Solved Results of testing: locked self-protect mode of Avast Antivirus Pro

Status
Not open for further replies.
OTL Extras logfile created on: 8/30/2010 10:43:57 AM - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\Compaq_Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

446.00 Mb Total Physical Memory | 225.00 Mb Available Physical Memory | 50.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): C:\pagefile.sys 1344 1800 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 178.99 Gb Total Space | 163.20 Gb Free Space | 91.18% Space Free | Partition Type: NTFS
Drive D: | 7.29 Gb Total Space | 0.34 Gb Free Space | 4.73% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-D0F670B45A
Current User Name: Compaq_Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- %1
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DoNotAllowExceptions" = 0
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\AV-CLS\WGET.EXE" = C:\AV-CLS\WGET.EXE:*:Enabled:WGET.EXE -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{1341D838-719C-4A05-B50F-49420CA1B4BB}" = HP Boot Optimizer
"{15C0AF59-4877-49B6-B8C6-A61CE54515F5}" = cp_OnlineProjectsConfig
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update
"{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 21
"{26B878A8-5704-3B64-BDBC-4F0EACA38121}" = Google Talk Plugin
"{2F58D60D-2BFD-4467-9B4D-64E7355C329D}" = Sonic_PrimoSDK
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}" = SkinsHP1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{352F5013-07DC-446D-8DB6-38F339086C60}" = LightScribe 1.4.84.1
"{36D620AD-EEBA-4973-BA86-0C9AE6396620}" = OptionalContentQFolder
"{3819891A-030B-4a4e-98ED-B28A649E48AB}" = HP Deskjet 3900 series
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{41E776A5-9B12-416D-9A12-B4F7B044EBED}" = CP_Package_Basic1
"{42F6BED9-41DD-40F1-85A8-8E0350493626}" = HPDeskjet3900Series
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 2.1
"{48A4D5B9-0439-4731-9C2C-292AB9CDC54A}" = Filseclab Personal Firewall
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E475FD4-4513-4B1D-8DDA-43912B068C99}" = HTML Slideshow Powertoy for Windows XP
"{51515654-2EDB-4DF9-B120-90DEFE039BD5}" = ZoomInto 13.1.1
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}" = RandMap
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{7523F68F-3DA4-452A-A17F-4AF55A8A25BB}" = ChristmasTheme
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"{82081779-4175-4666-A457-AB711CD37EF0}" = cp_LightScribeConfig
"{829DAAD6-BB11-4BB7-921B-07FFB703F944}" = CP_Package_Variety3
"{82E55892-6FFD-403F-AA97-D726846768AA}" = CP_AtenaShokunin1Config
"{8A534F71-3202-4464-A422-B767295E67B9}" = CP_Package_Variety2
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{8D273DE5-ABFA-4BD0-A9D7-EE9C971438C4}_is1" = PDF-Viewer
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90840409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Excel Viewer 2003
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{93E5A317-24EC-4744-812C-16FECFE86E6A}" = CP_Package_Variety1
"{95120000-003F-0409-0000-0000000FF1CE}" = Microsoft Office Excel Viewer
"{95140000-00AF-0409-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F6208C3-8DED-4D72-812A-BA5B50EAF00A}" = San Fermín
"{A29800BA-0BF1-4E63-9F31-DF05A87F4104}" = InstantShareDevices
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}" = cp_PosterPrintConfig
"{B6286A44-7505-471A-A72B-04EC2DB2F442}" = CueTour
"{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}" = CP_Panorama1Config
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1C6767D-B395-43CB-BF99-051B58B86DA6}" = PhotoGallery
"{C3FAA091-B278-44A7-BF48-190811C5F9F7}" = cp_UpdateProjectsConfig
"{C59CF2CE-B302-4833-AA35-E0E07D8EBC52}_is1" = SRWare Iron 5.0.381
"{C9E4932C-8417-4E4C-A0E3-EE534810AB4D}" = ClearType Tuning Control Panel Applet
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Professional
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1E44702-21F5-4918-B8A3-6D126D5BD33C}" = Windows Messenger 5.1
"{D7DBA21A-CDE5-42EC-BB1C-AE4B3E616B9A}_is1" = HP Support Overview
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{E5B72007-07C9-4E67-B29E-696073F45704}" = DropMyRights
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}" = CP_CalendarTemplates1
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 4.65
"AbiWord2" = AbiWord 2.8.1
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"Disk Space Fan_is1" = Disk Space Fan 2.2.7.821
"HeyDoc!™" = HeyDoc!™ 1.7.1
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"ISPSimpleSwitch" = PeoplePC Simple Switch
"Kukuxumusu ANTfermin Screensaver" = Kukuxumusu ANTfermin Screensaver
"Kukuxumusu Kosmos Screensaver" = Kukuxumusu Kosmos Screensaver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MozBackup" = MozBackup 1.4.10
"Mozilla Firefox (3.5.11)" = Mozilla Firefox (3.5.11)
"Mozilla Thunderbird (2.0.0.24)" = Mozilla Thunderbird (2.0.0.24)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"PC-Doctor 5 for Windows" = PC-Doctor 5 for Windows
"PeoplePC Online" = PeoplePC Online
"Python 2.2.3" = Python 2.2.3
"pywin32-py2.2" = Python 2.2 pywin32 extensions (build 203)
"Q828026" = Windows Media Player Hotfix [See Q828026 for more information]
"QuicktimeAlt_is1" = QuickTime Alternative 2.9.0
"RealAlt_is1" = Real Alternative 1.9.0 Lite
"Recuva" = Recuva
"Revo Uninstaller" = Revo Uninstaller 1.89
"Secunia PSI" = Secunia PSI
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.0
"Speccy" = Speccy
"StumbleUponIEToolbar" = StumbleUpon IE Toolbar
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"ZPaint 1.4" = ZPaint 1.4

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/29/2010 1:15:51 PM | Computer Name = YOUR-D0F670B45A | Source = Google Update | ID = 20
Description =

Error - 8/29/2010 1:46:14 PM | Computer Name = YOUR-D0F670B45A | Source = Google Update | ID = 20
Description =

Error - 8/29/2010 2:46:18 PM | Computer Name = YOUR-D0F670B45A | Source = Google Update | ID = 20
Description =

Error - 8/29/2010 3:46:17 PM | Computer Name = YOUR-D0F670B45A | Source = Google Update | ID = 20
Description =

Error - 8/29/2010 4:46:15 PM | Computer Name = YOUR-D0F670B45A | Source = Google Update | ID = 20
Description =

Error - 8/29/2010 5:46:17 PM | Computer Name = YOUR-D0F670B45A | Source = Google Update | ID = 20
Description =

Error - 8/29/2010 6:46:18 PM | Computer Name = YOUR-D0F670B45A | Source = Google Update | ID = 20
Description =

Error - 8/29/2010 7:46:14 PM | Computer Name = YOUR-D0F670B45A | Source = Google Update | ID = 20
Description =

Error - 8/29/2010 8:46:16 PM | Computer Name = YOUR-D0F670B45A | Source = Google Update | ID = 20
Description =

Error - 8/29/2010 9:46:14 PM | Computer Name = YOUR-D0F670B45A | Source = Google Update | ID = 20
Description =

[ System Events ]
Error - 8/28/2010 12:14:26 AM | Computer Name = YOUR-D0F670B45A | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
ftsata2

Error - 8/28/2010 10:24:45 PM | Computer Name = YOUR-D0F670B45A | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the avast! Antivirus service
to connect.

Error - 8/28/2010 10:24:45 PM | Computer Name = YOUR-D0F670B45A | Source = Service Control Manager | ID = 7000
Description = The avast! Antivirus service failed to start due to the following
error: %%1053

Error - 8/28/2010 10:24:45 PM | Computer Name = YOUR-D0F670B45A | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
ftsata2

Error - 8/28/2010 11:12:42 PM | Computer Name = YOUR-D0F670B45A | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
period.

Error - 8/29/2010 1:02:33 PM | Computer Name = YOUR-D0F670B45A | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the avast! Antivirus service
to connect.

Error - 8/29/2010 1:02:33 PM | Computer Name = YOUR-D0F670B45A | Source = Service Control Manager | ID = 7000
Description = The avast! Antivirus service failed to start due to the following
error: %%1053

Error - 8/29/2010 9:40:28 PM | Computer Name = YOUR-D0F670B45A | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the avast! Antivirus service
to connect.

