Solved Results of testing: locked self-protect mode of Avast Antivirus Pro

Status
Not open for further replies.
We're good :)

We just need to remove 3 dead Avast services and you should be good to go.
This time, to save you some time, you can attach both resulting logs.

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code:
    :OTL
    SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
    SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
    SRV - File not found [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
    
    :Services
    
    :Reg
    
    :Files
    
    :Commands
    [purity]
    [emptytemp]
    [emptyflash]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
 
All processes killed
========== OTL ==========
Service avast! Web Scanner stopped successfully!
Service avast! Web Scanner deleted successfully!
File C:\Program Files\Alwil Software\Avast4\ashWebSv.exe not found.
Service avast! Mail Scanner stopped successfully!
Service avast! Mail Scanner deleted successfully!
File C:\Program Files\Alwil Software\Avast5\AvastSvc.exe not found.
Service avast! Antivirus stopped successfully!
Service avast! Antivirus deleted successfully!
File C:\Program Files\Alwil Software\Avast4\ashServ.exe not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Compaq_Owner
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 460560 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 41322604 bytes
->Flash cache emptied: 615 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 65536 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 306912 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 40.00 mb


[EMPTYFLASH]

User: All Users

User: Compaq_Owner
->Flash cache emptied: 0 bytes

User: Default User

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.11.0 log created on 09012010_000300

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
 
Attach fresh OTL "Quick scan" log.
Avast should be gone by now, but I want to doublecheck.
 
part 1 OTL log

OTL logfile created on: 9/1/2010 12:22:40 AM - Run 4
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\Compaq_Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

446.00 Mb Total Physical Memory | 288.00 Mb Available Physical Memory | 65.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 1344 1800 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 178.99 Gb Total Space | 162.89 Gb Free Space | 91.00% Space Free | Partition Type: NTFS
Drive D: | 7.29 Gb Total Space | 0.34 Gb Free Space | 4.73% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-D0F670B45A
Current User Name: Compaq_Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/08/30 10:33:53 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe
PRC - [2009/04/06 00:28:13 | 000,176,472 | ---- | M] (PeoplePC) -- C:\Program Files\PeoplePC\ISP7000\Browser\BartShel.exe
PRC - [2009/03/27 22:10:56 | 000,014,336 | ---- | M] (LSI Corporation) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/25 16:36:44 | 000,086,360 | ---- | M] (PeoplePC) -- C:\Program Files\PeoplePC\ISP7000\Browser\PPShared.exe
PRC - [2006/12/23 15:29:08 | 000,901,120 | ---- | M] (Filseclab) -- C:\Program Files\Filseclab\xfilter\xfilter.exe
PRC - [2004/07/28 02:50:18 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe


========== Modules (SafeList) ==========

MOD - [2010/08/30 10:33:53 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
 
Part 2 OTL Log

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2009/03/27 22:10:56 | 000,014,336 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2009/03/23 23:43:32 | 000,120,168 | ---- | M] (stumbleupon.com) [On_Demand | Stopped] -- C:\Program Files\StumbleUpon\StumbleUponUpdateService.exe -- (StumbleUponUpdateService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Internet Explorer\SABProcEnum.sys -- (SABProcEnum)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\14F.tmp -- (MEMSWEEP2)
DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\DRIVERS\ftsata2.sys -- (ftsata2)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/08/05 16:59:47 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/23 05:35:22 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/02/23 05:35:22 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/08/13 15:07:12 | 001,163,328 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/06/17 08:20:34 | 000,012,648 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2009/02/11 12:40:40 | 005,028,352 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2006/12/23 14:01:06 | 000,126,224 | ---- | M] (Filseclab Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\xpacket.sys -- (XPacket)
DRV - [2006/05/09 15:50:00 | 003,535,680 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2006/03/03 17:31:04 | 000,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/03/03 17:31:02 | 000,034,176 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005/06/17 09:33:40 | 000,872,064 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2005/03/09 17:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/08/03 17:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.peoplepc.com/websearch
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Scroogle.com"
FF - prefs.js..browser.search.openintab: true
FF - prefs.js..browser.search.selectedEngine: "Scroogle SSL"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {152455DE-7B40-4bcf-B5B4-C68A1BE85A91}:2.6
FF - prefs.js..extensions.enabledItems: anticontainer@downthemall.net:0.7.3
FF - prefs.js..extensions.enabledItems: gmailthis@lazyrussian.com:2.2.8
FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe41}:1.0.9
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:3.3.20
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20091209.4
FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2c}:0.6.4
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.1
FF - prefs.js..extensions.enabledItems: {4aebcd37-f454-4928-9233-174a026ed367}:2.0
FF - prefs.js..extensions.enabledItems: {3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d}:0.8.19
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.63
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..keyword.URL: "http://search.imgag.com/?c=GNAMO38011&sbs=&sc=0&f=web&vernum=1.0&uid=&did={3472e18a-c2a3-495e-837a-4b2b787596fd}&appid=agtb&q="

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/27 12:23:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/26 22:52:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/03/18 12:30:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010/08/17 03:08:33 | 000,000,000 | ---D | M]
 
