Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 26

Thread: Infected - Smart Fortress 2012

  1. #11
    Senior Member
    Join Date
    Sep 2010
    Posts
    631

    Default

    Hi

    that would be most likely due to being in Safe Mode. Only the basic windows drivers/services are loaded and nothing from the autostart locations. You will notice your Security Programs are running.

    This tool is very good in removing the infection you have. It works best in Normal windows.

    Please read through these instructions to familarize yourself with what to expect when this tool runs


    Download ComboFix from one of these locations:

    Link 1
    Link 2


    * IMPORTANT !!! Save ComboFix.exe to your Desktop

    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs
    • Double click on ComboFix.exe & follow the prompts.
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.


    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



    Click on Yes, to continue scanning for malware.

    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

    Notes:

    1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    3. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    Member of UNITE and ASAP

  2. #12
    Junior Member
    Join Date
    Apr 2012
    Posts
    15

    Default

    .


    Downloaded ComboFix to the flash drive and then ran it on the infected machine.

    Could only do it in Safe Mode as the "Smart Fortress" takes over in Normal Mode.

    Pop-up warned of Antivirus running.....couldn't disable in Safe Mode.

    ComboFix appeared to do its thing and found some stuff and then requested a re-start.

    Clicked ok......then "Windows is shutting down" appeared as normal.

    But.....it is now stuck (hung) on that window....for more than a half hour now.



    .

  3. #13
    Senior Member
    Join Date
    Sep 2010
    Posts
    631

    Default

    Hi Halton,

    Restart your computer in Safe Mode. Let it run for a bit, combofix may finish. If not rerun it.
    Member of UNITE and ASAP

  4. #14
    Junior Member
    Join Date
    Apr 2012
    Posts
    15

    Default

    .


    Hello.....re-started in Safe Mode.....ComboFix then scanned on its own.

    Went through it's processes and deletions and re-started in Normal mode.

    My WIND Mobile Internet "exe" got caught up in the deletions.

    So I uninstalled it all and then re-installed it fresh.....back online.....now posting from the infected machine.

    Here is the ComboFix log..........

    --------------------------------------------------------------------------


    ComboFix 12-04-31.02 - Gooderham 30/04/2012 12:32:50.2.1 - x86 NETWORK
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2039.1759 [GMT -4:00]
    Running from: E:\ComboFix.exe
    AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    AV: AVG Anti-Virus 7.1.405 *Enabled/Updated* {41564737-3200-1071-989B-0000E87B4FB1}
    .
    ADS - WINDOWS: deleted 128 bytes in 1 streams.
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\install.exe
    c:\program files\WIND\WIND.exe
    c:\windows\$NtUninstallKB54679$
    c:\windows\$NtUninstallKB54679$\1605208634\@
    c:\windows\$NtUninstallKB54679$\1605208634\cfg.ini
    c:\windows\$NtUninstallKB54679$\1605208634\Desktop.ini
    c:\windows\$NtUninstallKB54679$\1605208634\L\odetmngk
    c:\windows\$NtUninstallKB54679$\1605208634\U\00000001.$
    c:\windows\$NtUninstallKB54679$\1605208634\U\00000002.$
    c:\windows\$NtUninstallKB54679$\1605208634\U\00000004.$
    c:\windows\$NtUninstallKB54679$\1605208634\U\80000000.$
    c:\windows\$NtUninstallKB54679$\1605208634\U\80000004.$
    c:\windows\$NtUninstallKB54679$\1605208634\U\80000032.$
    c:\windows\$NtUninstallKB54679$\2567209568
    c:\windows\system32\urttemp
    c:\windows\system32\urttemp\fusion.dll
    c:\windows\system32\urttemp\mscoree.dll
    c:\windows\system32\urttemp\mscoree.dll.local
    c:\windows\system32\urttemp\mscorsn.dll
    c:\windows\system32\urttemp\mscorwks.dll
    c:\windows\system32\urttemp\msvcr71.dll
    c:\windows\system32\urttemp\regtlib.exe
    .
    Infected copy of c:\windows\system32\drivers\ipsec.sys was found and disinfected
    Restored copy from - The cat found it
    .
    ((((((((((((((((((((((((( Files Created from 2012-03-28 to 2012-04-30 )))))))))))))))))))))))))))))))
    .
    .
    2012-04-30 14:48 . 2008-04-13 19:19 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys
    2012-04-29 13:49 . 2012-04-29 13:49 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2012-04-29 13:39 . 2012-04-29 13:39 -------- d-----w- c:\documents and settings\All Users\Application Data\529C50A800717D320000205BD151FC84
    2012-04-27 15:56 . 2012-04-13 07:36 6734704 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{BF1BFAF0-5468-4D23-8D27-5194D2AFCBFF}\mpengine.dll
    2012-04-26 14:42 . 2012-04-26 14:44 -------- d-----w- c:\program files\Content Manager
    2012-04-06 01:57 . 2012-04-15 12:23 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-04-02 20:04 . 2012-04-02 20:23 -------- d-----w- c:\program files\Ghost Mouse Auto Clicker
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-04-15 12:23 . 2011-05-25 18:38 70304 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-04-13 07:36 . 2006-05-04 10:00 6734704 -c--a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
    2012-03-06 23:15 . 2012-02-01 16:07 41184 ----a-w- c:\windows\avastSS.scr
    2012-03-06 23:15 . 2012-02-01 16:07 201352 ----a-w- c:\windows\system32\aswBoot.exe
    2012-03-06 23:03 . 2012-02-01 16:07 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2012-03-06 23:03 . 2012-02-01 16:07 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2012-03-06 23:02 . 2012-02-01 16:07 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2012-03-06 23:01 . 2012-02-01 16:07 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2012-03-06 23:01 . 2012-02-01 16:07 95704 ----a-w- c:\windows\system32\drivers\aswmon2.sys
    2012-03-06 23:01 . 2012-02-01 16:07 89048 ----a-w- c:\windows\system32\drivers\aswmon.sys
    2012-03-06 23:01 . 2012-02-01 16:07 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2012-03-06 22:58 . 2012-02-01 16:07 24920 ----a-w- c:\windows\system32\drivers\aavmker4.sys
    2012-03-01 11:01 . 2004-08-10 18:51 916992 ----a-w- c:\windows\system32\wininet.dll
    2012-03-01 11:01 . 2004-08-10 18:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2012-03-01 11:01 . 2004-08-10 18:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2012-02-29 14:10 . 2004-08-10 18:51 177664 ----a-w- c:\windows\system32\wintrust.dll
    2012-02-29 14:10 . 2004-08-10 18:51 148480 ----a-w- c:\windows\system32\imagehlp.dll
    2012-02-29 12:17 . 2004-08-10 18:51 385024 ----a-w- c:\windows\system32\html.iec
    2012-02-23 14:18 . 2009-10-07 16:09 237072 -c----w- c:\windows\system32\MpSigStub.exe
    2012-02-07 15:02 . 2012-02-07 15:02 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
    2012-02-03 09:22 . 2004-08-10 18:51 1860096 ----a-w- c:\windows\system32\win32k.sys
    2011-10-21 11:37 . 2011-10-21 11:37 4752189 -c--a-w- c:\program files\exiftool(-k).exe
    2012-04-20 15:37 . 2012-04-20 15:37 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2012-03-06 23:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-04-23 39408]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]
    .
    c:\documents and settings\Gooderham.LAPTOP\Start Menu\Programs\Startup\
    ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
    HP SimpleSave Monitor.lnk - c:\documents and settings\Gooderham.LAPTOP\Application Data\HP SimpleSave Application\StartHelper.exe [2012-1-6 477080]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-12-19 24576]
    Event Reminder.lnk - c:\program files\Broderbund\PrintMaster\PMREMIND.EXE [2007-4-1 327680]
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\WINDOWS\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
    "c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=
    "c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
    "c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
    .
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [01/02/2012 12:07 PM 612184]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [01/02/2012 12:07 PM 337880]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [01/02/2012 12:07 PM 20696]
    R2 BackupService;BackupService;c:\documents and settings\Gooderham.LAPTOP\Application Data\HP SimpleSave Application\uUACTokenSvc.exe [06/01/2012 11:15 AM 83512]
    R2 HWDeviceService.exe;HWDeviceService.exe;c:\documents and settings\All Users\Application Data\DatacardService\HWDeviceService.exe [14/03/2011 11:27 AM 271712]
    R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [16/12/2009 10:11 AM 65856]
    R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [29/01/2012 8:06 PM 73216]
    S2 gupdate1c9d47de932459a;Google Update Service (gupdate1c9d47de932459a);c:\program files\Google\Update\GoogleUpdate.exe [14/05/2009 6:22 AM 133104]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [05/04/2012 9:57 PM 253088]
    S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [29/01/2012 8:06 PM 102784]
    S3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\drivers\ew_usbenumfilter.sys [29/01/2012 8:06 PM 11136]
    S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [29/01/2012 8:06 PM 235392]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [14/05/2009 6:22 AM 133104]
    S3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys --> c:\windows\system32\Drivers\ANDROIDUSB.sys [?]
    S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [29/04/2012 9:49 AM 40776]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    getPlusHelper REG_MULTI_SZ getPlusHelper
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-04-29 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 12:23]
    .
    2012-04-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-05-14 10:22]
    .
    2012-04-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-05-14 10:22]
    .
    2012-04-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1111717751-3393396884-3224383096-1006Core.job
    - c:\documents and settings\Gooderham.LAPTOP\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-01-17 18:48]
    .
    2012-04-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1111717751-3393396884-3224383096-1006UA.job
    - c:\documents and settings\Gooderham.LAPTOP\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-01-17 18:48]
    .
    2012-04-24 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]
    .
    .
    ------- Supplementary Scan -------
    .
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Connection Wizard,ShellNext = iexplore
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    DPF: {4B48D5DF-9021-45F7-A240-60304302A215}
    FF - ProfilePath - c:\documents and settings\Gooderham.LAPTOP\Application Data\Mozilla\Firefox\Profiles\9yflb6sv.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?st=1
    FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en&q=
    FF - prefs.js: network.proxy.type - 0
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKCU-Run-Mobile Partner - c:\program files\WIND\WIND.exe
    SafeBoot-WinDefend
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-04-30 12:45
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'explorer.exe'(3792)
    c:\windows\system32\WININET.dll
    c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\System32\wltrysvc.exe
    c:\windows\System32\bcmwltry.exe
    c:\program files\AVAST Software\Avast\AvastSvc.exe
    c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    .
    **************************************************************************
    .
    Completion time: 2012-04-30 12:52:28 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-04-30 16:52
    .
    Pre-Run: 6,023,593,984 bytes free
    Post-Run: 3,906,338,816 bytes free
    .
    - - End Of File - - A70B8F9D3528744F4F3E31013D479529