Error - 8/29/2010 9:40:28 PM | Computer Name = YOUR-D0F670B45A | Source = Service Control Manager | ID = 7000
Description = The avast! Antivirus service failed to start due to the following
error: %%1053

Error - 8/29/2010 9:40:28 PM | Computer Name = YOUR-D0F670B45A | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
ftsata2


< End of report >
 
part 1 OTL.txt

OTL logfile created on: 8/30/2010 10:43:57 AM - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\Compaq_Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

446.00 Mb Total Physical Memory | 225.00 Mb Available Physical Memory | 50.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): C:\pagefile.sys 1344 1800 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 178.99 Gb Total Space | 163.20 Gb Free Space | 91.18% Space Free | Partition Type: NTFS
Drive D: | 7.29 Gb Total Space | 0.34 Gb Free Space | 4.73% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-D0F670B45A
Current User Name: Compaq_Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/08/30 10:33:53 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe
PRC - [2009/04/06 00:28:13 | 000,176,472 | ---- | M] (PeoplePC) -- C:\Program Files\PeoplePC\ISP7000\Browser\BartShel.exe
PRC - [2009/03/27 22:10:56 | 000,014,336 | ---- | M] (LSI Corporation) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/25 16:36:44 | 000,086,360 | ---- | M] (PeoplePC) -- C:\Program Files\PeoplePC\ISP7000\Browser\PPShared.exe
PRC - [2006/12/23 15:29:08 | 000,901,120 | ---- | M] (Filseclab) -- C:\Program Files\Filseclab\xfilter\xfilter.exe
PRC - [2004/07/28 02:50:18 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe


========== Modules (SafeList) ==========

MOD - [2010/08/30 10:33:53 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2009/11/24 19:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/03/27 22:10:56 | 000,014,336 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2009/03/23 23:43:32 | 000,120,168 | ---- | M] (stumbleupon.com) [On_Demand | Stopped] -- C:\Program Files\StumbleUpon\StumbleUponUpdateService.exe -- (StumbleUponUpdateService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Internet Explorer\SABProcEnum.sys -- (SABProcEnum)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\14F.tmp -- (MEMSWEEP2)
DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\DRIVERS\ftsata2.sys -- (ftsata2)
DRV - [2010/08/05 16:59:47 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/23 05:35:22 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/02/23 05:35:22 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/01/19 07:43:12 | 000,100,304 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/01/19 07:42:40 | 000,028,240 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/11/24 19:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009/11/24 19:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009/09/15 06:55:30 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2009/09/15 06:55:19 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/08/13 15:07:12 | 001,163,328 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/06/17 08:20:34 | 000,012,648 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2009/02/11 12:40:40 | 005,028,352 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2006/12/23 14:01:06 | 000,126,224 | ---- | M] (Filseclab Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\xpacket.sys -- (XPacket)
DRV - [2006/05/09 15:50:00 | 003,535,680 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2006/03/03 17:31:04 | 000,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/03/03 17:31:02 | 000,034,176 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005/06/17 09:33:40 | 000,872,064 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2005/03/09 17:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/08/03 17:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.peoplepc.com/websearch
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local
 
part 2 OTL.txt

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Scroogle.com"
FF - prefs.js..browser.search.openintab: true
FF - prefs.js..browser.search.selectedEngine: "Scroogle SSL"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {152455DE-7B40-4bcf-B5B4-C68A1BE85A91}:2.6
FF - prefs.js..extensions.enabledItems: anticontainer@downthemall.net:0.7.3
FF - prefs.js..extensions.enabledItems: gmailthis@lazyrussian.com:2.2.8
FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe41}:1.0.9
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:3.3.20
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20091209.4
FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2c}:0.6.4
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.1
FF - prefs.js..extensions.enabledItems: {4aebcd37-f454-4928-9233-174a026ed367}:2.0
FF - prefs.js..extensions.enabledItems: {3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d}:0.8.19
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.63
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..keyword.URL: "http://search.imgag.com/?c=GNAMO38011&sbs=&sc=0&f=web&vernum=1.0&uid=&did={3472e18a-c2a3-495e-837a-4b2b787596fd}&appid=agtb&q="

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/27 12:23:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/26 22:52:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/03/18 12:30:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010/08/17 03:08:33 | 000,000,000 | ---D | M]
 
part 3 OTL.txt

[2009/03/30 09:27:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Extensions
[2010/08/27 12:25:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions
[2010/02/17 15:29:10 | 000,000,000 | ---D | M] (Toolbar Buttons) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\{03B08592-E5B4-45ff-A0BE-C1D975458688}
[2010/07/27 08:18:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2010/08/19 18:08:07 | 000,000,000 | ---D | M] (Flagfox) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2010/02/17 16:51:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe41}
[2010/04/27 12:23:50 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/02/17 17:59:16 | 000,000,000 | ---D | M] (Organize Status Bar) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2c}
[2010/02/17 20:35:53 | 000,000,000 | ---D | M] (PDF Download) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2010/02/17 20:35:55 | 000,000,000 | ---D | M] (Send Tab URLs) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\{4aebcd37-f454-4928-9233-174a026ed367}
[2010/08/22 06:49:57 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/08/27 12:24:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2010/08/19 18:08:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\{ca0849e8-2c76-42ae-9abe-34e14d337acf}
[2010/08/19 18:08:04 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/08/10 10:45:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2010/06/18 05:54:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2010/04/13 00:48:53 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/08/27 12:24:48 | 000,000,000 | ---D | M] (Plain Text Links) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\{ec268e28-22c6-4a6c-ac22-635cabee283c}
[2010/08/27 12:24:48 | 000,000,000 | ---D | M] (Print) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\{f199da35-0a9a-4ce9-8f59-c68524deba93}
[2010/05/26 17:41:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\bartap@philikon.de
[2010/05/22 10:25:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\bettergmail2@ginatrapani.org
[2010/08/27 12:24:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\cbell-owner@mozdev.org
[2010/05/29 14:26:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\custombuttons@xsms.org
[2010/08/27 12:24:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\elemhidehelper@adblockplus.org
[2010/08/27 12:24:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\Extended@spanglerco.com
[2010/08/27 12:24:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\gmail_sigs@blankcanvasweb.com
[2010/03/27 16:15:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\gmailthis@lazyrussian.com
[2010/02/23 01:21:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\historyTree@norman.solomon
[2010/02/17 12:46:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\nosquint@urandom.ca
[2010/08/27 05:12:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\printit@GMPOWER.com
[2010/03/30 08:01:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\realfox@extensions.moz
[2010/08/27 12:24:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\staged-xpis
[2010/02/17 17:59:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\statusbuttons@clav.mozdev.org
[2010/08/27 12:24:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\viewabout@rumblingedge.com
[2010/03/30 08:01:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\realfox@extensions.moz\chrome
[2010/03/30 08:01:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\realfox@extensions.moz\defaults
[2010/08/26 08:24:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions
[2010/02/14 11:59:12 | 000,000,000 | ---D | M] (Toolbar Buttons) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\{03B08592-E5B4-45ff-A0BE-C1D975458688}
[2010/01/31 15:51:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2010/01/16 06:32:15 | 000,000,000 | ---D | M] (Flagfox) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2009/11/07 12:50:56 | 000,000,000 | ---D | M] (Session Manager) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}(2)
[2009/05/18 15:07:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe41}
[2009/11/27 18:47:18 | 000,000,000 | ---D | M] (Domain Details) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\{152455DE-7B40-4bcf-B5B4-C68A1BE85A91}
[2009/11/07 12:50:55 | 000,000,000 | ---D | M] (TV-Fox) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\{2f17f610-5e97-4fed-828f-9940b7b577a4}(2)
[2009/11/19 08:47:11 | 000,000,000 | ---D | M] (Organize Status Bar) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2c}
[2010/02/10 04:52:13 | 000,000,000 | ---D | M] (Stay-Open Menu) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\{3541c267-2580-4144-854e-2e05c8670121}
[2009/12/14 15:44:39 | 000,000,000 | ---D | M] (PDF Download) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2009/12/12 14:08:00 | 000,000,000 | ---D | M] (ShowIP) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\{3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d}
[2009/04/08 07:32:32 | 000,000,000 | ---D | M] (Send Tab URLs) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\{4aebcd37-f454-4928-9233-174a026ed367}
[2009/11/07 12:50:34 | 000,000,000 | ---D | M] (LiveTV_ Toolbar) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\{59385f95-c52f-4a84-b674-4a4206b17218}(2)
[2010/01/31 15:51:05 | 000,000,000 | ---D | M] (History Submenus) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\{7102aba3-045c-4ec2-b921-46d87636d84b}
[2010/02/14 13:07:33 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009/04/09 16:16:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\{A8208118-F761-47E2-A01F-4FB22AE08B5E}
[2010/02/14 13:07:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2009/08/18 09:56:51 | 000,000,000 | ---D | M] (Reload Tab On Double-Click) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\{aede9b05-c23c-479b-a90e-9146ed62d377}
[2009/10/20 20:18:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\{ca0849e8-2c76-42ae-9abe-34e14d337acf}
[2010/01/07 19:40:02 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/02/14 11:00:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\{D9A7CBEC-DE1A-444f-A092-844461596C4D}
[2009/12/23 10:23:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2009/12/09 17:32:10 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/12/09 17:32:13 | 000,000,000 | ---D | M] (Open link in...) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\{ff81e780-5cc0-11d9-9669-0800200c9a66}
[2010/02/14 11:39:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\99b796593689dde381ea87a085341ec2@button.codefisher.org
[2010/02/14 13:05:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\anticontainer@downthemall.net
[2009/07/09 06:26:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\elemhidehelper@adblockplus.org
[2010/02/13 00:18:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\gmail_sigs@blankcanvasweb.com
[2009/12/03 10:10:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\gmailthis@lazyrussian.com
[2010/02/10 04:52:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\guiconfig@slosd.net
[2009/11/07 12:50:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\knowmoreextension@knowmore.org
[2009/11/07 12:50:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\lazarus@interclue(2).com
[2009/04/09 16:16:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\speedtest@gotomyhelp.com
[2010/02/14 11:00:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\statusbuttons@clav.mozdev.org
[2009/07/14 14:34:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\whatsmyip@adrian
[2010/08/26 08:34:19 | 000,002,343 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\searchplugins\amazon-jp.xml
[2010/08/26 08:34:19 | 000,002,345 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\searchplugins\amazon-us---books.xml
[2010/08/26 08:34:17 | 000,001,529 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\searchplugins\amazoncom---healthpersonal-care.xml
[2010/08/26 08:34:18 | 000,004,121 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\searchplugins\baidu-.xml
[2010/08/26 08:34:18 | 000,002,098 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\searchplugins\bing---shopping.xml
[2009/03/25 09:11:04 | 000,000,876 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\searchplugins\conduit.xml
[2010/08/26 08:34:18 | 000,001,137 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\searchplugins\dictionarycom.xml
[2010/02/09 23:48:51 | 000,005,511 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\searchplugins\food-network---recipes.xml
[2010/08/26 08:34:18 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\searchplugins\geotool.xml
[2010/08/26 08:34:18 | 000,001,941 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\searchplugins\goodsearch.xml
[2010/08/26 08:34:19 | 000,001,901 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\searchplugins\grouprecipes.xml
[2010/08/26 08:34:19 | 000,002,322 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\searchplugins\joyo-amazon.xml
[2009/07/12 12:21:41 | 000,001,961 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\searchplugins\myiptest---blacklist-ip-check.xml
[2009/07/12 12:15:40 | 000,001,938 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\searchplugins\myiptest---ip-lookup.xml
[2009/07/12 12:21:51 | 000,001,945 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\searchplugins\myiptest---reverse-dns-lookup.xml
[2010/08/26 08:34:19 | 000,001,241 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\searchplugins\scroogle-ssl-english.xml
[2010/08/26 08:34:19 | 000,001,223 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\searchplugins\scroogle-ssl.xml
[2010/08/26 08:34:18 | 000,001,189 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\searchplugins\scroogle.xml
[2010/08/26 08:34:19 | 000,001,084 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\searchplugins\thesauruscom.xml
[2010/08/26 08:34:19 | 000,002,328 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\searchplugins\urban-dictionary.xml
[2009/10/29 05:04:57 | 000,001,846 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\searchplugins\web---nibbo.xml
[2010/08/26 08:34:19 | 000,001,326 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\searchplugins\wikipedia-en---go.xml
[2010/08/26 08:34:19 | 000,002,087 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\searchplugins\youtube.xml
[2010/08/27 12:25:35 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/14 18:27:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2008/06/18 02:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[1999/12/31 17:00:00 | 000,166,168 | ---- | M] (Tracker Software Products Ltd.) -- C:\Program Files\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll
 