Part 3 OTL Log

[2009/03/30 09:27:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Extensions
[2010/08/27 12:25:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions
[2010/02/17 15:29:10 | 000,000,000 | ---D | M] (Toolbar Buttons) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\{03B08592-E5B4-45ff-A0BE-C1D975458688}
[2010/07/27 08:18:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2010/08/19 18:08:07 | 000,000,000 | ---D | M] (Flagfox) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2010/02/17 16:51:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe41}
[2010/04/27 12:23:50 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/02/17 17:59:16 | 000,000,000 | ---D | M] (Organize Status Bar) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2c}
[2010/02/17 20:35:53 | 000,000,000 | ---D | M] (PDF Download) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2010/02/17 20:35:55 | 000,000,000 | ---D | M] (Send Tab URLs) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\{4aebcd37-f454-4928-9233-174a026ed367}
[2010/08/22 06:49:57 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/08/27 12:24:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2010/08/19 18:08:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\{ca0849e8-2c76-42ae-9abe-34e14d337acf}
[2010/08/19 18:08:04 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/08/10 10:45:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2010/06/18 05:54:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2010/04/13 00:48:53 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/08/27 12:24:48 | 000,000,000 | ---D | M] (Plain Text Links) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\{ec268e28-22c6-4a6c-ac22-635cabee283c}
[2010/08/27 12:24:48 | 000,000,000 | ---D | M] (Print) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\{f199da35-0a9a-4ce9-8f59-c68524deba93}
[2010/05/26 17:41:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\bartap@philikon.de
[2010/05/22 10:25:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\bettergmail2@ginatrapani.org
[2010/08/27 12:24:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\cbell-owner@mozdev.org
[2010/05/29 14:26:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\custombuttons@xsms.org
[2010/08/27 12:24:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\elemhidehelper@adblockplus.org
[2010/08/27 12:24:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\Extended@spanglerco.com
[2010/08/27 12:24:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\gmail_sigs@blankcanvasweb.com
[2010/03/27 16:15:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\gmailthis@lazyrussian.com
[2010/02/23 01:21:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\historyTree@norman.solomon
[2010/02/17 12:46:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\nosquint@urandom.ca
[2010/08/27 05:12:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\printit@GMPOWER.com
[2010/03/30 08:01:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\realfox@extensions.moz
[2010/08/27 12:24:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\staged-xpis
[2010/02/17 17:59:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\statusbuttons@clav.mozdev.org
[2010/08/27 12:24:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\viewabout@rumblingedge.com
[2010/03/30 08:01:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\realfox@extensions.moz\chrome
[2010/03/30 08:01:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\realfox@extensions.moz\defaults
[2010/08/26 08:24:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions
[2010/02/14 11:59:12 | 000,000,000 | ---D | M] (Toolbar Buttons) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\{03B08592-E5B4-45ff-A0BE-C1D975458688}
[2010/01/31 15:51:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2010/01/16 06:32:15 | 000,000,000 | ---D | M] (Flagfox) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2009/11/07 12:50:56 | 000,000,000 | ---D | M] (Session Manager) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}(2)
[2009/05/18 15:07:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe41}
[2009/11/27 18:47:18 | 000,000,000 | ---D | M] (Domain Details) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\{152455DE-7B40-4bcf-B5B4-C68A1BE85A91}
[2009/11/07 12:50:55 | 000,000,000 | ---D | M] (TV-Fox) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\{2f17f610-5e97-4fed-828f-9940b7b577a4}(2)
[2009/11/19 08:47:11 | 000,000,000 | ---D | M] (Organize Status Bar) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2c}
[2010/02/10 04:52:13 | 000,000,000 | ---D | M] (Stay-Open Menu) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\{3541c267-2580-4144-854e-2e05c8670121}
[2009/12/14 15:44:39 | 000,000,000 | ---D | M] (PDF Download) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2009/12/12 14:08:00 | 000,000,000 | ---D | M] (ShowIP) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\{3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d}
[2009/04/08 07:32:32 | 000,000,000 | ---D | M] (Send Tab URLs) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\{4aebcd37-f454-4928-9233-174a026ed367}
[2009/11/07 12:50:34 | 000,000,000 | ---D | M] (LiveTV_ Toolbar) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\{59385f95-c52f-4a84-b674-4a4206b17218}(2)
[2010/01/31 15:51:05 | 000,000,000 | ---D | M] (History Submenus) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\{7102aba3-045c-4ec2-b921-46d87636d84b}
[2010/02/14 13:07:33 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009/04/09 16:16:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\{A8208118-F761-47E2-A01F-4FB22AE08B5E}
[2010/02/14 13:07:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2009/08/18 09:56:51 | 000,000,000 | ---D | M] (Reload Tab On Double-Click) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\{aede9b05-c23c-479b-a90e-9146ed62d377}
[2009/10/20 20:18:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\{ca0849e8-2c76-42ae-9abe-34e14d337acf}
[2010/01/07 19:40:02 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/02/14 11:00:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\{D9A7CBEC-DE1A-444f-A092-844461596C4D}
[2009/12/23 10:23:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2009/12/09 17:32:10 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/12/09 17:32:13 | 000,000,000 | ---D | M] (Open link in...) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\{ff81e780-5cc0-11d9-9669-0800200c9a66}
[2010/02/14 11:39:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\99b796593689dde381ea87a085341ec2@button.codefisher.org
[2010/02/14 13:05:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\anticontainer@downthemall.net
[2009/07/09 06:26:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\elemhidehelper@adblockplus.org
[2010/02/13 00:18:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\gmail_sigs@blankcanvasweb.com
[2009/12/03 10:10:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\gmailthis@lazyrussian.com
[2010/02/10 04:52:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\guiconfig@slosd.net
[2009/11/07 12:50:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\knowmoreextension@knowmore.org
[2009/11/07 12:50:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\lazarus@interclue(2).com
[2009/04/09 16:16:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\speedtest@gotomyhelp.com
[2010/02/14 11:00:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\statusbuttons@clav.mozdev.org
[2009/07/14 14:34:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\extensions\whatsmyip@adrian
[2010/08/26 08:34:19 | 000,002,343 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\searchplugins\amazon-jp.xml
[2010/08/26 08:34:19 | 000,002,345 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\searchplugins\amazon-us---books.xml
[2010/08/26 08:34:17 | 000,001,529 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\searchplugins\amazoncom---healthpersonal-care.xml
[2010/08/26 08:34:18 | 000,004,121 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\searchplugins\baidu-.xml
[2010/08/26 08:34:18 | 000,002,098 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\searchplugins\bing---shopping.xml
[2009/03/25 09:11:04 | 000,000,876 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\searchplugins\conduit.xml
[2010/08/26 08:34:18 | 000,001,137 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\searchplugins\dictionarycom.xml
[2010/02/09 23:48:51 | 000,005,511 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\searchplugins\food-network---recipes.xml
[2010/08/26 08:34:18 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\searchplugins\geotool.xml
[2010/08/26 08:34:18 | 000,001,941 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\searchplugins\goodsearch.xml
[2010/08/26 08:34:19 | 000,001,901 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\searchplugins\grouprecipes.xml
[2010/08/26 08:34:19 | 000,002,322 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\searchplugins\joyo-amazon.xml
[2009/07/12 12:21:41 | 000,001,961 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\searchplugins\myiptest---blacklist-ip-check.xml
[2009/07/12 12:15:40 | 000,001,938 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\searchplugins\myiptest---ip-lookup.xml
[2009/07/12 12:21:51 | 000,001,945 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\searchplugins\myiptest---reverse-dns-lookup.xml
[2010/08/26 08:34:19 | 000,001,241 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\searchplugins\scroogle-ssl-english.xml
[2010/08/26 08:34:19 | 000,001,223 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\searchplugins\scroogle-ssl.xml
[2010/08/26 08:34:18 | 000,001,189 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\searchplugins\scroogle.xml
[2010/08/26 08:34:19 | 000,001,084 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\searchplugins\thesauruscom.xml
[2010/08/26 08:34:19 | 000,002,328 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\searchplugins\urban-dictionary.xml
[2009/10/29 05:04:57 | 000,001,846 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\searchplugins\web---nibbo.xml
[2010/08/26 08:34:19 | 000,001,326 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\searchplugins\wikipedia-en---go.xml
[2010/08/26 08:34:19 | 000,002,087 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qdhrshbr.default\searchplugins\youtube.xml
[2010/08/27 12:25:35 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/14 18:27:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2008/06/18 02:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[1999/12/31 17:00:00 | 000,166,168 | ---- | M] (Tracker Software Products Ltd.) -- C:\Program Files\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll
 