    .

  5. #15
    Junior Member
    Join Date
    Apr 2012
    Posts
    15

    Default

    .


    P.S.

    Smart Fortress didn't autorun but is still on my desktop and in my programs list.


    .

  6. #16
    Senior Member
    Join Date
    Sep 2010
    Posts
    631

    Default

    Hi Halton,

    Wind.exe was targeted because of the location.

    Please rescan with OTL and we'll clean up the left overs. This time check the box beside "scan all users" and click Quick Scan. There will only be a OTL.txt this time.
    Member of UNITE and ASAP

  7. #17
    Junior Member
    Join Date
    Apr 2012
    Posts
    15

    Default

    .


    Hello......here is the new OTL scan

    --------------------------------------------------------------------

    OTL logfile created on: 30/04/2012 8:59:05 PM - Run 2
    OTL by OldTimer - Version 3.2.42.2 Folder = C:\Documents and Settings\Gooderham.LAPTOP\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

    1.99 Gb Total Physical Memory | 1.47 Gb Available Physical Memory | 73.97% Memory free
    4.83 Gb Paging File | 4.54 Gb Available in Paging File | 93.94% Paging File free
    Paging file location(s): C:\pagefile.sys 3058 3058 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 34.21 Gb Total Space | 3.32 Gb Free Space | 9.70% Space Free | Partition Type: NTFS
    Drive F: | 35.46 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: DELL | User Name: Gooderham | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/04/30 12:58:13 | 000,514,048 | ---- | M] () -- C:\Program Files\WIND\WIND.exe
    PRC - [2012/04/30 12:57:51 | 000,246,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\WIND\OnlineUpdate\ouc.exe
    PRC - [2012/04/29 16:59:18 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gooderham.LAPTOP\Desktop\OTL.exe
    PRC - [2012/03/06 19:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
    PRC - [2012/03/06 19:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    PRC - [2011/05/26 15:14:52 | 000,477,080 | ---- | M] () -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\HP SimpleSave Application\StartHelper.exe
    PRC - [2011/03/14 11:27:28 | 000,271,712 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\DatacardService\HWDeviceService.exe
    PRC - [2010/07/01 11:38:26 | 000,083,512 | ---- | M] (ArcSoft, Inc.) -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\HP SimpleSave Application\uUACTokenSvc.exe
    PRC - [2009/12/16 10:11:06 | 000,065,856 | ---- | M] (Nalpeiron Ltd.) -- C:\WINDOWS\system32\NLSSRV32.EXE
    PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2008/01/11 17:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/04/30 14:00:32 | 001,771,520 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12043001\algo.dll
    MOD - [2012/04/30 12:58:13 | 000,514,048 | ---- | M] () -- C:\Program Files\WIND\WIND.exe
    MOD - [2012/04/30 12:57:51 | 000,246,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\WIND\OnlineUpdate\ouc.exe
    MOD - [2012/04/30 12:57:50 | 000,185,856 | ---- | M] () -- C:\Program Files\WIND\XFramePlugin.dll
    MOD - [2012/04/30 12:57:50 | 000,159,232 | ---- | M] () -- C:\Program Files\WIND\XCodec.dll
    MOD - [2012/04/30 12:57:50 | 000,142,336 | ---- | M] () -- C:\Program Files\WIND\USSDSrvPlugin.dll
    MOD - [2012/04/30 12:57:50 | 000,135,168 | ---- | M] () -- C:\Program Files\WIND\Trace.dll
    MOD - [2012/04/30 12:57:50 | 000,106,496 | ---- | M] () -- C:\Program Files\WIND\Win7Support.dll
    MOD - [2012/04/30 12:57:49 | 001,148,416 | ---- | M] () -- C:\Program Files\WIND\QtNetwork4.dll
    MOD - [2012/04/30 12:57:49 | 000,781,824 | ---- | M] () -- C:\Program Files\WIND\SMSUIPlugin.dll
    MOD - [2012/04/30 12:57:49 | 000,670,720 | ---- | M] () -- C:\Program Files\WIND\SmsAppPlugin.dll
    MOD - [2012/04/30 12:57:49 | 000,370,176 | ---- | M] () -- C:\Program Files\WIND\plugins\imageformats\qtiff4.dll
    MOD - [2012/04/30 12:57:49 | 000,320,512 | ---- | M] () -- C:\Program Files\WIND\StatusBarMgrPlugin.dll
    MOD - [2012/04/30 12:57:49 | 000,258,560 | ---- | M] () -- C:\Program Files\WIND\sdk.dll
    MOD - [2012/04/30 12:57:49 | 000,229,376 | ---- | M] () -- C:\Program Files\WIND\ToolBarMgrPlugin.dll
    MOD - [2012/04/30 12:57:49 | 000,217,600 | ---- | M] () -- C:\Program Files\WIND\SmsSrvPlugin.dll
    MOD - [2012/04/30 12:57:49 | 000,156,672 | ---- | M] () -- C:\Program Files\WIND\STKSrvPlugin.dll
    MOD - [2012/04/30 12:57:48 | 009,515,520 | ---- | M] () -- C:\Program Files\WIND\QtGui4.dll
    MOD - [2012/04/30 12:57:46 | 002,415,104 | ---- | M] () -- C:\Program Files\WIND\QtCore4.dll
    MOD - [2012/04/30 12:57:46 | 000,545,280 | ---- | M] () -- C:\Program Files\WIND\PluginContainer.dll
    MOD - [2012/04/30 12:57:46 | 000,379,392 | ---- | M] () -- C:\Program Files\WIND\Proxy.dll
    MOD - [2012/04/30 12:57:46 | 000,350,720 | ---- | M] () -- C:\Program Files\WIND\plugins\imageformats\qmng4.dll
    MOD - [2012/04/30 12:57:46 | 000,225,280 | ---- | M] () -- C:\Program Files\WIND\NetSrvPlugin.dll
    MOD - [2012/04/30 12:57:46 | 000,192,000 | ---- | M] () -- C:\Program Files\WIND\plugins\imageformats\qjpeg4.dll
    MOD - [2012/04/30 12:57:46 | 000,133,120 | ---- | M] () -- C:\Program Files\WIND\OSDialup.dll
    MOD - [2012/04/30 12:57:46 | 000,131,072 | ---- | M] () -- C:\Program Files\WIND\OSNDIS.dll
    MOD - [2012/04/30 12:57:46 | 000,101,376 | ---- | M] () -- C:\Program Files\WIND\OSAdapt.dll
    MOD - [2012/04/30 12:57:46 | 000,093,184 | ---- | M] () -- C:\Program Files\WIND\NotifyServicePlugin.dll
    MOD - [2012/04/30 12:57:46 | 000,082,944 | ---- | M] () -- C:\Program Files\WIND\plugins\imageformats\qgif4.dll
    MOD - [2012/04/30 12:57:46 | 000,081,920 | ---- | M] () -- C:\Program Files\WIND\plugins\imageformats\qico4.dll