Part 4 OTL.txt

O1 HOSTS File: ([2010/08/29 22:31:40 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (StumbleUpon Launcher) - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll (stumbleupon.com)
O2 - BHO: (ZoomInto) - {2F3D6D62-FAB0-401A-90B6-1B20C2D4448D} - C:\Program Files\Zoominto Solutions\ZoomInto 13.1.1\ZoomInto.dll (ZoomInto Solutions)
O2 - BHO: (Accelerator Plugin) - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\Program Files\PeoplePC Accelerated\prpl_IePopupBlocker.dll (Propel Software Corporation)
O3 - HKLM\..\Toolbar: (StumbleUpon Toolbar) - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll (stumbleupon.com)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [Bart Station] C:\Program Files\PeoplePC\ISP7000\BIN\PPCOLink.exe (PeoplePC)
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [XFILTER] C:\Program Files\Filseclab\xfilter\xfilter.exe (Filseclab)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: ZoomInto - C:\Documents and Settings\Compaq_Owner\Application Data\Zoominto\zoominto.htm ()
O9 - Extra Button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Filseclab\xfilter\XFILTER.DLL (Filseclab Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Filseclab\xfilter\XFILTER.DLL (Filseclab Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Filseclab\xfilter\XFILTER.DLL (Filseclab Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Filseclab\xfilter\XFILTER.DLL (Filseclab Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Filseclab\xfilter\XFILTER.DLL (Filseclab Corporation)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1238518495328 (MUWebControl Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadblocker.com/activex/sabspx.cab (SABScanProcesses Class)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/12/05 02:50:26 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 15:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
 
Part 5 OTL.txt

Drivers32: aux - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.divxa32 - C:\WINDOWS\System32\divxa32.acm (Kristal StudioDFileDescription)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.iyuv - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.LEAD - LCODCCMP.DLL File not found
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yuy2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 90 Days ==========

[2010/08/30 10:33:50 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe
[2010/08/29 22:55:44 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/08/29 22:25:40 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/08/29 22:23:15 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/08/29 22:23:15 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/08/29 22:23:15 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/08/29 22:23:15 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/08/29 22:23:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/08/29 22:21:15 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/08/28 23:01:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Desktop\NTBR_CD
[2010/08/28 00:28:47 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2010/08/27 21:04:01 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\TFC.exe
[2010/08/27 15:14:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\Malwarebytes
[2010/08/27 15:13:57 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/08/27 15:13:55 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/08/27 15:13:55 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/08/27 06:41:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Temp
[2010/08/27 06:40:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google
[2010/08/26 18:07:48 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Compaq_Owner\Recent
[2010/08/26 16:52:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\My Documents\info ff
[2010/08/26 16:39:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\My Documents\bios
[2010/08/26 09:09:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\My Documents\MSDN
[2010/08/22 13:35:58 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2010/08/21 04:01:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Help
[2010/08/21 04:01:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\Help
[2010/08/20 14:53:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Desktop\backups
[2010/08/20 14:39:04 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/08/20 14:35:48 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Compaq_Owner\Desktop\HijackThis.exe
[2010/08/20 08:53:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\My Documents\MY PAPER ON HEALTH
[2010/08/16 13:37:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\VSRevoGroup
[2010/08/16 00:20:45 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2010/08/15 22:16:58 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy
[2010/08/14 18:28:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/08/14 17:00:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Chromium
[2010/08/14 17:00:40 | 000,000,000 | ---D | C] -- C:\Program Files\SRWare Iron
[2010/08/14 05:55:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\My Documents\MERCOLA
[2010/08/13 13:28:18 | 000,000,000 | ---D | C] -- C:\AV-CLS
[2010/08/12 20:25:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\BDOSCAN8
[2010/08/11 13:48:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\My Documents\NormL
[2010/08/10 03:21:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\DiskSpaceFan
[2010/08/10 03:20:49 | 000,000,000 | ---D | C] -- C:\Program Files\DiskSpaceFan
[2010/08/10 03:05:07 | 000,000,000 | ---D | C] -- C:\Program Files\ZPaint 1.4
[2010/07/29 10:13:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Citrix
[2010/07/03 11:20:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\My Documents\CHS 50
[2010/06/20 15:27:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Tracker Software
[2010/06/20 15:23:56 | 000,000,000 | ---D | C] -- C:\Program Files\Tracker Software
[2010/06/19 07:48:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\My Documents\CHS PHOTOS
 