Part 4 OTL Log

O1 HOSTS File: ([2010/08/31 21:44:15 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (StumbleUpon Launcher) - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll (stumbleupon.com)
O2 - BHO: (ZoomInto) - {2F3D6D62-FAB0-401A-90B6-1B20C2D4448D} - C:\Program Files\Zoominto Solutions\ZoomInto 13.1.1\ZoomInto.dll (ZoomInto Solutions)
O2 - BHO: (Accelerator Plugin) - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\Program Files\PeoplePC Accelerated\prpl_IePopupBlocker.dll (Propel Software Corporation)
O3 - HKLM\..\Toolbar: (StumbleUpon Toolbar) - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll (stumbleupon.com)
O4 - HKLM..\Run: [Bart Station] C:\Program Files\PeoplePC\ISP7000\BIN\PPCOLink.exe (PeoplePC)
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [XFILTER] C:\Program Files\Filseclab\xfilter\xfilter.exe (Filseclab)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: ZoomInto - C:\Documents and Settings\Compaq_Owner\Application Data\Zoominto\zoominto.htm ()
O9 - Extra Button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Filseclab\xfilter\XFILTER.DLL (Filseclab Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Filseclab\xfilter\XFILTER.DLL (Filseclab Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Filseclab\xfilter\XFILTER.DLL (Filseclab Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Filseclab\xfilter\XFILTER.DLL (Filseclab Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Filseclab\xfilter\XFILTER.DLL (Filseclab Corporation)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1238518495328 (MUWebControl Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadblocker.com/activex/sabspx.cab (SABScanProcesses Class)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/12/05 02:50:26 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 15:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========
 
Part 5 OTL Log

========== Files/Folders - Created Within 90 Days ==========

[2010/09/01 00:03:03 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/08/31 21:38:00 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/08/31 17:47:43 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Compaq_Owner\Recent
[2010/08/30 21:34:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2010/08/30 13:34:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Desktop\TOOLS
[2010/08/30 12:59:29 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/08/30 10:33:50 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe
[2010/08/29 22:25:40 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/08/29 22:23:15 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/08/29 22:23:15 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/08/29 22:23:15 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/08/29 22:23:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/08/29 22:21:15 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/08/28 00:28:47 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2010/08/27 15:14:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\Malwarebytes
[2010/08/27 15:13:57 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/08/27 15:13:55 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/08/27 15:13:55 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/08/27 06:41:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Temp
[2010/08/27 06:40:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google
[2010/08/26 16:52:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\My Documents\info ff
[2010/08/26 16:39:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\My Documents\bios
[2010/08/26 09:09:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\My Documents\MSDN
[2010/08/22 13:35:58 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2010/08/21 04:01:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Help
[2010/08/21 04:01:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\Help
[2010/08/20 14:53:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Desktop\backups
[2010/08/20 14:39:04 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/08/20 14:35:48 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Compaq_Owner\Desktop\HijackThis.exe
[2010/08/20 08:53:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\My Documents\MY PAPER ON HEALTH
[2010/08/16 13:37:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\VSRevoGroup
[2010/08/16 00:20:45 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2010/08/15 22:16:58 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy
[2010/08/14 18:28:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/08/14 17:00:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Chromium
[2010/08/14 17:00:40 | 000,000,000 | ---D | C] -- C:\Program Files\SRWare Iron
[2010/08/14 05:55:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\My Documents\MERCOLA
[2010/08/13 13:28:18 | 000,000,000 | ---D | C] -- C:\AV-CLS
[2010/08/12 20:25:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\BDOSCAN8
[2010/08/11 13:48:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\My Documents\NormL
[2010/08/10 03:21:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\DiskSpaceFan
[2010/08/10 03:20:49 | 000,000,000 | ---D | C] -- C:\Program Files\DiskSpaceFan
[2010/08/10 03:05:07 | 000,000,000 | ---D | C] -- C:\Program Files\ZPaint 1.4
[2010/07/29 10:13:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Citrix
[2010/07/03 11:20:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\My Documents\CHS 50
[2010/06/20 15:27:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Tracker Software
[2010/06/20 15:23:56 | 000,000,000 | ---D | C] -- C:\Program Files\Tracker Software
[2010/06/19 07:48:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\My Documents\CHS PHOTOS