    MOD - [2012/04/30 12:57:46 | 000,065,536 | ---- | M] () -- C:\Program Files\WIND\OSPowerMgr.dll
    MOD - [2012/04/30 12:57:46 | 000,062,976 | ---- | M] () -- C:\Program Files\WIND\OSCall.dll
    MOD - [2012/04/30 12:57:45 | 001,101,824 | ---- | M] () -- C:\Program Files\WIND\NDISAPI.dll
    MOD - [2012/04/30 12:57:45 | 000,449,536 | ---- | M] () -- C:\Program Files\WIND\NetInfoUIExPlugin.dll
    MOD - [2012/04/30 12:57:45 | 000,331,776 | ---- | M] () -- C:\Program Files\WIND\NetConnectPlugin.dll
    MOD - [2012/04/30 12:57:45 | 000,275,456 | ---- | M] () -- C:\Program Files\WIND\NetInfoSrvPlugin.dll
    MOD - [2012/04/30 12:57:45 | 000,269,824 | ---- | M] () -- C:\Program Files\WIND\LiveUpdateInterface.dll
    MOD - [2012/04/30 12:57:45 | 000,245,760 | ---- | M] () -- C:\Program Files\WIND\MenuMgrPlugin.dll
    MOD - [2012/04/30 12:57:45 | 000,179,712 | ---- | M] () -- C:\Program Files\WIND\NDISPlugin.dll
    MOD - [2012/04/30 12:57:45 | 000,158,720 | ---- | M] () -- C:\Program Files\WIND\NetConnectSrvPlugin.dll
    MOD - [2012/04/30 12:57:45 | 000,117,760 | ---- | M] () -- C:\Program Files\WIND\LayoutPlugin.dll
    MOD - [2012/04/30 12:57:45 | 000,043,008 | ---- | M] () -- C:\Program Files\WIND\libgcc_s_dw2-1.dll
    MOD - [2012/04/30 12:57:45 | 000,011,362 | ---- | M] () -- C:\Program Files\WIND\mingwm10.dll
    MOD - [2012/04/30 12:57:44 | 000,495,104 | ---- | M] () -- C:\Program Files\WIND\DeviceMgrUIPlugin.dll
    MOD - [2012/04/30 12:57:44 | 000,414,720 | ---- | M] () -- C:\Program Files\WIND\DialupUIPlugin.dll
    MOD - [2012/04/30 12:57:44 | 000,356,352 | ---- | M] () -- C:\Program Files\WIND\core.dll
    MOD - [2012/04/30 12:57:44 | 000,337,408 | ---- | M] () -- C:\Program Files\WIND\DeviceAppPlugin.dll
    MOD - [2012/04/30 12:57:44 | 000,300,544 | ---- | M] () -- C:\Program Files\WIND\DeviceSrvPlugin.dll
    MOD - [2012/04/30 12:57:44 | 000,218,112 | ---- | M] () -- C:\Program Files\WIND\Common.dll
    MOD - [2012/04/30 12:57:44 | 000,211,456 | ---- | M] () -- C:\Program Files\WIND\DialUpPlugin.dll
    MOD - [2012/04/30 12:57:44 | 000,157,184 | ---- | M] () -- C:\Program Files\WIND\DataServicePlugin.dll
    MOD - [2012/04/30 12:57:43 | 000,547,840 | ---- | M] () -- C:\Program Files\WIND\CallLogSrvPlugin.dll
    MOD - [2012/04/30 12:57:43 | 000,175,104 | ---- | M] () -- C:\Program Files\WIND\CallSrvPlugin.dll
    MOD - [2012/04/30 12:57:42 | 001,077,248 | ---- | M] () -- C:\Program Files\WIND\AddrBookPlugin.dll
    MOD - [2012/04/30 12:57:42 | 000,739,840 | ---- | M] () -- C:\Program Files\WIND\AddrBookUIPlugin.dll
    MOD - [2012/04/30 12:57:42 | 000,550,400 | ---- | M] () -- C:\Program Files\WIND\CallAppPlugin.dll
    MOD - [2012/04/30 12:57:42 | 000,264,704 | ---- | M] () -- C:\Program Files\WIND\AddrBookSrvPlugin.dll
    MOD - [2012/04/30 12:57:42 | 000,238,592 | ---- | M] () -- C:\Program Files\WIND\AtCodec.dll
    MOD - [2012/04/30 12:57:42 | 000,123,392 | ---- | M] () -- C:\Program Files\WIND\ATR2SMgr.dll
    MOD - [2011/12/30 15:51:11 | 001,148,416 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\WIND\OnlineUpdate\QtNetwork4.dll
    MOD - [2011/12/30 15:51:11 | 000,398,336 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\WIND\OnlineUpdate\QtXml4.dll
    MOD - [2011/12/30 15:51:11 | 000,384,512 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\WIND\OnlineUpdate\QueryStrategy.dll
    MOD - [2011/12/30 15:51:10 | 002,415,104 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\WIND\OnlineUpdate\QtCore4.dll
    MOD - [2011/12/30 15:51:09 | 000,043,008 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\WIND\OnlineUpdate\libgcc_s_dw2-1.dll
    MOD - [2011/12/30 15:51:09 | 000,011,362 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\WIND\OnlineUpdate\mingwm10.dll
    MOD - [2011/05/26 15:14:52 | 000,477,080 | ---- | M] () -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\HP SimpleSave Application\StartHelper.exe
    MOD - [2011/03/14 11:27:28 | 000,271,712 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\DatacardService\HWDeviceService.exe
    MOD - [2005/10/07 16:05:32 | 000,125,440 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
    MOD - [2001/10/29 02:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\pdfmonnt.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
    SRV - [2012/04/30 12:57:51 | 000,246,112 | ---- | M] () [Auto | Stopped] -- C:\Program Files\WIND\UpdateDog\ouc.exe -- (WIND. RunOuc)
    SRV - [2012/04/15 08:23:32 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/03/06 19:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2011/03/14 11:27:28 | 000,271,712 | ---- | M] () [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\DatacardService\HWDeviceService.exe -- (HWDeviceService.exe)
    SRV - [2010/07/01 11:38:26 | 000,083,512 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\HP SimpleSave Application\uUACTokenSvc.exe -- (BackupService)
    SRV - [2010/03/29 08:51:54 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
    SRV - [2009/12/16 10:11:06 | 000,065,856 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\WINDOWS\system32\NLSSRV32.EXE -- (nlsX86cc)
    SRV - [2008/01/11 17:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
    SRV - [2007/03/19 12:44:44 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | Disabled | Stopped] -- system32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\swumx20.sys -- (SWUMX20) Sierra Wireless USB MUX Driver (UMTS20)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SWNC5E00.sys -- (SWNC5E00) Sierra Wireless MUX NDIS Driver (#00)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\swmx00.sys -- (SWMX00) Sierra Wireless USB MUX Driver (#00)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
    DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
    DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\PCASp50.sys -- (PCASp50)
    DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\GOODER~1.LAP\LOCALS~1\Temp\mbr.sys -- (mbr)
    DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
    DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\ANDROIDUSB.sys -- (HTCAND32)
    DRV - File not found [Kernel | Disabled | Unknown] -- C:\WINDOWS\System32\drivers\dwshd.sys -- (dwshd)
    DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
    DRV - File not found [Kernel | On_Demand | Running] -- C:\ComboFix\catchme.sys -- (catchme)
    DRV - [2012/04/30 12:57:52 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
    DRV - [2012/04/30 12:57:52 | 000,073,216 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
    DRV - [2012/04/30 12:57:52 | 000,011,136 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter)
    DRV - [2012/04/30 12:57:51 | 000,235,392 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbnet.sys -- (ewusbnet)
    DRV - [2012/04/30 12:57:51 | 000,193,792 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
    DRV - [2012/04/29 09:49:57 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
    DRV - [2012/03/06 19:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
    DRV - [2012/03/06 19:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
    DRV - [2012/03/06 19:02:00 | 000,035,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
    DRV - [2012/03/06 19:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2012/03/06 19:01:39 | 000,095,704 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
    DRV - [2012/03/06 19:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV - [2012/03/06 18:58:29 | 000,024,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
    DRV - [2010/10/03 08:25:03 | 000,195,120 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
    DRV - [2010/10/03 08:24:33 | 002,649,216 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
    DRV - [2010/10/03 08:24:01 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
    DRV - [2010/10/03 08:18:32 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
    DRV - [2010/02/11 08:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
    DRV - [2008/09/16 15:18:32 | 000,026,888 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swmsflt.sys -- (swmsflt)
    DRV - [2008/04/13 14:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
    DRV - [2007/10/12 17:04:38 | 000,099,200 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbser.sys -- (NWUSBPort)
    DRV - [2007/10/12 17:04:38 | 000,099,200 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbmdm.sys -- (NWUSBModem)
    DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
    DRV - [2006/10/05 17:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
    DRV - [2005/12/19 20:46:28 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
    DRV - [2005/08/03 12:44:16 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\APPDRV.SYS -- (APPDRV)
    DRV - [2005/07/22 05:02:12 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
    DRV - [2005/07/22 05:01:08 | 000,201,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
    DRV - [2005/07/22 05:01:00 | 000,717,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
    DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
    DRV - [2004/08/04 07:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
    DRV - [2004/08/04 07:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
    DRV - [2003/11/30 22:54:20 | 000,043,136 | R--- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.ca/myway
    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.ca/myway
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.ca/myway
    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.ca/myway
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-21-1111717751-3393396884-3224383096-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
    IE - HKU\S-1-5-21-1111717751-3393396884-3224383096-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    IE - HKU\S-1-5-21-1111717751-3393396884-3224383096-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.msn.com/
    IE - HKU\S-1-5-21-1111717751-3393396884-3224383096-1006\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKU\S-1-5-21-1111717751-3393396884-3224383096-1006\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=p,com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_en
    IE - HKU\S-1-5-21-1111717751-3393396884-3224383096-1006\..\SearchScopes\{995F004B-3A93-445F-9A34-4E2521724E49}: "URL" = http://www.google.com/search?q={searchTerms}&rls=p,com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLG
    IE - HKU\S-1-5-21-1111717751-3393396884-3224383096-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Google"
    FF - prefs.js..browser.startup.homepage: "http://www.msn.com/?st=1"
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: {f759ca51-3a91-4dd1-ae78-9db5eee9ebf0}:5.7.0
    FF - prefs.js..extensions.enabledItems: wrc@avast.com:7.0.1426
    FF - prefs.js..keyword.URL: "http://www.google.com/search?sourceid=navclient&hl=en&q="
    FF - prefs.js..network.proxy.type: 0
    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Gooderham.LAPTOP\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Gooderham.LAPTOP\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\searchpredict@speedbit.com: C:\Program Files\SearchPredict\PRFireFox
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}: C:\Program Files\SpeedBit Video Downloader\SPFireFox
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/03/19 17:07:26 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/04/20 11:37:36 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/20 11:37:35 | 000,000,000 | ---D | M]