Part 6 OTL.txt

========== Files - Modified Within 90 Days ==========

[2010/08/30 10:33:53 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe
[2010/08/30 09:46:00 | 000,001,006 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2204943530-153763967-1977393198-1009UA.job
[2010/08/30 06:46:00 | 000,000,954 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2204943530-153763967-1977393198-1009Core.job
[2010/08/29 22:33:49 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/29 22:31:53 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/08/29 22:31:40 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/08/29 22:25:45 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/08/29 22:21:56 | 000,050,880 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/08/29 22:04:00 | 003,830,790 | R--- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\ComboFix.exe
[2010/08/29 21:43:06 | 007,077,888 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\ntuser.dat
[2010/08/29 21:40:50 | 000,000,249 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2010/08/29 21:40:10 | 000,043,531 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/08/29 21:39:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/29 21:32:33 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Compaq_Owner\ntuser.ini
[2010/08/29 11:43:45 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\MBRCheck.exe
[2010/08/28 22:56:47 | 002,565,432 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\NTBR_CD.exe
[2010/08/28 22:16:44 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\MBRCheck_MBR_Backup_08-28-10_22-16-44.bak
[2010/08/28 01:00:18 | 000,000,533 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\SUPERAntiSpyware Scan Log - 08-27-2010 - 23-43-27.zip
[2010/08/28 00:52:15 | 000,000,533 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Found an old virus that Avira had removed..SAS found the old log file
[2010/08/28 00:51:14 | 000,000,511 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\mbam-log-2010-08-27 (21-27-31).zip
[2010/08/28 00:50:44 | 000,005,577 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\DDS.zip
[2010/08/28 00:50:26 | 000,004,483 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Attach.zip
[2010/08/28 00:49:53 | 000,004,172 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Attach.7z
[2010/08/28 00:48:33 | 000,001,179 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\gmernew.zip
[2010/08/28 00:35:02 | 000,000,504 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Shortcut to 7-Zip.lnk
[2010/08/28 00:28:28 | 000,939,956 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\7z465.exe
[2010/08/27 21:38:56 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\dds.scr
[2010/08/27 21:04:03 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\TFC.exe
[2010/08/27 16:29:31 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\9ed60cflGMER.exe
[2010/08/27 15:14:00 | 000,000,704 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/26 22:52:16 | 000,001,628 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/08/26 22:52:16 | 000,001,610 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/08/26 09:09:46 | 000,000,811 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Shortcut to DropMyRights.exe.lnk
[2010/08/26 08:17:19 | 017,868,108 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Firefox 3.6.8 (en-US) - 2010-08-26.pcv
[2010/08/26 08:15:42 | 016,461,798 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Thunderbird 2.0.0.24 (en-US) - 2010-08-26.pcv
[2010/08/25 16:11:52 | 000,000,937 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Revo Uninstaller.lnk
[2010/08/24 23:17:54 | 000,209,696 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/24 22:00:05 | 000,002,624 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\leukemia.rtf
[2010/08/24 00:07:14 | 000,000,320 | ---- | M] () -- C:\WINDOWS\tasks\HPCeeSchedule.job
[2010/08/22 13:09:00 | 000,001,520 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Recuva.lnk
[2010/08/21 12:10:31 | 000,000,646 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Shortcut to ntbackup.exe.lnk
[2010/08/21 06:07:39 | 2740,777,984 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Backup8-20.bkf
[2010/08/20 17:07:26 | 000,008,553 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\HiJackThis2.msi
[2010/08/20 14:35:50 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Compaq_Owner\Desktop\HijackThis.exe
[2010/08/20 14:35:29 | 001,402,880 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\HiJackThis.msi
[2010/08/20 14:16:02 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\housecall.guid.cache
[2010/08/17 07:10:36 | 000,000,694 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Shortcut to aswclear5.exe.lnk
[2010/08/17 03:08:29 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\PDF-Viewer.lnk
[2010/08/17 02:23:41 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/08/16 11:39:10 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.new
[2010/08/16 00:35:07 | 000,000,759 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Shortcut to sar_15_sfx.exe.lnk
[2010/08/15 23:40:46 | 000,000,720 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Filseclab Personal Firewall.lnk
[2010/08/15 22:17:02 | 000,000,662 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Speccy.lnk
[2010/08/15 22:13:40 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\CCleaner.lnk
[2010/08/14 17:37:24 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2010/08/14 17:01:03 | 000,000,647 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\SRWare Iron.lnk
[2010/08/14 17:01:02 | 000,000,669 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SRWare Iron.lnk
[2010/08/12 19:30:12 | 000,503,854 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/12 19:30:12 | 000,442,796 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/12 19:30:12 | 000,071,936 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/12 18:17:33 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\config.bak
[2010/08/11 21:59:47 | 000,002,568 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\victorFrankl.abw
[2010/08/11 09:28:33 | 000,000,281 | ---- | M] () -- C:\Boot.bak
[2010/08/10 15:11:32 | 000,000,905 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Shortcut to filavut.exe.lnk
[2010/08/10 03:20:49 | 000,000,627 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Disk Space Fan.lnk
[2010/08/08 21:49:52 | 000,040,989 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\cancer cure-budwig.rtf
[2010/08/07 21:48:55 | 000,006,026 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Statins Damage.rtf
[2010/08/07 18:10:22 | 000,030,753 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\glass housecholesterolMeds.rtf
[2010/08/07 17:54:05 | 000,017,606 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\lowerCholesterol.rtf
[2010/08/07 17:52:05 | 000,008,942 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\RainbowBridge.rtf
[2010/08/07 17:12:17 | 000,024,395 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\adr fatiguet.rtf
[2010/08/07 17:02:05 | 000,023,880 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\ADRENAL FATIGUE.rtf
[2010/08/07 16:59:08 | 000,023,865 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\.gsf-save-PI5YGV
[2010/08/07 15:03:04 | 000,030,512 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\pravastatin.abw
[2010/08/07 13:29:28 | 000,022,864 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\pravastatin.rtf
[2010/08/05 07:36:11 | 000,000,958 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\hypotension.rtf
[2010/07/29 15:01:07 | 000,000,307 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\jeffersonQuote.rtf
[2010/07/13 15:24:14 | 000,010,733 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\stone symbology.rtf
[2010/07/13 15:23:00 | 000,018,713 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\colorSymbology.rtf
[2010/07/13 15:18:46 | 000,023,054 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\IncaSymbols.rtf
[2010/07/13 15:09:42 | 000,034,237 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\animalTotems.rtf
[2010/07/12 06:41:49 | 000,037,932 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\symbols&totems.rtf
[2010/07/09 09:47:08 | 000,277,041 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Carolyn364.pdf
[2010/07/04 14:50:18 | 000,276,687 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\zales_ringsizer.pdf
[2010/07/03 11:13:30 | 000,034,825 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\susans photo_n.jpg
[2010/06/28 12:42:43 | 000,017,591 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\rings.jpeg
[2010/06/23 12:26:42 | 000,002,356 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\jaxson quite.rtf
[2010/06/21 22:55:58 | 000,058,115 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Tibetan Dzi Bead.rtf
[2010/06/21 07:04:30 | 000,105,804 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Dzi Bead Meanings.rtf
[2010/06/19 07:45:42 | 000,054,717 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\chs 1.jpg
[2010/06/17 15:17:02 | 000,002,604 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\dharma..rtf
[2010/06/17 00:19:23 | 000,003,234 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\georgie4.jpg
[2010/06/17 00:02:09 | 000,069,894 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\wow3.jpg
[2010/06/16 23:26:33 | 000,069,894 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\wow.jpg
[2010/06/16 23:09:40 | 000,103,136 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\the-gray-parrot-84.jpg
[2010/06/16 22:44:50 | 000,120,847 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\georgie2.jpg
[2010/06/05 10:46:23 | 000,006,493 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Georoutine.rtf
 
