\~DF9DCD.tmp not found!
    File\Folder C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\~DF9DF0.tmp not found!
    File\Folder C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\Z4HL7G0S\sh21[1].html not found!
    File\Folder C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\Z4HL7G0S\topic152475-5[1].html not found!
    File\Folder C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\H5PAZTZS\ads[1].htm not found!
    File\Folder C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\H5PAZTZS\ads[2].htm not found!
    File\Folder C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\146ZX1EY\ads[1].htm not found!

    Registry entries deleted on Reboot...
     
  24. systemmistress

    systemmistress TS Rookie Topic Starter Posts: 75

    B roni,

    I deleted some log files and those tools that were left, and found a "Backup Folder" on my Desktop.

    They must be the ones that are prompted for when using CCleaner - Regisrty I assusume.

    Do I delete these as well and start over?

    Also I better make a new restore pont now

    I will change all passwords tonight.

    WOT - I just read somewhere that Web of Trust is no longer being updated. Is this true?

    I am indebted to you for this..I was about to throw this machine out the window!

    I get paid on Friday, and will gladly make a donation. It hardly covers what you did for me.

    I will keep in touch about how my DOF is doing.

    Many thanx again for all you did for me. I appreciate this greatly.
    Sandra
     
  25. Broni

    Broni Malware Annihilator Posts: 47,704   +268

    You're very welcome :)
    I'm glad to see you happy :)

    Can you post a name of one of the files?

    I don't know anything about it.

    Good luck :)
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.