    [2011/02/16 01:42:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\Mozilla\Extensions
    [2009/08/09 20:02:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\Mozilla\Extensions\mozswing@mozswing.org
    [2012/04/27 10:49:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\Mozilla\Firefox\Profiles\9yflb6sv.default\extensions
    [2012/01/09 08:49:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\Mozilla\Firefox\Profiles\9yflb6sv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2012/01/24 13:28:15 | 000,000,000 | ---D | M] (UnMHT) -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\Mozilla\Firefox\Profiles\9yflb6sv.default\extensions\{f759ca51-3a91-4dd1-ae78-9db5eee9ebf0}
    [2010/03/28 12:08:00 | 000,002,254 | ---- | M] () -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\Mozilla\Firefox\Profiles\9yflb6sv.default\searchplugins\askcom.xml
    [2011/02/16 01:42:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2012/04/20 11:37:29 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2011/03/29 15:23:53 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
    [2012/04/20 11:37:22 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2012/04/20 11:37:22 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = http://www.google.com/search?q={searchTerms}&rls=p,com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_en
    CHR - default_search_provider: suggest_url =
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Gooderham.LAPTOP\Local Settings\Application Data\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Gooderham.LAPTOP\Local Settings\Application Data\Google\Chrome\Application\16.0.912.75\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Gooderham.LAPTOP\Local Settings\Application Data\Google\Chrome\Application\16.0.912.75\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
    CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
    CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
    CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Gooderham.LAPTOP\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll
    CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - plugin: Default Plug-in (Enabled) = default_plugin
    CHR - Extension: YouTube = C:\Documents and Settings\Gooderham.LAPTOP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
    CHR - Extension: YouTube = C:\Documents and Settings\Gooderham.LAPTOP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
    CHR - Extension: Google Search = C:\Documents and Settings\Gooderham.LAPTOP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
    CHR - Extension: Google Search = C:\Documents and Settings\Gooderham.LAPTOP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
    CHR - Extension: Gmail = C:\Documents and Settings\Gooderham.LAPTOP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
    CHR - Extension: Gmail = C:\Documents and Settings\Gooderham.LAPTOP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2012/04/30 12:44:49 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
    O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
    O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O3 - HKU\S-1-5-21-1111717751-3393396884-3224383096-1006\..\Toolbar\WebBrowser: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - Reg Error: Value error. File not found
    O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
    O4 - HKU\S-1-5-21-1111717751-3393396884-3224383096-1006..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled [2010/08/30 11:19:15 | 000,000,000 | -H-D | M]
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\programs\Startup\Event Reminder.lnk = C:\Program Files\Broderbund\PrintMaster\PMREMIND.EXE (The Learning Company)
    O4 - Startup: C:\Documents and Settings\Gooderham.LAPTOP\Start Menu\programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
    O4 - Startup: C:\Documents and Settings\Gooderham.LAPTOP\Start Menu\programs\Startup\HP SimpleSave Monitor.lnk = C:\Documents and Settings\Gooderham.LAPTOP\Application Data\HP SimpleSave Application\StartHelper.exe ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-1111717751-3393396884-3224383096-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1111717751-3393396884-3224383096-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-21-1111717751-3393396884-3224383096-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-21-1111717751-3393396884-3224383096-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_22.dll (Sun Microsystems, Inc.)
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} Reg Error: Value error. (Reg Error: Key error.)
    O16 - DPF: {298BFFEE-662D-11D5-ADAF-00E0810232D7} Reg Error: Value error. (Reg Error: Key error.)
    O16 - DPF: {4B48D5DF-9021-45F7-A240-60304302A215} Reg Error: Value error. (Reg Error: Key error.)
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} Reg Error: Value error. (Reg Error: Key error.)
    O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd...pdetect118.cab (GMNRev Class)
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} Reg Error: Value error. (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} Reg Error: Value error. (Reg Error: Key error.)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get...nt/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} Reg Error: Value error. (Reg Error: Key error.)
    O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} Reg Error: Value error. (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DDF6F85E-CD3A-420A-9EA1-18EB04C811FE}: NameServer = 74.115.197.69 74.115.197.68
    O18 - Protocol\Filter\x-sdch - No CLSID value found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Documents and Settings\Gooderham.LAPTOP\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Gooderham.LAPTOP\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
    O29 - HKLM SecurityProviders - (zwebauth.dll) - C:\WINDOWS\System32\ZWebAuth.dll ()
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2004/08/10 15:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2011/03/16 11:27:21 | 000,148,320 | R--- | M] () - F:\AutoRun.exe -- [ CDFS ]
    O32 - AutoRun File - [2010/11/30 13:53:56 | 000,000,047 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/04/30 20:58:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gooderham.LAPTOP\Desktop\Scans
    [2012/04/30 16:03:55 | 000,000,000 | -HSD | C] -- C:\RECYCLER
    [2012/04/30 12:59:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WIND
    [2012/04/30 12:58:20 | 000,090,112 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_jucdcacm.sys
    [2012/04/30 12:58:20 | 000,073,216 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_jubusenum.sys
    [2012/04/30 12:58:20 | 000,064,384 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_jucdcecm.sys
    [2012/04/30 12:58:20 | 000,026,624 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_juextctrl.sys
    [2012/04/30 12:58:19 | 000,861,696 | ---- | C] (DiBcom SA) -- C:\WINDOWS\System32\drivers\mod7700.sys
    [2012/04/30 12:58:19 | 000,235,392 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewusbnet.sys
    [2012/04/30 12:58:19 | 000,193,792 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewusbmdm.sys
    [2012/04/30 12:58:19 | 000,102,784 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_hwusbdev.sys
    [2012/04/30 12:58:19 | 000,025,856 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewdcsc.sys
    [2012/04/30 12:58:19 | 000,019,200 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_hwupgrade.sys
    [2012/04/30 12:58:19 | 000,011,136 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_usbenumfilter.sys
    [2012/04/30 12:58:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
    [2012/04/30 12:42:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
    [2012/04/30 10:45:47 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2012/04/30 10:45:47 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2012/04/30 10:45:47 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2012/04/30 10:45:47 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2012/04/30 10:42:09 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/04/29 17:09:02 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Gooderham.LAPTOP\Desktop\OTL.exe
    [2012/04/29 09:49:57 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2012/04/29 09:43:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gooderham.LAPTOP\Start Menu\programs\Smart Fortress 2012
    [2012/04/29 09:39:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\529C50A800717D320000205BD151FC84
    [2012/04/26 10:42:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Magellan Content Manager
    [2012/04/26 10:42:39 | 000,000,000 | ---D | C] -- C:\Program Files\Content Manager
    [2012/04/21 20:44:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gooderham.LAPTOP\Desktop\407 ETR
    [2012/04/16 11:21:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gooderham.LAPTOP\My Documents\TD Statements
    [2012/04/10 10:05:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gooderham.LAPTOP\Desktop\MoneyBookers
    [2012/04/04 12:29:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gooderham.LAPTOP\Desktop\9TM Arizona
    [2012/04/02 16:04:42 | 000,000,000 | ---D | C] -- C:\Program Files\Ghost Mouse Auto Clicker
    [2011/10/21 07:37:42 | 004,752,189 | ---- | C] (Phil Harvey) -- C:\Program Files\exiftool(-k).exe

