Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows XP Recovery


  • This topic is locked This topic is locked
22 replies to this topic

#16 rsnyder316

rsnyder316
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:51 AM

Posted 17 June 2011 - 07:28 PM

SweetTech, I downloaded the Norton Removal Tool for 2004-2005 versions, since this system dates from 2005. It executes with a half-second startup window, then shows 2-3 seconds of hourglass, then nothing. SymNRT.exe process is running but not doing any I/O. I rebooted and tried again with the same result. I really don't think there's anything for it to remove.

BC AdBot (Login to Remove)

 


#17 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:02:51 AM

Posted 17 June 2011 - 07:37 PM

You have some leftovers of it in your logs.

Remove this program via Add/Remove Programs: LiveUpdate 3.0

Run a new scan with OTL and I'll manually remove the leftover Norton files.

OTL Custom Scan

We need to run an OTL Custom Scan
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.


    netsvcs
    drivers32
    hklm\software\clients\startmenuinternet|command /rs
    %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Push the Posted Image button.
  • A report will open. Copy and Paste that report in your next reply.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#18 rsnyder316

rsnyder316
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:51 AM

Posted 17 June 2011 - 08:06 PM

LiveUpdate is now removed. Here's the OTL scan:

OTL logfile created on: 6/17/2011 7:43:02 PM - Run 3
OTL by OldTimer - Version 3.2.24.0 Folder = F:\
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.34 Gb Available Physical Memory | 67.21% Memory free
2.60 Gb Paging File | 2.14 Gb Available in Paging File | 82.28% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.35 Gb Total Space | 30.08 Gb Free Space | 42.16% Space Free | Partition Type: NTFS
Drive D: | 203.81 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 9.43 Gb Total Space | 3.16 Gb Free Space | 33.51% Space Free | Partition Type: FAT32
Drive F: | 1.97 Gb Total Space | 1.82 Gb Free Space | 92.28% Space Free | Partition Type: FAT

Computer Name: DELL8400 | User Name: Rick | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/13 15:22:12 | 000,580,608 | ---- | M] (OldTimer Tools) -- F:\OTL.exe
PRC - [2011/05/10 07:10:58 | 003,459,712 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/05/10 07:10:57 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/05/06 22:20:11 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/08 17:24:20 | 000,054,840 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
PRC - [2006/02/23 12:41:02 | 002,045,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE
PRC - [2004/06/29 12:22:56 | 000,073,852 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Application Accelerator\IAANTmon.exe
PRC - [2003/08/06 17:58:26 | 001,376,360 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\ACS\acsd.exe
PRC - [2003/07/18 15:02:18 | 001,422,528 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2003/05/08 12:00:58 | 000,049,152 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE2.0\opwareSE2.exe
PRC - [2003/01/10 18:13:04 | 000,065,536 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\wanmpsvc.exe


========== Modules (SafeList) ==========

MOD - [2011/06/13 15:22:12 | 000,580,608 | ---- | M] (OldTimer Tools) -- F:\OTL.exe
MOD - [2011/05/10 07:10:55 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2003/05/08 12:00:46 | 000,159,744 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE2.0\OpHookSE2.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [Auto | Stopped] -- -- (Automatic LiveUpdate Scheduler)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/05/10 07:10:57 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2006/02/23 12:41:02 | 002,045,632 | ---- | M] (Symantec Corporation) [Disabled | Running] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate)
SRV - [2005/04/05 11:17:22 | 000,206,552 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2004/06/29 12:22:56 | 000,073,852 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Application Accelerator\IAANTmon.exe -- (IAANTMon)
SRV - [2003/08/06 17:58:26 | 001,376,360 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\acsd.exe -- (AOL ACS)
SRV - [2003/07/18 15:02:18 | 001,422,528 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2003/01/10 18:13:04 | 000,065,536 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\WINDOWS\wanmpsvc.exe -- (WANMiniportService) WAN Miniport (ATW)


========== Driver Services (SafeList) ==========

DRV - [2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/05/10 07:03:54 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/05/10 07:03:44 | 000,307,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/05/10 07:02:37 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/05/10 07:02:25 | 000,102,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/05/10 06:59:56 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/05/10 06:59:37 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/05/10 06:59:35 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/02/14 12:10:50 | 000,123,248 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2005/04/05 11:17:02 | 000,267,192 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2005/04/05 11:17:00 | 000,017,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2005/04/05 11:16:58 | 000,036,984 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS -- (SYMIDS)
DRV - [2005/04/05 11:16:56 | 000,047,192 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS -- (SYMNDIS)
DRV - [2005/04/05 11:16:54 | 000,173,208 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMFW.SYS -- (SYMFW)
DRV - [2005/04/05 11:16:52 | 000,011,512 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
DRV - [2004/09/29 01:02:00 | 000,016,752 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctpdusb2.sys -- (Jukebox)
DRV - [2004/05/29 18:41:54 | 000,186,112 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\b57xp32.sys -- (b57w2k)
DRV - [2004/05/26 00:19:00 | 000,729,600 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtag.sys -- (ati2mtag)
DRV - [2004/04/26 10:49:56 | 000,381,056 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\senfilt.sys -- (senfilt)
DRV - [2004/04/13 17:03:46 | 000,016,509 | ---- | M] (Palm, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\PalmUSBD.sys -- (PalmUSBD)
DRV - [2003/07/18 15:01:28 | 000,268,360 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2003/05/01 13:26:34 | 000,005,220 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\CVirtA.sys -- (CVirtA)
DRV - [2003/03/03 14:08:56 | 000,176,896 | ---- | M] (Zone Labs Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\vsdatant.sys -- (vsdatant)
DRV - [2003/01/10 18:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2002/11/08 14:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2002/10/15 23:41:06 | 000,102,220 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\sonypvs1.sys -- (sonypvs1)
DRV - [2002/08/26 17:09:42 | 000,138,916 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\dne2000.sys -- (DNE)
DRV - [2002/08/06 13:04:08 | 000,114,080 | ---- | M] (Nortel Networks) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ipsecw2k.sys -- (IPSECSHM)
DRV - [2002/08/06 13:04:08 | 000,114,080 | ---- | M] (Nortel Networks) [Kernel | Auto | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ipsecw2k.sys -- (IPSECEXT)
DRV - [2002/04/22 15:50:14 | 000,009,161 | R--- | M] (Nortel Networks) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\eacfilt.sys -- (Eacfilt)
DRV - [2001/08/10 04:03:00 | 000,070,084 | ---- | M] (MK Systems CO., LTD.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\EPLPDX02.SYS -- (Eplpdx02)
DRV - [2000/03/29 18:11:20 | 000,008,096 | ---- | M] (MicroStaff Co.,Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\MASPINT.SYS -- (MASPINT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig?hl=en"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: {D22C1241-ADFF-4B4E-9226-2CEF23D35EDE}:1.9.1