========== Files - Modified Within 90 Days ==========

[2010/09/01 00:16:37 | 000,000,249 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2010/09/01 00:06:15 | 000,043,531 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/09/01 00:04:21 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/01 00:04:17 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/01 00:03:13 | 007,340,032 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\ntuser.dat
[2010/09/01 00:03:13 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Compaq_Owner\ntuser.ini
[2010/08/31 23:46:14 | 000,001,006 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2204943530-153763967-1977393198-1009UA.job
[2010/08/31 21:44:26 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/08/31 21:44:15 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/08/31 21:34:24 | 003,829,857 | R--- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\ComboFix.exe
[2010/08/31 06:46:00 | 000,000,954 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2204943530-153763967-1977393198-1009Core.job
[2010/08/30 13:42:10 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\dds.scr
[2010/08/30 10:33:53 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe
[2010/08/29 22:25:45 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/08/29 22:21:56 | 000,050,880 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/08/27 15:14:00 | 000,000,704 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/26 22:52:16 | 000,001,628 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/08/26 22:52:16 | 000,001,610 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/08/26 09:09:46 | 000,000,811 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Shortcut to DropMyRights.exe.lnk
[2010/08/26 08:17:19 | 017,868,108 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Firefox 3.6.8 (en-US) - 2010-08-26.pcv
[2010/08/26 08:15:42 | 016,461,798 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Thunderbird 2.0.0.24 (en-US) - 2010-08-26.pcv
[2010/08/25 16:11:52 | 000,000,937 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Revo Uninstaller.lnk
[2010/08/24 23:17:54 | 000,209,696 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/24 22:00:05 | 000,002,624 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\leukemia.rtf
[2010/08/24 00:07:14 | 000,000,320 | ---- | M] () -- C:\WINDOWS\tasks\HPCeeSchedule.job
[2010/08/22 13:09:00 | 000,001,520 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Recuva.lnk
[2010/08/21 12:10:31 | 000,000,646 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Shortcut to ntbackup.exe.lnk
[2010/08/21 06:07:39 | 2740,777,984 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Backup8-20.bkf
[2010/08/20 14:35:50 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Compaq_Owner\Desktop\HijackThis.exe
[2010/08/20 14:16:02 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\housecall.guid.cache
[2010/08/17 03:08:29 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\PDF-Viewer.lnk
[2010/08/17 02:23:41 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/08/16 11:39:10 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.new
[2010/08/16 00:35:07 | 000,000,759 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Shortcut to sar_15_sfx.exe.lnk
[2010/08/15 23:40:46 | 000,000,720 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Filseclab Personal Firewall.lnk
[2010/08/15 22:17:02 | 000,000,662 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Speccy.lnk
[2010/08/15 22:13:40 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\CCleaner.lnk
[2010/08/14 17:37:24 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2010/08/14 17:01:03 | 000,000,647 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\SRWare Iron.lnk
[2010/08/14 17:01:02 | 000,000,669 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SRWare Iron.lnk
[2010/08/12 19:30:12 | 000,503,854 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/12 19:30:12 | 000,442,796 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/12 19:30:12 | 000,071,936 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/12 18:17:33 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\config.bak
[2010/08/11 21:59:47 | 000,002,568 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\victorFrankl.abw
[2010/08/11 09:28:33 | 000,000,281 | ---- | M] () -- C:\Boot.bak
[2010/08/10 15:11:32 | 000,000,905 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Shortcut to filavut.exe.lnk
[2010/08/10 03:20:49 | 000,000,627 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Disk Space Fan.lnk
[2010/08/08 21:49:52 | 000,040,989 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\cancer cure-budwig.rtf
[2010/08/07 21:48:55 | 000,006,026 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Statins Damage.rtf
[2010/08/07 18:10:22 | 000,030,753 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\glass housecholesterolMeds.rtf
[2010/08/07 17:54:05 | 000,017,606 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\lowerCholesterol.rtf
[2010/08/07 17:52:05 | 000,008,942 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\RainbowBridge.rtf
[2010/08/07 17:12:17 | 000,024,395 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\adr fatiguet.rtf
[2010/08/07 17:02:05 | 000,023,880 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\ADRENAL FATIGUE.rtf
[2010/08/07 16:59:08 | 000,023,865 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\.gsf-save-PI5YGV
[2010/08/07 15:03:04 | 000,030,512 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\pravastatin.abw
[2010/08/07 13:29:28 | 000,022,864 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\pravastatin.rtf
[2010/08/05 07:36:11 | 000,000,958 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\hypotension.rtf
[2010/07/29 15:01:07 | 000,000,307 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\jeffersonQuote.rtf
[2010/07/13 15:24:14 | 000,010,733 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\stone symbology.rtf
[2010/07/13 15:23:00 | 000,018,713 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\colorSymbology.rtf
[2010/07/13 15:18:46 | 000,023,054 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\IncaSymbols.rtf
[2010/07/13 15:09:42 | 000,034,237 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\animalTotems.rtf
[2010/07/12 06:41:49 | 000,037,932 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\symbols&totems.rtf
[2010/07/09 09:47:08 | 000,277,041 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Carolyn364.pdf
[2010/07/04 14:50:18 | 000,276,687 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\zales_ringsizer.pdf
[2010/07/03 11:13:30 | 000,034,825 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\susans photo_n.jpg
[2010/06/28 12:42:43 | 000,017,591 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\rings.jpeg
[2010/06/23 12:26:42 | 000,002,356 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\jaxson quite.rtf
[2010/06/21 22:55:58 | 000,058,115 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Tibetan Dzi Bead.rtf
[2010/06/21 07:04:30 | 000,105,804 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Dzi Bead Meanings.rtf
[2010/06/19 07:45:42 | 000,054,717 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\chs 1.jpg
[2010/06/17 15:17:02 | 000,002,604 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\dharma..rtf
[2010/06/17 00:19:23 | 000,003,234 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\georgie4.jpg
[2010/06/17 00:02:09 | 000,069,894 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\wow3.jpg
[2010/06/16 23:26:33 | 000,069,894 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\wow.jpg
[2010/06/16 23:09:40 | 000,103,136 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\the-gray-parrot-84.jpg
[2010/06/16 22:44:50 | 000,120,847 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\georgie2.jpg
[2010/06/05 10:46:23 | 000,006,493 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Georoutine.rtf
 
Part 6 OTL Log

========== Files Created - No Company Name ==========

[2010/08/29 22:23:15 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/08/29 22:23:15 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/08/29 22:23:15 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/08/29 22:23:15 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/08/29 22:23:15 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/08/29 22:04:00 | 003,829,857 | R--- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\ComboFix.exe
[2010/08/27 21:38:54 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\dds.scr
[2010/08/27 15:14:00 | 000,000,704 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/27 06:41:47 | 000,001,006 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2204943530-153763967-1977393198-1009UA.job
[2010/08/27 06:41:45 | 000,000,954 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2204943530-153763967-1977393198-1009Core.job
[2010/08/26 22:52:16 | 000,001,628 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/08/26 22:52:16 | 000,001,610 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/08/26 09:09:46 | 000,000,811 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Shortcut to DropMyRights.exe.lnk
[2010/08/26 08:17:01 | 017,868,108 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Firefox 3.6.8 (en-US) - 2010-08-26.pcv
[2010/08/26 08:15:27 | 016,461,798 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Thunderbird 2.0.0.24 (en-US) - 2010-08-26.pcv
[2010/08/25 16:11:52 | 000,000,937 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Revo Uninstaller.lnk
[2010/08/24 22:00:05 | 000,002,624 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\leukemia.rtf
[2010/08/22 13:08:59 | 000,001,520 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Recuva.lnk
[2010/08/21 12:10:31 | 000,000,646 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Shortcut to ntbackup.exe.lnk
[2010/08/21 06:02:17 | 2740,777,984 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Backup8-20.bkf
[2010/08/20 14:16:02 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\housecall.guid.cache
[2010/08/16 00:35:07 | 000,000,759 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Shortcut to sar_15_sfx.exe.lnk
[2010/08/15 23:43:09 | 000,002,626 | ---- | C] () -- C:\WINDOWS\System32\config.bak
[2010/08/15 23:43:09 | 000,002,577 | ---- | C] () -- C:\WINDOWS\config.nt
[2010/08/15 23:43:09 | 000,001,688 | ---- | C] () -- C:\WINDOWS\autoexec.nt
[2010/08/15 23:43:09 | 000,001,688 | ---- | C] () -- C:\WINDOWS\System32\autoexec.bak
[2010/08/15 22:17:02 | 000,000,662 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Speccy.lnk
[2010/08/14 17:01:03 | 000,000,647 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\SRWare Iron.lnk
[2010/08/14 17:01:02 | 000,000,669 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SRWare Iron.lnk
[2010/08/11 21:59:46 | 000,002,568 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\victorFrankl.abw
[2010/08/10 15:11:32 | 000,000,905 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Shortcut to filavut.exe.lnk
[2010/08/10 03:20:49 | 000,000,627 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Disk Space Fan.lnk
[2010/08/08 21:49:45 | 000,040,989 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\cancer cure-budwig.rtf
[2010/08/07 20:36:48 | 000,006,026 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Statins Damage.rtf
[2010/08/07 18:10:22 | 000,030,753 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\glass housecholesterolMeds.rtf
[2010/08/07 17:54:05 | 000,017,606 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\lowerCholesterol.rtf
[2010/08/07 17:52:04 | 000,008,942 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\RainbowBridge.rtf
[2010/08/07 17:09:05 | 000,024,395 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\adr fatiguet.rtf
[2010/08/07 17:02:05 | 000,023,880 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\ADRENAL FATIGUE.rtf
[2010/08/07 16:59:08 | 000,023,865 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\.gsf-save-PI5YGV
[2010/08/07 15:03:04 | 000,030,512 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\pravastatin.abw
[2010/08/07 13:29:28 | 000,022,864 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\pravastatin.rtf
[2010/08/05 07:36:11 | 000,000,958 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\hypotension.rtf
[2010/07/29 15:01:06 | 000,000,307 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\jeffersonQuote.rtf
[2010/07/13 15:24:14 | 000,010,733 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\stone symbology.rtf
[2010/07/13 15:23:00 | 000,018,713 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\colorSymbology.rtf
[2010/07/13 15:18:46 | 000,023,054 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\IncaSymbols.rtf
[2010/07/13 15:09:41 | 000,034,237 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\animalTotems.rtf
[2010/07/12 06:41:49 | 000,037,932 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\symbols&totems.rtf
[2010/07/09 09:47:08 | 000,277,041 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Carolyn364.pdf
[2010/07/04 14:50:18 | 000,276,687 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\zales_ringsizer.pdf
[2010/07/03 11:13:24 | 000,034,825 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\susans photo_n.jpg
[2010/06/28 17:45:34 | 000,243,840 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/06/28 12:42:32 | 000,017,591 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\rings.jpeg
[2010/06/23 12:26:41 | 000,002,356 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\jaxson quite.rtf
[2010/06/21 22:55:56 | 000,058,115 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Tibetan Dzi Bead.rtf
[2010/06/21 07:04:30 | 000,105,804 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Dzi Bead Meanings.rtf
[2010/06/20 15:24:09 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\PDF-Viewer.lnk
[2010/06/19 07:45:37 | 000,054,717 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\chs 1.jpg
[2010/06/17 15:17:02 | 000,002,604 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\dharma..rtf
[2010/06/17 00:19:18 | 000,003,234 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\georgie4.jpg
[2010/06/17 00:02:08 | 000,069,894 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\wow3.jpg
[2010/06/16 23:26:32 | 000,069,894 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\wow.jpg
[2010/06/16 23:09:39 | 000,103,136 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\the-gray-parrot-84.jpg
[2010/06/16 22:44:47 | 000,120,847 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\georgie2.jpg
[2010/06/05 10:46:23 | 000,006,493 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Georoutine.rtf
[2009/04/30 05:56:12 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/12 21:37:27 | 000,372,736 | ---- | C] () -- C:\WINDOWS\System32\hpzidi01.dll
[2009/04/12 21:37:26 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2009/04/06 03:18:46 | 000,084,480 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/04/05 20:37:12 | 000,000,395 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\settings.ini
[2009/03/30 07:16:40 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\fusioncache.dat
[2009/01/05 15:44:10 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2008/12/07 14:08:06 | 000,795,648 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/12/07 14:08:04 | 000,130,048 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/09/12 16:21:02 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2007/09/04 12:56:10 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2007/02/28 15:02:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2007/02/05 21:05:26 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2005/05/10 21:29:00 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/05/10 21:06:59 | 000,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2005/05/10 21:01:53 | 000,012,993 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2005/05/10 21:01:48 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2005/05/10 20:59:47 | 000,000,031 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2005/05/10 20:58:39 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/05/10 20:48:04 | 000,000,151 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2005/05/10 20:46:40 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2005/05/10 20:42:24 | 000,002,248 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2005/05/10 20:41:21 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/05/10 20:38:35 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2005/05/10 20:38:35 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2005/05/10 20:38:35 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2005/05/10 20:38:34 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2005/05/10 20:38:34 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2005/05/10 20:38:34 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2005/05/10 20:38:33 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2005/05/10 20:25:05 | 000,000,045 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/05/10 20:22:16 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2005/05/10 20:22:16 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2005/05/10 20:21:57 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2004/06/15 17:38:00 | 000,000,592 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
 
Part 7 OTL Log

========== LOP Check ==========

[2010/01/13 13:36:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AGI
[2010/06/20 15:27:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tracker Software
[2010/08/26 17:22:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VistaCodecs
[2010/08/10 03:48:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\DiskSpaceFan
[2010/01/28 05:47:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\enchant
[2009/07/15 08:55:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Netscape
[2010/08/26 17:40:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\PeoplePal
[2010/08/30 21:46:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\StumbleUpon
[2009/04/07 10:47:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Thunderbird
[2010/08/16 13:37:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\VSRevoGroup
[2009/03/30 19:25:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\WinBatch
[2010/01/28 14:14:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Zoominto

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Compaq_Owner\Desktop\dds.scr:SummaryInformation
< End of report >
 
Avira scan log

1st scan by Avira-have to change the settings now.

It installed perfectly, no delays, interruptions, hangs at all. Last time was brutal. This time fine.
Should I set it on the highest protection?
I had to change my firewall to 'medium' - on Highest it was driving me nuts with the pop-ups. That is nice when you want to see what is going on tho.


Avira AntiVir Premium
Report file date: Wednesday, September 01, 2010 08:36

Scanning for 2770474 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Sandra E Gresham
Serial number : 2206043170-PEPWE-0001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : Compaq_Owner
Computer name : YOUR-D0F670B45A

Version information:
BUILD.DAT : 10.0.0.603 36207 Bytes 4/19/2010 15:03:00
AVSCAN.EXE : 10.0.3.0 433832 Bytes 9/1/2010 12:26:28
AVSCAN.DLL : 10.0.3.0 46440 Bytes 9/1/2010 12:26:27
LUKE.DLL : 10.0.2.3 104296 Bytes 9/1/2010 12:27:40
LUKERES.DLL : 10.0.0.1 12648 Bytes 9/1/2010 12:27:41
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 12:22:51
VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 12:23:03
VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 12:23:26
VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 12:23:33
VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 12:23:46
VBASE005.VDF : 7.10.6.82 2494464 Bytes 4/15/2010 12:24:06
VBASE006.VDF : 7.10.7.218 2294784 Bytes 6/2/2010 12:24:24
VBASE007.VDF : 7.10.9.165 4840960 Bytes 7/23/2010 12:25:00
VBASE008.VDF : 7.10.9.166 2048 Bytes 7/23/2010 12:25:00
VBASE009.VDF : 7.10.9.167 2048 Bytes 7/23/2010 12:25:01
VBASE010.VDF : 7.10.9.168 2048 Bytes 7/23/2010 12:25:01
VBASE011.VDF : 7.10.9.169 2048 Bytes 7/23/2010 12:25:01
VBASE012.VDF : 7.10.9.170 2048 Bytes 7/23/2010 12:25:01
VBASE013.VDF : 7.10.9.198 157696 Bytes 7/26/2010 12:25:02
VBASE014.VDF : 7.10.9.255 997888 Bytes 7/29/2010 12:25:11
VBASE015.VDF : 7.10.10.28 139264 Bytes 8/2/2010 12:25:12
VBASE016.VDF : 7.10.10.52 127488 Bytes 8/3/2010 12:25:15
VBASE017.VDF : 7.10.10.84 137728 Bytes 8/6/2010 12:25:16
VBASE018.VDF : 7.10.10.107 176640 Bytes 8/9/2010 12:25:18
VBASE019.VDF : 7.10.10.130 132608 Bytes 8/10/2010 12:25:19
VBASE020.VDF : 7.10.10.158 131072 Bytes 8/12/2010 12:25:20
VBASE021.VDF : 7.10.10.190 136704 Bytes 8/16/2010 12:25:22
VBASE022.VDF : 7.10.10.217 118272 Bytes 8/19/2010 12:25:23
VBASE023.VDF : 7.10.10.246 130048 Bytes 8/23/2010 12:25:24
VBASE024.VDF : 7.10.11.11 144896 Bytes 8/25/2010 12:25:25
VBASE025.VDF : 7.10.11.33 135168 Bytes 8/27/2010 12:25:26
VBASE026.VDF : 7.10.11.52 148992 Bytes 8/31/2010 12:25:28
VBASE027.VDF : 7.10.11.53 2048 Bytes 8/31/2010 12:25:28
VBASE028.VDF : 7.10.11.54 2048 Bytes 8/31/2010 12:25:28
VBASE029.VDF : 7.10.11.55 2048 Bytes 8/31/2010 12:25:28
VBASE030.VDF : 7.10.11.56 2048 Bytes 8/31/2010 12:25:28
VBASE031.VDF : 7.10.11.66 75264 Bytes 9/1/2010 12:25:29
Engineversion : 8.2.4.46
AEVDF.DLL : 8.1.2.1 106868 Bytes 9/1/2010 12:25:59
AESCRIPT.DLL : 8.1.3.44 1364346 Bytes 9/1/2010 12:25:59
AESCN.DLL : 8.1.6.1 127347 Bytes 9/1/2010 12:25:54
AESBX.DLL : 8.1.3.1 254324 Bytes 9/1/2010 12:26:00
AERDL.DLL : 8.1.8.2 614772 Bytes 9/1/2010 12:25:53
AEPACK.DLL : 8.2.3.5 471412 Bytes 9/1/2010 12:25:51
AEOFFICE.DLL : 8.1.1.8 201081 Bytes 9/1/2010 12:25:49
AEHEUR.DLL : 8.1.2.19 2867574 Bytes 9/1/2010 12:25:48
AEHELP.DLL : 8.1.13.3 242038 Bytes 9/1/2010 12:25:39
AEGEN.DLL : 8.1.3.20 397684 Bytes 9/1/2010 12:25:38
AEEMU.DLL : 8.1.2.0 393588 Bytes 9/1/2010 12:25:36
AECORE.DLL : 8.1.16.2 192887 Bytes 9/1/2010 12:25:35
AEBB.DLL : 8.1.1.0 53618 Bytes 9/1/2010 12:25:32
AVWINLL.DLL : 10.0.0.0 19304 Bytes 9/1/2010 12:19:53
AVPREF.DLL : 10.0.0.0 44904 Bytes 9/1/2010 12:26:26
AVREP.DLL : 10.0.0.8 62209 Bytes 9/1/2010 12:28:53
AVREG.DLL : 10.0.3.0 53096 Bytes 9/1/2010 12:28:53
AVSCPLR.DLL : 10.0.3.0 83816 Bytes 9/1/2010 12:28:54
AVARKT.DLL : 10.0.0.14 227176 Bytes 9/1/2010 12:26:05
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 9/1/2010 12:26:12
SQLITE3.DLL : 3.6.19.0 355688 Bytes 9/1/2010 12:27:56
AVSMTP.DLL : 10.0.0.17 63848 Bytes 9/1/2010 12:26:33
NETNT.DLL : 10.0.0.0 11624 Bytes 9/1/2010 12:27:42
RCIMAGE.DLL : 10.0.0.32 2631528 Bytes 9/1/2010 12:20:02
RCTEXT.DLL : 10.0.53.0 97128 Bytes 9/1/2010 12:20:03

Configuration settings for the scan:
Jobname.............................: Short system scan after installation
Configuration file..................: c:\program files\avira\antivir desktop\setupprf.dat
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: Intelligent file selection
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: Wednesday, September 01, 2010 08:36

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avconfig.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avmailc.exe' - '1' Module(s) have been scanned
Scan process 'AVWEBGRD.EXE' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avshadow.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'setup.exe' - '1' Module(s) have been scanned
Scan process 'presetup.exe' - '1' Module(s) have been scanned
Scan process 'avwebloader.exe' - '1' Module(s) have been scanned
Scan process 'avira_antivir_premium(2).exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'issch.exe' - '1' Module(s) have been scanned
Scan process 'hpsysdrv.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'PPShared.exe' - '1' Module(s) have been scanned
Scan process 'Bartshel.exe' - '1' Module(s) have been scanned
Scan process 'xfilter.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'RTHDCPL.EXE' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'MDM.EXE' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'PresentationFontCache.exe' - '1' Module(s) have been scanned
Scan process 'aspnet_state.exe' - '1' Module(s) have been scanned
Scan process 'agrsmsvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Master boot sector HD2
[INFO] No virus was found!
Master boot sector HD3
[INFO] No virus was found!
Master boot sector HD4
[INFO] No virus was found!

Start scanning boot sectors:

Starting to scan executable files (registry).
The registry was scanned ( '417' files ).



End of the scan: Wednesday, September 01, 2010 08:37
Used time: 00:43 Minute(s)

The scan has been done completely.

0 Scanned directories
480 Files were scanned
0 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
480 Files not concerned
1 Archives were scanned
0 Warnings
0 Notes
 
Broni,
I ran a complete scan w/reports, of both drives.

Avira found 8 warnings, 1 vir detection, & 1 hidden object, and wants to move some files to Quarantine for deletion.

Warnings:
[WARNING] Unknown parameter!
[WARNING] System error [0]: The operation completed successfully.
[WARNING] Unknown parameter!
C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\parent.lock
[WARNING] The file could not be opened!
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\CardSpace\CardSpaceSP2.db
[WARNING] The file could not be opened!
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\CardSpace\CardSpaceSP2.db.shadow
[WARNING] The file could not be opened!
C:\WINDOWS\system32\CatRoot2\edb.log
[WARNING] The file could not be opened!
C:\WINDOWS\system32\CatRoot2\tmp.edb
[WARNING] The file could not be opened!
C:\WINDOWS\Temp\Perflib_Perfdata_778.dat
[WARNING] The file could not be opened!

Detections:

system Vol Info - restore - TR Trash Gen

system Vol Info - restore RKIT

system Vol Info -restore - TR Trash Gen

C:\Qoobox\Quarantine\C:|WINDOWS\System32\Drivers RKIT

" " " " " " TR Trash Gen

" " " RKIT

" TR Trash Gen

Are these not already quarantined?

Do I do anything with Avira?

Please advise.

Thank you,
S
 
Good news :)

Should I set it on the highest protection?
No.
I had to change my firewall to 'medium' - on Highest it was driving me nuts with the pop-ups.
"Medium" is perfectly fine.

Are these not already quarantined?
Yes. We'll empty everything in our last step.

Last scans.....

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


2. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


3. Go to Kaspersky website and perform an online antivirus scan.

  • Disable your active antivirus program.
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
    • Archives
    • Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.
 
Security Check Log

Results of screen317's Security Check version 0.99.5
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
Avira AntiVir Premium
Filseclab Personal Firewall
Avira successfully updated!
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
CCleaner
Java(TM) 6 Update 21
Adobe Flash Player 10.1.82.76
Mozilla Firefox (3.5.11) Firefox Out of Date!
Mozilla Thunderbird (2.0.0) Thunderbird Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Avira Antivir avgnt.exe
Avira Antivir avguard.exe
````````````````````````````````
DNS Vulnerability Check:

GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````
 
Firefox 3.5.11 is intentionally out of date due to "Plug-in-doc container" problem.
Maybe problem was malware-related..will try newest ver later.
s
 
Kapersky came up clean, but took notice of Avira [installed but not running] and would not scan for viruses.

I had to disable my firewall, or it kept pausing the download...I had to start over 4 times until I got it right.
 
I'm not familiar with Filseclab Personal Firewall, so I can't help you here.
It may be some setting, or some conflict between it and Avira.
If you won't find correct setting, you may want to uninstall it and turn Windows firewall on.

In any case.....


Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point.

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code:
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

12. Please, let me know, how is your computer doing.
 
All processes killed
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Compaq_Owner
->Temp folder emptied: 108782120 bytes
->Temporary Internet Files folder emptied: 2847121 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 456 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 306912 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 107.00 mb


[EMPTYFLASH]

User: All Users

User: Compaq_Owner
->Flash cache emptied: 0 bytes

User: Default User

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb

Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.11.0 log created on 09012010_232317

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\~DF9B45.tmp not found!
File\Folder C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\~DF9B5F.tmp not found!
File\Folder C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\~DF9C60.tmp not found!
File\Folder C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\~DF9C9E.tmp not found!
File\Folder C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\~DF9DCD.tmp not found!
File\Folder C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\~DF9DF0.tmp not found!
File\Folder C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\Z4HL7G0S\sh21[1].html not found!
File\Folder C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\Z4HL7G0S\topic152475-5[1].html not found!
File\Folder C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\H5PAZTZS\ads[1].htm not found!
File\Folder C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\H5PAZTZS\ads[2].htm not found!
File\Folder C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\146ZX1EY\ads[1].htm not found!

Registry entries deleted on Reboot...
 
B roni,

I deleted some log files and those tools that were left, and found a "Backup Folder" on my Desktop.

They must be the ones that are prompted for when using CCleaner - Regisrty I assusume.

Do I delete these as well and start over?

Also I better make a new restore pont now

I will change all passwords tonight.

WOT - I just read somewhere that Web of Trust is no longer being updated. Is this true?

I am indebted to you for this..I was about to throw this machine out the window!

I get paid on Friday, and will gladly make a donation. It hardly covers what you did for me.

I will keep in touch about how my DOF is doing.

Many thanx again for all you did for me. I appreciate this greatly.
Sandra
 
You're very welcome :)
I'm glad to see you happy :)

They must be the ones that are prompted for when using CCleaner - Regisrty I assusume.
Can you post a name of one of the files?

WOT - I just read somewhere that Web of Trust is no longer being updated. Is this true?
I don't know anything about it.

Good luck :)
 
Status
Not open for further replies.
Back