    ========== Files - Modified Within 30 Days ==========

    [2012/04/30 21:05:03 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2012/04/30 20:40:00 | 000,001,008 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1111717751-3393396884-3224383096-1006UA.job
    [2012/04/30 20:23:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
    [2012/04/30 19:48:28 | 000,017,172 | ---- | M] () -- C:\Documents and Settings\Gooderham.LAPTOP\Desktop\Popup.jpg
    [2012/04/30 12:59:05 | 000,000,626 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WIND.lnk
    [2012/04/30 12:57:52 | 000,861,696 | ---- | M] (DiBcom SA) -- C:\WINDOWS\System32\drivers\mod7700.sys
    [2012/04/30 12:57:52 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_hwusbdev.sys
    [2012/04/30 12:57:52 | 000,090,112 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_jucdcacm.sys
    [2012/04/30 12:57:52 | 000,073,216 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_jubusenum.sys
    [2012/04/30 12:57:52 | 000,064,384 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_jucdcecm.sys
    [2012/04/30 12:57:52 | 000,026,624 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_juextctrl.sys
    [2012/04/30 12:57:52 | 000,011,136 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_usbenumfilter.sys
    [2012/04/30 12:57:51 | 000,235,392 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewusbnet.sys
    [2012/04/30 12:57:51 | 000,193,792 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewusbmdm.sys
    [2012/04/30 12:57:51 | 000,025,856 | ---- | M] (Huawei Tech. Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewdcsc.sys
    [2012/04/30 12:57:51 | 000,019,200 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_hwupgrade.sys
    [2012/04/30 12:44:52 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2012/04/30 12:44:49 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2012/04/30 12:43:52 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2012/04/30 12:43:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2012/04/30 12:43:04 | 2138,505,216 | -HS- | M] () -- C:\hiberfil.sys
    [2012/04/29 16:59:18 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gooderham.LAPTOP\Desktop\OTL.exe
    [2012/04/29 09:49:57 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2012/04/29 09:43:32 | 000,001,324 | ---- | M] () -- C:\Documents and Settings\Gooderham.LAPTOP\Desktop\Smart Fortress 2012.lnk
    [2012/04/27 10:40:01 | 000,000,956 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1111717751-3393396884-3224383096-1006Core.job
    [2012/04/27 09:10:23 | 000,086,044 | ---- | M] () -- C:\Documents and Settings\Gooderham.LAPTOP\My Documents\Magellan Map Order.jpg
    [2012/04/24 07:34:23 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
    [2012/04/23 11:27:28 | 001,249,432 | ---- | M] () -- C:\Documents and Settings\Gooderham.LAPTOP\My Documents\Hydro Bill.pdf
    [2012/04/23 11:06:17 | 000,036,473 | ---- | M] () -- C:\Documents and Settings\Gooderham.LAPTOP\My Documents\Allan-Rob.jpg
    [2012/04/12 03:18:40 | 000,520,986 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2012/04/12 03:18:40 | 000,103,696 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2012/04/12 03:05:28 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2012/04/09 11:01:27 | 003,072,054 | ---- | M] () -- C:\Documents and Settings\Gooderham.LAPTOP\My Documents\Crusaders Who-is.bmp
    [2012/04/04 10:51:40 | 000,031,050 | ---- | M] () -- C:\Documents and Settings\Gooderham.LAPTOP\Desktop\Hair.jpg
    [2012/04/04 09:47:19 | 000,000,831 | ---- | M] () -- C:\Documents and Settings\Gooderham.LAPTOP\Desktop\Registry Booster.lnk
    [2012/04/04 09:38:31 | 000,000,211 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\LockFilePath.ini
    [2012/04/04 08:50:43 | 000,102,400 | ---- | M] () -- C:\Documents and Settings\Gooderham.LAPTOP\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    ========== Files Created - No Company Name ==========