Part 7 OTL.txt

========== Files Created - No Company Name ==========

[2010/08/29 22:23:15 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/08/29 22:23:15 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/08/29 22:23:15 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/08/29 22:23:15 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/08/29 22:23:15 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/08/29 22:04:00 | 003,830,790 | R--- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\ComboFix.exe
[2010/08/28 22:56:47 | 002,565,432 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\NTBR_CD.exe
[2010/08/28 22:16:44 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\MBRCheck_MBR_Backup_08-28-10_22-16-44.bak
[2010/08/28 01:00:18 | 000,000,533 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\SUPERAntiSpyware Scan Log - 08-27-2010 - 23-43-27.zip
[2010/08/28 00:52:15 | 000,000,533 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Found an old virus that Avira had removed..SAS found the old log file
[2010/08/28 00:51:14 | 000,000,511 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\mbam-log-2010-08-27 (21-27-31).zip
[2010/08/28 00:50:44 | 000,005,577 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\DDS.zip
[2010/08/28 00:50:26 | 000,004,483 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Attach.zip
[2010/08/28 00:49:53 | 000,004,172 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Attach.7z
[2010/08/28 00:48:33 | 000,001,179 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\gmernew.zip
[2010/08/28 00:35:02 | 000,000,504 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Shortcut to 7-Zip.lnk
[2010/08/28 00:28:21 | 000,939,956 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\7z465.exe
[2010/08/27 21:38:54 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\dds.scr
[2010/08/27 16:37:55 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\MBRCheck.exe
[2010/08/27 16:29:27 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\9ed60cflGMER.exe
[2010/08/27 15:14:00 | 000,000,704 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/27 06:41:47 | 000,001,006 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2204943530-153763967-1977393198-1009UA.job
[2010/08/27 06:41:45 | 000,000,954 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2204943530-153763967-1977393198-1009Core.job
[2010/08/26 22:52:16 | 000,001,628 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/08/26 22:52:16 | 000,001,610 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/08/26 09:09:46 | 000,000,811 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Shortcut to DropMyRights.exe.lnk
[2010/08/26 08:17:01 | 017,868,108 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Firefox 3.6.8 (en-US) - 2010-08-26.pcv
[2010/08/26 08:15:27 | 016,461,798 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Thunderbird 2.0.0.24 (en-US) - 2010-08-26.pcv
[2010/08/25 16:11:52 | 000,000,937 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Revo Uninstaller.lnk
[2010/08/24 22:00:05 | 000,002,624 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\leukemia.rtf
[2010/08/22 13:08:59 | 000,001,520 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Recuva.lnk
[2010/08/21 12:10:31 | 000,000,646 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Shortcut to ntbackup.exe.lnk
[2010/08/21 06:02:17 | 2740,777,984 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Backup8-20.bkf
[2010/08/20 17:07:26 | 000,008,553 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\HiJackThis2.msi
[2010/08/20 14:35:20 | 001,402,880 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\HiJackThis.msi
[2010/08/20 14:16:02 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\housecall.guid.cache
[2010/08/17 07:10:36 | 000,000,694 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Shortcut to aswclear5.exe.lnk
[2010/08/16 00:35:07 | 000,000,759 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Shortcut to sar_15_sfx.exe.lnk
[2010/08/15 23:43:09 | 000,002,626 | ---- | C] () -- C:\WINDOWS\System32\config.bak
[2010/08/15 23:43:09 | 000,002,577 | ---- | C] () -- C:\WINDOWS\config.nt
[2010/08/15 23:43:09 | 000,001,688 | ---- | C] () -- C:\WINDOWS\autoexec.nt
[2010/08/15 23:43:09 | 000,001,688 | ---- | C] () -- C:\WINDOWS\System32\autoexec.bak
[2010/08/15 22:17:02 | 000,000,662 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Speccy.lnk
[2010/08/14 17:01:03 | 000,000,647 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\SRWare Iron.lnk
[2010/08/14 17:01:02 | 000,000,669 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SRWare Iron.lnk
[2010/08/11 21:59:46 | 000,002,568 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\victorFrankl.abw
[2010/08/10 15:11:32 | 000,000,905 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Shortcut to filavut.exe.lnk
[2010/08/10 03:20:49 | 000,000,627 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Disk Space Fan.lnk
[2010/08/08 21:49:45 | 000,040,989 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\cancer cure-budwig.rtf
[2010/08/07 20:36:48 | 000,006,026 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Statins Damage.rtf
[2010/08/07 18:10:22 | 000,030,753 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\glass housecholesterolMeds.rtf
[2010/08/07 17:54:05 | 000,017,606 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\lowerCholesterol.rtf
[2010/08/07 17:52:04 | 000,008,942 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\RainbowBridge.rtf
[2010/08/07 17:09:05 | 000,024,395 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\adr fatiguet.rtf
[2010/08/07 17:02:05 | 000,023,880 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\ADRENAL FATIGUE.rtf
[2010/08/07 16:59:08 | 000,023,865 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\.gsf-save-PI5YGV
[2010/08/07 15:03:04 | 000,030,512 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\pravastatin.abw
[2010/08/07 13:29:28 | 000,022,864 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\pravastatin.rtf
[2010/08/05 07:36:11 | 000,000,958 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\hypotension.rtf
[2010/07/29 15:01:06 | 000,000,307 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\jeffersonQuote.rtf
[2010/07/13 15:24:14 | 000,010,733 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\stone symbology.rtf
[2010/07/13 15:23:00 | 000,018,713 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\colorSymbology.rtf
[2010/07/13 15:18:46 | 000,023,054 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\IncaSymbols.rtf
[2010/07/13 15:09:41 | 000,034,237 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\animalTotems.rtf
[2010/07/12 06:41:49 | 000,037,932 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\symbols&totems.rtf
[2010/07/09 09:47:08 | 000,277,041 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Carolyn364.pdf
[2010/07/04 14:50:18 | 000,276,687 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\zales_ringsizer.pdf
[2010/07/03 11:13:24 | 000,034,825 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\susans photo_n.jpg
[2010/06/28 17:45:34 | 000,243,840 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/06/28 12:42:32 | 000,017,591 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\rings.jpeg
[2010/06/23 12:26:41 | 000,002,356 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\jaxson quite.rtf
[2010/06/21 22:55:56 | 000,058,115 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Tibetan Dzi Bead.rtf
[2010/06/21 07:04:30 | 000,105,804 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Dzi Bead Meanings.rtf
[2010/06/20 15:24:09 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\PDF-Viewer.lnk
[2010/06/19 07:45:37 | 000,054,717 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\chs 1.jpg
[2010/06/17 15:17:02 | 000,002,604 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\dharma..rtf
[2010/06/17 00:19:18 | 000,003,234 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\georgie4.jpg
[2010/06/17 00:02:08 | 000,069,894 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\wow3.jpg
[2010/06/16 23:26:32 | 000,069,894 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\wow.jpg
[2010/06/16 23:09:39 | 000,103,136 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\the-gray-parrot-84.jpg
[2010/06/16 22:44:47 | 000,120,847 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\georgie2.jpg
[2010/06/05 10:46:23 | 000,006,493 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Georoutine.rtf
[2009/04/30 05:56:12 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/12 21:37:27 | 000,372,736 | ---- | C] () -- C:\WINDOWS\System32\hpzidi01.dll
[2009/04/12 21:37:26 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2009/04/06 03:18:46 | 000,084,480 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/04/05 20:37:12 | 000,000,395 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\settings.ini
[2009/03/30 07:16:40 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\fusioncache.dat
[2009/01/05 15:44:10 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2008/12/07 14:08:06 | 000,795,648 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/12/07 14:08:04 | 000,130,048 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/09/12 16:21:02 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2007/09/04 12:56:10 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2007/02/28 15:02:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2007/02/05 21:05:26 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2005/05/10 21:29:00 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/05/10 21:06:59 | 000,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2005/05/10 21:01:53 | 000,012,993 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2005/05/10 21:01:48 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2005/05/10 20:59:47 | 000,000,031 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2005/05/10 20:58:39 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/05/10 20:48:04 | 000,000,151 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2005/05/10 20:46:40 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2005/05/10 20:42:24 | 000,002,248 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2005/05/10 20:41:21 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/05/10 20:38:35 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2005/05/10 20:38:35 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2005/05/10 20:38:35 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2005/05/10 20:38:34 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2005/05/10 20:38:34 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2005/05/10 20:38:34 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2005/05/10 20:38:33 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2005/05/10 20:25:05 | 000,000,045 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/05/10 20:22:16 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2005/05/10 20:22:16 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2005/05/10 20:21:57 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2004/06/15 17:38:00 | 000,000,592 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
 
Part 8 OTL.txt

========== LOP Check ==========

[2010/01/13 13:36:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AGI
[2010/06/20 15:27:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tracker Software
[2010/08/26 17:22:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VistaCodecs
[2010/08/10 03:48:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\DiskSpaceFan
[2010/01/28 05:47:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\enchant
[2009/07/15 08:55:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Netscape
[2010/08/26 17:40:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\PeoplePal
[2010/08/29 21:42:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\StumbleUpon
[2009/04/07 10:47:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Thunderbird
[2010/08/16 13:37:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\VSRevoGroup
[2009/03/30 19:25:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\WinBatch
[2010/01/28 14:14:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Zoominto

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2005/12/05 02:50:26 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/08/11 09:28:33 | 000,000,281 | ---- | M] () -- C:\Boot.bak
[2010/08/29 22:25:45 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2004/08/04 00:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2010/08/29 22:33:49 | 000,017,078 | ---- | M] () -- C:\ComboFix.txt
[2005/12/05 02:50:26 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007/11/07 09:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007/11/07 09:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2007/11/07 09:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2009/04/06 00:43:41 | 000,071,307 | ---- | M] () -- C:\hpWebHelper.log
[2007/11/07 09:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2009/08/23 13:51:44 | 000,000,000 | ---- | M] () -- C:\install.rdf
[2007/11/07 09:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 09:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 09:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 09:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 09:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/07 09:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/07 09:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007/11/07 09:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/07 09:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2005/12/05 02:50:26 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2005/12/05 02:50:26 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 00:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/03/31 14:56:42 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/08/29 21:39:53 | 1409,286,144 | -HS- | M] () -- C:\pagefile.sys
[2009/03/30 19:30:19 | 000,000,510 | ---- | M] () -- C:\updatedatfix.log
[2007/11/07 09:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2010/08/14 17:37:24 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007/11/07 09:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2005/04/08 19:43:36 | 000,067,072 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp3xu.dll
[2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >
[2006/02/19 13:28:56 | 000,012,288 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\Fonts\RandFont.dll

< %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >

< %systemroot%\*. /mp /s >


< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2005/12/04 18:42:42 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2005/12/04 18:42:42 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav

< %systemroot%\system32\user32.dll /md5 >
[2008/04/13 20:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2008/04/13 20:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll

< %systemroot%\system32\ws2help.dll /md5 >
[2008/04/13 20:12:10 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=9789E95E1D88EEB4B922BF3EA7779C28 -- C:\WINDOWS\system32\ws2help.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\ntbackup.exe:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System\setup.inf:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\VC_RED.cab:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Compaq_Owner\Desktop\setup.exe:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Compaq_Owner\Desktop\MBRCheck.exe:SummaryInformation
< End of report >
 
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2009/11/24 19:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
DRV - [2010/01/19 07:43:12 | 000,100,304 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/01/19 07:42:40 | 000,028,240 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/11/24 19:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009/11/24 19:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009/09/15 06:55:30 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2009/09/15 06:55:19 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\ntbackup.exe:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System\setup.inf:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\VC_RED.cab:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Compaq_Owner\Desktop\setup.exe:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Compaq_Owner\Desktop\MBRCheck.exe:SummaryInformation

:Services

:Reg

:Files
C:\Program Files\Alwil Software

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.
 
IE was so slow to start this time..I wondered if it was going to start at all.

All processes killed
========== OTL ==========
Service avast! Web Scanner stopped successfully!
Service avast! Web Scanner deleted successfully!
File C:\Program Files\Alwil Software\Avast4\ashWebSv.exe not found.
Service avast! Mail Scanner stopped successfully!
Service avast! Mail Scanner deleted successfully!
File C:\Program Files\Alwil Software\Avast5\AvastSvc.exe not found.
Service avast! Antivirus stopped successfully!
Service avast! Antivirus deleted successfully!
File move failed. C:\Program Files\Alwil Software\Avast4\ashServ.exe scheduled to be moved on reboot.
Error: Unable to stop service aswMon2!
Unable to delete service\driver key aswMon2.
File move failed. C:\WINDOWS\system32\drivers\aswmon2.sys scheduled to be moved on reboot.
Error: Unable to stop service Aavmker4!
Unable to delete service\driver key Aavmker4.
File move failed. C:\WINDOWS\system32\drivers\aavmker4.sys scheduled to be moved on reboot.
Error: Unable to stop service aswTdi!
Unable to delete service\driver key aswTdi.
File move failed. C:\WINDOWS\system32\drivers\aswTdi.sys scheduled to be moved on reboot.
Service aswRdr stopped successfully!
Service aswRdr deleted successfully!
File move failed. C:\WINDOWS\system32\drivers\aswRdr.sys scheduled to be moved on reboot.
Error: Unable to stop service aswSP!
Unable to delete service\driver key aswSP.
File move failed. C:\WINDOWS\system32\drivers\aswSP.sys scheduled to be moved on reboot.
Error: Unable to stop service aswFsBlk!
Unable to delete service\driver key aswFsBlk.
File move failed. C:\WINDOWS\system32\drivers\aswFsBlk.sys scheduled to be moved on reboot.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
ADS C:\WINDOWS\System32\ntbackup.exe:SummaryInformation deleted successfully.
ADS C:\WINDOWS\System\setup.inf:SummaryInformation deleted successfully.
ADS C:\VC_RED.cab:SummaryInformation deleted successfully.
ADS C:\Documents and Settings\Compaq_Owner\Desktop\setup.exe:SummaryInformation deleted successfully.
ADS C:\Documents and Settings\Compaq_Owner\Desktop\MBRCheck.exe:SummaryInformation deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
Folder move failed. C:\Program Files\Alwil Software\Avast4\Setup\Sfx scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\Setup scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\ENGLISH scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\skin scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\report scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\moved scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\log scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\journal scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\integ scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\chest scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\backup scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4 scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software scheduled to be moved on reboot.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Compaq_Owner
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1534540 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 42447265 bytes
->Flash cache emptied: 1751 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 65536 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 306912 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 42.00 mb


[EMPTYFLASH]

User: All Users

User: Compaq_Owner
->Flash cache emptied: 0 bytes

User: Default User

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.11.0 log created on 08302010_125929

Files\Folders moved on Reboot...
File move failed. C:\Program Files\Alwil Software\Avast4\ashServ.exe scheduled to be moved on reboot.
File move failed. C:\WINDOWS\system32\drivers\aswmon2.sys scheduled to be moved on reboot.
File move failed. C:\WINDOWS\system32\drivers\aavmker4.sys scheduled to be moved on reboot.
File move failed. C:\WINDOWS\system32\drivers\aswTdi.sys scheduled to be moved on reboot.
File move failed. C:\WINDOWS\system32\drivers\aswRdr.sys scheduled to be moved on reboot.
File move failed. C:\WINDOWS\system32\drivers\aswSP.sys scheduled to be moved on reboot.
File move failed. C:\WINDOWS\system32\drivers\aswFsBlk.sys scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\Setup\Sfx scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\Setup\Sfx scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\Setup scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\ENGLISH scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\skin scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\report scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\moved scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\log scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\journal scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\integ scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\chest scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\backup scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\skin scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\report scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\moved scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\log scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\journal scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\integ scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\chest scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\backup scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\Setup\Sfx scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\Setup scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\ENGLISH scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\skin scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\report scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\moved scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\log scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\journal scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\integ scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\chest scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\backup scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4 scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\Setup\Sfx scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\Setup scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\ENGLISH scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\skin scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\report scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\moved scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\log scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\journal scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\integ scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\chest scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\backup scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4 scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software scheduled to be moved on reboot.

Registry entries deleted on Reboot...
 
Let's see, if we have any other Avast leftovers.
This scan may take a while. Be patient.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook.exe to run it.
  • Vista users:: Right click on SystemLook.exe, click Run As Administrator
  • Copy the content of the following box into the main textfield:
    Code: 
    :filefind
*Alwil*
*avast*
:folderfind
*Alwil*
*avast*
:regfind
*Alwil*
*avast*
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
 
results of SystemLook Scan

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 14:31 on 30/08/2010 by Compaq_Owner (Administrator - Elevation successful)

========== filefind ==========

Searching for "*Alwil*"
No files found.

Searching for "*avast*"
C:\Documents and Settings\Compaq_Owner\Application Data\Thunderbird\Profiles\qeyfuzdp.default\Mail\mail.peoplepc-5.com\Save.sbd\Avast! --a--- 15275 bytes [23:42 14/03/2010] [18:27 21/08/2010] ED4D1A398013E5F2DD298880EBC790F6
C:\Documents and Settings\Compaq_Owner\Application Data\Thunderbird\Profiles\qeyfuzdp.default\Mail\mail.peoplepc-5.com\Save.sbd\Avast!.msf --a--- 5737 bytes [23:42 14/03/2010] [00:31 30/08/2010] 5421BC4328980AA8C3745A7EE6180A83
C:\Documents and Settings\Compaq_Owner\Favorites\instructions virus removal\[Active] Results of testing locked Self-Protect mode of Avast Antivirus Pro - TechSpot OpenBoards.url --a--- 255 bytes [02:04 28/08/2010] [06:03 30/08/2010] AB3A5FCBC24171283A4173656CAFC229
C:\Documents and Settings\Compaq_Owner\Favorites\TECH Spot\[Active] Results of testing locked Self-Protect mode of Avast Antivirus Pro - TechSpot OpenBoards.url --a--- 255 bytes [01:06 28/08/2010] [17:09 30/08/2010] AB3A5FCBC24171283A4173656CAFC229
C:\Documents and Settings\Compaq_Owner\My Documents\pravastatin.abw ------ 30512 bytes [19:03 07/08/2010] [19:03 07/08/2010] 0507B5035A6DA38237954AE73ABA3130
C:\Documents and Settings\Compaq_Owner\My Documents\pravastatin.rtf ------ 22864 bytes [17:29 07/08/2010] [17:29 07/08/2010] 673D460C8729649BC136195CF63371DF
C:\Documents and Settings\Compaq_Owner\Recent\avastGMER.log.lnk --a--- 517 bytes [20:34 27/08/2010] [00:29 29/08/2010] E90AC50B2EA72ABFB76810191B1C48CA
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db --a--- 52224 bytes [04:44 17/05/2009] [04:40 16/01/2010] C43E7FE2D73165CC530759962C3BFBCC
C:\Program Files\Alwil Software\Avast4\Setup\Sfx\avast.setup --a--- 1735728 bytes [18:57 23/01/2010] [18:57 23/01/2010] C3F79DBDD0611D72E5A5C8229F8DC321
C:\WINDOWS\system32\avastSS.scr ------ 38848 bytes [04:11 17/05/2009] [11:57 19/01/2010] D06EB8ED28D8808F65E2EF4806FF6A6F

========== folderfind ==========

Searching for "*Alwil*"
C:\Program Files\Alwil Software d----- [12:23 30/03/2009]
C:\_OTL\MovedFiles\08302010_125929\C_Program Files\Alwil Software d----- [16:59 30/08/2010]

Searching for "*avast*"
C:\Program Files\Alwil Software\Avast4 d----- [12:23 30/03/2009]
C:\_OTL\MovedFiles\08302010_125929\C_Program Files\Alwil Software\Avast4 d----- [16:59 30/08/2010]

========== regfind ==========

Searching for "*Alwil*"
No data found.