FF - HKLM\software\mozilla\Firefox\extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/01/31 22:06:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/06/16 22:11:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/06 22:20:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/06 22:20:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/05/21 14:50:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2011/05/21 14:50:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Rick\Application Data\Mozilla\Extensions
[2011/05/21 14:50:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Rick\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/06/16 22:44:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Rick\Application Data\Mozilla\Firefox\Profiles\wxqvpgpv.default\extensions
[2010/11/22 07:46:49 | 000,000,000 | ---D | M] (Screengrab) -- C:\Documents and Settings\Rick\Application Data\Mozilla\Firefox\Profiles\wxqvpgpv.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2011/06/15 22:20:23 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Rick\Application Data\Mozilla\Firefox\Profiles\wxqvpgpv.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/11/26 09:03:25 | 000,000,000 | ---D | M] (DictionarySearch) -- C:\Documents and Settings\Rick\Application Data\Mozilla\Firefox\Profiles\wxqvpgpv.default\extensions\{a0faa0a4-f1a7-4098-9a74-21efc3a92372}
[2011/06/16 22:44:11 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Rick\Application Data\Mozilla\Firefox\Profiles\wxqvpgpv.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2008/06/24 19:23:07 | 000,000,908 | ---- | M] () -- C:\Documents and Settings\Rick\Application Data\Mozilla\Firefox\Profiles\wxqvpgpv.default\searchplugins\IMDB.xml
[2010/07/13 21:09:04 | 000,000,990 | ---- | M] () -- C:\Documents and Settings\Rick\Application Data\Mozilla\Firefox\Profiles\wxqvpgpv.default\searchplugins\netflixcom.xml
[2008/06/02 18:07:21 | 000,000,958 | ---- | M] () -- C:\Documents and Settings\Rick\Application Data\Mozilla\Firefox\Profiles\wxqvpgpv.default\searchplugins\scroogle.xml
[2008/06/02 18:07:22 | 000,004,884 | ---- | M] () -- C:\Documents and Settings\Rick\Application Data\Mozilla\Firefox\Profiles\wxqvpgpv.default\searchplugins\urbandictionary.xml
[2008/06/18 17:49:28 | 000,001,108 | ---- | M] () -- C:\Documents and Settings\Rick\Application Data\Mozilla\Firefox\Profiles\wxqvpgpv.default\searchplugins\wikipedia.xml
[2011/06/16 19:49:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/06/16 19:49:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\DOCUMENTS AND SETTINGS\RICK\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WXQVPGPV.DEFAULT\EXTENSIONS\{CE6E6E3B-84DD-4CAC-9F63-8D2AE4F30A4B}.XPI
[2011/06/16 22:11:54 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2011/05/06 22:20:11 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2011/06/16 19:49:09 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2006/11/25 13:59:55 | 000,319,488 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npsnapfish.dll
[2008/03/30 13:04:31 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint_03050024.dll
[2011/05/06 22:20:14 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/06/17 17:31:12 | 000,000,098 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\hpztsb10.exe (HP)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [OpwareSE2] C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE (FUJI PHOTO FILM CO., LTD.)
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O15 - HKLM\..Trusted Domains: musicmatch.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: mjh.org ([asp01] https in Trusted sites)
O15 - HKCU\..Trusted Domains: musicmatch.com ([]* in Trusted sites)
O16 - DPF: {00140000-B1BA-11CE-ABC6-F5B2E79D9E3F} file:///D:/LTOCX14N.cab (LEAD Main Control (14.0))
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab (Trend Micro ActiveX Scan Agent 6.6)
O16 - DPF: {3637C046-4008-11D5-ADF6-0050DA74F67C} http://www.pvplus.com/citrix/UniPrint.cab (UniPrintCab Control)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc2.cab (Office Update Installation Engine)
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-24.cab (EPUImageControl Class)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://spaces.msn.com//PhotoUpload/MsnPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebook.com/controls/FacebookPhotoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housecall/xscan53.cab (HouseCall Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos-beta/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://datagen.webex.com/client/T25L/webex/ieatgpc.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - Explorer.exe ()
O28 - HKLM ShellExecuteHooks: {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - C:\Program Files\Qualcomm\Eudora\EuShlExt.dll (Qualcomm Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 14:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/06/29 06:19:00 | 000,000,042 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [1998/10/13 13:47:38 | 000,000,437 | ---- | M] () - E:\AUTOEXEC.DOS -- [ FAT32 ]
O32 - AutoRun File - [2003/08/17 18:10:18 | 000,000,163 | ---- | M] () - E:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2000/05/07 13:36:50 | 000,000,121 | ---- | M] () - E:\AUTOEXEC.PSS -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\SYSTEM32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\SYSTEM32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\TSSOFT32.ACM (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\IR32_32.DLL ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\IR32_32.DLL ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.VP60 - C:\WINDOWS\SYSTEM32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\WINDOWS\SYSTEM32\vp6vfw.dll (On2.com)

========== Files/Folders - Created Within 30 Days ==========

[2011/06/16 22:24:36 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/06/16 22:12:11 | 000,307,928 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/06/16 22:12:11 | 000,019,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/06/16 22:12:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2011/06/16 22:12:09 | 000,441,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/06/16 22:12:09 | 000,102,616 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/06/16 22:12:09 | 000,096,344 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/06/16 22:12:09 | 000,049,240 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/06/16 22:12:09 | 000,030,808 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/06/16 22:12:09 | 000,025,432 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/06/16 22:11:51 | 000,040,112 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/06/16 22:11:50 | 000,199,304 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/06/16 22:11:37 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/06/16 22:11:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/06/16 21:28:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011/06/16 20:26:18 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2011/06/15 18:42:23 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/06/15 18:31:24 | 006,262,784 | ---- | C] (Intuit) -- C:\Program Files\QW.EXE
[2011/06/14 21:04:50 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/06/14 18:16:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/06/14 18:12:58 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/06/14 18:08:16 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Rick\Recent
[2011/06/14 18:07:33 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/06/14 18:07:33 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/06/14 18:07:33 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/06/14 18:07:33 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/06/14 18:07:24 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/06/05 16:31:56 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Rick\Start Menu\Programs\Administrative Tools
[2011/05/21 14:50:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rick\Local Settings\Application Data\Thunderbird
[2011/05/21 14:50:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rick\Application Data\Thunderbird
[2011/05/21 14:50:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Thunderbird
[2011/05/21 14:50:33 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2005/01/22 23:03:18 | 000,048,896 | ---- | C] (Intuit, Inc.) -- C:\Program Files\bpbox.ocx
[2005/01/22 23:03:18 | 000,044,032 | ---- | C] (Intuit Inc.) -- C:\Program Files\QWSNAP.DLL
[2005/01/22 23:03:17 | 000,027,136 | ---- | C] (Intuit) -- C:\Program Files\QWDLLS.EXE
[2005/01/22 23:03:15 | 001,609,216 | ---- | C] (Intuit Inc.) -- C:\Program Files\qwonline.dll
[2005/01/22 23:03:15 | 000,131,584 | ---- | C] (Intuit) -- C:\Program Files\IcRsrc32.dll
[2005/01/22 23:03:15 | 000,056,832 | ---- | C] (Intuit) -- C:\Program Files\TechHelp.exe
[2005/01/22 23:03:15 | 000,006,656 | ---- | C] (Intuit Inc.) -- C:\Program Files\npipa32s.dll
[2005/01/22 23:03:14 | 001,655,808 | ---- | C] (Intuit Inc.) -- C:\Program Files\QWOESDK.DLL
[2005/01/22 23:03:14 | 000,099,328 | ---- | C] (Marimba, Inc.) -- C:\Program Files\mrbupd.dll
[2005/01/22 23:03:14 | 000,047,104 | ---- | C] (Intuit Inc.) -- C:\Program Files\ONLNCALL.DLL
[2005/01/22 23:03:14 | 000,012,800 | ---- | C] (Intuit Inc.) -- C:\Program Files\iqwchan.dll
[2005/01/22 23:03:14 | 000,011,776 | ---- | C] (Intuit) -- C:\Program Files\alrtpkg.dll
[2005/01/22 23:03:13 | 002,100,224 | ---- | C] (Intuit Inc.) -- C:\Program Files\ONLN32.DLL
[2005/01/22 23:03:13 | 001,071,104 | ---- | C] (Intuit Inc.) -- C:\Program Files\QWUTIL7.DLL
[2005/01/22 23:03:13 | 000,269,312 | ---- | C] (Intuit Inc.) -- C:\Program Files\QWPR.DLL
[2005/01/22 23:03:13 | 000,183,296 | ---- | C] (Intuit Inc.) -- C:\Program Files\QWWIN.DLL
[2005/01/22 23:03:13 | 000,131,584 | ---- | C] (Intuit Inc.) -- C:\Program Files\QWDIB.DLL
[2005/01/22 23:03:13 | 000,085,440 | ---- | C] (Intuit) -- C:\Program Files\QWCF.EXE
[2005/01/22 23:03:13 | 000,066,560 | ---- | C] (Intuit Inc.) -- C:\Program Files\QWRMND.DLL
[2005/01/22 23:03:13 | 000,051,200 | ---- | C] (Intuit Inc.) -- C:\Program Files\QW_IBILL.DLL
[2005/01/22 23:03:13 | 000,043,776 | ---- | C] (Intuit) -- C:\Program Files\TLA.EXE
[2005/01/22 23:03:13 | 000,043,520 | ---- | C] (Intuit Inc.) -- C:\Program Files\SAVGOL.DLL
[2005/01/22 23:03:13 | 000,006,144 | ---- | C] (Intuit) -- C:\Program Files\QWENC.DLL
[2005/01/22 23:03:12 | 000,273,408 | ---- | C] (Intuit Inc.) -- C:\Program Files\QACCES32.DLL
[2005/01/22 23:03:12 | 000,169,472 | ---- | C] (Intuit Inc.) -- C:\Program Files\QDB.DLL
[2005/01/22 23:03:12 | 000,126,464 | ---- | C] (Intuit Inc.) -- C:\Program Files\QDBBASE.DLL
[2005/01/22 23:03:12 | 000,049,152 | ---- | C] (Intuit Inc.) -- C:\Program Files\QFILE.DLL
[2005/01/22 23:03:12 | 000,006,144 | ---- | C] (Intuit Inc.) -- C:\Program Files\QVERSION.DLL
[2005/01/22 23:03:12 | 000,005,456 | ---- | C] (Intuit) -- C:\Program Files\QIDLL.DLL
[2005/01/22 23:03:12 | 000,005,440 | ---- | C] (Intuit) -- C:\Program Files\QPWDLL.DLL
[2005/01/22 23:03:11 | 000,349,696 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\LTKRN70N.DLL
[2005/01/22 23:03:11 | 000,225,280 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\LFCMP70N.DLL
[2005/01/22 23:03:11 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Program Files\MVCL14N.DLL
[2005/01/22 23:03:11 | 000,111,104 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\LFPNG70N.DLL
[2005/01/22 23:03:11 | 000,102,400 | ---- | C] (Intuit Inc.) -- C:\Program Files\PLAN.DLL
[2005/01/22 23:03:11 | 000,099,328 | ---- | C] (Intuit Inc.) -- C:\Program Files\FRCAST.DLL
[2005/01/22 23:03:11 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Program Files\MVMC14N.DLL
[2005/01/22 23:03:11 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Program Files\MVIX14N.DLL
[2005/01/22 23:03:11 | 000,064,000 | ---- | C] (Intuit Inc.) -- C:\Program Files\GRAPHS6.DLL
[2005/01/22 23:03:11 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Program Files\MVFS14N.DLL
[2005/01/22 23:03:11 | 000,055,808 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\LTFIL70N.DLL
[2005/01/22 23:03:11 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Program Files\MVSR14N.DLL
[2005/01/22 23:03:11 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Program Files\MVTL14N.DLL
[2005/01/22 23:03:11 | 000,038,400 | ---- | C] (Intuit Inc.) -- C:\Program Files\AB_QDLL.DLL
[2005/01/22 23:03:11 | 000,037,376 | ---- | C] (Intuit Inc.) -- C:\Program Files\IMVENG7.DLL
[2005/01/22 23:03:11 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Program Files\MVMG14N.DLL
[2005/01/22 23:03:11 | 000,030,208 | ---- | C] (Intuit) -- C:\Program Files\BILLMIND.EXE
[2005/01/22 23:03:11 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Program Files\MVBK14N.DLL
[2005/01/22 23:03:11 | 000,024,576 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\LFBMP70N.DLL
[2005/01/22 23:03:11 | 000,024,064 | ---- | C] (Intuit) -- C:\Program Files\QGDERES.DLL
[2005/01/22 23:03:11 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Program Files\MVUT14N.DLL
[2005/01/22 23:03:11 | 000,007,680 | ---- | C] (Intuit Inc.) -- C:\Program Files\NPIPA32.DLL
[2003/12/09 14:16:52 | 000,442,368 | ---- | C] ( ) -- C:\WINDOWS\System32\comintfs.dll

========== Files - Modified Within 30 Days ==========

[2011/06/17 19:21:51 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2011/06/17 19:20:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2011/06/17 19:20:41 | 2145,554,432 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/17 17:31:12 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\Hosts
[2011/06/16 22:58:28 | 000,025,006 | ---- | M] () -- C:\Documents and Settings\Rick\My Documents\WindowsCannotOpenFile.jpg
[2011/06/16 22:56:23 | 001,467,392 | ---- | M] () -- C:\Documents and Settings\Rick\My Documents\WindowsCannotOpenFile.jpg.shs
[2011/06/16 22:16:08 | 000,001,493 | ---- | M] () -- C:\Documents and Settings\Rick\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Explorer (2).lnk
[2011/06/16 22:12:11 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/06/16 22:12:09 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/06/16 22:06:41 | 000,318,744 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/06/16 22:04:24 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/06/16 21:31:08 | 000,381,692 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2011/06/16 21:31:08 | 000,053,436 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2011/06/16 20:29:42 | 000,250,048 | RHS- | M] () -- C:\NTLDR
[2011/06/15 21:27:07 | 000,879,099 | ---- | M] () -- C:\Documents and Settings\Rick\Desktop\SecurityCheck.exe
[2011/06/15 18:31:24 | 006,262,784 | ---- | M] (Intuit) -- C:\Program Files\QW.EXE
[2011/06/14 21:04:53 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/14 20:59:34 | 000,606,105 | ---- | M] () -- C:\Documents and Settings\Rick\Desktop\unhide.exe
[2011/06/14 18:13:03 | 000,000,327 | RHS- | M] () -- C:\BOOT.INI
[2011/06/07 11:16:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/06/05 16:24:29 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Rick\defogger_reenable
[2011/06/05 15:37:16 | 000,020,736 | ---- | M] () -- C:\Program Files\QW.RMD
[2011/06/05 15:37:16 | 000,015,360 | ---- | M] () -- C:\Program Files\FILIST.QFI
[2011/06/05 15:37:16 | 000,001,468 | ---- | M] () -- C:\WINDOWS\QUICKEN.INI
[2011/06/05 15:37:16 | 000,001,024 | ---- | M] () -- C:\Program Files\QW.CFG
[2011/06/05 15:37:16 | 000,000,054 | ---- | M] () -- C:\Program Files\QWREMIND.INI
[2011/06/04 07:10:20 | 000,000,698 | ---- | M] () -- C:\Program Files\QREQST.DAT
[2011/05/31 21:59:53 | 000,000,268 | ---- | M] () -- C:\sqmdata18.sqm
[2011/05/31 21:59:53 | 000,000,244 | ---- | M] () -- C:\sqmnoopt18.sqm
[2011/05/31 07:29:39 | 000,000,268 | ---- | M] () -- C:\sqmdata17.sqm
[2011/05/31 07:29:39 | 000,000,244 | ---- | M] () -- C:\sqmnoopt17.sqm
[2011/05/30 21:39:43 | 000,000,268 | ---- | M] () -- C:\sqmdata16.sqm
[2011/05/30 21:39:43 | 000,000,244 | ---- | M] () -- C:\sqmnoopt16.sqm
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/05/27 22:17:06 | 000,000,268 | ---- | M] () -- C:\sqmdata15.sqm
[2011/05/27 22:17:05 | 000,000,244 | ---- | M] () -- C:\sqmnoopt15.sqm
[2011/05/27 07:27:10 | 000,000,268 | ---- | M] () -- C:\sqmdata14.sqm
[2011/05/27 07:27:09 | 000,000,244 | ---- | M] () -- C:\sqmnoopt14.sqm
[2011/05/27 00:02:38 | 000,000,268 | ---- | M] () -- C:\sqmdata13.sqm
[2011/05/27 00:02:38 | 000,000,244 | ---- | M] () -- C:\sqmnoopt13.sqm
[2011/05/26 07:26:29 | 000,000,268 | ---- | M] () -- C:\sqmdata12.sqm
[2011/05/26 07:26:29 | 000,000,244 | ---- | M] () -- C:\sqmnoopt12.sqm
[2011/05/25 22:06:45 | 000,000,268 | ---- | M] () -- C:\sqmdata11.sqm
[2011/05/25 22:06:45 | 000,000,244 | ---- | M] () -- C:\sqmnoopt11.sqm
[2011/05/25 07:40:56 | 000,000,268 | ---- | M] () -- C:\sqmdata10.sqm
[2011/05/25 07:40:56 | 000,000,244 | ---- | M] () -- C:\sqmnoopt10.sqm
[2011/05/24 21:47:33 | 000,000,268 | ---- | M] () -- C:\sqmdata09.sqm
[2011/05/24 21:47:33 | 000,000,244 | ---- | M] () -- C:\sqmnoopt09.sqm
[2011/05/24 07:33:05 | 000,000,268 | ---- | M] () -- C:\sqmdata08.sqm
[2011/05/24 07:33:05 | 000,000,244 | ---- | M] () -- C:\sqmnoopt08.sqm
[2011/05/23 21:41:56 | 000,000,268 | ---- | M] () -- C:\sqmdata07.sqm
[2011/05/23 21:41:55 | 000,000,244 | ---- | M] () -- C:\sqmnoopt07.sqm
[2011/05/23 07:24:35 | 000,000,268 | ---- | M] () -- C:\sqmdata06.sqm
[2011/05/23 07:24:34 | 000,000,244 | ---- | M] () -- C:\sqmnoopt06.sqm
[2011/05/22 21:59:25 | 000,000,268 | ---- | M] () -- C:\sqmdata05.sqm
[2011/05/22 21:59:25 | 000,000,244 | ---- | M] () -- C:\sqmnoopt05.sqm
[2011/05/22 16:35:11 | 000,000,607 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Quicken Basic 99.lnk
[2011/05/22 14:11:44 | 000,000,268 | ---- | M] () -- C:\sqmdata04.sqm
[2011/05/22 14:11:44 | 000,000,244 | ---- | M] () -- C:\sqmnoopt04.sqm
[2011/05/21 14:50:38 | 000,001,686 | ---- | M] () -- C:\Documents and Settings\Rick\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2011/05/21 14:50:38 | 000,001,668 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Thunderbird.lnk
[2011/05/20 07:29:14 | 000,000,268 | ---- | M] () -- C:\sqmdata03.sqm
[2011/05/20 07:29:14 | 000,000,244 | ---- | M] () -- C:\sqmnoopt03.sqm
[2011/05/19 22:46:50 | 000,000,268 | ---- | M] () -- C:\sqmdata02.sqm
[2011/05/19 22:46:50 | 000,000,244 | ---- | M] () -- C:\sqmnoopt02.sqm
[2011/05/19 07:25:10 | 000,000,268 | ---- | M] () -- C:\sqmdata01.sqm
[2011/05/19 07:25:10 | 000,000,244 | ---- | M] () -- C:\sqmnoopt01.sqm

========== Files Created - No Company Name ==========

[2011/06/16 22:58:27 | 000,025,006 | ---- | C] () -- C:\Documents and Settings\Rick\My Documents\WindowsCannotOpenFile.jpg
[2011/06/16 22:56:22 | 001,467,392 | ---- | C] () -- C:\Documents and Settings\Rick\My Documents\WindowsCannotOpenFile.jpg.shs
[2011/06/16 22:12:11 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/06/16 20:30:00 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2011/06/16 20:30:00 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2011/06/16 20:29:58 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2011/06/15 21:27:05 | 000,879,099 | ---- | C] () -- C:\Documents and Settings\Rick\Desktop\SecurityCheck.exe
[2011/06/14 21:01:38 | 000,606,105 | ---- | C] () -- C:\Documents and Settings\Rick\Desktop\unhide.exe
[2011/06/14 18:16:13 | 000,001,808 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2011/06/14 18:15:59 | 000,001,956 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Live Messenger.lnk
[2011/06/14 18:15:59 | 000,001,924 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2003.lnk
[2011/06/14 18:15:59 | 000,001,744 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Dell Networking Guide.lnk
[2011/06/14 18:15:59 | 000,001,681 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Dell Media Experience.lnk
[2011/06/14 18:15:59 | 000,001,498 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Opera.lnk
[2011/06/14 18:15:59 | 000,000,879 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Money 2004.lnk
[2011/06/14 18:15:59 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/06/14 18:15:59 | 000,000,721 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\RealPlayer.lnk
[2011/06/14 18:15:59 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk
[2011/06/14 18:15:59 | 000,000,609 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
[2011/06/14 18:15:58 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2011/06/14 18:15:58 | 000,001,691 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\ABBYY FineReader 5.0 Sprint Plus.lnk
[2011/06/14 18:07:33 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/06/14 18:07:33 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/06/14 18:07:33 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/06/14 18:07:33 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/06/14 18:07:33 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/06/13 18:05:06 | 000,002,155 | ---- | C] () -- C:\Documents and Settings\Rick\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2011/06/13 18:05:06 | 000,001,985 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Windows Live Photo Gallery.lnk
[2011/06/13 18:05:06 | 000,001,769 | ---- | C] () -- C:\Documents and Settings\Rick\Application Data\Microsoft\Internet Explorer\Quick Launch\Musicmatch Jukebox.lnk
[2011/06/13 18:05:06 | 000,001,754 | ---- | C] () -- C:\Documents and Settings\Rick\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Live Messenger.lnk
[2011/06/13 18:05:06 | 000,001,686 | ---- | C] () -- C:\Documents and Settings\Rick\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2011/06/13 18:05:06 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\Rick\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/06/13 18:05:06 | 000,001,510 | ---- | C] () -- C:\Documents and Settings\Rick\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2011/06/13 18:05:06 | 000,001,493 | ---- | C] () -- C:\Documents and Settings\Rick\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Explorer (2).lnk
[2011/06/13 18:05:06 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Rick\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/06/13 18:05:06 | 000,000,664 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Steam.lnk
[2011/06/13 18:05:06 | 000,000,607 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Quicken Basic 99.lnk
[2011/06/13 18:05:06 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Rick\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/06/13 18:05:05 | 000,001,836 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2011/06/13 18:05:05 | 000,001,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\H&R Block 2010.lnk
[2011/06/13 18:05:05 | 000,001,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\H&R Block 2009.lnk
[2011/06/13 18:05:05 | 000,001,668 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Thunderbird.lnk
[2011/06/13 18:05:05 | 000,001,639 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Eudora.lnk
[2011/06/13 18:05:05 | 000,001,624 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\H&R Block TaxCut 2008.lnk
[2011/06/13 18:05:05 | 000,001,492 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2011/06/13 18:05:05 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/05 16:24:29 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Rick\defogger_reenable
[2010/02/15 21:36:02 | 000,000,675 | ---- | C] () -- C:\WINDOWS\hpomdl43.dat.temp
[2010/01/31 21:59:40 | 000,195,384 | ---- | C] () -- C:\WINDOWS\hpoins43.dat
[2010/01/31 21:59:39 | 000,000,675 | ---- | C] () -- C:\WINDOWS\hpomdl43.dat
[2009/02/22 07:43:54 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2008/11/19 21:04:51 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2007/05/14 20:31:11 | 000,000,171 | ---- | C] () -- C:\WINDOWS\INTUIT.INI
[2007/03/10 14:58:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2007/02/02 19:43:22 | 000,000,142 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2007/02/02 19:42:53 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2007/01/02 19:07:01 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
[2006/08/24 18:03:05 | 000,001,375 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/08/16 08:30:05 | 000,000,036 | ---- | C] () -- C:\WINDOWS\webica.ini
[2006/06/05 19:50:21 | 000,036,363 | ---- | C] () -- C:\WINDOWS\CSTBox.INI
[2006/06/01 19:00:11 | 000,136,384 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2006/05/31 19:35:35 | 000,000,823 | ---- | C] () -- C:\WINDOWS\tsc.ini
[2006/05/31 19:35:34 | 000,071,749 | ---- | C] () -- C:\WINDOWS\hcextoutput.dll
[2006/05/31 19:34:52 | 000,000,170 | ---- | C] () -- C:\WINDOWS\GetServer.ini
[2006/05/10 17:14:14 | 000,000,532 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2005/09/05 12:25:19 | 000,034,816 | ---- | C] () -- C:\Documents and Settings\Rick\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/05/27 19:36:35 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/05/26 20:56:16 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\WNASPI32.DLL
[2005/05/26 20:56:16 | 000,000,291 | ---- | C] () -- C:\WINDOWS\msfsetup.ini
[2005/05/24 20:48:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Textart.INI
[2005/05/05 09:12:35 | 000,000,952 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2005/05/04 08:45:17 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Rick\Application Data\PFP120JPR.{PB
[2005/05/04 08:45:17 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Rick\Application Data\PFP120JCM.{PB
[2005/04/06 15:45:07 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2005/04/05 21:15:19 | 000,015,570 | ---- | C] () -- C:\Program Files\WPR.DAT
[2005/03/19 13:22:45 | 000,037,027 | ---- | C] () -- C:\WINDOWS\atmoUn.exe
[2005/03/18 20:40:55 | 000,007,298 | ---- | C] () -- C:\WINDOWS\hpdj5700.ini
[2005/03/18 20:40:29 | 000,000,414 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2005/01/25 22:50:57 | 000,000,030 | ---- | C] () -- C:\Program Files\QWRS.DAT
[2005/01/25 22:50:57 | 000,000,030 | ---- | C] () -- C:\WINDOWS\INTURS.DAT
[2005/01/25 22:50:51 | 000,000,024 | ---- | C] () -- C:\WINDOWS\qfnonl.ini
[2005/01/25 22:50:26 | 000,000,028 | ---- | C] () -- C:\WINDOWS\ICOA.INI
[2005/01/25 22:50:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QFN.ini
[2005/01/25 22:50:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QDQICK.ini
[2005/01/24 17:08:43 | 000,026,083 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2005/01/23 15:23:59 | 000,000,033 | ---- | C] () -- C:\WINDOWS\Eudora.ini
[2005/01/23 15:20:29 | 000,001,024 | ---- | C] () -- C:\Program Files\QW.CFG
[2005/01/23 15:14:33 | 000,015,360 | ---- | C] () -- C:\Program Files\FILIST.QFI
[2005/01/23 15:14:33 | 000,000,054 | ---- | C] () -- C:\Program Files\QWREMIND.INI
[2005/01/23 15:13:19 | 000,258,915 | ---- | C] () -- C:\Program Files\QUICKEN.GID
[2005/01/23 15:11:28 | 000,020,736 | ---- | C] () -- C:\Program Files\QW.RMD
[2005/01/23 15:11:28 | 000,000,132 | ---- | C] () -- C:\Program Files\~QW~LINK.QDT
[2005/01/22 23:03:20 | 000,001,468 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2005/01/22 23:03:19 | 000,000,660 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2005/01/22 23:03:18 | 000,006,472 | ---- | C] () -- C:\WINDOWS\ICOADB32.DAT
[2005/01/22 23:03:17 | 000,058,245 | ---- | C] () -- C:\Program Files\TAX.THP
[2005/01/22 23:03:17 | 000,012,100 | ---- | C] () -- C:\Program Files\TAX.SCD
[2005/01/22 23:03:17 | 000,011,776 | ---- | C] () -- C:\Program Files\WHATSNEW.WRI
[2005/01/22 23:03:17 | 000,000,896 | ---- | C] () -- C:\Program Files\QWMENU.INI
[2005/01/22 23:03:15 | 000,058,368 | ---- | C] () -- C:\Program Files\ofxroots.crt
[2005/01/22 23:03:15 | 000,034,622 | ---- | C] () -- C:\Program Files\QWCOLOR.INI
[2005/01/22 23:03:15 | 000,015,581 | ---- | C] () -- C:\Program Files\INTELLIC.CAT
[2005/01/22 23:03:15 | 000,003,618 | ---- | C] () -- C:\Program Files\WPR.INI
[2005/01/22 23:03:15 | 000,002,438 | ---- | C] () -- C:\Program Files\HOME.QIF
[2005/01/22 23:03:15 | 000,001,003 | ---- | C] () -- C:\Program Files\BUSINESS.QIF
[2005/01/22 23:03:15 | 000,000,698 | ---- | C] () -- C:\Program Files\QREQST.DAT
[2005/01/22 23:03:15 | 000,000,083 | ---- | C] () -- C:\Program Files\AUDQCARD.VER
[2005/01/22 23:03:15 | 000,000,080 | ---- | C] () -- C:\Program Files\MMEDIA.VER
[2005/01/22 23:03:14 | 000,142,336 | ---- | C] () -- C:\Program Files\patchw32.dll
[2005/01/22 23:03:14 | 000,041,472 | ---- | C] () -- C:\Program Files\qagent.exe
[2005/01/22 23:03:14 | 000,002,764 | ---- | C] () -- C:\Program Files\qagent.tlb
[2005/01/22 23:03:10 | 000,060,633 | ---- | C] () -- C:\Program Files\Uninst.isu
[2005/01/22 23:03:10 | 000,009,501 | ---- | C] () -- C:\Program Files\README.WRI
[2005/01/16 14:27:15 | 000,000,207 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2005/01/16 14:24:00 | 000,000,182 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT4.DAT
[2005/01/16 14:22:44 | 000,000,045 | ---- | C] () -- C:\WINDOWS\EPSONC84.ini
[2005/01/16 09:31:24 | 000,099,965 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2005/01/16 09:31:09 | 000,005,491 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2005/01/15 23:15:13 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Rick\Local Settings\Application Data\fusioncache.dat
[2005/01/08 00:56:39 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/01/08 00:52:49 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\PdeSrv2p.dll
[2005/01/08 00:52:48 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2005/01/08 00:46:44 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/01/08 00:46:34 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/01/08 00:36:14 | 000,002,048 | --S- | C] () -- C:\WINDOWS\BOOTSTAT.DAT
[2005/01/08 00:34:32 | 000,381,692 | ---- | C] () -- C:\WINDOWS\System32\PERFH009.DAT
[2005/01/08 00:34:32 | 000,053,436 | ---- | C] () -- C:\WINDOWS\System32\PERFC009.DAT
[2005/01/08 00:15:28 | 000,000,517 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/10 14:13:12 | 000,000,780 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/08/10 14:08:08 | 000,318,744 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/10 14:03:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 14:02:16 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 11:08:26 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.BIN
[2004/08/10 11:08:26 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.DAT
[2004/08/04 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\MLANG.DAT
[2004/08/04 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\PERFI009.DAT
[2004/08/04 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\DSSEC.DAT
[2004/08/04 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\MIB.BIN
[2004/08/04 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\PERFD009.DAT
[2004/08/04 06:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\SECUPD.DAT
[2004/08/04 06:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 06:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\FXSPERF.INI
[2004/08/04 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\NOISE.DAT
[2004/07/19 17:01:02 | 000,045,056 | ---- | C] () -- C:\WINDOWS\SETPWRCG.EXE
[2004/05/26 16:09:26 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\DSRIRREM.EXE
[2004/04/20 12:08:08 | 000,000,276 | ---- | C] () -- C:\WINDOWS\System32\DLBTPLC.INI
[2004/03/26 17:59:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/03/17 08:12:48 | 000,000,362 | ---- | C] () -- C:\WINDOWS\hpfins_s04_main.dat
[2004/03/17 08:11:51 | 000,005,428 | ---- | C] () -- C:\WINDOWS\hpfmdl_s04_main.dat
[2003/07/31 17:54:50 | 000,000,182 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT.DAT
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/11/01 16:17:50 | 000,000,256 | ---- | C] () -- C:\WINDOWS\aucfg.ini
[2002/07/04 15:05:34 | 000,000,269 | ---- | C] () -- C:\WINDOWS\tmupdate.ini
[2001/12/14 13:34:46 | 000,164,864 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[1999/07/23 13:46:48 | 000,000,116 | ---- | C] () -- C:\WINDOWS\AuHCcup1.ini
[1999/07/23 10:53:20 | 000,129,536 | ---- | C] () -- C:\WINDOWS\AuHCcup1.dll
[1980/01/01 01:00:00 | 000,397,312 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.exe
[1980/01/01 01:00:00 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll

========== LOP Check ==========

[2011/06/16 22:11:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2007/01/02 19:07:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2007/01/02 11:49:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon
[2011/04/16 21:19:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2006/05/25 10:19:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2006/05/10 17:14:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2006/05/10 17:14:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanWizard
[2011/02/05 10:51:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TaxCut
[2007/01/02 19:07:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2009/05/01 19:02:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/06/02 18:09:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick\Application Data\aAvgApi
[2008/03/20 16:33:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick\Application Data\Aim
[2006/05/10 17:31:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick\Application Data\Canon
[2008/04/17 17:31:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick\Application Data\FrostWire
[2005/05/26 20:59:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick\Application Data\FUJIFILM
[2008/07/26 11:55:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick\Application Data\GARMIN
[2005/03/06 22:15:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick\Application Data\ICAClient
[2006/07/17 22:10:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick\Application Data\iPodder
[2005/03/21 15:05:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick\Application Data\Leadertech
[2007/01/02 11:50:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick\Application Data\Nikon
[2005/07/25 20:00:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick\Application Data\Opera
[2009/02/22 07:43:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick\Application Data\pdf995
[2007/01/02 20:34:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick\Application Data\pictmotion Technologies
[2005/01/23 15:24:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick\Application Data\Qualcomm
[2006/05/10 17:14:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick\Application Data\ScanSoft
[2006/11/25 14:00:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick\Application Data\Snapfish
[2010/12/11 16:31:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick\Application Data\TaxCut
[2011/05/21 14:50:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick\Application Data\Thunderbird

========== Purity Check ==========



========== Custom Scans ==========


< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\ReinstallCommand: C:\PROGRA~1\AMERIC~1.0\accdef.exe -rb [2003/08/09 18:36:02 | 000,024,671 | ---- | M] (America Online, Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\HideIconsCommand: C:\PROGRA~1\AMERIC~1.0\accdef.exe -hb [2003/08/09 18:36:02 | 000,024,671 | ---- | M] (America Online, Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\ShowIconsCommand: C:\PROGRA~1\AMERIC~1.0\accdef.exe -sb [2003/08/09 18:36:02 | 000,024,671 | ---- | M] (America Online, Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\shell\open\command\\: C:\PROGRA~1\AMERIC~1.0\aol.exe [2003/08/09 18:36:02 | 000,045,139 | ---- | M] (America Online, Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/05/06 22:20:14 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/05/06 22:20:14 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/05/06 22:20:14 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/05/06 22:20:11 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/05/06 22:20:11 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/05/06 22:20:11 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/04/25 07:00:32 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/04/25 07:00:32 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/04/25 07:00:32 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\IEXPLORE.EXE" [2011/04/21 05:58:25 | 000,634,648 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Opera\Opera.exe" /ShowIconsCommand [2011/04/16 07:33:57 | 000,941,936 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Opera\Opera.exe" /HideIconsCommand [2011/04/16 07:33:57 | 000,941,936 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Opera\Opera.exe" /ReInstallBrowser [2011/04/16 07:33:57 | 000,941,936 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\shell\open\command\\: "C:\Program Files\Opera\Opera.exe" [2011/04/16 07:33:57 | 000,941,936 | ---- | M] (Opera Software)

< %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-06-16 11:42:01

< End of report >

#19 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:02:51 AM

Posted 18 June 2011 - 09:07 AM

Hi!

OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :OTL
    PRC - [2006/02/23 12:41:02 | 002,045,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE
    SRV - File not found [Auto | Stopped] -- -- (Automatic LiveUpdate Scheduler)
    SRV - [2006/02/23 12:41:02 | 002,045,632 | ---- | M] (Symantec Corporation) [Disabled | Running] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate)
    SRV - [2005/04/05 11:17:22 | 000,206,552 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
    DRV - [2006/02/14 12:10:50 | 000,123,248 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
    DRV - [2005/04/05 11:17:02 | 000,267,192 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
    DRV - [2005/04/05 11:17:00 | 000,017,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
    DRV - [2005/04/05 11:16:58 | 000,036,984 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS -- (SYMIDS)
    DRV - [2005/04/05 11:16:56 | 000,047,192 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS -- (SYMNDIS)
    DRV - [2005/04/05 11:16:54 | 000,173,208 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMFW.SYS -- (SYMFW)
    DRV - [2005/04/05 11:16:52 | 000,011,512 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
    O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Java Plug-in 1.5.0_11)
    
    :Reg
    
    :Files
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [emptytemp]
    [EMPTYFLASH]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#20 rsnyder316

rsnyder316
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:51 AM

Posted 18 June 2011 - 10:51 AM

OK, OTL fix completed. Here's the report:

All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
No active process named LuComServer_3_0.EXE was found!
Service Automatic LiveUpdate Scheduler stopped successfully!
Service Automatic LiveUpdate Scheduler deleted successfully!
Error: No service named LiveUpdate was found to stop!
Service\Driver key LiveUpdate not found.
File C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE not found.
Service SNDSrvc stopped successfully!
Service SNDSrvc deleted successfully!
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe moved successfully.
Error: Unable to stop service SymEvent!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SymEvent deleted successfully.
C:\Program Files\Symantec\SYMEVENT.SYS moved successfully.
Error: Unable to stop service SYMTDI!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SYMTDI deleted successfully.
C:\WINDOWS\SYSTEM32\DRIVERS\symtdi.sys moved successfully.
Service SYMREDRV stopped successfully!
Service SYMREDRV deleted successfully!
C:\WINDOWS\SYSTEM32\DRIVERS\symredrv.sys moved successfully.
Service SYMIDS stopped successfully!
Service SYMIDS deleted successfully!
C:\WINDOWS\SYSTEM32\DRIVERS\symids.sys moved successfully.
Service SYMNDIS stopped successfully!
Service SYMNDIS deleted successfully!
C:\WINDOWS\SYSTEM32\DRIVERS\symndis.sys moved successfully.
Service SYMFW stopped successfully!
Service SYMFW deleted successfully!
C:\WINDOWS\SYSTEM32\DRIVERS\symfw.sys moved successfully.
Service SYMDNS stopped successfully!
Service SYMDNS deleted successfully!
C:\WINDOWS\SYSTEM32\DRIVERS\symdns.sys moved successfully.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found.
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Could not flush the DNS Resolver Cache: Function failed during execution.
F:\cmd.bat deleted successfully.
F:\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point (50114262525280256)

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Owner

User: Rick
->Temp folder emptied: 47094311 bytes
->Temporary Internet Files folder emptied: 1009871 bytes
->Java cache emptied: 213650 bytes
->FireFox cache emptied: 186189152 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 5761 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 69719 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 224.00 mb


[EMPTYFLASH]

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: Owner

User: Rick
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.24.0 log created on 06182011_092224

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\_avast_\Webshlock.txt not found!

Registry entries deleted on Reboot...

#21 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:02:51 AM

Posted 18 June 2011 - 11:00 AM

Hello,

Your logs appear to be clean, so if you have no further issues with your computer, then please proceed with the following housekeeping procedures outlined below.



Time for some housekeeping
The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK: ComboFix /Uninstall



NEXT:



OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Commands
    [ClearAllRestorePoints]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.


NEXT:



OTL Clean-Up

We Need to Clean Up our Mess
Our work on your machine has left considerable leftovers on your box. Let's clean those up real quick:
  • Reopen Posted Image on your desktop.
  • Click on Posted Image
  • You will be prompted to reboot your system. Please do so.
If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.


NEXT:



All Clean Speech

===> Make sure you've re-enabled any Security Programs that we may have disabled during the malware removal process. <===



Below I have included a number of recommendations for how to protect your computer against malware infections.


Updated Anti-Virus Program
It's essential that you have an updated anti-virus program running on your computer. You don't want to run more than one as it can cause program conflicts, as well as false positives

You can view an excellent list of Free Security Software programs that has been compiled by GeekstoGo.


Avoid P2P Programs

Remember that no matter how clean the program you're using for peer-to-peer filesharing may be, it offers no guarantees regarding the cleanliness of files you may choose to download. All files available via p2p filesharing carry a high risk, particularly those that offer you illegitimate methods of using legitimate software programs without paying for them. Some further readings on this subject, along the included links, are as follows: File-Sharing, otherwise known as Peer To Peer and Risks of File-Sharing Technology.

If you have any of these programs installed then I highly suggest you uninstall them.

NOTE: Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.


Internet Browsers

Many of the users that I assist here on the forums, ask me which programs they can use to prevent themselves from getting infected again in the future. The best answer I can give you is too practice safe browsing.

Please consider using an alternative browser such as Google Chrome or Opera. They are both much more secure than Internet Explorer, immune to almost all known browser hijackers, and also have great built-in pop-up blockers.

I also suggest you make your Internet Explore more secure.


Make Internet Explorer more secure

  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.



Extra Goodies

  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them
    then consider a password keeper, to keep all your passwords safe.
  • Keep Windows updated by regularly checking their website at: http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.
  • You should run an updated scan with MalwareBytes' Anti-Malware weekly. Instructions are included below:

    • Open Malwarebytes' Anti-Malware
    • Select the Update tab
    • Click Check for Updates

  • Be weary of e-mails from unknown senders. Keep the following in mind as well: If it's to good to be true, then it more than likely is.

  • FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for Chrome and Opera.
  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
  • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:
    Think Prevention.
    PC Safety and Security--What Do I Need?.
**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Cheers,
SweetTech.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#22 rsnyder316

rsnyder316
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:51 AM

Posted 18 June 2011 - 01:19 PM

Thanks so much, SweetTech! OTL Fix and Clean-up were successful. I appreciate all of your help.

#23 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:02:51 AM

Posted 18 June 2011 - 01:24 PM

You're more than welcome! I'm glad that we were able to work together to solve the issues you were experiencing with your computer.

Please take care!

Kindest Regards,
SweetTech.

____________________________________________________

Since it appears that the issues you were experiencing with your computer have been resolved, I am going to close this thread. If you should need the thread re-opened please send me a Private Message (PM) with a request to re-open the thread, as well as the link to the thread in question, and I'd be happy to re-open the thread.


Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users