    [2012/04/30 19:48:26 | 000,017,172 | ---- | C] () -- C:\Documents and Settings\Gooderham.LAPTOP\Desktop\Popup.jpg
    [2012/04/30 12:59:05 | 000,000,626 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WIND.lnk
    [2012/04/30 12:43:04 | 2138,505,216 | -HS- | C] () -- C:\hiberfil.sys
    [2012/04/30 10:45:47 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2012/04/30 10:45:47 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2012/04/30 10:45:47 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2012/04/30 10:45:47 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2012/04/30 10:45:47 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2012/04/29 09:43:32 | 000,001,324 | ---- | C] () -- C:\Documents and Settings\Gooderham.LAPTOP\Desktop\Smart Fortress 2012.lnk
    [2012/04/27 09:10:21 | 000,086,044 | ---- | C] () -- C:\Documents and Settings\Gooderham.LAPTOP\My Documents\Magellan Map Order.jpg
    [2012/04/23 11:27:24 | 001,249,432 | ---- | C] () -- C:\Documents and Settings\Gooderham.LAPTOP\My Documents\Hydro Bill.pdf
    [2012/04/23 11:06:15 | 000,036,473 | ---- | C] () -- C:\Documents and Settings\Gooderham.LAPTOP\My Documents\Allan-Rob.jpg
    [2012/04/20 11:37:42 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
    [2012/04/09 11:01:27 | 003,072,054 | ---- | C] () -- C:\Documents and Settings\Gooderham.LAPTOP\My Documents\Crusaders Who-is.bmp
    [2012/04/05 21:57:22 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
    [2012/04/04 10:51:39 | 000,031,050 | ---- | C] () -- C:\Documents and Settings\Gooderham.LAPTOP\Desktop\Hair.jpg
    [2012/04/04 09:47:19 | 000,000,831 | ---- | C] () -- C:\Documents and Settings\Gooderham.LAPTOP\Desktop\Registry Booster.lnk
    [2012/02/15 15:34:27 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
    [2012/01/06 11:48:52 | 000,000,211 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LockFilePath.ini
    [2011/12/06 16:50:28 | 000,001,314 | ---- | C] () -- C:\WINDOWS\COCR2.INI
    [2011/12/06 16:28:44 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll
    [2011/11/01 08:32:46 | 000,573,100 | ---- | C] () -- C:\WINDOWS\System32\sqlite3.dll
    [2011/05/07 17:19:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
    [2011/05/06 15:56:02 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
    [2011/05/06 15:56:02 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
    [2011/05/06 15:54:52 | 000,000,071 | ---- | C] () -- C:\WINDOWS\EPNX110.ini
    [2010/08/22 08:57:17 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
    [2010/07/06 08:25:40 | 000,004,096 | -H-- | C] () -- C:\Documents and Settings\Gooderham.LAPTOP\Local Settings\Application Data\keyfile3.drm

    ========== LOP Check ==========

    [2012/04/29 09:39:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\529C50A800717D320000205BD151FC84
    [2012/02/01 12:07:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
    [2012/04/30 13:00:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DatacardService
    [2011/05/06 15:58:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
    [2012/01/30 17:57:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
    [2012/03/13 12:31:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\magicJack
    [2010/04/27 11:15:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nitro PDF
    [2009/12/25 01:27:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Novatel Wireless
    [2011/05/10 06:27:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OnlineArmor(2)
    [2008/06/21 20:32:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
    [2008/01/11 08:36:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pixelStorm
    [2012/02/06 13:43:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedBit
    [2006/09/11 06:47:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
    [2008/03/18 00:02:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WholeSecurity
    [2011/12/30 15:52:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WIND
    [2011/04/27 08:37:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\Amazon
    [2012/02/07 11:48:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\asoftech
    [2010/04/27 11:03:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\Downloaded Installations
    [2011/05/25 08:21:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\EPSON
    [2009/03/02 08:53:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\Foxit
    [2011/03/29 15:24:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\Foxit Software
    [2008/01/25 10:36:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\GameHouse
    [2010/02/16 17:32:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\HTNetMeter
    [2008/12/09 04:15:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\IObit
    [2011/05/06 16:06:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\Leader Technologies
    [2006/06/17 18:02:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\Leadertech
    [2012/03/13 12:35:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\mjusbsp
    [2008/01/12 10:36:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\MSNInstaller
    [2010/10/05 08:04:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\Nitro PDF
    [2011/05/09 23:35:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\OnlineArmor(2)
    [2011/12/23 19:34:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\Sierra Wireless
    [2006/10/28 16:16:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\SmartDraw
    [2007/11/15 04:27:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\TrojanHunter
    [2008/09/16 05:43:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\TweakNow RegCleaner Professional
    [2010/09/29 09:23:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\Uniblue
    [2006/12/19 13:03:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\WholeSecurity
    [2012/04/24 07:34:23 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

    ========== Purity Check ==========



    < End of report >



    .

  8. #18
    Senior Member
    Join Date
    Sep 2010
    Posts
    631

    Default

    Hi Halton,

    Your java is out of date. Click your start button, open Control panel.
    • Locate the Java icon (it looks like a coffee cup)
    • double click it to open it
    • click the Update tab
    • Click update now
    Decline any Toolbars that may be offered during the update.

    Next, Double click on OTL.exe
    • Under the Custom Scans/Fixes box at the bottom, paste in the following
    • Do Not copy the word CODE
    • please note the fix starts with the :

    Code:
    :Services
    
    :OTL
    [2012/04/29 09:43:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gooderham.LAPTOP\Start Menu\programs\Smart Fortress 2012
    [2012/04/29 09:43:32 | 000,001,324 | ---- | M] () -- C:\Documents and Settings\Gooderham.LAPTOP\Desktop\Smart Fortress 2012.lnk
    
    :Files
    dir "C:\Documents and Settings\All Users\Application Data\529C50A800717D320000205BD151FC84" /s /c
    ipconfig /flushdns /c
    
    :Commands
    [emptytemp]
    [createrestorepoint]
    Then click the Run Fix button at the top
    • Let the program run unhindered
    • Please save the resulting log to be posted in your next reply.
    Please post the OTL fix log.