Searching for "*avast*"
No data found.

-=End Of File=-
 
After running the below and restarting computer, you should be good to install Avira.


Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL

:Services

:Reg

:Files
C:\Documents and Settings\Compaq_Owner\Application Data\Thunderbird\Profiles\qeyfuzdp.default\Mail\mail.peoplepc-5.com\Save.sbd\Avast!
C:\Documents and Settings\Compaq_Owner\Application Data\Thunderbird\Profiles\qeyfuzdp.default\Mail\mail.peoplepc-5.com\Save.sbd\Avast!.msf 
C:\Program Files\Alwil Software
C:\WINDOWS\system32\avastSS.scr

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.
 
log file OTL

All processes killed
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\Documents and Settings\Compaq_Owner\Application Data\Thunderbird\Profiles\qeyfuzdp.default\Mail\mail.peoplepc-5.com\Save.sbd\Avast! moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Thunderbird\Profiles\qeyfuzdp.default\Mail\mail.peoplepc-5.com\Save.sbd\Avast!.msf moved successfully.
Folder move failed. C:\Program Files\Alwil Software\Avast4\Setup\Sfx scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\Setup scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\ENGLISH scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\skin scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\report scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\moved scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\log scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\journal scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\integ scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\chest scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\backup scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4 scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software scheduled to be moved on reboot.
File move failed. C:\WINDOWS\system32\avastSS.scr scheduled to be moved on reboot.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Compaq_Owner
->Temp folder emptied: 642122 bytes
->Temporary Internet Files folder emptied: 132880 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 456 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 16786 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1.00 mb


[EMPTYFLASH]

User: All Users

User: Compaq_Owner
->Flash cache emptied: 0 bytes

User: Default User

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.11.0 log created on 08302010_150615

Files\Folders moved on Reboot...
Folder move failed. C:\Program Files\Alwil Software\Avast4\Setup\Sfx scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\Setup\Sfx scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\Setup scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\ENGLISH scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\skin scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\report scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\moved scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\log scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\journal scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\integ scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\chest scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\backup scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\skin scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\report scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\moved scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\log scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\journal scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\integ scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\chest scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\backup scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\Setup\Sfx scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\Setup scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\ENGLISH scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\skin scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\report scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\moved scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\log scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\journal scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\integ scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\chest scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\backup scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4 scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\Setup\Sfx scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\Setup scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\ENGLISH scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\skin scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\report scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\moved scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\log scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\journal scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\integ scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\chest scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\backup scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4 scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software scheduled to be moved on reboot.
File move failed. C:\WINDOWS\system32\avastSS.scr scheduled to be moved on reboot.

Registry entries deleted on Reboot...
 
there are 6 *.sys Avast drivers in the WINDOWS\system32/drivers folder
are they OK to be left there? Or should I delete before installing other program? , since I am going to use Avira...

Thanx..I will let you know what happens when I download and re-install Avira..now..
 
I went into Windows Explorer and looked at the folders under
C:\Windows\system32\drivers

they are:
aavmker4.sys avast! Base Kernel-Mode Device for Windows NT/2000/XP
aswFsBlk.sys avast! File System Access Blocking Driver
aswmon2.sys avast!File System Filter Driver for Windows XP
aswmon.sys avast! File System Filter Driver For Windows NT/2000
aswRdr.sys avast! TDI RDR Driver
aswSP.sys avast! Self-Protection Mode Driver
aswTdi.sys avast! TDI Filter Driver

These are the ones I could never delete because of the self-protection blocking.
 
They shouldn't be active anymore, but...
Let's get rid of them...

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL

:Services

:Reg

:Files
C:\Windows\system32\drivers\aavmker4.sys
C:\Windows\system32\drivers\aswFsBlk.sys
C:\Windows\system32\drivers\aswmon2.sys
C:\Windows\system32\drivers\aswmon.sys
C:\Windows\system32\drivers\aswRdr.sys
C:\Windows\system32\drivers\aswSP.sys
C:\Windows\system32\drivers\aswTdi.sys

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.
 
All processes killed
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
File move failed. C:\Windows\system32\drivers\aavmker4.sys scheduled to be moved on reboot.
File move failed. C:\Windows\system32\drivers\aswFsBlk.sys scheduled to be moved on reboot.
File move failed. C:\Windows\system32\drivers\aswmon2.sys scheduled to be moved on reboot.
File move failed. C:\Windows\system32\drivers\aswmon.sys scheduled to be moved on reboot.
File move failed. C:\Windows\system32\drivers\aswRdr.sys scheduled to be moved on reboot.
File move failed. C:\Windows\system32\drivers\aswSP.sys scheduled to be moved on reboot.
File move failed. C:\Windows\system32\drivers\aswTdi.sys scheduled to be moved on reboot.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Compaq_Owner
->Temp folder emptied: 642122 bytes
->Temporary Internet Files folder emptied: 497829 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 456 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 16786 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1.00 mb


[EMPTYFLASH]

User: All Users

User: Compaq_Owner
->Flash cache emptied: 0 bytes

User: Default User

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.11.0 log created on 08302010_181109

Files\Folders moved on Reboot...
File move failed. C:\Windows\system32\drivers\aavmker4.sys scheduled to be moved on reboot.
File move failed. C:\Windows\system32\drivers\aswFsBlk.sys scheduled to be moved on reboot.
File move failed. C:\Windows\system32\drivers\aswmon2.sys scheduled to be moved on reboot.
File move failed. C:\Windows\system32\drivers\aswmon.sys scheduled to be moved on reboot.
File move failed. C:\Windows\system32\drivers\aswRdr.sys scheduled to be moved on reboot.
File move failed. C:\Windows\system32\drivers\aswSP.sys scheduled to be moved on reboot.
File move failed. C:\Windows\system32\drivers\aswTdi.sys scheduled to be moved on reboot.

Registry entries deleted on Reboot...
 
No.

Let's try Combofix to move them...

1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code: 
File::
C:\Windows\system32\drivers\aavmker4.sys
C:\Windows\system32\drivers\aswFsBlk.sys
C:\Windows\system32\drivers\aswmon2.sys
C:\Windows\system32\drivers\aswmon.sys
C:\Windows\system32\drivers\aswRdr.sys
C:\Windows\system32\drivers\aswSP.sys
C:\Windows\system32\drivers\aswTdi.sys


3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif



6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
 
ComboFix 10-08-28.02 - Compaq_Owner 08/30/2010 19:52:42.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.446.241 [GMT -4:00]
Running from: c:\documents and settings\Compaq_Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Compaq_Owner\Desktop\CFScript.txt
AV: avast! antivirus 4.8.0 [VPS 000000-0] *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Filseclab Personal Firewall *disabled* {EB4DA513-3B0A-4FCB-86A7-F1243757EFF2}

FILE ::
"c:\windows\system32\drivers\aavmker4.sys"
"c:\windows\system32\drivers\aswFsBlk.sys"
"c:\windows\system32\drivers\aswmon.sys"
"c:\windows\system32\drivers\aswmon2.sys"
"c:\windows\system32\drivers\aswRdr.sys"
"c:\windows\system32\drivers\aswSP.sys"
"c:\windows\system32\drivers\aswTdi.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\aavmker4.sys
c:\windows\system32\drivers\aswFsBlk.sys
c:\windows\system32\drivers\aswmon.sys
c:\windows\system32\drivers\aswmon2.sys
c:\windows\system32\drivers\aswRdr.sys
c:\windows\system32\drivers\aswSP.sys
c:\windows\system32\drivers\aswTdi.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_aswFsBlk
-------\Legacy_aswSP
-------\Service_aswFsBlk
-------\Service_aswSP


((((((((((((((((((((((((( Files Created from 2010-07-28 to 2010-08-30 )))))))))))))))))))))))))))))))
.

2010-08-30 16:59 . 2010-08-30 16:59 -------- d-----w- C:\_OTL
2010-08-28 04:28 . 2010-08-28 04:28 -------- d-----w- c:\program files\7-Zip
2010-08-27 19:14 . 2010-08-27 19:14 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Malwarebytes
2010-08-27 19:13 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-27 19:13 . 2010-08-27 19:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-27 19:13 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-27 16:24 . 2006-09-02 02:45 222 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\Extended@spanglerco.com\open.cmd
2010-08-27 10:41 . 2010-08-27 10:42 -------- d-----w- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Temp
2010-08-27 10:40 . 2010-08-27 10:42 -------- d-----w- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Google
2010-08-23 19:29 . 2008-04-14 00:12 11325 ----a-w- c:\windows\system32\dllcache\vchnt5.dll
2010-08-22 17:35 . 2010-08-22 17:35 -------- d-----w- c:\program files\MSECache
2010-08-21 08:01 . 2010-08-21 08:01 -------- d-----w- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Help
2010-08-20 18:39 . 2010-08-20 18:39 388096 ------r- c:\documents and settings\Compaq_Owner\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-08-20 18:39 . 2010-08-20 18:39 -------- d-----w- c:\program files\Trend Micro
2010-08-16 17:37 . 2010-08-16 17:37 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\VSRevoGroup
2010-08-16 04:20 . 2010-08-16 04:20 -------- d-----w- c:\program files\Sophos
2010-08-16 02:16 . 2010-08-16 02:17 -------- d-----w- c:\program files\Speccy
2010-08-14 22:28 . 2010-08-14 22:28 -------- d-----w- c:\program files\Common Files\Java
2010-08-14 22:28 . 2010-08-14 22:28 503808 ------w- c:\documents and settings\Compaq_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1a4b79aa-n\msvcp71.dll
2010-08-14 22:28 . 2010-08-14 22:28 499712 ------w- c:\documents and settings\Compaq_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1a4b79aa-n\jmc.dll
2010-08-14 22:28 . 2010-08-14 22:28 348160 ------w- c:\documents and settings\Compaq_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1a4b79aa-n\msvcr71.dll
2010-08-14 22:27 . 2010-08-14 22:27 61440 ------w- c:\documents and settings\Compaq_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-5157a20a-n\decora-sse.dll
2010-08-14 22:27 . 2010-08-14 22:27 12800 ------w- c:\documents and settings\Compaq_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-5157a20a-n\decora-d3d.dll
2010-08-14 21:00 . 2010-08-14 21:00 -------- d-----w- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Chromium
2010-08-14 21:00 . 2010-08-14 21:00 -------- d-----w- c:\program files\SRWare Iron
2010-08-13 17:28 . 2010-08-16 03:54 -------- d-----w- C:\AV-CLS
2010-08-13 00:25 . 2010-08-13 03:48 -------- d-----w- c:\windows\BDOSCAN8
2010-08-10 07:21 . 2010-08-10 07:48 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\DiskSpaceFan
2010-08-10 07:20 . 2010-08-10 07:20 -------- d-----w- c:\program files\DiskSpaceFan
2010-08-10 07:05 . 2010-08-10 07:05 -------- d-----w- c:\program files\ZPaint 1.4
2010-08-07 07:50 . 2010-08-16 03:59 63488 ------w- c:\documents and settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-08-05 20:43 . 2010-08-05 20:43 52224 ------w- c:\documents and settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-30 23:58 . 2010-06-28 21:45 243840 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-08-30 19:56 . 2010-01-28 18:15 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\StumbleUpon
2010-08-30 14:34 . 2009-04-07 14:46 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-08-30 02:21 . 2009-03-30 11:33 50880 ----a-w- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-26 21:40 . 2010-01-16 14:42 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\PeoplePal
2010-08-26 21:22 . 2009-04-20 05:14 -------- d-----w- c:\documents and settings\All Users\Application Data\VistaCodecs
2010-08-25 17:38 . 2010-03-03 04:40 -------- d-----w- c:\program files\Common Files\Filseclab
2010-08-22 17:08 . 2010-02-16 20:16 -------- d-----w- c:\program files\Recuva
2010-08-21 10:01 . 2001-06-27 22:29 1134592 ----a-w- c:\windows\system32\ntbackup.exe
2010-08-20 19:36 . 2009-03-30 12:23 -------- d-----w- c:\program files\Alwil Software
2010-08-17 06:46 . 2009-03-30 15:31 -------- d-----w- c:\program files\VS Revo Group
2010-08-16 03:58 . 2009-04-05 19:18 117760 ------w- c:\documents and settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-08-16 02:13 . 2009-04-01 04:49 -------- d-----w- c:\program files\CCleaner
2010-08-14 22:27 . 2005-05-11 00:28 -------- d-----w- c:\program files\Java
2010-08-05 20:59 . 2009-04-05 19:17 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-07-27 11:56 . 2009-12-09 21:53 -------- d-----w- c:\program files\HeyDoc
2010-07-17 09:00 . 2010-04-16 22:34 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-30 12:31 . 2004-08-04 11:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22 . 2004-08-04 11:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2004-08-04 11:00 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2004-08-04 11:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2004-08-04 11:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2004-08-04 11:00 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41 . 2004-08-04 11:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-11 20:51 . 2010-06-11 20:51 3055600 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
2010-06-11 20:36 . 2010-06-11 20:36 275952 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\Mozilla\plugins\npgoogletalk.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-08-30_02.31.52 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-08-30 23:59 . 2010-08-30 23:59 16384 c:\windows\Temp\Perflib_Perfdata_fc.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-08-27 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-09 7311360]
"nwiz"="nwiz.exe" [2006-05-09 1519616]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-16 249856]
"Bart Station"="c:\program files\PeoplePC\ISP7000\BIN\PPCOLink.exe" [2008-02-25 25944]
"RTHDCPL"="RTHDCPL.EXE" [2009-02-03 18085888]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-05-09 86016]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-28 221184]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"XFILTER"="c:\program files\Filseclab\xfilter\xfilter.exe" [2006-12-23 901120]

c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2005-5-10 27136]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-10-26 04:37 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\AV-CLS\\WGET.EXE"=

R0 XPacket;Filseclab Packet Filter;c:\windows\system32\xpacket.sys [3/3/2010 12:40 AM 126224]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [3/23/2009 2:07 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [3/23/2009 2:07 PM 67656]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\14F.tmp --> c:\windows\system32\14F.tmp [?]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [6/17/2009 8:20 AM 12648]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [3/23/2009 2:07 PM 12872]
S3 StumbleUponUpdateService;StumbleUponUpdateService;c:\program files\StumbleUpon\StumbleUponUpdateService.exe [3/23/2009 11:43 PM 120168]
.
Contents of the 'Scheduled Tasks' folder

2010-08-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2204943530-153763967-1977393198-1009Core.job
- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-27 10:40]

2010-08-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2204943530-153763967-1977393198-1009UA.job
- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-27 10:40]

2010-08-24 c:\windows\Tasks\HPCeeSchedule.job
- c:\program files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2005-09-09 02:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://home.peoplepc.com/websearch
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
uInternet Settings,ProxyOverride = local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: StumbleUpon PhotoBlog It! - StumbleUponIEBar.dll/blogimage
IE: ZoomInto - c:\documents and settings\Compaq_Owner\Application Data\Zoominto\zoominto.htm
LSP: c:\program files\Filseclab\xfilter\XFILTER.DLL
TCP: {523E608B-4D4B-41B8-908D-FEA1131E7ED1} = 207.69.188.185,207.69.188.186
FF - ProfilePath - c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\
FF - prefs.js: browser.search.selectedEngine - Scroogle SSL
FF - plugin: c:\documents and settings\Compaq_Owner\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\Compaq_Owner\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll
FF - plugin: c:\program files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-30 20:00
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\14F.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2204943530-153763967-1977393198-1009\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(664)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll

- - - - - - - > 'lsass.exe'(720)
c:\program files\Filseclab\xfilter\XFILTER.DLL

- - - - - - - > 'explorer.exe'(2816)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\LSI SoftModem\agrsmsvc.exe
c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\RTHDCPL.EXE
c:\program files\PeoplePC\ISP7000\Browser\Bartshel.exe
c:\progra~1\PeoplePC\ISP7000\Browser\PPShared.exe
.
**************************************************************************
.
Completion time: 2010-08-30 20:02:56 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-31 00:02
ComboFix2.txt 2010-08-30 02:33

Pre-Run: 175,231,852,544 bytes free
Post-Run: 175,137,210,368 bytes free

- - End Of File - - 36B16C09A451C2ACDE3A66F8007AB526
 
Status
Not open for further replies.

Similar threads

A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A
L
Solved Unknown spyware/ Monitoring/ Hijacking of my devices
Replies
15
Views
3K
Broni
Broni
S
  • Locked
Inactive Am I infected?
Replies
8
Views
3K
Broni
Broni

Latest posts

Back