    You have this program installed, Malwarebytes' Anti-Malware (MBAM). Please update it and run a scan.

    Open MBAM

    • Click the Update tab
    • Click Check for Updates
    • If an update is found, it will download and install the latest version.
    • The program will close to update and reopen.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.

    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

    Please post back with
    • OTL fix log
    • MBAM log
    Any problems?
    Member of UNITE and ASAP

  9. #19
    Junior Member
    Join Date
    Apr 2012
    Posts
    15

    Default

    .


    Hello.......Java updated as requested......OTL fix applied.

    MBAM updated and scanned......found 3 objects.

    During the scan.....Avast fired a couple of warnings when MBAM found the threats......see attached screen shot.

    Also.....when I was doing some test browsing this pop-up appeared when on Youtube.....see attached.

    Never seen it before.....wasn't sure so I just closed it (X)

    Here are the reports.......

    -------------------------------------------------------------------------

    All processes killed
    ========== SERVICES/DRIVERS ==========
    ========== OTL ==========
    C:\Documents and Settings\Gooderham.LAPTOP\Start Menu\programs\Smart Fortress 2012 folder moved successfully.
    C:\Documents and Settings\Gooderham.LAPTOP\Desktop\Smart Fortress 2012.lnk moved successfully.
    ========== FILES ==========
    < dir "C:\Documents and Settings\All Users\Application Data\529C50A800717D320000205BD151FC84" /s /c >
    Volume in drive C has no label.
    Volume Serial Number is F49E-B697
    Directory of C:\Documents and Settings\All Users\Application Data\529C50A800717D320000205BD151FC84
    29/04/2012 09:39 AM <DIR> .
    29/04/2012 09:39 AM <DIR> ..
    30/04/2012 10:33 AM 328 529C50A800717D320000205BD151FC84
    29/04/2012 09:39 AM 425,984 529C50A800717D320000205BD151FC84.exe
    2 File(s) 426,312 bytes
    Total Files Listed:
    2 File(s) 426,312 bytes
    2 Dir(s) 3,472,560,128 bytes free
    C:\Documents and Settings\Gooderham.LAPTOP\Desktop\cmd.bat deleted successfully.
    C:\Documents and Settings\Gooderham.LAPTOP\Desktop\cmd.txt deleted successfully.
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\Documents and Settings\Gooderham.LAPTOP\Desktop\cmd.bat deleted successfully.
    C:\Documents and Settings\Gooderham.LAPTOP\Desktop\cmd.txt deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Administrator.LAPTOP
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes

    User: Administrator.LAPTOP.000
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Flash cache emptied: 56475 bytes

    User: Gooderham
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Gooderham.LAPTOP
    ->Temp folder emptied: 83852143 bytes
    ->Temporary Internet Files folder emptied: 4246349 bytes
    ->Java cache emptied: 144353 bytes
    ->FireFox cache emptied: 54038554 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 87619 bytes

    User: GOODER~1~LAP

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Flash cache emptied: 0 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes

    User: Owner

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 139250 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 3072054 bytes

    Total Files Cleaned = 139.00 mb

    Unable to start System Restore Service. Error code 1056

    OTL by OldTimer - Version 3.2.42.2 log created on 05012012_075706

    Files\Folders moved on Reboot...
    File\Folder C:\Documents and Settings\Gooderham.LAPTOP\Local Settings\Temp\hsperfdata_Gooderham\3796 not found!
    File\Folder C:\Documents and Settings\Gooderham.LAPTOP\Local Settings\Temp\~DF3A2C.tmp not found!
    File\Folder C:\Documents and Settings\Gooderham.LAPTOP\Local Settings\Temp\~DF3A62.tmp not found!
    File\Folder C:\Documents and Settings\Gooderham.LAPTOP\Local Settings\Temp\~DF3B8E.tmp not found!
    File\Folder C:\Documents and Settings\Gooderham.LAPTOP\Local Settings\Temp\~DF3BE3.tmp not found!
    C:\Documents and Settings\Gooderham.LAPTOP\Local Settings\Temporary Internet Files\Content.IE5\EBMITVC7\showthread[1].htm moved successfully.
    C:\Documents and Settings\Gooderham.LAPTOP\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
    File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

    Registry entries deleted on Reboot...


    --------------------------------------------------------------------------
    --------------------------------------------------------------------------


    Malwarebytes Anti-Malware 1.61.0.1400
    www.malwarebytes.org

    Database version: v2012.05.01.05

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    Gooderham :: DELL [administrator]

    01/05/2012 8:11:57 AM
    mbam-log-2012-05-01 (08-11-57).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 261929
    Time elapsed: 11 minute(s), 8 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 1
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Smart Fortress 2012 (Trojan.LameShield) -> Quarantined and deleted successfully.

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 2
    c:\documents and settings\all users\application data\529c50a800717d320000205bd151fc84\529c50a800717d320000205bd151fc84.exe (Trojan.LameShield) -> Quarantined and deleted successfully.
    c:\documents and settings\gooderham.laptop\local settings\temp\_avast_\unp45314377.tmp (Trojan.LameShield) -> Quarantined and deleted successfully.

    (end)



    .

  10. #20
    Senior Member
    Join Date
    Sep 2010
    Posts
    631

    Default

    Hi Halton,

    Both of those popups are valid and ok. The one from avast is it detecting the file while MBAM was opening it and removing it. This happens from time to time as the av will "read" the file at the same time as another security program does. Either way the file has been removed.

    The second is a popup from windows which is normally enabled by default. Web sites can be comprised of secure and insecure pages. This is windows warning you that you are leaving or entering a secure site. One of the tools we used just restored the setting to default. If you don't want to see it just check the box beside "In the future, don't show this warning".

    One more scan to check our handiwork.

    *Note
    It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
    Please don't go surfing while your resident protection is disabled!
    Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.



    Go here to run an online scannner from
    ESET

    (Note: You can use Internet Explorer or FireFox for this scan. If you use FireFox you will be asked to install an additional component. Please allow this.)

    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the activex control to install
    • Disable your Antivirus software. You can usually do this with its Notfication Tray icon near the clock
    • Click Start
    • Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is Checked.
    • Click Scan.
    • Wait for the scan to finish.
    • When the scan completes, click List of found threats
    • click Export to Text file and save the file to your desktop using a unique name, such as ESETScan.
    • Include the contents of this report in your next reply

      Note - when ESET doesn't find any threats, no report will be created.
    • Push the back button.
    • Push Finish
    • Re-enable your Antivirus software.
    Please post the ESET log if there is one. Any problems?
    Member of UNITE and ASAP

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •